diff --git a/rules/windows/file_event/sysmon_hack_dumpert.yml b/rules/windows/file_event/sysmon_hack_dumpert.yml
index f8bdb838f..ac53c2043 100755
--- a/rules/windows/file_event/sysmon_hack_dumpert.yml
+++ b/rules/windows/file_event/sysmon_hack_dumpert.yml
@@ -10,9 +10,6 @@ date: 2020/02/04
 tags:
     - attack.credential_access
     - attack.t1003
-logsource:
-    category: file_event
-    product: windows
 falsepositives:
     - Very unlikely
 level: critical
@@ -26,8 +23,8 @@ detection:
     condition: selection
 ---
 logsource:
+    category: file_event
     product: windows
-    service: sysmon
 detection:
     selection: 
         TargetFilename: C:\Windows\Temp\dumpert.dmp
diff --git a/rules/windows/file_event/sysmon_tsclient_filewrite_startup.yml b/rules/windows/file_event/sysmon_tsclient_filewrite_startup.yml
index 65a61b0ea..194b75581 100755
--- a/rules/windows/file_event/sysmon_tsclient_filewrite_startup.yml
+++ b/rules/windows/file_event/sysmon_tsclient_filewrite_startup.yml
@@ -10,7 +10,7 @@ logsource:
 detection:
     selection:
         Image: '*\mstsc.exe'
-        TargetFileName: '*\Microsoft\Windows\Start Menu\Programs\Startup\\*'
+        TargetFilename: '*\Microsoft\Windows\Start Menu\Programs\Startup\\*'
     condition: selection
 falsepositives:
     - unknown
diff --git a/rules/windows/file_event/sysmon_wmi_persistence_script_event_consumer_write.yml b/rules/windows/file_event/sysmon_wmi_persistence_script_event_consumer_write.yml
index bc07ed69d..e519443ae 100755
--- a/rules/windows/file_event/sysmon_wmi_persistence_script_event_consumer_write.yml
+++ b/rules/windows/file_event/sysmon_wmi_persistence_script_event_consumer_write.yml
@@ -11,7 +11,7 @@ tags:
     - attack.persistence
 logsource:
     product: windows
-    category: file_created
+    category: file_event
 detection:
     selection:
         Image: 'C:\WINDOWS\system32\wbem\scrcons.exe'