diff --git a/rules/windows/process_creation/win_susp_ngrok_rdp_pua.yml b/rules/windows/process_creation/win_susp_ngrok_rdp_pua.yml
index 7bb9925c4..285ccec90 100644
--- a/rules/windows/process_creation/win_susp_ngrok_rdp_pua.yml
+++ b/rules/windows/process_creation/win_susp_ngrok_rdp_pua.yml
@@ -1,6 +1,6 @@
 title: Ngrok Usage
 id: ee37eb7c-a4e7-4cd5-8fa4-efa27f1c3f31
-description: Detects the use of Ngrok, a utility used for port forwarding and tunneling, often used by threat actors to make local protected services publicly available. Involved domain are bin.equinox.io for download and *.ngrok.io for connections.
+description: Detects the use of Ngrok, a utility used for port forwarding and tunneling, often used by threat actors to make local protected services publicly available. Involved domains are bin.equinox.io for download and *.ngrok.io for connections.
 status: experimental
 references:
     - https://ngrok.com/docs
@@ -10,6 +10,7 @@ references:
     - https://cybleinc.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/.
 author: Florian Roth
 date: 2021/05/14
+modified: 2021/06/07
 tags:
     - attack.command_and_control
     - attack.t1572