diff --git a/rules/integrations/kubernetes/execution_user_exec_to_pod.toml b/rules/integrations/kubernetes/execution_user_exec_to_pod.toml
index a14d41996..0f3258290 100644
--- a/rules/integrations/kubernetes/execution_user_exec_to_pod.toml
+++ b/rules/integrations/kubernetes/execution_user_exec_to_pod.toml
@@ -4,7 +4,7 @@ integration = "kubernetes"
 maturity = "production"
 min_stack_comments = "Necessary audit log fields not available prior to 8.2"
 min_stack_version = "8.2"
-updated_date = "2022/06/09"
+updated_date = "2022/07/11"
 
 [rule]
 author = ["Elastic"]
@@ -43,8 +43,7 @@ timestamp_override = "event.ingested"
 type = "query"
 
 query = '''
-event.dataset:"kubernetes.audit_logs"
-  and kubernetes.audit.objectRef.resource:"pods"
+kubernetes.audit.objectRef.resource:"pods" 
   and kubernetes.audit.objectRef.subresource:"exec"
 '''