diff --git a/rules/windows/other/applocker/win_applocker_file_was_not_allowed_to_run.yml b/rules/windows/builtin/applocker/win_applocker_file_was_not_allowed_to_run.yml
similarity index 100%
rename from rules/windows/other/applocker/win_applocker_file_was_not_allowed_to_run.yml
rename to rules/windows/builtin/applocker/win_applocker_file_was_not_allowed_to_run.yml
diff --git a/rules/windows/other/code_integrity/win_codeintegrity_failed_driver_load.yml b/rules/windows/builtin/code_integrity/win_codeintegrity_failed_driver_load.yml
similarity index 100%
rename from rules/windows/other/code_integrity/win_codeintegrity_failed_driver_load.yml
rename to rules/windows/builtin/code_integrity/win_codeintegrity_failed_driver_load.yml
diff --git a/rules/windows/other/dns_server/win_apt_gallium.yml b/rules/windows/builtin/dns_server/win_apt_gallium.yml
similarity index 100%
rename from rules/windows/other/dns_server/win_apt_gallium.yml
rename to rules/windows/builtin/dns_server/win_apt_gallium.yml
diff --git a/rules/windows/other/dns_server/win_susp_dns_config.yml b/rules/windows/builtin/dns_server/win_susp_dns_config.yml
similarity index 100%
rename from rules/windows/other/dns_server/win_susp_dns_config.yml
rename to rules/windows/builtin/dns_server/win_susp_dns_config.yml
diff --git a/rules/windows/other/driverframeworks/win_usb_device_plugged.yml b/rules/windows/builtin/driverframeworks/win_usb_device_plugged.yml
similarity index 100%
rename from rules/windows/other/driverframeworks/win_usb_device_plugged.yml
rename to rules/windows/builtin/driverframeworks/win_usb_device_plugged.yml
diff --git a/rules/windows/other/ldap/win_ldap_recon.yml b/rules/windows/builtin/ldap/win_ldap_recon.yml
similarity index 100%
rename from rules/windows/other/ldap/win_ldap_recon.yml
rename to rules/windows/builtin/ldap/win_ldap_recon.yml
diff --git a/rules/windows/other/msexchange/win_exchange_cve_2021_42321.yml b/rules/windows/builtin/msexchange/win_exchange_cve_2021_42321.yml
similarity index 100%
rename from rules/windows/other/msexchange/win_exchange_cve_2021_42321.yml
rename to rules/windows/builtin/msexchange/win_exchange_cve_2021_42321.yml
diff --git a/rules/windows/other/msexchange/win_exchange_proxylogon_oabvirtualdir.yml b/rules/windows/builtin/msexchange/win_exchange_proxylogon_oabvirtualdir.yml
similarity index 100%
rename from rules/windows/other/msexchange/win_exchange_proxylogon_oabvirtualdir.yml
rename to rules/windows/builtin/msexchange/win_exchange_proxylogon_oabvirtualdir.yml
diff --git a/rules/windows/other/msexchange/win_exchange_proxyshell_certificate_generation.yml b/rules/windows/builtin/msexchange/win_exchange_proxyshell_certificate_generation.yml
similarity index 100%
rename from rules/windows/other/msexchange/win_exchange_proxyshell_certificate_generation.yml
rename to rules/windows/builtin/msexchange/win_exchange_proxyshell_certificate_generation.yml
diff --git a/rules/windows/other/msexchange/win_exchange_proxyshell_mailbox_export.yml b/rules/windows/builtin/msexchange/win_exchange_proxyshell_mailbox_export.yml
similarity index 100%
rename from rules/windows/other/msexchange/win_exchange_proxyshell_mailbox_export.yml
rename to rules/windows/builtin/msexchange/win_exchange_proxyshell_mailbox_export.yml
diff --git a/rules/windows/other/msexchange/win_exchange_proxyshell_remove_mailbox_export.yml b/rules/windows/builtin/msexchange/win_exchange_proxyshell_remove_mailbox_export.yml
similarity index 100%
rename from rules/windows/other/msexchange/win_exchange_proxyshell_remove_mailbox_export.yml
rename to rules/windows/builtin/msexchange/win_exchange_proxyshell_remove_mailbox_export.yml
diff --git a/rules/windows/other/msexchange/win_exchange_transportagent.yml b/rules/windows/builtin/msexchange/win_exchange_transportagent.yml
similarity index 100%
rename from rules/windows/other/msexchange/win_exchange_transportagent.yml
rename to rules/windows/builtin/msexchange/win_exchange_transportagent.yml
diff --git a/rules/windows/other/msexchange/win_exchange_transportagent_failed.yml b/rules/windows/builtin/msexchange/win_exchange_transportagent_failed.yml
similarity index 100%
rename from rules/windows/other/msexchange/win_exchange_transportagent_failed.yml
rename to rules/windows/builtin/msexchange/win_exchange_transportagent_failed.yml
diff --git a/rules/windows/other/msexchange/win_set_oabvirtualdirectory_externalurl.yml b/rules/windows/builtin/msexchange/win_set_oabvirtualdirectory_externalurl.yml
similarity index 100%
rename from rules/windows/other/msexchange/win_set_oabvirtualdirectory_externalurl.yml
rename to rules/windows/builtin/msexchange/win_set_oabvirtualdirectory_externalurl.yml
diff --git a/rules/windows/other/ntlm/win_susp_ntlm_auth.yml b/rules/windows/builtin/ntlm/win_susp_ntlm_auth.yml
similarity index 100%
rename from rules/windows/other/ntlm/win_susp_ntlm_auth.yml
rename to rules/windows/builtin/ntlm/win_susp_ntlm_auth.yml
diff --git a/rules/windows/other/ntlm/win_susp_ntlm_rdp.yml b/rules/windows/builtin/ntlm/win_susp_ntlm_rdp.yml
similarity index 100%
rename from rules/windows/other/ntlm/win_susp_ntlm_rdp.yml
rename to rules/windows/builtin/ntlm/win_susp_ntlm_rdp.yml
diff --git a/rules/windows/other/printservice/win_exploit_cve_2021_1675_printspooler.yml b/rules/windows/builtin/printservice/win_exploit_cve_2021_1675_printspooler.yml
similarity index 100%
rename from rules/windows/other/printservice/win_exploit_cve_2021_1675_printspooler.yml
rename to rules/windows/builtin/printservice/win_exploit_cve_2021_1675_printspooler.yml
diff --git a/rules/windows/other/printservice/win_exploit_cve_2021_1675_printspooler_operational.yml b/rules/windows/builtin/printservice/win_exploit_cve_2021_1675_printspooler_operational.yml
similarity index 100%
rename from rules/windows/other/printservice/win_exploit_cve_2021_1675_printspooler_operational.yml
rename to rules/windows/builtin/printservice/win_exploit_cve_2021_1675_printspooler_operational.yml
diff --git a/rules/windows/other/servicebus/win_hybridconnectionmgr_svc_running.yml b/rules/windows/builtin/servicebus/win_hybridconnectionmgr_svc_running.yml
similarity index 100%
rename from rules/windows/other/servicebus/win_hybridconnectionmgr_svc_running.yml
rename to rules/windows/builtin/servicebus/win_hybridconnectionmgr_svc_running.yml
diff --git a/rules/windows/other/smbclient/win_susp_failed_guest_logon.yml b/rules/windows/builtin/smbclient/win_susp_failed_guest_logon.yml
similarity index 100%
rename from rules/windows/other/smbclient/win_susp_failed_guest_logon.yml
rename to rules/windows/builtin/smbclient/win_susp_failed_guest_logon.yml
diff --git a/rules/windows/other/taskscheduler/win_rare_schtask_creation.yml b/rules/windows/builtin/taskscheduler/win_rare_schtask_creation.yml
similarity index 100%
rename from rules/windows/other/taskscheduler/win_rare_schtask_creation.yml
rename to rules/windows/builtin/taskscheduler/win_rare_schtask_creation.yml
diff --git a/rules/windows/other/windefend/win_alert_lsass_access.yml b/rules/windows/builtin/windefend/win_alert_lsass_access.yml
similarity index 100%
rename from rules/windows/other/windefend/win_alert_lsass_access.yml
rename to rules/windows/builtin/windefend/win_alert_lsass_access.yml
diff --git a/rules/windows/other/windefend/win_defender_amsi_trigger.yml b/rules/windows/builtin/windefend/win_defender_amsi_trigger.yml
similarity index 100%
rename from rules/windows/other/windefend/win_defender_amsi_trigger.yml
rename to rules/windows/builtin/windefend/win_defender_amsi_trigger.yml
diff --git a/rules/windows/other/windefend/win_defender_disabled.yml b/rules/windows/builtin/windefend/win_defender_disabled.yml
similarity index 100%
rename from rules/windows/other/windefend/win_defender_disabled.yml
rename to rules/windows/builtin/windefend/win_defender_disabled.yml
diff --git a/rules/windows/other/windefend/win_defender_exclusions.yml b/rules/windows/builtin/windefend/win_defender_exclusions.yml
similarity index 100%
rename from rules/windows/other/windefend/win_defender_exclusions.yml
rename to rules/windows/builtin/windefend/win_defender_exclusions.yml
diff --git a/rules/windows/other/windefend/win_defender_history_delete.yml b/rules/windows/builtin/windefend/win_defender_history_delete.yml
similarity index 100%
rename from rules/windows/other/windefend/win_defender_history_delete.yml
rename to rules/windows/builtin/windefend/win_defender_history_delete.yml
diff --git a/rules/windows/other/windefend/win_defender_psexec_wmi_asr.yml b/rules/windows/builtin/windefend/win_defender_psexec_wmi_asr.yml
similarity index 100%
rename from rules/windows/other/windefend/win_defender_psexec_wmi_asr.yml
rename to rules/windows/builtin/windefend/win_defender_psexec_wmi_asr.yml
diff --git a/rules/windows/other/windefend/win_defender_tamper_protection_trigger.yml b/rules/windows/builtin/windefend/win_defender_tamper_protection_trigger.yml
similarity index 100%
rename from rules/windows/other/windefend/win_defender_tamper_protection_trigger.yml
rename to rules/windows/builtin/windefend/win_defender_tamper_protection_trigger.yml
diff --git a/rules/windows/other/windefend/win_defender_threat.yml b/rules/windows/builtin/windefend/win_defender_threat.yml
similarity index 100%
rename from rules/windows/other/windefend/win_defender_threat.yml
rename to rules/windows/builtin/windefend/win_defender_threat.yml
diff --git a/rules/windows/other/wmi/win_wmi_persistence.yml b/rules/windows/builtin/wmi/win_wmi_persistence.yml
similarity index 100%
rename from rules/windows/other/wmi/win_wmi_persistence.yml
rename to rules/windows/builtin/wmi/win_wmi_persistence.yml