diff --git a/rules/windows/dns_query/dns_query_dns_hybridconnectionmgr_servicebus.yml b/rules/windows/dns_query/dns_query_hybridconnectionmgr_servicebus.yml
similarity index 100%
rename from rules/windows/dns_query/dns_query_dns_hybridconnectionmgr_servicebus.yml
rename to rules/windows/dns_query/dns_query_hybridconnectionmgr_servicebus.yml
diff --git a/rules/windows/dns_query/dns_mega_nz.yml b/rules/windows/dns_query/dns_query_mega_nz.yml
similarity index 100%
rename from rules/windows/dns_query/dns_mega_nz.yml
rename to rules/windows/dns_query/dns_query_mega_nz.yml
diff --git a/rules/windows/dns_query/sysmon_possible_dns_rebinding.yml b/rules/windows/dns_query/dns_query_possible_dns_rebinding.yml
similarity index 100%
rename from rules/windows/dns_query/sysmon_possible_dns_rebinding.yml
rename to rules/windows/dns_query/dns_query_possible_dns_rebinding.yml
diff --git a/rules/windows/driver_load/sysmon_susp_driver_load.yml b/rules/windows/driver_load/driver_load_susp_temp_use.yml
similarity index 100%
rename from rules/windows/driver_load/sysmon_susp_driver_load.yml
rename to rules/windows/driver_load/driver_load_susp_temp_use.yml
diff --git a/rules/windows/driver_load/sysmon_vuln_dell_driver_load.yml b/rules/windows/driver_load/driver_load_vuln_dell_driver.yml
similarity index 100%
rename from rules/windows/driver_load/sysmon_vuln_dell_driver_load.yml
rename to rules/windows/driver_load/driver_load_vuln_dell_driver.yml
diff --git a/rules/windows/driver_load/sysmon_windivert_driver_load.yml b/rules/windows/driver_load/driver_load_windivert.yml
similarity index 100%
rename from rules/windows/driver_load/sysmon_windivert_driver_load.yml
rename to rules/windows/driver_load/driver_load_windivert.yml
diff --git a/rules/windows/malware/win_mal_octopus_scanner.yml b/rules/windows/malware/file_event_mal_octopus_scanner.yml
similarity index 100%
rename from rules/windows/malware/win_mal_octopus_scanner.yml
rename to rules/windows/malware/file_event_mal_octopus_scanner.yml
diff --git a/rules/windows/malware/win_mal_blue_mockingbird.yml b/rules/windows/malware/process_creation_mal_blue_mockingbird.yml
similarity index 100%
rename from rules/windows/malware/win_mal_blue_mockingbird.yml
rename to rules/windows/malware/process_creation_mal_blue_mockingbird.yml
diff --git a/rules/windows/malware/win_mal_darkside.yml b/rules/windows/malware/process_creation_mal_darkside_ransomware.yml
similarity index 100%
rename from rules/windows/malware/win_mal_darkside.yml
rename to rules/windows/malware/process_creation_mal_darkside_ransomware.yml
diff --git a/rules/windows/malware/win_mal_lockergoga.yml b/rules/windows/malware/process_creation_mal_lockergoga_ransomware.yml
similarity index 100%
rename from rules/windows/malware/win_mal_lockergoga.yml
rename to rules/windows/malware/process_creation_mal_lockergoga_ransomware.yml
diff --git a/rules/windows/malware/win_mal_ryuk.yml b/rules/windows/malware/process_creation_mal_ryuk.yml
similarity index 100%
rename from rules/windows/malware/win_mal_ryuk.yml
rename to rules/windows/malware/process_creation_mal_ryuk.yml
diff --git a/rules/windows/malware/mal_azorult_reg.yml b/rules/windows/malware/registry_event_mal_azorult.yml
similarity index 100%
rename from rules/windows/malware/mal_azorult_reg.yml
rename to rules/windows/malware/registry_event_mal_azorult.yml
diff --git a/rules/windows/malware/win_mal_flowcloud.yml b/rules/windows/malware/registry_event_mal_flowcloud.yml
similarity index 100%
rename from rules/windows/malware/win_mal_flowcloud.yml
rename to rules/windows/malware/registry_event_mal_flowcloud.yml
diff --git a/rules/windows/malware/win_mal_ursnif.yml b/rules/windows/malware/registry_event_mal_ursnif.yml
similarity index 100%
rename from rules/windows/malware/win_mal_ursnif.yml
rename to rules/windows/malware/registry_event_mal_ursnif.yml