diff --git a/rules/windows/process_creation/proc_creation_win_lolbin_sideload_link_binary.yml b/rules/windows/process_creation/proc_creation_win_lolbin_sideload_link_binary.yml
index 0f8bf6f11..fa924f846 100644
--- a/rules/windows/process_creation/proc_creation_win_lolbin_sideload_link_binary.yml
+++ b/rules/windows/process_creation/proc_creation_win_lolbin_sideload_link_binary.yml
@@ -15,8 +15,7 @@ logsource:
 detection:
     selection:
         Image|endswith: '\link.exe'
-        CommandLine|contains:
-            - 'LINK /' # Hardcoded command line when we call tools like dumpbin.exe, editbin.exe, lib.exe...etc
+        CommandLine|contains: 'LINK /' # Hardcoded command line when we call tools like dumpbin.exe, editbin.exe, lib.exe...etc
     # Add other filters for other legitimate locations
     filter_visual_studio:
         ParentImage|startswith: