diff --git a/rules/windows/process_creation/win_susp_csi.yml b/rules/windows/process_creation/win_susp_csi.yml
index 3ee5127aa..a5dcf04ff 100644
--- a/rules/windows/process_creation/win_susp_csi.yml
+++ b/rules/windows/process_creation/win_susp_csi.yml
@@ -35,5 +35,5 @@ fields:
     - CommandLine
     - ParentCommandLine    
 falsepositives:
-    -  Legitimate usage by software developers 
-level: medium
\ No newline at end of file
+    - Legitimate usage by software developers 
+level: medium