diff --git a/rules/windows/builtin/win_susp_backup_delete.yml b/rules/windows/builtin/win_susp_backup_delete.yml
index 7741c3eb5..32dfb5d00 100644
--- a/rules/windows/builtin/win_susp_backup_delete.yml
+++ b/rules/windows/builtin/win_susp_backup_delete.yml
@@ -16,7 +16,7 @@ logsource:
 detection:
     selection:
         EventID: 524
-        Source: Backup
+        Source: Microsoft-Windows-Backup
     condition: selection
 falsepositives:
     - Unknown