diff --git a/rules/windows/other/win_pcap_drivers.yml b/rules/windows/other/win_pcap_drivers.yml
index c24d04104..9a34a1575 100644
--- a/rules/windows/other/win_pcap_drivers.yml
+++ b/rules/windows/other/win_pcap_drivers.yml
@@ -12,7 +12,7 @@ tags:
     - attack.t1040
 logsource:
     product: windows
-    service: system
+    service: security
 detection:
     selection:
         EventID: 4697