diff --git a/rules/integrations/endpoint/execution_elastic_malicious_file_detected.toml b/rules/integrations/endpoint/execution_elastic_malicious_file_detected.toml
index 9b32e8d9ec1..6be12fafe03 100644
--- a/rules/integrations/endpoint/execution_elastic_malicious_file_detected.toml
+++ b/rules/integrations/endpoint/execution_elastic_malicious_file_detected.toml
@@ -44,9 +44,6 @@ Files are scanned on write or deletion, process executables are scanned on execu
 - Assess whether this file is prevalent in the environment by looking for similar occurrences across hosts by `file.hash.sha256` or by `file.name` patterns.
 - Verify the activity of the `user.name` associated with Malware alert (local or remote actity, privileged or standard user).
 - Verify if there are any other Alert types (Behavior or Memory Threat) associated with the same host or user or process within the same time.
-
-
-
 ### False positive analysis
 
 - Other endpoint security vendors especially with their quarantine folders.