diff --git a/rules/deep_blue_cli/security/1102.yml b/rules/deep_blue_cli/security/1102.yml
index 515bee18..94348dd9 100644
--- a/rules/deep_blue_cli/security/1102.yml
+++ b/rules/deep_blue_cli/security/1102.yml
@@ -1,16 +1,13 @@
-title: The Audit log file was cleared
-description: hogehoge
-author: Yea
+title: The audit log file was cleared.
+description: Detects when somebody has cleared an event log.
+author: DeepblueCLI, Zach Mathis
 detection:
     selection:
         Channel: Security
         EventID: 1102
     # condition: selection
 falsepositives:
-    - unknown
-output: |
-    Audit Log Clear 
-    The Audit log was cleared.
-    Security ID: %LogFileCleared%%LogFileClearedSubjectUserName%
+    - System Administrator
+output:  "Log Name: %Channel% ; Security ID: %LogFileCleared%%SubjectUserName%"
 creation_date: 2020/11/8
-updated_date: 2020/11/8
+updated_date: 2021/11/5