diff --git a/rules/integrations/kubernetes/initial_access_anonymous_request_authorized.toml b/rules/integrations/kubernetes/initial_access_anonymous_request_authorized.toml
index 13bdc463d..6da38310c 100644
--- a/rules/integrations/kubernetes/initial_access_anonymous_request_authorized.toml
+++ b/rules/integrations/kubernetes/initial_access_anonymous_request_authorized.toml
@@ -4,7 +4,8 @@ integration = ["kubernetes"]
 maturity = "production"
 min_stack_comments = "New fields added to Kubernetes Integration"
 min_stack_version = "8.4.0"
-updated_date = "2023/06/22"
+updated_date = "2023/06/23"
+
 
 [rule]
 author = ["Elastic"]
@@ -41,7 +42,7 @@ query = '''
 event.dataset:kubernetes.audit_logs
   and kubernetes.audit.annotations.authorization_k8s_io/decision:allow
   and kubernetes.audit.user.username:("system:anonymous" or "system:unauthenticated" or not *)
-  and not kubernetes.audit.objectRef.resource:(healthz or livez or readyz)
+  and not kubernetes.audit.requestURI:(/healthz* or /livez* or /readyz*)
 '''