diff --git a/rules/windows/builtin/security_mitigations/win_security_mitigations_defender_load_unsigned_dll.yml b/rules/windows/builtin/security_mitigations/win_security_mitigations_defender_load_unsigned_dll.yml
index e1cdc5070..aa7d64829 100644
--- a/rules/windows/builtin/security_mitigations/win_security_mitigations_defender_load_unsigned_dll.yml
+++ b/rules/windows/builtin/security_mitigations/win_security_mitigations_defender_load_unsigned_dll.yml
@@ -6,13 +6,13 @@ references:
     - https://www.sentinelone.com/blog/living-off-windows-defender-lockbit-ransomware-sideloads-cobalt-strike-through-microsoft-security-tool
 author: Bhabesh Raj
 date: 2022/08/02
-modified: 2022/08/05
+modified: 2022/09/28
 tags:
     - attack.defense_evasion
     - attack.t1574.002
 logsource:
     product: windows
-    category: security-mitigations
+    service: security-mitigations
 detection:
     selection:
         EventID:
diff --git a/rules/windows/builtin/security_mitigations/win_security_mitigations_unsigned_dll_from_susp_location.yml b/rules/windows/builtin/security_mitigations/win_security_mitigations_unsigned_dll_from_susp_location.yml
index 6c202bf1c..5e2c4ddce 100644
--- a/rules/windows/builtin/security_mitigations/win_security_mitigations_unsigned_dll_from_susp_location.yml
+++ b/rules/windows/builtin/security_mitigations/win_security_mitigations_unsigned_dll_from_susp_location.yml
@@ -6,13 +6,13 @@ references:
     - https://github.com/nasbench/EVTX-ETW-Resources/blob/45fd5be71a51aa518b1b36d4e1f36af498084e27/ETWEventsList/CSV/Windows11/21H2/W11_21H2_Pro_20220719_22000.795/Providers/Microsoft-Windows-Security-Mitigations.csv
 author: Nasreddine Bencherchali
 date: 2022/08/03
-modified: 2022/08/05
+modified: 2022/09/28
 tags:
     - attack.defense_evasion
     - attack.t1574.002
 logsource:
     product: windows
-    category: security-mitigations
+    service: security-mitigations
 detection:
     selection:
         EventID:
diff --git a/tools/config/generic/windows-services.yml b/tools/config/generic/windows-services.yml
index 0ca38a90f..11bc25aa4 100644
--- a/tools/config/generic/windows-services.yml
+++ b/tools/config/generic/windows-services.yml
@@ -176,3 +176,8 @@ logsources:
         service: shell-core
         conditions:
             Channel: 'Microsoft-Windows-Shell-Core/Operational'
+    security-mitigations:
+        product: windows
+        service: security-mitigations
+        conditions:
+            Provider_Name: 'Microsoft-Windows-Security-Mitigations'
\ No newline at end of file