diff --git a/rules/windows/powershell/powershell_script/posh_ps_resolve_list_of_ip_from_file.yml b/rules/windows/powershell/powershell_script/posh_ps_resolve_list_of_ip_from_file.yml
index 8bc141375..9fd4f5339 100644
--- a/rules/windows/powershell/powershell_script/posh_ps_resolve_list_of_ip_from_file.yml
+++ b/rules/windows/powershell/powershell_script/posh_ps_resolve_list_of_ip_from_file.yml
@@ -16,7 +16,7 @@ logsource:
     definition: bade5735-5ab0-4aa7-a642-a11be0e40872
 detection:
     selection:
-        ScriptBlockText|contains:
+        ScriptBlockText|contains|all:
             - 'Get-content '
             - 'foreach'
             - '[System.Net.Dns]::GetHostEntry'