diff --git a/rules/windows/builtin/win_alert_mimikatz_keywords.yml b/rules/windows/builtin/win_alert_mimikatz_keywords.yml
index db3ad7586..5ba0670cb 100644
--- a/rules/windows/builtin/win_alert_mimikatz_keywords.yml
+++ b/rules/windows/builtin/win_alert_mimikatz_keywords.yml
@@ -1,6 +1,8 @@
 title: Mimikatz Use
 description: This method detects mimikatz keywords in different Eventlogs (some of them only appear in older Mimikatz version that are however still used by different threat groups)
 author: Florian Roth
+date: 2017/01/10
+modified: 2019/10/11
 tags:
     - attack.s0002
     - attack.t1003
@@ -20,6 +22,8 @@ detection:
         - "* sekurlsa::logonpasswords *"
         - "* lsadump::sam *"
         - "* mimidrv.sys *"
+        - "* p::d *"
+        - "* s::l *"
     condition: keywords
 falsepositives:
     - Naughty administrators