diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
index a8309e983..568e50410 100644
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -1,4 +1,4 @@
-## Summary of the Pull Request
+## Summary / Title of the Pull Request
 
 [summary]
 
@@ -6,10 +6,10 @@
 
 [detailed description]
 
-## Example Log Event (In Case of FP Fixes)
+## Example Log Event 
 
-**N/A**
+(in case of false positive fixes)
 
-## Relevant Issues (In Case of Issue Fixes)
+## Fixed Issues 
 
-**N/A**
+(in case your commit fixes issues with rules or code)
diff --git a/rules/windows/powershell/powershell_script/posh_ps_token_obfuscation.yml b/rules/windows/powershell/powershell_script/posh_ps_token_obfuscation.yml
index cad0c455c..84fe1ffba 100644
--- a/rules/windows/powershell/powershell_script/posh_ps_token_obfuscation.yml
+++ b/rules/windows/powershell/powershell_script/posh_ps_token_obfuscation.yml
@@ -9,7 +9,7 @@ references:
     - https://github.com/danielbohannon/Invoke-Obfuscation
 author: frack113
 date: 2022/12/27
-modified: 2023/01/24
+modified: 2023/02/21
 tags:
     - attack.defense_evasion
     - attack.t1027.009
@@ -29,7 +29,9 @@ detection:
         - ScriptBlockText|re: '"(\{\d\}){2,}"\s*-f'  # trigger on at least two placeholders. One might be used for legitimate string formatting
         - ScriptBlockText|re: '\$\{((e|n|v)*`(e|n|v)*)+:path\}|\$\{((e|n|v)*`(e|n|v)*)+:((p|a|t|h)*`(p|a|t|h)*)+\}|\$\{env:((p|a|t|h)*`(p|a|t|h)*)+\}'
     filter:
-        ScriptBlockText|contains: 'it will return true or false instead'  # Chocolatey install script https://github.com/chocolatey/chocolatey
+        ScriptBlockText|contains:
+            - 'it will return true or false instead'  # Chocolatey install script https://github.com/chocolatey/chocolatey
+            - 'The function also prevents `Get-ItemProperty` from failing' # https://docs.chocolatey.org/en-us/create/functions/get-uninstallregistrykey
     condition: selection and not filter
 falsepositives:
     - Unknown
diff --git a/tests/cti b/tests/cti
index 4cbf8cc4b..b195cbc81 160000
--- a/tests/cti
+++ b/tests/cti
@@ -1 +1 @@
-Subproject commit 4cbf8cc4bdf2121ee987a23bfe5aac4fe4d2f5b1
+Subproject commit b195cbc81adbfb8ca3306c283179168bdd9011fa
diff --git a/tools/sigma/parser/modifiers/transform.py b/tools/sigma/parser/modifiers/transform.py
index 8a5267999..de47b3f32 100644
--- a/tools/sigma/parser/modifiers/transform.py
+++ b/tools/sigma/parser/modifiers/transform.py
@@ -24,6 +24,7 @@ class SigmaContainsModifier(ListOrStringModifierMixin, SigmaTransformModifier):
     """Add *-wildcard before and after all string(s)"""
     identifier = "contains"
     active = True
+    valid_input_types = ListOrStringModifierMixin.valid_input_types + (NodeSubexpression,)
 
     def apply_str(self, val):
         try: