diff --git a/rules/windows/process_creation/win_susp_wuauclt.yml b/rules/windows/process_creation/win_susp_wuauclt.yml
index dde4a5f13..55659f9a0 100644
--- a/rules/windows/process_creation/win_susp_wuauclt.yml
+++ b/rules/windows/process_creation/win_susp_wuauclt.yml
@@ -16,7 +16,7 @@ logsource:
     service: process_creation
 detection:
     selection:
-        ProcessCommandline|contains|all: 
+        ProcessCommandLine|contains|all: 
             - '/UpdateDeploymentProvider'
             - '/RunHandlerComServer'
         Image|endswith: 
@@ -24,4 +24,4 @@ detection:
     condition: selection
 falsepositives:
     - Unknown
-level: high
\ No newline at end of file
+level: high