diff --git a/rules/windows/image_load/sysmon_uac_bypass_via_dism.yml b/rules/windows/image_load/sysmon_uac_bypass_via_dism.yml
index 267be4008..08c909af2 100644
--- a/rules/windows/image_load/sysmon_uac_bypass_via_dism.yml
+++ b/rules/windows/image_load/sysmon_uac_bypass_via_dism.yml
@@ -1,4 +1,4 @@
-title: UAC bypass with fake dll
+title: UAC Bypass With Fake DLL
 id: a5ea83a7-05a5-44c1-be2e-addccbbd8c03
 status: experimental
 description: Attempts to load dismcore.dll after dropping it.
diff --git a/rules/windows/process_access/sysmon_load_undocumented_autoelevated_com_interface.yml b/rules/windows/process_access/sysmon_load_undocumented_autoelevated_com_interface.yml
index 72af4ad88..6ecb4f6f1 100644
--- a/rules/windows/process_access/sysmon_load_undocumented_autoelevated_com_interface.yml
+++ b/rules/windows/process_access/sysmon_load_undocumented_autoelevated_com_interface.yml
@@ -1,4 +1,4 @@
-title: load undocumented autoelevated com interface
+title: Load Undocumented Autoelevated COM Interface
 id: fb3722e4-1a06-46b6-b772-253e2e7db933
 status: experimental
 description: COM interface (EditionUpgradeManager) that is not used by standard executables.
diff --git a/rules/windows/registry_event/sysmon_bypass_via_wsreset.yml b/rules/windows/registry_event/sysmon_bypass_via_wsreset.yml
index 1038b255f..8ac1fdd55 100644
--- a/rules/windows/registry_event/sysmon_bypass_via_wsreset.yml
+++ b/rules/windows/registry_event/sysmon_bypass_via_wsreset.yml
@@ -1,4 +1,4 @@
-title: UAC bypass via wsreset
+title: UAC Bypass Via Wsreset
 id: 6ea3bf32-9680-422d-9f50-e90716b12a66
 status: experimental
 description: Unfixed method for UAC bypass from windows 10. WSReset.exe file associated with the Windows Store. It will run a binary file contained in a low-privilege registry.