diff --git a/rules/linux/lnx_base64_decode.yml b/rules/linux/process_creation/lnx_base64_decode.yml
similarity index 100%
rename from rules/linux/lnx_base64_decode.yml
rename to rules/linux/process_creation/lnx_base64_decode.yml
diff --git a/rules/linux/lnx_clear_logs.yml b/rules/linux/process_creation/lnx_clear_logs.yml
similarity index 100%
rename from rules/linux/lnx_clear_logs.yml
rename to rules/linux/process_creation/lnx_clear_logs.yml
diff --git a/rules/linux/lnx_file_and_directory_discovery.yml b/rules/linux/process_creation/lnx_file_and_directory_discovery.yml
similarity index 100%
rename from rules/linux/lnx_file_and_directory_discovery.yml
rename to rules/linux/process_creation/lnx_file_and_directory_discovery.yml
diff --git a/rules/linux/lnx_file_deletion.yml b/rules/linux/process_creation/lnx_file_deletion.yml
similarity index 100%
rename from rules/linux/lnx_file_deletion.yml
rename to rules/linux/process_creation/lnx_file_deletion.yml
diff --git a/rules/linux/lnx_install_root_certificate.yml b/rules/linux/process_creation/lnx_install_root_certificate.yml
similarity index 100%
rename from rules/linux/lnx_install_root_certificate.yml
rename to rules/linux/process_creation/lnx_install_root_certificate.yml
diff --git a/rules/linux/lnx_local_account.yml b/rules/linux/process_creation/lnx_local_account.yml
similarity index 100%
rename from rules/linux/lnx_local_account.yml
rename to rules/linux/process_creation/lnx_local_account.yml
diff --git a/rules/linux/lnx_local_groups.yml b/rules/linux/process_creation/lnx_local_groups.yml
similarity index 100%
rename from rules/linux/lnx_local_groups.yml
rename to rules/linux/process_creation/lnx_local_groups.yml
diff --git a/rules/linux/lnx_network_service_scanning.yml b/rules/linux/process_creation/lnx_network_service_scanning.yml
similarity index 100%
rename from rules/linux/lnx_network_service_scanning.yml
rename to rules/linux/process_creation/lnx_network_service_scanning.yml
diff --git a/rules/linux/lnx_process_discovery.yml b/rules/linux/process_creation/lnx_process_discovery.yml
similarity index 100%
rename from rules/linux/lnx_process_discovery.yml
rename to rules/linux/process_creation/lnx_process_discovery.yml
diff --git a/rules/linux/lnx_remote_system_discovery.yml b/rules/linux/process_creation/lnx_remote_system_discovery.yml
similarity index 100%
rename from rules/linux/lnx_remote_system_discovery.yml
rename to rules/linux/process_creation/lnx_remote_system_discovery.yml
diff --git a/rules/linux/lnx_schedule_task_job_cron.yml b/rules/linux/process_creation/lnx_schedule_task_job_cron.yml
similarity index 100%
rename from rules/linux/lnx_schedule_task_job_cron.yml
rename to rules/linux/process_creation/lnx_schedule_task_job_cron.yml
diff --git a/rules/linux/lnx_security_software_discovery.yml b/rules/linux/process_creation/lnx_security_software_discovery.yml
similarity index 100%
rename from rules/linux/lnx_security_software_discovery.yml
rename to rules/linux/process_creation/lnx_security_software_discovery.yml
diff --git a/rules/linux/lnx_security_tools_disabling.yml b/rules/linux/process_creation/lnx_security_tools_disabling.yml
similarity index 100%
rename from rules/linux/lnx_security_tools_disabling.yml
rename to rules/linux/process_creation/lnx_security_tools_disabling.yml
diff --git a/rules/linux/lnx_system_info_discovery.yml b/rules/linux/process_creation/lnx_system_info_discovery.yml
similarity index 100%
rename from rules/linux/lnx_system_info_discovery.yml
rename to rules/linux/process_creation/lnx_system_info_discovery.yml
diff --git a/rules/linux/lnx_system_network_connections_discovery.yml b/rules/linux/process_creation/lnx_system_network_connections_discovery.yml
similarity index 100%
rename from rules/linux/lnx_system_network_connections_discovery.yml
rename to rules/linux/process_creation/lnx_system_network_connections_discovery.yml
diff --git a/rules/windows/process_creation_stordiag_execution.yml b/rules/windows/process_creation/process_creation_stordiag_execution.yml
similarity index 100%
rename from rules/windows/process_creation_stordiag_execution.yml
rename to rules/windows/process_creation/process_creation_stordiag_execution.yml