diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/scripts/rules/patches/update_list.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/scripts/rules/patches/update_list.json
index 4db8724db4e13..8d831f3a961d8 100644
--- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/scripts/rules/patches/update_list.json
+++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/scripts/rules/patches/update_list.json
@@ -1,6 +1,6 @@
 {
   "rule_id": "query-with-list",
-  "lists": [
+  "exceptions_list": [
     {
       "field": "source.ip",
       "values_operator": "excluded",
diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/scripts/rules/queries/query_with_list.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/scripts/rules/queries/query_with_list.json
index 997d03369a699..9072a8a7b26fb 100644
--- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/scripts/rules/queries/query_with_list.json
+++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/scripts/rules/queries/query_with_list.json
@@ -6,7 +6,7 @@
   "severity": "high",
   "type": "query",
   "query": "user.name: root or user.name: admin",
-  "lists": [
+  "exceptions_list": [
     {
       "field": "source.ip",
       "values_operator": "included",
diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/scripts/rules/updates/update_list.json b/x-pack/legacy/plugins/siem/server/lib/detection_engine/scripts/rules/updates/update_list.json
index 66b198974f574..df22dff5c046e 100644
--- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/scripts/rules/updates/update_list.json
+++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/scripts/rules/updates/update_list.json
@@ -6,7 +6,7 @@
   "severity": "high",
   "type": "query",
   "query": "user.name: root or user.name: admin",
-  "lists": [
+  "exceptions_list": [
     {
       "field": "source.ip",
       "values_operator": "excluded",