diff --git a/rules/linux/auditd/lnx_auditd_omigod_scx_runasprovider_executeshellcommand.yml b/rules/linux/auditd/lnx_auditd_omigod_scx_runasprovider_executeshellcommand.yml
index 0cd784820..29fe14e15 100644
--- a/rules/linux/auditd/lnx_auditd_omigod_scx_runasprovider_executeshellcommand.yml
+++ b/rules/linux/auditd/lnx_auditd_omigod_scx_runasprovider_executeshellcommand.yml
@@ -3,7 +3,7 @@ id: 045b5f9c-49f7-4419-a236-9854fb3c827a
 description: Rule to detect the use of the SCX RunAsProvider Invoke_ExecuteShellCommand to execute any UNIX/Linux command using the /bin/sh shell. SCXcore, started as the Microsoft Operations Manager UNIX/Linux Agent, is now used in a host of products including Microsoft Operations Manager. Microsoft Azure, and Microsoft Operations Management Suite.
 status: experimental
 date: 2021/09/17
-modified:  2021/11/11
+modified: 2021/11/11
 author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research)
 tags:
     - attack.privilege_escalation