diff --git a/rules/windows/builtin/win_susp_local_anon_logon_created.yml b/rules/windows/builtin/win_susp_local_anon_logon_created.yml
deleted file mode 100644
index d05c5fddf..000000000
--- a/rules/windows/builtin/win_susp_local_anon_logon_created.yml
+++ /dev/null
@@ -1,23 +0,0 @@
-title: Suspicious Windows ANONYMOUS LOGON Local Account Created
-status: experimental
-description: Detects the creation of suspicious accounts simliar to ANONYMOUS LOGON, such as using additional spaces. Created as an covering detection for exclusion of Logon Type 3 from ANONYMOUS LOGON accounts.
-references:
-    - https://twitter.com/SBousseaden/status/1189469425482829824
-author: James Pemberton / @4A616D6573
-date: 2019/10/31
-tags:
-    - attack.persistence
-    - attack.t1136
-logsource:
-    product: windows
-    service: security
-detection:
-    selection:
-        EventID:
-            - '4720'
-        user:
-            - '*ANONYMOUS*LOGON*'
-    condition: selection
-falsepositives:
-    - Unknown
-level: high