diff --git a/rules/linux/auditd/lnx_auditd_system_info_discovery.yml b/rules/linux/auditd/lnx_auditd_system_info_discovery.yml
index ccfa1dd97..bece5830b 100644
--- a/rules/linux/auditd/lnx_auditd_system_info_discovery.yml
+++ b/rules/linux/auditd/lnx_auditd_system_info_discovery.yml
@@ -1,4 +1,4 @@
-title: System Information Discovery
+title: System Information Discovery - Auditd
 id: f34047d9-20d3-4e8b-8672-0a35cc50dc71
 status: test
 description: Detects System Information Discovery commands
@@ -7,7 +7,7 @@ references:
     - https://github.com/redcanaryco/atomic-red-team/blob/f339e7da7d05f6057fdfcdd3742bfcf365fee2a9/atomics/T1082/T1082.md
 author: 'Pawel Mazur'
 date: 2021/09/03
-modified: 2022/10/09
+modified: 2022/11/27
 tags:
     - attack.discovery
     - attack.t1082
diff --git a/rules/linux/process_creation/proc_creation_lnx_local_account.yml b/rules/linux/process_creation/proc_creation_lnx_local_account.yml
index 42244a2f5..8bd382f44 100644
--- a/rules/linux/process_creation/proc_creation_lnx_local_account.yml
+++ b/rules/linux/process_creation/proc_creation_lnx_local_account.yml
@@ -1,4 +1,4 @@
-title: Local System Accounts Discovery
+title: Local System Accounts Discovery - Linux
 id: b45e3d6f-42c6-47d8-a478-df6bd6cf534c
 status: test
 description: Detects enumeration of local systeam accounts. This information can help adversaries determine which local accounts exist on a system to aid in follow-on behavior.
@@ -6,7 +6,7 @@ references:
     - https://github.com/redcanaryco/atomic-red-team/blob/f339e7da7d05f6057fdfcdd3742bfcf365fee2a9/atomics/T1087.001/T1087.001.md
 author: Alejandro Ortuno, oscd.community
 date: 2020/10/08
-modified: 2022/09/15
+modified: 2022/11/27
 tags:
     - attack.discovery
     - attack.t1087.001
diff --git a/rules/linux/process_creation/proc_creation_lnx_local_groups.yml b/rules/linux/process_creation/proc_creation_lnx_local_groups.yml
index 17d1a3897..3cfe8edcd 100644
--- a/rules/linux/process_creation/proc_creation_lnx_local_groups.yml
+++ b/rules/linux/process_creation/proc_creation_lnx_local_groups.yml
@@ -1,4 +1,4 @@
-title: Local Groups Discovery
+title: Local Groups Discovery - Linux
 id: 676381a6-15ca-4d73-a9c8-6a22e970b90d
 status: test
 description: Detects enumeration of local system groups. Adversaries may attempt to find local system groups and permission settings
@@ -6,7 +6,7 @@ references:
     - https://github.com/redcanaryco/atomic-red-team/blob/f339e7da7d05f6057fdfcdd3742bfcf365fee2a9/atomics/T1069.001/T1069.001.md
 author: Ömer Günal, Alejandro Ortuno, oscd.community
 date: 2020/10/11
-modified: 2022/09/15
+modified: 2022/11/27
 tags:
     - attack.discovery
     - attack.t1069.001
diff --git a/rules/linux/process_creation/proc_creation_lnx_schedule_task_job_cron.yml b/rules/linux/process_creation/proc_creation_lnx_schedule_task_job_cron.yml
index b5aeb2910..b9f627587 100644
--- a/rules/linux/process_creation/proc_creation_lnx_schedule_task_job_cron.yml
+++ b/rules/linux/process_creation/proc_creation_lnx_schedule_task_job_cron.yml
@@ -1,4 +1,4 @@
-title: Scheduled Cron Task/Job
+title: Scheduled Cron Task/Job - Linux
 id: 6b14bac8-3e3a-4324-8109-42f0546a347f
 status: test
 description: Detects abuse of the cron utility to perform task scheduling for initial or recurring execution of malicious code. Detection will focus on crontab jobs uploaded from the tmp folder.
@@ -6,7 +6,7 @@ references:
     - https://github.com/redcanaryco/atomic-red-team/blob/f339e7da7d05f6057fdfcdd3742bfcf365fee2a9/atomics/T1053.003/T1053.003.md
 author: Alejandro Ortuno, oscd.community
 date: 2020/10/06
-modified: 2021/11/27
+modified: 2022/11/27
 tags:
     - attack.execution
     - attack.persistence
diff --git a/rules/linux/process_creation/proc_creation_lnx_security_software_discovery.yml b/rules/linux/process_creation/proc_creation_lnx_security_software_discovery.yml
index b5c8e8622..5101c2e75 100644
--- a/rules/linux/process_creation/proc_creation_lnx_security_software_discovery.yml
+++ b/rules/linux/process_creation/proc_creation_lnx_security_software_discovery.yml
@@ -1,4 +1,4 @@
-title: Security Software Discovery
+title: Security Software Discovery - Linux
 id: c9d8b7fd-78e4-44fe-88f6-599135d46d60
 status: test
 description: Detects usage of system utilities (only grep and egrep for now) to discover security software discovery
@@ -6,7 +6,7 @@ references:
     - https://github.com/redcanaryco/atomic-red-team/blob/f339e7da7d05f6057fdfcdd3742bfcf365fee2a9/atomics/T1518.001/T1518.001.md
 author: Daniil Yugoslavskiy, oscd.community
 date: 2020/10/19
-modified: 2022/09/15
+modified: 2022/11/27
 tags:
     - attack.discovery
     - attack.t1518.001
diff --git a/rules/linux/process_creation/proc_creation_lnx_system_network_connections_discovery.yml b/rules/linux/process_creation/proc_creation_lnx_system_network_connections_discovery.yml
index 3413ecc71..5b7a8efcb 100644
--- a/rules/linux/process_creation/proc_creation_lnx_system_network_connections_discovery.yml
+++ b/rules/linux/process_creation/proc_creation_lnx_system_network_connections_discovery.yml
@@ -1,4 +1,4 @@
-title: System Network Connections Discovery
+title: System Network Connections Discovery - Linux
 id: 4c519226-f0cd-4471-bd2f-6fbb2bb68a79
 status: test
 description: Detects usage of system utilities to discover system network connections
@@ -6,7 +6,7 @@ references:
     - https://github.com/redcanaryco/atomic-red-team/blob/f339e7da7d05f6057fdfcdd3742bfcf365fee2a9/atomics/T1049/T1049.md
 author: Daniil Yugoslavskiy, oscd.community
 date: 2020/10/19
-modified: 2021/11/27
+modified: 2022/11/27
 tags:
     - attack.discovery
     - attack.t1049
diff --git a/rules/macos/process_creation/proc_creation_macos_local_account.yml b/rules/macos/process_creation/proc_creation_macos_local_account.yml
index 10a487a74..51871afe3 100644
--- a/rules/macos/process_creation/proc_creation_macos_local_account.yml
+++ b/rules/macos/process_creation/proc_creation_macos_local_account.yml
@@ -1,4 +1,4 @@
-title: Local System Accounts Discovery
+title: Local System Accounts Discovery - MacOs
 id: ddf36b67-e872-4507-ab2e-46bda21b842c
 status: test
 description: Detects enumeration of local systeam accounts on MacOS
@@ -6,7 +6,7 @@ references:
     - https://github.com/redcanaryco/atomic-red-team/blob/f339e7da7d05f6057fdfcdd3742bfcf365fee2a9/atomics/T1087.001/T1087.001.md
 author: Alejandro Ortuno, oscd.community
 date: 2020/10/08
-modified: 2021/11/27
+modified: 2022/11/27
 tags:
     - attack.discovery
     - attack.t1087.001
diff --git a/rules/macos/process_creation/proc_creation_macos_local_groups.yml b/rules/macos/process_creation/proc_creation_macos_local_groups.yml
index 87baac1ad..43c241a02 100644
--- a/rules/macos/process_creation/proc_creation_macos_local_groups.yml
+++ b/rules/macos/process_creation/proc_creation_macos_local_groups.yml
@@ -1,4 +1,4 @@
-title: Local Groups Discovery
+title: Local Groups Discovery - MacOs
 id: 89bb1f97-c7b9-40e8-b52b-7d6afbd67276
 status: test
 description: Detects enumeration of local system groups
@@ -6,7 +6,7 @@ references:
     - https://github.com/redcanaryco/atomic-red-team/blob/f339e7da7d05f6057fdfcdd3742bfcf365fee2a9/atomics/T1069.001/T1069.001.md
 author: Ömer Günal, Alejandro Ortuno, oscd.community
 date: 2020/10/11
-modified: 2021/11/27
+modified: 2022/11/27
 tags:
     - attack.discovery
     - attack.t1069.001
diff --git a/rules/macos/process_creation/proc_creation_macos_schedule_task_job_cron.yml b/rules/macos/process_creation/proc_creation_macos_schedule_task_job_cron.yml
index 47143828d..08aebeaec 100644
--- a/rules/macos/process_creation/proc_creation_macos_schedule_task_job_cron.yml
+++ b/rules/macos/process_creation/proc_creation_macos_schedule_task_job_cron.yml
@@ -1,4 +1,4 @@
-title: Scheduled Cron Task/Job
+title: Scheduled Cron Task/Job - MacOs
 id: 7c3b43d8-d794-47d2-800a-d277715aa460
 status: test
 description: Detects abuse of the cron utility to perform task scheduling for initial or recurring execution of malicious code. Detection will focus on crontab jobs uploaded from the tmp folder.
@@ -6,7 +6,7 @@ references:
     - https://github.com/redcanaryco/atomic-red-team/blob/f339e7da7d05f6057fdfcdd3742bfcf365fee2a9/atomics/T1053.003/T1053.003.md
 author: Alejandro Ortuno, oscd.community
 date: 2020/10/06
-modified: 2021/11/27
+modified: 2022/11/27
 tags:
     - attack.execution
     - attack.persistence
diff --git a/rules/macos/process_creation/proc_creation_macos_security_software_discovery.yml b/rules/macos/process_creation/proc_creation_macos_security_software_discovery.yml
index bc0e12736..c07596097 100644
--- a/rules/macos/process_creation/proc_creation_macos_security_software_discovery.yml
+++ b/rules/macos/process_creation/proc_creation_macos_security_software_discovery.yml
@@ -1,4 +1,4 @@
-title: Security Software Discovery
+title: Security Software Discovery - MacOs
 id: 0ed75b9c-c73b-424d-9e7d-496cd565fbe0
 status: test
 description: Detects usage of system utilities (only grep for now) to discover security software discovery
@@ -6,7 +6,7 @@ references:
     - https://github.com/redcanaryco/atomic-red-team/blob/f339e7da7d05f6057fdfcdd3742bfcf365fee2a9/atomics/T1518.001/T1518.001.md
 author: Daniil Yugoslavskiy, oscd.community
 date: 2020/10/19
-modified: 2022/07/11
+modified: 2022/11/27
 tags:
     - attack.discovery
     - attack.t1518.001
diff --git a/rules/macos/process_creation/proc_creation_macos_system_network_connections_discovery.yml b/rules/macos/process_creation/proc_creation_macos_system_network_connections_discovery.yml
index 2d2fe47b0..600483487 100644
--- a/rules/macos/process_creation/proc_creation_macos_system_network_connections_discovery.yml
+++ b/rules/macos/process_creation/proc_creation_macos_system_network_connections_discovery.yml
@@ -1,4 +1,4 @@
-title: System Network Connections Discovery
+title: System Network Connections Discovery - MacOs
 id: 9a7a0393-2144-4626-9bf1-7c2f5a7321db
 status: test
 description: Detects usage of system utilities to discover system network connections
@@ -6,7 +6,7 @@ references:
     - https://github.com/redcanaryco/atomic-red-team/blob/f339e7da7d05f6057fdfcdd3742bfcf365fee2a9/atomics/T1049/T1049.md
 author: Daniil Yugoslavskiy, oscd.community
 date: 2020/10/19
-modified: 2021/11/27
+modified: 2022/11/27
 tags:
     - attack.discovery
     - attack.t1049
diff --git a/rules/network/firewall/net_firewall_high_dns_bytes_out.yml b/rules/network/firewall/net_firewall_high_dns_bytes_out.yml
index da3ba2036..9d372c6cf 100644
--- a/rules/network/firewall/net_firewall_high_dns_bytes_out.yml
+++ b/rules/network/firewall/net_firewall_high_dns_bytes_out.yml
@@ -1,10 +1,10 @@
-title: High DNS Bytes Out
+title: High DNS Bytes Out - Firewall
 id: 3b6e327d-8649-4102-993f-d25786481589
 status: test
 description: High DNS queries bytes amount from host per short period of time
 author: Daniil Yugoslavskiy, oscd.community
 date: 2019/10/24
-modified: 2022/10/09
+modified: 2022/11/27
 tags:
     - attack.exfiltration
     - attack.t1048.003
diff --git a/rules/network/firewall/net_firewall_high_dns_requests_rate.yml b/rules/network/firewall/net_firewall_high_dns_requests_rate.yml
index 274f5f5ca..6846b8625 100644
--- a/rules/network/firewall/net_firewall_high_dns_requests_rate.yml
+++ b/rules/network/firewall/net_firewall_high_dns_requests_rate.yml
@@ -1,10 +1,10 @@
-title: High DNS Requests Rate
+title: High DNS Requests Rate - Firewall
 id: 51186749-7415-46be-90e5-6914865c825a
 status: test
 description: High DNS requests amount from host per short period of time
 author: Daniil Yugoslavskiy, oscd.community
 date: 2019/10/24
-modified: 2022/10/09
+modified: 2022/11/27
 tags:
     - attack.exfiltration
     - attack.t1048.003
diff --git a/rules/proxy/proxy_ua_susp_base64.yml b/rules/proxy/proxy_ua_susp_base64.yml
index 593d5e1cd..1ed755ff8 100644
--- a/rules/proxy/proxy_ua_susp_base64.yml
+++ b/rules/proxy/proxy_ua_susp_base64.yml
@@ -1,4 +1,4 @@
-title: Suspicious User Agent
+title: Suspicious Base64 User Agent
 id: 894a8613-cf12-48b3-8e57-9085f54aa0c3
 status: experimental
 description: Detects suspicious User Agent strings that end with an equal sign, which can be a sign of base64 encoded values used as User Agent string
@@ -6,6 +6,7 @@ references:
     - https://blogs.jpcert.or.jp/en/2022/07/yamabot.html
 author: Florian Roth
 date: 2022/07/08
+modified: 2022/11/27
 tags:
     - attack.command_and_control
     - attack.t1071.001
diff --git a/rules/windows/builtin/bits_client/win_bits_client_uncommon_domain.yml b/rules/windows/builtin/bits_client/win_bits_client_uncommon_domain.yml
index 53c7f855d..9d0b5e856 100644
--- a/rules/windows/builtin/bits_client/win_bits_client_uncommon_domain.yml
+++ b/rules/windows/builtin/bits_client/win_bits_client_uncommon_domain.yml
@@ -1,4 +1,4 @@
-title: Suspicious Download with BITS from Suspicious TLD
+title: Suspicious Uncommon Download with BITS from Suspicious TLD
 id: 6d44fb93-e7d2-475c-9d3d-54c9c1e33427
 status: experimental
 description: Detects a suspicious download using the BITS client from a FQDN that is unusual. Adversaries may abuse BITS jobs to persistently execute or clean up after malicious payloads.
@@ -7,7 +7,7 @@ references:
     - https://twitter.com/malmoeb/status/1535142803075960832
 author: Florian Roth
 date: 2022/06/10
-modified: 2022/06/28
+modified: 2022/11/27
 tags:
     - attack.defense_evasion
     - attack.persistence
diff --git a/rules/windows/builtin/dns_server/win_apt_gallium.yml b/rules/windows/builtin/dns_server/win_apt_gallium.yml
index 38bd7f8cd..de0066356 100644
--- a/rules/windows/builtin/dns_server/win_apt_gallium.yml
+++ b/rules/windows/builtin/dns_server/win_apt_gallium.yml
@@ -1,4 +1,4 @@
-title: GALLIUM Artefacts
+title: GALLIUM Artefacts - Builtin
 id: 3db10f25-2527-4b79-8d4b-471eb900ee29
 related:
     - id: 440a56bf-7873-4439-940a-1c8a671073c2
diff --git a/rules/windows/builtin/msexchange/win_exchange_transportagent.yml b/rules/windows/builtin/msexchange/win_exchange_transportagent.yml
index fbd4acce9..ea2fd839a 100644
--- a/rules/windows/builtin/msexchange/win_exchange_transportagent.yml
+++ b/rules/windows/builtin/msexchange/win_exchange_transportagent.yml
@@ -1,4 +1,4 @@
-title: MSExchange Transport Agent Installation
+title: MSExchange Transport Agent Installation - Builtin
 id: 4fe151c2-ecf9-4fae-95ae-b88ec9c2fca6
 related:
     - id: 83809e84-4475-4b69-bc3e-4aad8568612f
@@ -9,7 +9,7 @@ references:
     - https://twitter.com/blueteamsec1/status/1401290874202382336?s=20
 author: Tobias Michalski
 date: 2021/06/08
-modified: 2022/10/09
+modified: 2022/11/27
 tags:
     - attack.persistence
     - attack.t1505.002
diff --git a/rules/windows/builtin/security/win_security_apt_chafer_mar18_security.yml b/rules/windows/builtin/security/win_security_apt_chafer_mar18_security.yml
index 591ea6d7a..8c5607501 100644
--- a/rules/windows/builtin/security/win_security_apt_chafer_mar18_security.yml
+++ b/rules/windows/builtin/security/win_security_apt_chafer_mar18_security.yml
@@ -1,4 +1,4 @@
-title: Chafer Activity
+title: Chafer Activity - Security
 id: c0580559-a6bd-4ef6-b9b7-83703d98b561
 related:
     - id: 53ba33fd-3a50-4468-a5ef-c583635cfa92
@@ -9,7 +9,7 @@ references:
     - https://nyotron.com/nyotron-discovers-next-generation-oilrig-attacks/
 author: Florian Roth, Markus Neis, Jonhnathan Ribeiro, Daniil Yugoslavskiy, oscd.community
 date: 2018/03/23
-modified: 2022/10/09
+modified: 2022/11/27
 tags:
     - attack.persistence
     - attack.g0049
diff --git a/rules/windows/builtin/security/win_security_apt_slingshot.yml b/rules/windows/builtin/security/win_security_apt_slingshot.yml
index ca7f44d23..65a7a1f37 100644
--- a/rules/windows/builtin/security/win_security_apt_slingshot.yml
+++ b/rules/windows/builtin/security/win_security_apt_slingshot.yml
@@ -1,4 +1,4 @@
-title: Defrag Deactivation
+title: Defrag Deactivation - Security
 id: c5a178bf-9cfb-4340-b584-e4df39b6a3e7
 related:
     - id: 958d81aa-8566-4cea-a565-59ccd4df27b0
@@ -9,7 +9,7 @@ references:
     - https://securelist.com/apt-slingshot/84312/
 author: Florian Roth, Bartlomiej Czyz (@bczyz1)
 date: 2019/03/04
-modified: 2022/10/09
+modified: 2022/11/27
 tags:
     - attack.persistence
     - attack.t1053
diff --git a/rules/windows/builtin/security/win_security_apt_wocao.yml b/rules/windows/builtin/security/win_security_apt_wocao.yml
index e52b075aa..1be1ab5ad 100644
--- a/rules/windows/builtin/security/win_security_apt_wocao.yml
+++ b/rules/windows/builtin/security/win_security_apt_wocao.yml
@@ -1,4 +1,4 @@
-title: Operation Wocao Activity
+title: Operation Wocao Activity - Security
 id: 74ad4314-482e-4c3e-b237-3f7ed3b9ca8d
 status: test
 description: Detects activity mentioned in Operation Wocao report
@@ -7,7 +7,7 @@ references:
     - https://twitter.com/SBousseaden/status/1207671369963646976
 author: Florian Roth, frack113
 date: 2019/12/20
-modified: 2022/10/09
+modified: 2022/11/27
 tags:
     - attack.discovery
     - attack.t1012
diff --git a/rules/windows/builtin/security/win_security_cobaltstrike_service_installs.yml b/rules/windows/builtin/security/win_security_cobaltstrike_service_installs.yml
index 2b4bdb2fb..6a25f5188 100644
--- a/rules/windows/builtin/security/win_security_cobaltstrike_service_installs.yml
+++ b/rules/windows/builtin/security/win_security_cobaltstrike_service_installs.yml
@@ -1,4 +1,4 @@
-title: CobaltStrike Service Installations
+title: CobaltStrike Service Installations - Security
 id: d7a95147-145f-4678-b85d-d1ff4a3bb3f6
 related:
     - id: 5a105d34-05fc-401e-8553-272b45c1522d
@@ -11,7 +11,7 @@ references:
     - https://thedfirreport.com/2021/08/29/cobalt-strike-a-defenders-guide/
 author: Florian Roth, Wojciech Lesicki
 date: 2021/05/26
-modified: 2022/10/09
+modified: 2022/11/27
 tags:
     - attack.execution
     - attack.privilege_escalation
diff --git a/rules/windows/builtin/security/win_security_invoke_obfuscation_clip_services_security.yml b/rules/windows/builtin/security/win_security_invoke_obfuscation_clip_services_security.yml
index 911017845..4b41c1fa9 100644
--- a/rules/windows/builtin/security/win_security_invoke_obfuscation_clip_services_security.yml
+++ b/rules/windows/builtin/security/win_security_invoke_obfuscation_clip_services_security.yml
@@ -1,4 +1,4 @@
-title: Invoke-Obfuscation CLIP+ Launcher
+title: Invoke-Obfuscation CLIP+ Launcher - Security
 id: 4edf51e1-cb83-4e1a-bc39-800e396068e3
 related:
     - id: f7385ee2-0e0c-11eb-adc1-0242ac120002
@@ -9,7 +9,7 @@ references:
     - https://github.com/Neo23x0/sigma/issues/1009  #(Task 26)
 author: Jonathan Cheong, oscd.community
 date: 2020/10/13
-modified: 2022/02/24
+modified: 2022/11/27
 tags:
     - attack.defense_evasion
     - attack.t1027
diff --git a/rules/windows/builtin/security/win_security_invoke_obfuscation_obfuscated_iex_services_security.yml b/rules/windows/builtin/security/win_security_invoke_obfuscation_obfuscated_iex_services_security.yml
index add553c9a..80bab3555 100644
--- a/rules/windows/builtin/security/win_security_invoke_obfuscation_obfuscated_iex_services_security.yml
+++ b/rules/windows/builtin/security/win_security_invoke_obfuscation_obfuscated_iex_services_security.yml
@@ -1,4 +1,4 @@
-title: Invoke-Obfuscation Obfuscated IEX Invocation
+title: Invoke-Obfuscation Obfuscated IEX Invocation - Security
 id: fd0f5778-d3cb-4c9a-9695-66759d04702a
 related:
     - id: 51aa9387-1c53-4153-91cc-d73c59ae1ca9
@@ -9,7 +9,7 @@ references:
     - https://github.com/danielbohannon/Invoke-Obfuscation/blob/f20e7f843edd0a3a7716736e9eddfa423395dd26/Out-ObfuscatedStringCommand.ps1#L873-L888
 author: Daniel Bohannon (@Mandiant/@FireEye), oscd.community
 date: 2019/11/08
-modified: 2022/07/11
+modified: 2022/11/27
 tags:
     - attack.defense_evasion
     - attack.t1027
diff --git a/rules/windows/builtin/system/win_system_apt_chafer_mar18_system.yml b/rules/windows/builtin/system/win_system_apt_chafer_mar18_system.yml
index fd01d1526..cfc406ed3 100644
--- a/rules/windows/builtin/system/win_system_apt_chafer_mar18_system.yml
+++ b/rules/windows/builtin/system/win_system_apt_chafer_mar18_system.yml
@@ -1,4 +1,4 @@
-title: Chafer Activity
+title: Chafer Activity - System
 id: 53ba33fd-3a50-4468-a5ef-c583635cfa92
 status: experimental
 description: Detects Chafer activity attributed to OilRig as reported in Nyotron report in March 2018
@@ -6,7 +6,7 @@ references:
     - https://nyotron.com/nyotron-discovers-next-generation-oilrig-attacks/
 author: Florian Roth, Markus Neis, Jonhnathan Ribeiro, Daniil Yugoslavskiy, oscd.community
 date: 2018/03/23
-modified: 2021/11/30
+modified: 2022/11/27
 tags:
     - attack.persistence
     - attack.g0049
diff --git a/rules/windows/builtin/system/win_system_cobaltstrike_service_installs.yml b/rules/windows/builtin/system/win_system_cobaltstrike_service_installs.yml
index 5e7dc1884..7c2dcf12c 100644
--- a/rules/windows/builtin/system/win_system_cobaltstrike_service_installs.yml
+++ b/rules/windows/builtin/system/win_system_cobaltstrike_service_installs.yml
@@ -1,4 +1,4 @@
-title: CobaltStrike Service Installations
+title: CobaltStrike Service Installations - System
 id: 5a105d34-05fc-401e-8553-272b45c1522d
 status: test
 description: Detects known malicious service installs that appear in cases in which a Cobalt Strike beacon elevates privileges or lateral movement
@@ -8,7 +8,7 @@ references:
     - https://thedfirreport.com/2021/08/29/cobalt-strike-a-defenders-guide/
 author: Florian Roth, Wojciech Lesicki
 date: 2021/05/26
-modified: 2022/10/09
+modified: 2022/11/27
 tags:
     - attack.execution
     - attack.privilege_escalation
diff --git a/rules/windows/builtin/system/win_system_invoke_obfuscation_clip_services.yml b/rules/windows/builtin/system/win_system_invoke_obfuscation_clip_services.yml
index 37a8b79c2..f931022e2 100644
--- a/rules/windows/builtin/system/win_system_invoke_obfuscation_clip_services.yml
+++ b/rules/windows/builtin/system/win_system_invoke_obfuscation_clip_services.yml
@@ -1,4 +1,4 @@
-title: Invoke-Obfuscation CLIP+ Launcher
+title: Invoke-Obfuscation CLIP+ Launcher - System
 id: f7385ee2-0e0c-11eb-adc1-0242ac120002
 status: experimental
 description: Detects Obfuscated use of Clip.exe to execute PowerShell
@@ -6,7 +6,7 @@ references:
     - https://github.com/Neo23x0/sigma/issues/1009  #(Task 26)
 author: Jonathan Cheong, oscd.community
 date: 2020/10/13
-modified: 2022/02/03
+modified: 2022/11/27
 tags:
     - attack.defense_evasion
     - attack.t1027
diff --git a/rules/windows/builtin/system/win_system_invoke_obfuscation_obfuscated_iex_services.yml b/rules/windows/builtin/system/win_system_invoke_obfuscation_obfuscated_iex_services.yml
index 8539a4f71..c30367ade 100644
--- a/rules/windows/builtin/system/win_system_invoke_obfuscation_obfuscated_iex_services.yml
+++ b/rules/windows/builtin/system/win_system_invoke_obfuscation_obfuscated_iex_services.yml
@@ -1,4 +1,4 @@
-title: Invoke-Obfuscation Obfuscated IEX Invocation
+title: Invoke-Obfuscation Obfuscated IEX Invocation - System
 id: 51aa9387-1c53-4153-91cc-d73c59ae1ca9
 status: experimental
 description: Detects all variations of obfuscated powershell IEX invocation code generated by Invoke-Obfuscation framework from the code block linked in the references
@@ -6,7 +6,7 @@ references:
     - https://github.com/danielbohannon/Invoke-Obfuscation/blob/f20e7f843edd0a3a7716736e9eddfa423395dd26/Out-ObfuscatedStringCommand.ps1#L873-L888
 author: Daniel Bohannon (@Mandiant/@FireEye), oscd.community
 date: 2019/11/08
-modified: 2022/07/11
+modified: 2022/11/27
 tags:
     - attack.defense_evasion
     - attack.t1027
diff --git a/rules/windows/powershell/powershell_module/posh_pm_invoke_obfuscation_clip.yml b/rules/windows/powershell/powershell_module/posh_pm_invoke_obfuscation_clip.yml
index 20e4882de..53ca1e6a4 100644
--- a/rules/windows/powershell/powershell_module/posh_pm_invoke_obfuscation_clip.yml
+++ b/rules/windows/powershell/powershell_module/posh_pm_invoke_obfuscation_clip.yml
@@ -1,4 +1,4 @@
-title: Invoke-Obfuscation CLIP+ Launcher
+title: Invoke-Obfuscation CLIP+ Launcher - PowerShell Module
 id: a136cde0-61ad-4a61-9b82-8dc490e60dd2
 related:
     - id: 73e67340-0d25-11eb-adc1-0242ac120002
@@ -9,7 +9,7 @@ references:
     - https://github.com/Neo23x0/sigma/issues/1009  #(Task 26)
 author: Jonathan Cheong, oscd.community
 date: 2020/10/13
-modified: 2021/10/16
+modified: 2022/11/27
 tags:
     - attack.defense_evasion
     - attack.t1027
diff --git a/rules/windows/powershell/powershell_module/posh_pm_invoke_obfuscation_obfuscated_iex.yml b/rules/windows/powershell/powershell_module/posh_pm_invoke_obfuscation_obfuscated_iex.yml
index 40e3d5feb..b273028d5 100644
--- a/rules/windows/powershell/powershell_module/posh_pm_invoke_obfuscation_obfuscated_iex.yml
+++ b/rules/windows/powershell/powershell_module/posh_pm_invoke_obfuscation_obfuscated_iex.yml
@@ -1,4 +1,4 @@
-title: Invoke-Obfuscation Obfuscated IEX Invocation
+title: Invoke-Obfuscation Obfuscated IEX Invocation - PowerShell Module
 id: 2f211361-7dce-442d-b78a-c04039677378
 related:
     - id: 1b9dc62e-6e9e-42a3-8990-94d7a10007f7
@@ -9,7 +9,7 @@ references:
     - https://github.com/danielbohannon/Invoke-Obfuscation/blob/f20e7f843edd0a3a7716736e9eddfa423395dd26/Out-ObfuscatedStringCommand.ps1#L873-L888
 author: Daniel Bohannon (@Mandiant/@FireEye), oscd.community
 date: 2019/11/08
-modified: 2021/10/16
+modified: 2022/11/27
 tags:
     - attack.defense_evasion
     - attack.t1027
diff --git a/rules/windows/powershell/powershell_script/posh_ps_invoke_obfuscation_clip.yml b/rules/windows/powershell/powershell_script/posh_ps_invoke_obfuscation_clip.yml
index 96704f6e1..fdc6069f9 100644
--- a/rules/windows/powershell/powershell_script/posh_ps_invoke_obfuscation_clip.yml
+++ b/rules/windows/powershell/powershell_script/posh_ps_invoke_obfuscation_clip.yml
@@ -1,4 +1,4 @@
-title: Invoke-Obfuscation CLIP+ Launcher
+title: Invoke-Obfuscation CLIP+ Launcher - PowerShell
 id: 73e67340-0d25-11eb-adc1-0242ac120002
 status: experimental
 description: Detects Obfuscated use of Clip.exe to execute PowerShell
@@ -6,7 +6,7 @@ references:
     - https://github.com/Neo23x0/sigma/issues/1009  #(Task 26)
 author: Jonathan Cheong, oscd.community
 date: 2020/10/13
-modified: 2021/10/16
+modified: 2022/11/27
 tags:
     - attack.defense_evasion
     - attack.t1027
diff --git a/rules/windows/powershell/powershell_script/posh_ps_invoke_obfuscation_obfuscated_iex.yml b/rules/windows/powershell/powershell_script/posh_ps_invoke_obfuscation_obfuscated_iex.yml
index 1b5f9451f..adda79cab 100644
--- a/rules/windows/powershell/powershell_script/posh_ps_invoke_obfuscation_obfuscated_iex.yml
+++ b/rules/windows/powershell/powershell_script/posh_ps_invoke_obfuscation_obfuscated_iex.yml
@@ -1,4 +1,4 @@
-title: Invoke-Obfuscation Obfuscated IEX Invocation
+title: Invoke-Obfuscation Obfuscated IEX Invocation - PowerShell
 id: 1b9dc62e-6e9e-42a3-8990-94d7a10007f7
 status: experimental
 description: Detects all variations of obfuscated powershell IEX invocation code generated by Invoke-Obfuscation framework from the following code block \u2014
@@ -6,7 +6,7 @@ references:
     - https://github.com/danielbohannon/Invoke-Obfuscation/blob/f20e7f843edd0a3a7716736e9eddfa423395dd26/Out-ObfuscatedStringCommand.ps1#L873-L888
 author: 'Daniel Bohannon (@Mandiant/@FireEye), oscd.community'
 date: 2019/11/08
-modified: 2022/01/27
+modified: 2022/11/27
 tags:
     - attack.defense_evasion
     - attack.t1027
diff --git a/rules/windows/process_creation/proc_creation_win_apt_gallium_sha1.yml b/rules/windows/process_creation/proc_creation_win_apt_gallium_sha1.yml
index fe87f7f1f..a0c9683b9 100644
--- a/rules/windows/process_creation/proc_creation_win_apt_gallium_sha1.yml
+++ b/rules/windows/process_creation/proc_creation_win_apt_gallium_sha1.yml
@@ -1,4 +1,4 @@
-title: GALLIUM Artefacts
+title: GALLIUM Sha1 Artefacts
 id: 440a56bf-7873-4439-940a-1c8a671073c2
 status: test
 description: Detects artefacts associated with activity group GALLIUM - Microsoft Threat Intelligence Center indicators released in December 2019.
diff --git a/rules/windows/registry/registry_event/registry_event_apt_chafer_mar18.yml b/rules/windows/registry/registry_event/registry_event_apt_chafer_mar18.yml
index 15a839943..6bf31e085 100644
--- a/rules/windows/registry/registry_event/registry_event_apt_chafer_mar18.yml
+++ b/rules/windows/registry/registry_event/registry_event_apt_chafer_mar18.yml
@@ -1,4 +1,4 @@
-title: Chafer Activity
+title: Chafer Activity - Registry
 id: 7bdf2a7c-3acc-4091-9581-0a77dad1c5b5
 related:
     - id: 53ba33fd-3a50-4468-a5ef-c583635cfa92
@@ -9,7 +9,7 @@ references:
     - https://nyotron.com/nyotron-discovers-next-generation-oilrig-attacks/
 author: Florian Roth, Markus Neis, Jonhnathan Ribeiro, Daniil Yugoslavskiy, oscd.community
 date: 2018/03/23
-modified: 2022/10/09
+modified: 2022/11/27
 tags:
     - attack.persistence
     - attack.g0049
diff --git a/rules/windows/registry/registry_event/registry_event_hybridconnectionmgr_svc_installation.yml b/rules/windows/registry/registry_event/registry_event_hybridconnectionmgr_svc_installation.yml
index a8cbe4848..8e0e5fecb 100644
--- a/rules/windows/registry/registry_event/registry_event_hybridconnectionmgr_svc_installation.yml
+++ b/rules/windows/registry/registry_event/registry_event_hybridconnectionmgr_svc_installation.yml
@@ -1,4 +1,4 @@
-title: HybridConnectionManager Service Installation
+title: HybridConnectionManager Service Installation - Registry
 id: ac8866c7-ce44-46fd-8c17-b24acff96ca8
 status: experimental
 description: Detects the installation of the Azure Hybrid Connection Manager service to allow remote code execution from Azure function.
@@ -6,7 +6,7 @@ references:
     - https://twitter.com/Cyb3rWard0g/status/1381642789369286662
 author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research)
 date: 2021/04/12
-modified: 2022/01/13
+modified: 2022/11/27
 tags:
     - attack.resource_development
     - attack.t1608