diff --git a/rules/windows/file_event/sysmon_susp_pfx_file_creation.yml b/rules/windows/file_event/sysmon_susp_pfx_file_creation.yml
index e9e962736..8c010b15d 100644
--- a/rules/windows/file_event/sysmon_susp_pfx_file_creation.yml
+++ b/rules/windows/file_event/sysmon_susp_pfx_file_creation.yml
@@ -1,6 +1,6 @@
 title: Suspicious PFX File Creation
 id: dca1b3e8-e043-4ec8-85d7-867f334b5724
-description: A General detection for processes creating PFX files. This could be an inidicator of an adversary exporting a local certificate to a pfx file.
+description: A general detection for processes creating PFX files. This could be an indicator of an adversary exporting a local certificate to a PFX file.
 status: experimental
 date: 2020/05/02
 author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research)
@@ -18,5 +18,5 @@ detection:
         TargetFilename|endswith: '.pfx'
     condition: selection
 falsepositives:
-    - unknown
-level: medium
\ No newline at end of file
+    - System administrators managing certififcates.
+level: medium