diff --git a/rules/integrations/endpoint/elastic_endpoint_security_behavior_prevented.toml b/rules/integrations/endpoint/elastic_endpoint_security_behavior_prevented.toml
index e5ae5034ee0..531aeb5578b 100644
--- a/rules/integrations/endpoint/elastic_endpoint_security_behavior_prevented.toml
+++ b/rules/integrations/endpoint/elastic_endpoint_security_behavior_prevented.toml
@@ -28,7 +28,6 @@ note = """## Triage and analysis
 
 Malicious behavior protection is a foundational feature which can be used to protect against all manner of attacks on the endpoint. For example, it provides coverage against phishing such as malicious macros, many malware families based on their activities, privilege escalation attacks such as user account control bypasses (UAC), credential theft, and much more. It works by consuming an unfiltered feed of all events that are captured on the system (process, file, registry, network, dns, etc). These events are processed against a routinely updated set of rules written by Elastic threat experts. From there, malicious behaviors are identified and offending processes are terminated. The protection operates on the event stream asynchronously, but has been designed to be extremely efficient and typically requires just milliseconds (under standard load) to stop malicious activity.
 
-
 ### Possible investigation steps
 
 - Assess whether this activity is prevalent in your environment by looking for similar occurrences across hosts.