diff --git a/rules/cross-platform/threat_intel_module_match.toml b/rules/cross-platform/threat_intel_module_match.toml
index 699c1d4c7..998729b0c 100644
--- a/rules/cross-platform/threat_intel_module_match.toml
+++ b/rules/cross-platform/threat_intel_module_match.toml
@@ -1,16 +1,16 @@
 [metadata]
 creation_date = "2021/04/21"
 maturity = "production"
-updated_date = "2021/09/13"
+updated_date = "2021/10/29"
 
 [rule]
 author = ["Elastic"]
 description = """
 This rule is triggered when indicators from the Threat Intel Filebeat module has a match against local file or network observations.
 """
-from = "now-10m"
+from = "now-65m"
 index = ["auditbeat-*", "endgame-*", "filebeat-*", "logs-*", "packetbeat-*", "winlogbeat-*"]
-interval = "9m"
+interval = "1h"
 language = "kuery"
 license = "Elastic License v2"
 name = "Threat Intel Filebeat Module Indicator Match"