diff --git a/.github/workflows/sigma-test.yml b/.github/workflows/sigma-test.yml
index 413475c81..b73ecc2ca 100644
--- a/.github/workflows/sigma-test.yml
+++ b/.github/workflows/sigma-test.yml
@@ -52,10 +52,11 @@ jobs:
         python-version: 3.11
     - name: Install dependencies
       run: |
-        pip install sigma-cli~=0.7.1
+        # pip install sigma-cli~=0.7.1
+        pip install sigma-cli
     - name: Test Sigma Rule Syntax
       run: |
-        sigma check rules
+        sigma check rules*
     - name: Test Sigma Rules
       run: |
         pip install PyYAML attackcti colorama
diff --git a/rules-emerging-threats/2021/Malware/Devil-Bait/proxy_malware_devil_bait_c2_communication.yml b/rules-emerging-threats/2021/Malware/Devil-Bait/proxy_malware_devil_bait_c2_communication.yml
index 4433aeef8..fcffda7b3 100644
--- a/rules-emerging-threats/2021/Malware/Devil-Bait/proxy_malware_devil_bait_c2_communication.yml
+++ b/rules-emerging-threats/2021/Malware/Devil-Bait/proxy_malware_devil_bait_c2_communication.yml
@@ -6,6 +6,7 @@ references:
     - https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/devil-bait/NCSC-MAR-Devil-Bait.pdf
 author: Nasreddine Bencherchali (Nextron Systems)
 date: 2023/05/15
+modified: 2023/08/23
 tags:
     - attack.command_and_control
     - detection.emerging_threats
@@ -14,7 +15,7 @@ logsource:
 detection:
     selection:
         cs-method: 'GET'
-        cs-uri|all:
+        cs-uri|contains|all:
             - '/cross.php?op='
             - '&dt='
             - '&uid='