diff --git a/rules/windows/builtin/security/win_user_added_to_local_administrators.yml b/rules/windows/builtin/security/win_user_added_to_local_administrators.yml
index d5941fe2e..210553bf3 100644
--- a/rules/windows/builtin/security/win_user_added_to_local_administrators.yml
+++ b/rules/windows/builtin/security/win_user_added_to_local_administrators.yml
@@ -5,7 +5,7 @@ description: This rule triggers on user accounts that are added to the local Adm
 status: stable
 author: Florian Roth
 date: 2017/03/14
-modified: 2021/11/30
+modified: 2021/01/17
 tags:
     - attack.privilege_escalation
     - attack.t1078
diff --git a/rules/windows/builtin/security/win_user_creation.yml b/rules/windows/builtin/security/win_user_creation.yml
index 384e17516..69521c42f 100644
--- a/rules/windows/builtin/security/win_user_creation.yml
+++ b/rules/windows/builtin/security/win_user_creation.yml
@@ -6,7 +6,7 @@ author: Patrick Bareiss
 references:
   - https://patrick-bareiss.com/detecting-local-user-creation-in-ad-with-sigma/
 date: 2019/04/18
-modified: 2021/11/30
+modified: 2021/01/17
 logsource:
   product: windows
   service: security