diff --git a/rules/windows/powershell/powershell_alternate_powershell_hosts.yml b/rules/windows/powershell/powershell_alternate_powershell_hosts.yml
index 8eec258c9..dcf6fb163 100644
--- a/rules/windows/powershell/powershell_alternate_powershell_hosts.yml
+++ b/rules/windows/powershell/powershell_alternate_powershell_hosts.yml
@@ -19,7 +19,10 @@ falsepositives:
 level: medium   
 detection:
     filter:
-        ContextInfo: 'powershell.exe'
+        - ContextInfo: 'powershell.exe'
+        - Message: 'powershell.exe'
+        # Both fields contain key=value pairs where the key HostApplication is relevant but
+        # can't be referred directly as event field.
     condition: selection and not filter
  
 ---