diff --git a/rules/windows/builtin/win_multiple_suspicious_cli.yml b/rules/windows/builtin/win_multiple_suspicious_cli.yml
index edecf0bfd..1d058b202 100644
--- a/rules/windows/builtin/win_multiple_suspicious_cli.yml
+++ b/rules/windows/builtin/win_multiple_suspicious_cli.yml
@@ -47,7 +47,7 @@ detection:
             - wbadmin.exe
             - icacls.exe
             - diskpart.exe
-    timeframe: 5min
+    timeframe: 5m
     condition: selection | count() by MachineName > 5
 falsepositives:
     - False positives depend on scripts and administrative tools used in the monitored environment