diff --git a/rules/windows/powershell/powershell_module/posh_pm_invoke_obfuscation_via_compress.yml b/rules/windows/powershell/powershell_module/posh_pm_invoke_obfuscation_via_compress.yml
index 3a1ca4c75..5bfdf1b38 100644
--- a/rules/windows/powershell/powershell_module/posh_pm_invoke_obfuscation_via_compress.yml
+++ b/rules/windows/powershell/powershell_module/posh_pm_invoke_obfuscation_via_compress.yml
@@ -21,7 +21,7 @@ logsource:
     definition: PowerShell Module Logging must be enabled
 detection:
     selection_4103:
-        Payload|conatins|all:
+        Payload|contains|all:
             - 'new-object'
             - 'text.encoding]::ascii'
         Payload|contains:
diff --git a/rules/windows/process_creation/proc_creation_win_lolbas_execution_of_wuauclt.yml b/rules/windows/process_creation/proc_creation_win_lolbas_execution_of_wuauclt.yml
index a192fc69c..bae3fad54 100644
--- a/rules/windows/process_creation/proc_creation_win_lolbas_execution_of_wuauclt.yml
+++ b/rules/windows/process_creation/proc_creation_win_lolbas_execution_of_wuauclt.yml
@@ -13,7 +13,7 @@ logsource:
 detection:
     selection:
         CommandLine|contains|all:
-            - 'wuauclt.exe
+            - 'wuauclt.exe'
             - '/UpdateDeploymentProvider'
             - '/Runhandlercomserver'
     filter: