diff --git a/rules/cloud/azure_kubernetes_rolebinding_modified_or_deleted.yml b/rules/cloud/azure_kubernetes_rolebinding_modified_or_deleted.yml
index f805aadf5..8ab5492ea 100644
--- a/rules/cloud/azure_kubernetes_rolebinding_modified_or_deleted.yml
+++ b/rules/cloud/azure_kubernetes_rolebinding_modified_or_deleted.yml
@@ -25,7 +25,6 @@ tags:
     - attack.impact
     - attack.credential_access
 falsepositives:
- - RoleBinding/ClusterRoleBinding being modified and deleted may be performed by a system administrator. Verify whether the user identity, user agent, and/or hostname should be making changes in your environment. RoleBinding/ClusterRoleBinding modification from unfamiliar users should be investigated. If known behavior is causing false positives, it can be exempted from the rule.
-
-
+ - RoleBinding/ClusterRoleBinding being modified and deleted may be performed by a system administrator. Verify whether the user identity, user agent, and/or hostname should be making changes in your environment. 
+ - RoleBinding/ClusterRoleBinding modification from unfamiliar users should be investigated. If known behavior is causing false positives, it can be exempted from the rule.