diff --git a/rules/windows/process_creation/proc_creation_win_susp_powershell_download_cradles.yml b/rules/windows/process_creation/proc_creation_win_susp_powershell_download_cradles.yml
index eb0489af1..3082a3280 100644
--- a/rules/windows/process_creation/proc_creation_win_susp_powershell_download_cradles.yml
+++ b/rules/windows/process_creation/proc_creation_win_susp_powershell_download_cradles.yml
@@ -7,8 +7,8 @@ date: 2022/03/24
 references:
    - https://github.com/VirtualAlllocEx/Payload-Download-Cradles/blob/main/Download-Cradles.cmd
 logsource:
-product: windows
-category: process_creation
+   product: windows
+   category: process_creation
 detection:
    selection:
       # Marker
diff --git a/rules/windows/process_creation/proc_creation_win_susp_powershell_download_iex.yml b/rules/windows/process_creation/proc_creation_win_susp_powershell_download_iex.yml
index 6ee143d78..01a5d70cd 100644
--- a/rules/windows/process_creation/proc_creation_win_susp_powershell_download_iex.yml
+++ b/rules/windows/process_creation/proc_creation_win_susp_powershell_download_iex.yml
@@ -7,8 +7,8 @@ date: 2022/03/24
 references:
    - https://github.com/VirtualAlllocEx/Payload-Download-Cradles/blob/main/Download-Cradles.cmd
 logsource:
-product: windows
-category: process_creation
+   product: windows
+   category: process_creation
 detection:
    selection:
       CommandLine|contains: