diff --git a/rules/integrations/endpoint/execution_elastic_malicious_file_prevented.toml b/rules/integrations/endpoint/execution_elastic_malicious_file_prevented.toml
index 8e45d8b93fd..dac037d8fbf 100644
--- a/rules/integrations/endpoint/execution_elastic_malicious_file_prevented.toml
+++ b/rules/integrations/endpoint/execution_elastic_malicious_file_prevented.toml
@@ -30,7 +30,6 @@ Elastic Endpoint malware protection leverages a combination of supervised machin
 
 Files are scanned on write or deletion, process executables are scanned on executions and libraries are scanned on load. You can differentiate these types by looking at the `event.action` field in the alert. It can be execution, `load`, `creation`, `modification`, or `deletion`. Scanning files written to disk is best effort, while execution or load scanning is done ‘in-line’ for true prevention.
 
-
 ### Possible investigation steps
 
 - For machine learning (ML) malware alerts the `file.Ext.malware_classification.score` and `file.Ext.malware_classification.version` fields indicate which model version was used to classify the file and the classification score (0 to 1).