diff --git a/rules/windows/image_load/image_load_side_load_advapi32.yml b/rules-deprecated/windows/image_load_side_load_advapi32.yml
similarity index 96%
rename from rules/windows/image_load/image_load_side_load_advapi32.yml
rename to rules-deprecated/windows/image_load_side_load_advapi32.yml
index 935fef1fe..bd5053cbc 100644
--- a/rules/windows/image_load/image_load_side_load_advapi32.yml
+++ b/rules-deprecated/windows/image_load_side_load_advapi32.yml
@@ -1,12 +1,12 @@
 title: Suspicious Load of Advapi31.dll
 id: d813d662-785b-42ca-8b4a-f7457d78d5a9
-status: test
+status: deprecated
 description: Detects the load of advapi31.dll by a process running in an uncommon folder
 references:
     - https://github.com/hlldz/Phant0m
 author: frack113
 date: 2022/02/03
-modified: 2022/02/11
+modified: 2023/03/15
 tags:
     - attack.defense_evasion
     - attack.t1070
diff --git a/rules/windows/image_load/image_load_side_load_aruba_networks_virtual_intranet_access.yml b/rules/windows/image_load/image_load_side_load_aruba_networks_virtual_intranet_access.yml
index d3936c225..008402209 100644
--- a/rules/windows/image_load/image_load_side_load_aruba_networks_virtual_intranet_access.yml
+++ b/rules/windows/image_load/image_load_side_load_aruba_networks_virtual_intranet_access.yml
@@ -6,6 +6,7 @@ references:
     - https://twitter.com/wdormann/status/1616581559892545537?t=XLCBO9BziGzD7Bmbt8oMEQ&s=09
 author: Nasreddine Bencherchali (Nextron Systems)
 date: 2023/01/22
+modified: 2023/03/15
 tags:
     - attack.privilege_escalation
     - attack.persistence
@@ -41,4 +42,4 @@ detection:
     condition: selection and not filter
 falsepositives:
     - Unknown
-level: medium
+level: high
diff --git a/rules/windows/image_load/image_load_side_load_coregen.yml b/rules/windows/image_load/image_load_side_load_coregen.yml
index a97e66ad2..9dc7dbeef 100644
--- a/rules/windows/image_load/image_load_side_load_coregen.yml
+++ b/rules/windows/image_load/image_load_side_load_coregen.yml
@@ -17,7 +17,7 @@ detection:
     selection:
         Image|endswith: '\coregen.exe'
     filter:
-        ImageLoaded|startswith: 
+        ImageLoaded|startswith:
             - 'C:\Windows\System32\'
             - 'C:\Windows\SysWOW64\'
             - 'C:\Program Files\Microsoft Silverlight\'
diff --git a/rules/windows/image_load/image_load_side_load_dbgcore_dll.yml b/rules/windows/image_load/image_load_side_load_dbgcore_dll.yml
index 2a7e92623..0ebfc7f14 100644
--- a/rules/windows/image_load/image_load_side_load_dbgcore_dll.yml
+++ b/rules/windows/image_load/image_load_side_load_dbgcore_dll.yml
@@ -6,7 +6,7 @@ references:
     - https://hijacklibs.net/ # For list of DLLs that could be sideloaded (search for dlls mentioned here in there)
 author: Nasreddine Bencherchali (Nextron Systems), Wietze Beukema (project and research)
 date: 2022/10/25
-modified: 2022/10/28
+modified: 2023/03/15
 tags:
     - attack.defense_evasion
     - attack.persistence
@@ -28,9 +28,9 @@ detection:
             - 'C:\Windows\SystemTemp\'
             - 'C:\Program Files (x86)\'
             - 'C:\Program Files\'
-    filter_steam:
-        ImageLoaded|endswith: '\Steam\bin\cef\cef.win7x64\dbgcore.dll'
+    #filter_steam:
+    #    ImageLoaded|endswith: '\Steam\bin\cef\cef.win7x64\dbgcore.dll'
     condition: selection and not 1 of filter_*
 falsepositives:
     - Legitimate applications loading their own versions of the DLL mentioned in this rule
-level: medium
+level: high
diff --git a/rules/windows/image_load/image_load_side_load_dbghelp_dll.yml b/rules/windows/image_load/image_load_side_load_dbghelp_dll.yml
index e88284af9..9bcedcfa8 100644
--- a/rules/windows/image_load/image_load_side_load_dbghelp_dll.yml
+++ b/rules/windows/image_load/image_load_side_load_dbghelp_dll.yml
@@ -6,7 +6,7 @@ references:
     - https://hijacklibs.net/ # For list of DLLs that could be sideloaded (search for dlls mentioned here in there)
 author: Nasreddine Bencherchali (Nextron Systems), Wietze Beukema (project and research)
 date: 2022/10/25
-modified: 2022/10/28
+modified: 2023/03/15
 tags:
     - attack.defense_evasion
     - attack.persistence
@@ -36,4 +36,4 @@ detection:
     condition: selection and not 1 of filter_*
 falsepositives:
     - Legitimate applications loading their own versions of the DLL mentioned in this rule
-level: medium
+level: high
diff --git a/rules/windows/image_load/image_load_side_load_from_non_system_location.yml b/rules/windows/image_load/image_load_side_load_from_non_system_location.yml
index d6e1d57db..458a53329 100644
--- a/rules/windows/image_load/image_load_side_load_from_non_system_location.yml
+++ b/rules/windows/image_load/image_load_side_load_from_non_system_location.yml
@@ -9,7 +9,7 @@ references:
     - https://github.com/XForceIR/SideLoadHunter/blob/cc7ef2e5d8908279b0c4cee4e8b6f85f7b8eed52/SideLoads/README.md # XForceIR (SideLoadHunter Project), Chris Spehn (research WFH Dridex)
 author: Nasreddine Bencherchali (Nextron Systems)
 date: 2022/08/14
-modified: 2023/02/28
+modified: 2023/03/15
 tags:
     - attack.defense_evasion
     - attack.persistence
@@ -468,4 +468,4 @@ detection:
     condition: selection and not 1 of filter_*
 falsepositives:
     - Legitimate applications loading their own versions of the DLLs mentioned in this rule
-level: medium
+level: high
diff --git a/rules/windows/image_load/image_load_side_load_office_dlls.yml b/rules/windows/image_load/image_load_side_load_office_dlls.yml
index 0b5daf8cc..3ad585cdd 100644
--- a/rules/windows/image_load/image_load_side_load_office_dlls.yml
+++ b/rules/windows/image_load/image_load_side_load_office_dlls.yml
@@ -6,6 +6,7 @@ references:
     - https://hijacklibs.net/ # For list of DLLs that could be sideloaded (search for dlls mentioned here in there)
 author: Nasreddine Bencherchali (Nextron Systems), Wietze Beukema (project and research)
 date: 2022/08/17
+modified: 2023/03/15
 tags:
     - attack.defense_evasion
     - attack.persistence
@@ -27,4 +28,4 @@ detection:
     condition: selection and not filter
 falsepositives:
     - Unlikely
-level: medium
+level: high
diff --git a/rules/windows/image_load/image_load_side_load_rcdll.yml b/rules/windows/image_load/image_load_side_load_rcdll.yml
index e6538c6f9..e9e3cf5dd 100644
--- a/rules/windows/image_load/image_load_side_load_rcdll.yml
+++ b/rules/windows/image_load/image_load_side_load_rcdll.yml
@@ -6,6 +6,7 @@ references:
     - https://www.trendmicro.com/en_us/research/23/c/iron-tiger-sysupdate-adds-linux-targeting.html
 author: X__Junior
 date: 2023/03/13
+modified: 2023/03/15
 tags:
     - attack.defense_evasion
     - attack.privilege_escalation
@@ -24,4 +25,4 @@ detection:
     condition: selection and not filter
 falsepositives:
     - Unknown
-level: medium
+level: high
diff --git a/rules/windows/image_load/image_load_side_load_wazuh.yml b/rules/windows/image_load/image_load_side_load_wazuh.yml
index 8b1b7c7da..5e7fbe99a 100644
--- a/rules/windows/image_load/image_load_side_load_wazuh.yml
+++ b/rules/windows/image_load/image_load_side_load_wazuh.yml
@@ -6,6 +6,7 @@ references:
     - https://www.trendmicro.com/en_us/research/23/c/iron-tiger-sysupdate-adds-linux-targeting.html
 author: X__Junior
 date: 2023/03/13
+modified: 2023/03/15
 tags:
     - attack.defense_evasion
     - attack.persistence
@@ -28,4 +29,4 @@ detection:
     condition: selection and not filter
 falsepositives:
     - Unknown
-level: medium
+level: high