diff --git a/rules/windows/other/win_wmi_persistence.yml b/rules/windows/other/win_wmi_persistence.yml
index 5ffcb0df8..405e657b8 100644
--- a/rules/windows/other/win_wmi_persistence.yml
+++ b/rules/windows/other/win_wmi_persistence.yml
@@ -38,13 +38,8 @@ logsource:
     product: windows
     service: security
 detection:
-    network_logon:
-        EventID: 4624
-        LogonType: 3
-    privileges_assigned:
-        EventID: 4672
     wmi_subscription:
         EventID: 4662
         ObjectType: 'WMI Namespace'
         ObjectName|contains: 'subscription'
-    condition: network_logon and privileges_assigned and wmi_subscription
+    condition: wmi_subscription