diff --git a/Hunting Queries/SecurityEvent/Suspicious_enumeration_using_adfind.yaml b/Hunting Queries/SecurityEvent/Suspicious_enumeration_using_adfind.yaml
index 8872881fa6..e0079fe1c8 100644
--- a/Hunting Queries/SecurityEvent/Suspicious_enumeration_using_adfind.yaml	
+++ b/Hunting Queries/SecurityEvent/Suspicious_enumeration_using_adfind.yaml	
@@ -23,13 +23,13 @@ relevantTechniques:
   - T1069
   - T1074
 query: |
-  let stardate = 14d;
+  let startdate = 14d;
   let lookupwindow = 2m;
   let threshold = 3;
   let tokens = dynamic(["-b","-f","-h","gcb","-sc","-subnets","objectcategory","domainlist","dcmodes","adinfo","trustdmp","computers_pwdnotreqd"]);
   SecurityEvent
   //| where Computer in (DCADFSServersList) // limit it to your DC/ADFS servers list or any pattern in hostnames.
-  | where TimeGenerated between (ago(stardate)..now())
+  | where TimeGenerated between (ago(startdate)..now())
   | where EventID == "4688"
   | where tolower(CommandLine) has_any (tokens)
   | where CommandLine matches regex "(.*)>(.*)"