diff --git a/cfg/cis-1.3.1/definitions.yaml b/cfg/cis-1.3.1/definitions.yaml
index f4ee5c5..d9f3ca5 100644
--- a/cfg/cis-1.3.1/definitions.yaml
+++ b/cfg/cis-1.3.1/definitions.yaml
@@ -119,8 +119,8 @@ groups:
   - id: 1.1.8
     description: "Ensure auditing is configured for Docker files and directories - containerd.sock (Automated)"
     audit: |
-      test_file=$(grep 'containerd.sock' /etc/containerd/config.toml | awk -F "=" '{print $2}')
-      if test -f "$test_file"; then
+      test_file=$(grep 'containerd.sock' /etc/containerd/config.toml | awk -F "\"" '{print $2}')
+      if test -S "$test_file"; then
         auditctl -l | grep $test_file
       fi
     tests: