diff --git a/rules/apt/apt_apt29_tor.yml b/rules/apt/apt_apt29_tor.yml
index b4a4283c0..936a1aab5 100755
--- a/rules/apt/apt_apt29_tor.yml
+++ b/rules/apt/apt_apt29_tor.yml
@@ -10,16 +10,16 @@ tags:
     - attack.t1172
 detection:
     timeframe: 5m
-    condition: service | near process
+    condition: service_install | near process
 falsepositives:
     - Unknown
 level: high
 ---
 logsource:
-    service: system
     product: windows
+    service: system
 detection:
-    service:
+    service_install:
         EventID: 7045
         ServiceName: 'Google Update'
 ---