diff --git a/rules/windows/file_event/win_fe_creation_new_shim_database.yml b/rules/windows/file_event/win_fe_creation_new_shim_database.yml
index e98d18a5a..c00f31c4e 100644
--- a/rules/windows/file_event/win_fe_creation_new_shim_database.yml
+++ b/rules/windows/file_event/win_fe_creation_new_shim_database.yml
@@ -17,7 +17,7 @@ detection:
     TargetFilename|contains: '\Windows\apppatch\Custom\'
   condition: selection 
 falsepositives:
-  - Unkown
+  - Unknown
 level: medium
 tags:
   - attack.persistence
diff --git a/rules/windows/file_event/win_fe_creation_scr_binary_file.yml b/rules/windows/file_event/win_fe_creation_scr_binary_file.yml
index bc300a247..5d16e8fb9 100644
--- a/rules/windows/file_event/win_fe_creation_scr_binary_file.yml
+++ b/rules/windows/file_event/win_fe_creation_scr_binary_file.yml
@@ -21,7 +21,7 @@ detection:
       - '\Bin\ccSvcHst.exe' # Symantec Endpoint Protection
   condition: selection and not 1 of filter*
 falsepositives:
-  - Unkown
+  - Unknown
 level: medium
 tags:
   - attack.persistence
diff --git a/rules/windows/file_event/win_fe_creation_unquoted_service_path.yml b/rules/windows/file_event/win_fe_creation_unquoted_service_path.yml
index 2907976d7..5b2dfdcb1 100644
--- a/rules/windows/file_event/win_fe_creation_unquoted_service_path.yml
+++ b/rules/windows/file_event/win_fe_creation_unquoted_service_path.yml
@@ -17,7 +17,7 @@ detection:
     TargetFilename: 'C:\program.exe' 
   condition: selection 
 falsepositives:
-  - Unkown
+  - Unknown
 level: high
 tags:
   - attack.persistence
diff --git a/rules/windows/file_event/win_fe_writing_local_admin_share.yml b/rules/windows/file_event/win_fe_writing_local_admin_share.yml
index f24754360..5df4b850e 100644
--- a/rules/windows/file_event/win_fe_writing_local_admin_share.yml
+++ b/rules/windows/file_event/win_fe_writing_local_admin_share.yml
@@ -18,7 +18,7 @@ detection:
         - '\ADMIN$\'
   condition: selection 
 falsepositives:
-  - Unkown
+  - Unknown
 level: medium
 tags:
   - attack.lateral_movement