diff --git a/rules/windows/builtin/win_set_oabvirtualdirectory_externalurl.yml b/rules/windows/builtin/win_set_oabvirtualdirectory_externalurl.yml
index 4a728edbc..0aec83b3b 100644
--- a/rules/windows/builtin/win_set_oabvirtualdirectory_externalurl.yml
+++ b/rules/windows/builtin/win_set_oabvirtualdirectory_externalurl.yml
@@ -1,9 +1,10 @@
-title: Set OabVirtualDirectory ExternalUrl Property
+title: Exchange Set OabVirtualDirectory ExternalUrl Property
 id: 9db37458-4df2-46a5-95ab-307e7f29e675
-description: Rule to detect an adversary setting OabVirtualDirectory External URL property to a script
+description: Rule to detect an adversary setting OabVirtualDirectory External URL property to a script in Exchange Management log
 author: Jose Rodriguez @Cyb3rPandaH
 status: experimental
 date: 2021/03/15
+modified: 2021/11/15
 references:
     - https://twitter.com/OTR_Community/status/1371053369071132675
 tags:
diff --git a/rules/windows/malware/registry_event_mal_ursnif.yml b/rules/windows/malware/registry_event_mal_ursnif.yml
index 312770122..2cfe298b0 100644
--- a/rules/windows/malware/registry_event_mal_ursnif.yml
+++ b/rules/windows/malware/registry_event_mal_ursnif.yml
@@ -10,7 +10,7 @@ tags:
     - attack.t1112
 author: megan201296
 date: 2019/02/13
-modified: 2021/10/28
+modified: 2021/11/15
 logsource:
     product: windows
     category: registry_event
@@ -22,6 +22,7 @@ detection:
             - '\SOFTWARE\AppDataLow\Software\Microsoft\Internet Explorer\'
             - '\SOFTWARE\AppDataLow\Software\Microsoft\RepService\'
             - '\SOFTWARE\AppDataLow\Software\Microsoft\IME\'
+            - '\SOFTWARE\AppDataLow\Software\Microsoft\Edge\'
     condition: selection and not filter
 falsepositives:
     - Unknown