diff --git a/rules/cloud/aws/cloudtrail/aws_enum_buckets.yml b/rules/cloud/aws/cloudtrail/aws_enum_buckets.yml
index 9b14c04d348..4287c4a8c7a 100644
--- a/rules/cloud/aws/cloudtrail/aws_enum_buckets.yml
+++ b/rules/cloud/aws/cloudtrail/aws_enum_buckets.yml
@@ -11,7 +11,7 @@ references:
     - https://securitycafe.ro/2022/12/14/aws-enumeration-part-ii-practical-enumeration/
 author: Christopher Peacock @securepeacock, SCYTHE @scythe_io
 date: 2023/01/06
-modified: 2023/04/28
+modified: 2024/07/10
 tags:
     - attack.discovery
     - attack.t1580
@@ -23,7 +23,7 @@ detection:
         eventSource: 's3.amazonaws.com'
         eventName: 'ListBuckets'
     filter:
-        type: 'AssumedRole'
+        userIdentity.type: 'AssumedRole'
     condition: selection and not filter
 falsepositives:
     - Administrators listing buckets, it may be necessary to filter out users who commonly conduct this activity.