diff --git a/rules/cross-platform/threat_intel_module_match.toml b/rules/cross-platform/threat_intel_filebeat7x.toml
similarity index 96%
rename from rules/cross-platform/threat_intel_module_match.toml
rename to rules/cross-platform/threat_intel_filebeat7x.toml
index 998729b0c..f742ff29e 100644
--- a/rules/cross-platform/threat_intel_module_match.toml
+++ b/rules/cross-platform/threat_intel_filebeat7x.toml
@@ -6,14 +6,14 @@ updated_date = "2021/10/29"
 [rule]
 author = ["Elastic"]
 description = """
-This rule is triggered when indicators from the Threat Intel Filebeat module has a match against local file or network observations.
+This rule is triggered when indicators from the Threat Intel Filebeat module (v7.x) has a match against local file or network observations.
 """
 from = "now-65m"
 index = ["auditbeat-*", "endgame-*", "filebeat-*", "logs-*", "packetbeat-*", "winlogbeat-*"]
 interval = "1h"
 language = "kuery"
 license = "Elastic License v2"
-name = "Threat Intel Filebeat Module Indicator Match"
+name = "Threat Intel Filebeat Module (v7.x) Indicator Match"
 note = """## Triage and Analysis
 
 ### Investigating Threat Intel Indicator Matches
@@ -66,7 +66,7 @@ timeline_title = "Generic Threat Match Timeline"
 type = "threat_match"
 
 threat_index = [ "filebeat-*"]
-threat_indicator_path = ""
+threat_indicator_path = "threatintel.indicator"
 threat_language = "kuery"
 
 threat_query = '''
@@ -178,4 +178,4 @@ value = "threatintel.indicator.url.full"
 [[rule.threat_mapping.entries]]
 field = "registry.path"
 type = "mapping"
-value = "threatintel.indicator.registry.path"
+value = "threatintel.indicator.registry.path"
\ No newline at end of file