diff --git a/Hunting Queries/Microsoft 365 Defender/Exploits/CVE-2022-26134-Confluence.yaml b/Hunting Queries/Microsoft 365 Defender/Exploits/CVE-2022-26134-Confluence.yaml
index cb2e1082f3..8eb619a549 100644
--- a/Hunting Queries/Microsoft 365 Defender/Exploits/CVE-2022-26134-Confluence.yaml	
+++ b/Hunting Queries/Microsoft 365 Defender/Exploits/CVE-2022-26134-Confluence.yaml	
@@ -16,8 +16,8 @@ tactics:
 relevantTechniques:
   - T1203
 query: |
-DeviceProcessEvents
-| where InitiatingProcessFileName hasprefix "tomcat" and InitiatingProcessCommandLine has "confluence"
-| where (ProcessCommandLine has_any("certutil", "whoami", "nltest", " dir ", "curl", "ifconfig", "cat ", "net user",
-"net time /domain","tasklist","-c ls","ipconfig","arp","ping","net view","net group","netstat", "wmic datafile"))
-or (FileName =~ "powershell.exe" and ProcessCommandLine hasprefix "-e") 
+  DeviceProcessEvents
+  | where InitiatingProcessFileName hasprefix "tomcat" and InitiatingProcessCommandLine has "confluence"
+  | where (ProcessCommandLine has_any("certutil", "whoami", "nltest", " dir ", "curl", "ifconfig", "cat ", "net user",
+  "net time /domain","tasklist","-c ls","ipconfig","arp","ping","net view","net group","netstat", "wmic datafile"))
+  or (FileName =~ "powershell.exe" and ProcessCommandLine hasprefix "-e")