diff --git a/rules/windows/registry_event/sysmon_office_vsto_persistence.yml b/rules/windows/registry_event/sysmon_office_vsto_persistence.yml
index 8eac61ee8..c8dbeb08a 100644
--- a/rules/windows/registry_event/sysmon_office_vsto_persistence.yml
+++ b/rules/windows/registry_event/sysmon_office_vsto_persistence.yml
@@ -4,17 +4,19 @@ status: experimental
 description: Detects persistence via Visual Studio Tools for Office (VSTO) add-ins in Office applications.
 references:
     - https://twitter.com/_vivami/status/1347925307643355138
+    - https://vanmieghem.io/stealth-outlook-persistence/
 tags:
     - attack.t1137.006
     - attack.persistence
 author: Bhabesh Raj
 date: 2021/01/10
-modified: 2021/06/01
+modified: 2021/07/27
 logsource:
     category: registry_event
     product: windows
 detection:
     selection:
+        EventType: SetValue
         TargetObject|contains:
         - '\Software\Microsoft\Office\Outlook\Addins\'
         - '\Software\Microsoft\Office\Word\Addins\'