diff --git a/rules/integrations/aws/persistence_ec2_security_group_configuration_change_detection.toml b/rules/integrations/aws/persistence_ec2_security_group_configuration_change_detection.toml
index e98e7f46f..85cdb5cca 100644
--- a/rules/integrations/aws/persistence_ec2_security_group_configuration_change_detection.toml
+++ b/rules/integrations/aws/persistence_ec2_security_group_configuration_change_detection.toml
@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2021/05/05"
 maturity = "production"
-updated_date = "2021/09/20"
+updated_date = "2022/04/07"
 integration = "aws"
 
 [rule]
@@ -36,7 +36,7 @@ timestamp_override = "event.ingested"
 type = "query"
 
 query = '''
-event.dataset:aws.cloudtrail and event.provider:iam.amazonaws.com and event.action:(AuthorizeSecurityGroupEgress or 
+event.dataset:aws.cloudtrail and event.provider:ec2.amazonaws.com and event.action:(AuthorizeSecurityGroupEgress or 
 CreateSecurityGroup or ModifyInstanceAttribute or ModifySecurityGroupRules or RevokeSecurityGroupEgress or 
 RevokeSecurityGroupIngress) and event.outcome:success
 '''