diff --git a/rules/linux/lnx_setuid_setgid.yml b/rules/linux/lnx_setuid_setgid.yml
index c46ed2863..9b8d2e5ca 100644
--- a/rules/linux/lnx_setuid_setgid.yml
+++ b/rules/linux/lnx_setuid_setgid.yml
@@ -13,12 +13,12 @@ level: low
 logsource:
     product: linux
 detection:
-    selection1|contains:
-        - 'sudo chown root'    
-    selection2|contains:
-        - 'sudo chmod u+s'
-    selection3|contains:
-        - 'sudo chmod g+s'
+    selection1:
+        - '*chown root*'    
+    selection2:
+        - '* chmod u+s*'
+    selection3:
+        - '* chmod g+s*'
     condition: (selection1 and selection2) or (selection1 and selection3)
 falsepositives:
     - Legitimate administration activities