diff --git a/rules/windows/sysmon/Monitor_executable_and_script_files_creation_by_Office_applications_using_file_extentions.yml b/rules/windows/sysmon/Monitor_executable_and_script_files_creation_by_Office_applications_using_file_extentions.yml
index 55229ae7d..01a3bfa45 100644
--- a/rules/windows/sysmon/Monitor_executable_and_script_files_creation_by_Office_applications_using_file_extentions.yml
+++ b/rules/windows/sysmon/Monitor_executable_and_script_files_creation_by_Office_applications_using_file_extentions.yml
@@ -1,4 +1,5 @@
 title: Created Executables and Files by Office Applications
+id: c7a74c80-ba5a-486e-9974-ab9e682bc5e4
 description: This rule will monitor executable and script file creation by office applications. Please add more file extentions or magic bytes to the logic of your choice.  
 references:
     - https://thedfirreport.com/2021/03/29/sodinokibi-aka-revil-ransomware/
@@ -9,9 +10,9 @@ tags:
     - attack.t1047
     - attack.t1218.010
     - attack.execution
-    - attack.defence_evasion
+    - attack.defense_evasion
 status: experimental
-Date: 2021/08/23
+date: 2021/08/23
 logsource:
   product: Windows
   category: file_event