diff --git a/rules/windows/powershell/powershell_cmdline_special_characters.yml b/rules/windows/powershell/powershell_cmdline_special_characters.yml
index 9420909b3..7db7e2be8 100644
--- a/rules/windows/powershell/powershell_cmdline_special_characters.yml
+++ b/rules/windows/powershell/powershell_cmdline_special_characters.yml
@@ -17,11 +17,12 @@ logsource:
 detection:
     selection:
         Image|endswith: '\powershell.exe'
-        CommandLine|re: '.*`.*`.*`.*`.*`.*'
-        CommandLine|re: '.*^.*^.*^.*^.*^.*'
-        CommandLine|re: '.*{.*{.*{.*{.*{.*'
-        CommandLine|re: '.*\{.*\{.*\{.*\{.*\{.*\{.*\{.*\{.*\{.*\{.*'
-        CommandLine|re: '.*\+.*\+.*\+.*\+.*\+.*\+.*\+.*\+.*\+.*\+.*\+.*\+.*\+.*\+.*'
+        CommandLine|re:
+            - '.*`.*`.*`.*`.*`.*'
+            - '.*^.*^.*^.*^.*^.*'
+            - '.*{.*{.*{.*{.*{.*'
+            - '.*\{.*\{.*\{.*\{.*\{.*\{.*\{.*\{.*\{.*\{.*'
+            - '.*\+.*\+.*\+.*\+.*\+.*\+.*\+.*\+.*\+.*\+.*\+.*\+.*\+.*\+.*'
     condition: selection
 falsepositives:
     - Unlikely