diff --git a/rules/web/web_cve_2021_22893_pulse_secure_rce_exploit.yml b/rules/web/web_cve_2021_22893_pulse_secure_rce_exploit.yml
index e1620afa8..e467448ed 100644
--- a/rules/web/web_cve_2021_22893_pulse_secure_rce_exploit.yml
+++ b/rules/web/web_cve_2021_22893_pulse_secure_rce_exploit.yml
@@ -32,7 +32,7 @@ detection:
             - '200'
     condition: selection1 and selection2 | count(sc-status) by src_ip > 3
     timeframe: 30m
-  ---
+---
 logsource:
     product: PulseSecure
 detection: