diff --git a/rules/windows/defense_evasion_posh_process_injection.toml b/rules/windows/defense_evasion_posh_process_injection.toml
index 4614cdc82..a217ff2cc 100644
--- a/rules/windows/defense_evasion_posh_process_injection.toml
+++ b/rules/windows/defense_evasion_posh_process_injection.toml
@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2021/10/14"
 maturity = "production"
-updated_date = "2022/02/28"
+updated_date = "2022/03/15"
 
 [rule]
 author = ["Elastic"]
@@ -83,7 +83,7 @@ event.category:process and
    (VirtualAlloc or VirtualAllocEx or VirtualProtect or LdrLoadDll or LoadLibrary or LoadLibraryA or
       LoadLibraryEx or GetProcAddress or OpenProcess or OpenProcessToken or AdjustTokenPrivileges) and
    (WriteProcessMemory or CreateRemoteThread or NtCreateThreadEx or CreateThread or QueueUserAPC or
-      SuspendThread or ResumeThread)
+      SuspendThread or ResumeThread or GetDelegateForFunctionPointer)
   )
 '''