diff --git a/rules/promotions/external_alerts.toml b/rules/promotions/external_alerts.toml
index c082039db..e2fa2ed37 100644
--- a/rules/promotions/external_alerts.toml
+++ b/rules/promotions/external_alerts.toml
@@ -7,9 +7,10 @@ updated_date = "2020/07/08"
 [rule]
 author = ["Elastic"]
 description = """
-Generates a detection alert for each external alert written to the configured securitySolution:defaultIndex. Enabling
+Generates a detection alert for each external alert written to the configured indices. Enabling
 this rule allows you to immediately begin investigating external alerts in the app.
 """
+index = ["apm-*-transaction*", "auditbeat-*", "endgame-*", "filebeat-*", "logs-*", "packetbeat-*", "winlogbeat-*"]
 language = "kuery"
 license = "Elastic License"
 max_signals = 10000
@@ -55,3 +56,4 @@ field = "event.severity"
 operator = "equals"
 value = "99"
 severity = "critical"
+