diff --git a/rules/windows/sysmon/sysmon_win10_sched_task_0day.yml b/rules/windows/sysmon/sysmon_win10_sched_task_0day.yml
index 162963afa..64012966a 100644
--- a/rules/windows/sysmon/sysmon_win10_sched_task_0day.yml
+++ b/rules/windows/sysmon/sysmon_win10_sched_task_0day.yml
@@ -11,7 +11,7 @@ logsource:
 detection:
    selection:
        EventID: 1
-	   Image: 'schtasks.exe'
+       Image: 'schtasks.exe'
        CommandLine: '*/change*/TN*/RU*'
    filter:
    condition: selection