diff --git a/tests/test_rules.py b/tests/test_rules.py
index 6dadd9c81..d50ccb5e0 100755
--- a/tests/test_rules.py
+++ b/tests/test_rules.py
@@ -292,7 +292,21 @@ class TestRules(unittest.TestCase):
             with open(file, encoding='utf-8') as f:
                 for line in f:
                     if re.search(r'.*EventID: (?:1|4688)\s*$', line) and file not in faulty_detections:
-                        faulty_detections.append(file)
+                        detection = self.get_rule_part(file_path=file, part_name="detection")
+                        if detection:
+                            for search_identifier in detection:
+                                if isinstance(detection[search_identifier], dict):
+                                    for field in detection[search_identifier]:
+                                        if "Provider_Name" in field:
+                                            if isinstance(detection[search_identifier]["Provider_Name"], list):
+                                                for value in detection[search_identifier]["Provider_Name"]:
+                                                    if "Microsoft-Windows-Security-Auditing" in value or "Microsoft-Windows-Sysmon" in value:
+                                                        if file not in faulty_detections:
+                                                            faulty_detections.append(file)
+                                            else:
+                                                if "Microsoft-Windows-Security-Auditing" in detection[search_identifier]["Provider_Name"] or "Microsoft-Windows-Sysmon" in detection[search_identifier]["Provider_Name"]:
+                                                    if file not in faulty_detections:
+                                                            faulty_detections.append(file)
 
         self.assertEqual(faulty_detections, [], Fore.YELLOW +
                          "There are rules still using Sysmon 1 or Event ID 4688. Please migrate to the process_creation category.")
@@ -749,7 +763,7 @@ class TestRules(unittest.TestCase):
             if len(yaml) > 1:
                 continue
 
-            # this propably is not the best way to check whether
+            # this probably is not the best way to check whether
             # title is the attribute given in the 1st line
             # (also assumes dict keeps the order from the input file)
             if list(yaml[0].keys())[0] != "title":
@@ -854,6 +868,24 @@ class TestRules(unittest.TestCase):
         self.assertEqual(faulty_rules, [], Fore.RED +
                          "There are rules with unused selections")
 
+    def test_field_name_typo(self):
+        # add "OriginalFilename" after Aurora switched to SourceFilename
+        # add "ProviderName" after special case powershell classic is resolved
+        typos = ["ServiceFilename", "TargetFileName", "SourceFileName", "Commandline", "Targetobject"]
+        faulty_rules = []
+        for file in self.yield_next_rule_file_path(self.path_to_rules):
+            detection = self.get_rule_part(file_path=file, part_name="detection")
+            if detection:
+                for search_identifier in detection:
+                    if isinstance(detection[search_identifier], dict):
+                        for field in detection[search_identifier]:
+                            for typo in typos:
+                                if typo in field:
+                                    print(Fore.RED + "Rule {} has a common typo ({}) in selection ({}/{})".format(file, typo, search_identifier, field))
+                                    faulty_rules.append(file)
+
+        self.assertEqual(faulty_rules, [], Fore.RED + "There are rules with common typos in field names.")
+
     def test_unknown_value_modifier(self):
         known_modifiers = ["contains", "startswith", "endswith", "all", "base64offset", "base64", "utf16le", "utf16be", "wide", "utf16", "windash", "re"]
         faulty_rules = []