diff --git a/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta) b/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta)
index 82ce3635fcf..3b0cb496c53 100644
--- a/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta)	
+++ b/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta)	
@@ -21,7 +21,7 @@ relevantTechniques:
   - T1098
 query: |
   // Filter for security events involving Okta user session impersonation initiation with successful outcomes
-  Okta_CL
+  OktaSSO
   | where eventType_s == "user.session.impersonation.initiate" and outcome_result_s == "SUCCESS"
   // Expand the JSON array in 'target_s' field to extract detailed information about the event
   | mv-expand parsed_json = todynamic(target_s) // Unpack and understand the details from the 'target_s' JSON array