diff --git a/rules/windows/process_creation/proc_creation_win_python_pty_spawn.yml b/rules/windows/process_creation/proc_creation_win_python_pty_spawn.yml
index 1f03d0c1e58..8a007b5c6ed 100644
--- a/rules/windows/process_creation/proc_creation_win_python_pty_spawn.yml
+++ b/rules/windows/process_creation/proc_creation_win_python_pty_spawn.yml
@@ -9,6 +9,7 @@ references:
     - https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence/
 author: Nextron Systems
 date: 2022/06/03
+modified: 2023/02/03
 tags:
     - attack.execution
     - attack.t1059
@@ -16,18 +17,18 @@ logsource:
     category: process_creation
     product: windows
 detection:
-    selection_image:
+    selection_img:
         Image|endswith:
             - 'python.exe' # no \ bc of e.g. ipython.exe
             - 'python3.exe'
             - 'python2.exe'
-    selection_cli1:
+    selection_cli_1:
         CommandLine|contains|all:
             - 'import pty'
             - '.spawn('
-    selection_cli2:
+    selection_cli_2:
         CommandLine|contains: 'from pty import spawn'
-    condition: selection_image and 1 of selection_cli*
+    condition: selection_img and 1 of selection_cli_*
 falsepositives:
     - Unknown
 level: high