diff --git a/rules/windows/file_event/win_susp_multiple_files_renamed_or_deleted.yml b/rules/windows/file_event/win_susp_multiple_files_renamed_or_deleted.yml
index b2ef9b58c..9444c7b19 100644
--- a/rules/windows/file_event/win_susp_multiple_files_renamed_or_deleted.yml
+++ b/rules/windows/file_event/win_susp_multiple_files_renamed_or_deleted.yml
@@ -12,7 +12,7 @@ tags:
 logsource:
     product: windows
     service: security
-    definition: 'Requirements: Audit Policy : Policies/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit object access, Policies/Windows Settings/Security Settings/Advanced Audit Policy Configuration/Object Access'
+    definition: Requirements: Audit Policy : Policies/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit object access, Policies/Windows Settings/Security Settings/Advanced Audit Policy Configuration/Object Access
 detection:
     selection:
         EventID: 4663