diff --git a/rules/windows/sysmon/sysmon_susp_renamed_debugview.yml b/rules/windows/process_creation/win_susp_renamed_debugview.yml
similarity index 93%
rename from rules/windows/sysmon/sysmon_susp_renamed_debugview.yml
rename to rules/windows/process_creation/win_susp_renamed_debugview.yml
index 065bc8919..dcab5bd63 100644
--- a/rules/windows/sysmon/sysmon_susp_renamed_debugview.yml
+++ b/rules/windows/process_creation/win_susp_renamed_debugview.yml
@@ -7,11 +7,10 @@ references:
 author: Florian Roth
 date: 2020/05/28
 logsource:
+    category: process_creation
     product: windows
-    service: sysmon
 detection:
     selection:
-        EventID: 1
         Product: 
             - 'Sysinternals DebugView'
             - 'Sysinternals Debugview'