diff --git a/rules/windows/builtin/win_psexesvc_start.yml b/rules/windows/builtin/win_psexesvc_start.yml
index 08e517099..bfd47e750 100644
--- a/rules/windows/builtin/win_psexesvc_start.yml
+++ b/rules/windows/builtin/win_psexesvc_start.yml
@@ -15,7 +15,7 @@ detection:
     selection:
         EventID: 4688
         ProcessCommandLine: 'C:\Windows\PSEXESVC.exe'
-    condition: 1 of them
+    condition: selection
 falsepositives:
     - Administrative activity
 level: low
\ No newline at end of file
diff --git a/rules/windows/sysmon/sysmon_win_reg_persistence.yml b/rules/windows/sysmon/sysmon_win_reg_persistence.yml
index 27dd71e66..0b9727168 100644
--- a/rules/windows/sysmon/sysmon_win_reg_persistence.yml
+++ b/rules/windows/sysmon/sysmon_win_reg_persistence.yml
@@ -15,7 +15,7 @@ detection:
             - '*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\\*\ReportingMode'
             - '*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\\*\MonitorProcess'
         EventType: 'SetValue'
-    condition: 1 of them
+    condition: selection_reg1
 tags:
     - attack.privilege_escalation
     - attack.persistence