diff --git a/rules/cloud/aws_enum_listing.yml b/rules/cloud/aws_enum_listing.yml
index 19e1e3e27..c4e8eb459 100644
--- a/rules/cloud/aws_enum_listing.yml
+++ b/rules/cloud/aws_enum_listing.yml
@@ -10,7 +10,7 @@ detection:
     selection_eventname:
         - eventName: list*
     timeframe: 10m
-    condition: count() > 50 by userIdentity.arn 
+    condition: count() by userIdentity.arn > 50  
 
 falsepositives:
     - AWS Config or other configuration scanning activities