diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index f967e4d5..d2d87677 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -2226,7 +2226,7 @@
 
 # On GCP, AWS and Azure, 169.254.169.254 is a special IP used to fetch
 # metadata about the instance. The metadata could be used to get credentials by attackers.
-- rule: Contact Cloud Instance Metadata Service From Container
+- rule: Contact cloud metadata service from container
   desc: Detect attempts to contact the Cloud Instance Metadata Service from a container
   condition: outbound and fd.sip="169.254.169.254" and container and consider_metadata_access and not user_known_metadata_access
   output: Outbound connection to cloud instance metadata service (command=%proc.cmdline connection=%fd.name %container.info image=%container.image.repository:%container.image.tag)