diff --git a/rules/windows/builtin/security/win_security_svcctl_remote_service.yml b/rules/windows/builtin/security/win_security_svcctl_remote_service.yml
index 2b175525098..7b980ffe534 100644
--- a/rules/windows/builtin/security/win_security_svcctl_remote_service.yml
+++ b/rules/windows/builtin/security/win_security_svcctl_remote_service.yml
@@ -6,7 +6,7 @@ references:
     - https://web.archive.org/web/20230329155141/https://blog.menasec.net/2019/03/threat-hunting-26-remote-windows.html
 author: Samir Bousseaden
 date: 2019/04/03
-modified: 2022/08/11
+modified: 2024/08/01
 tags:
     - attack.lateral_movement
     - attack.persistence
@@ -20,7 +20,7 @@ detection:
         EventID: 5145
         ShareName: '\\\\\*\\IPC$' # looking for the string \\*\IPC$
         RelativeTargetName: svcctl
-        Accesses|contains: 'WriteData'
+        AccessList|contains: 'WriteData'
     condition: selection
 falsepositives:
     - Unknown