diff --git a/Hunting Queries/AzureActivity/Creating_Anomalous_Number_Of_Resources.yaml b/Hunting Queries/AzureActivity/Creating_Anomalous_Number_Of_Resources.yaml
index 19bb14d48b..235bee55b4 100644
--- a/Hunting Queries/AzureActivity/Creating_Anomalous_Number_Of_Resources.yaml	
+++ b/Hunting Queries/AzureActivity/Creating_Anomalous_Number_Of_Resources.yaml	
@@ -14,7 +14,7 @@ relevantTechniques:
 query: |
 
   AzureActivity
-  | where OperationNameValue in~ dynamic(["microsoft.compute/virtualMachines/write", "microsoft.resources/deployments/write"]);
+  | where OperationNameValue in~ ("microsoft.compute/virtualMachines/write", "microsoft.resources/deployments/write")
   | where ActivityStatusValue == "Succeeded" 
   | make-series dcount(ResourceId)  default=0 on EventSubmissionTimestamp in range(ago(7d), now(), 1d) by Caller
   | extend AccountCustomEntity = Caller