diff --git a/rules/windows/process_creation/proc_creation_win_susp_procdump_lsass.yml b/rules/windows/process_creation/proc_creation_win_susp_procdump_lsass.yml
index 8efcfe570..cbfb16323 100644
--- a/rules/windows/process_creation/proc_creation_win_susp_procdump_lsass.yml
+++ b/rules/windows/process_creation/proc_creation_win_susp_procdump_lsass.yml
@@ -1,7 +1,7 @@
 title: Suspicious Use of Procdump on LSASS
 id: 5afee48e-67dd-4e03-a783-f74259dcf998
 description: Detects suspicious uses of the SysInternals Procdump utility by using a special command line parameter in combination with the lsass.exe process. This way we're also able to catch cases in which the attacker has renamed the procdump executable.
-status: experimental
+status: stable
 references:
     - Internal Research
 author: Florian Roth