diff --git a/rules/windows/powershell/powershell_accessing_win_api.yml b/rules/windows/powershell/powershell_accessing_win_api.yml
index 8ffa3338c..862bbd69b 100644
--- a/rules/windows/powershell/powershell_accessing_win_api.yml
+++ b/rules/windows/powershell/powershell_accessing_win_api.yml
@@ -2,7 +2,7 @@ title: Accessing WinAPI in PowerShell
 id: 03d83090-8cba-44a0-b02f-0b756a050306
 status: experimental
 description: Detecting use WinAPI Functions in PowerShell
-author: Nikita Nazarov
+author: Nikita Nazarov, oscd.community
 date: 2020/10/06
 references:
     - https://speakerdeck.com/heirhabarov/hunting-for-powershell-abuse
@@ -17,7 +17,7 @@ detection:
     selection:
         EventID:
             - 4104
-        Message|contains::
+        Message|contains:
             - 'WaitForSingleObject'
             - 'QueueUserApc'
             - 'RtlCreateUserThread'