diff --git a/rules/windows/process_creation/proc_creation_win_susp_plink_remote_forward.yml b/rules/windows/process_creation/proc_creation_win_susp_plink_port_forward.yml
similarity index 86%
rename from rules/windows/process_creation/proc_creation_win_susp_plink_remote_forward.yml
rename to rules/windows/process_creation/proc_creation_win_susp_plink_port_forward.yml
index a33d595fc..6c95412af 100644
--- a/rules/windows/process_creation/proc_creation_win_susp_plink_remote_forward.yml
+++ b/rules/windows/process_creation/proc_creation_win_susp_plink_port_forward.yml
@@ -1,7 +1,7 @@
-title: Suspicious Plink Remote Forwarding
+title: Suspicious Plink Port Forwarding
 id: 48a61b29-389f-4032-b317-b30de6b95314
 status: test
-description: Detects suspicious Plink tunnel remote forarding to a local port
+description: Detects suspicious Plink tunnel port forwarding to a local port
 references:
     - https://www.real-sec.com/2019/04/bypassing-network-restrictions-through-rdp-tunneling/
     - https://medium.com/@informationsecurity/remote-ssh-tunneling-with-plink-exe-7831072b3d7d