diff --git a/rules/windows/other/win_wmi_persistence.yml b/rules/windows/other/win_wmi_persistence.yml
index a86f812b7..1dc3ef984 100644
--- a/rules/windows/other/win_wmi_persistence.yml
+++ b/rules/windows/other/win_wmi_persistence.yml
@@ -1,6 +1,6 @@
 title: WMI Persistence
 status: experimental
-description: Detects suspicious WMI event filter and command line event consumer based on event id 5861 (Windows 10)
+description: Detects suspicious WMI event filter and command line event consumer based on event id 5861 (Windows 10, 2012 and higher)
 author: Florian Roth
 reference: https://twitter.com/mattifestation/status/899646620148539397
 logsource:
@@ -17,3 +17,4 @@ detection:
 falsepositives:
     - Unknown (data set is too small; further testing needed)
 level: high
+