diff --git a/rules/macos/credential_access_suspicious_web_browser_sensitive_file_access.toml b/rules/macos/credential_access_suspicious_web_browser_sensitive_file_access.toml
index 56fd176c0..cea88c1ab 100644
--- a/rules/macos/credential_access_suspicious_web_browser_sensitive_file_access.toml
+++ b/rules/macos/credential_access_suspicious_web_browser_sensitive_file_access.toml
@@ -4,7 +4,7 @@ integration = ["endpoint"]
 maturity = "production"
 min_stack_comments = "New fields added: file_access_events, process.Ext.effective_parent"
 min_stack_version = "8.11.0"
-updated_date = "2024/02/06"
+updated_date = "2024/05/17"
 
 [rule]
 author = ["Elastic"]
@@ -13,7 +13,7 @@ Identifies the access or file open of web browser sensitive files by an untruste
 Adversaries may acquire credentials from web browsers by reading files specific to the target browser.
 """
 from = "now-9m"
-index = ["logs-endpoint.events.file.*"]
+index = ["logs-endpoint.events.file-*"]
 language = "eql"
 license = "Elastic License v2"
 name = "Suspicious Web Browser Sensitive File Access"