diff --git a/rules/windows/lateral_movement_remote_services.toml b/rules/windows/lateral_movement_remote_services.toml
index 4e984d38b..a9b41eae5 100644
--- a/rules/windows/lateral_movement_remote_services.toml
+++ b/rules/windows/lateral_movement_remote_services.toml
@@ -36,7 +36,7 @@ authenticode.path JOIN hash ON services.path = hash.path WHERE authenticode.resu
 author = ["Elastic"]
 description = """
 Identifies remote execution of Windows services over remote procedure call (RPC). This could be indicative of lateral
-movement, but will be noisy if commonly done by administrators."
+movement, but will be noisy if commonly done by administrators.
 """
 from = "now-9m"
 index = ["logs-endpoint.events.*", "winlogbeat-*", "logs-windows.sysmon_operational-*"]