diff --git a/rules-deprecated/windows/powershell_suspicious_invocation_specific.yml b/rules-deprecated/windows/powershell_suspicious_invocation_specific.yml
index a4e817aaf..dcdaf67e1 100644
--- a/rules-deprecated/windows/powershell_suspicious_invocation_specific.yml
+++ b/rules-deprecated/windows/powershell_suspicious_invocation_specific.yml
@@ -11,7 +11,7 @@ modified: 2022/04/11
 logsource:
     product: windows
     service: powershell
-    definition: Script block logging must be enabled for 4104, Module Logging must be enabled for 4103
+    definition: Script block logging must be enabled
 detection:
     convert_b64:
         - '-nop'
diff --git a/rules/windows/powershell/powershell_script/posh_ps_susp_keywords.yml b/rules/windows/powershell/powershell_script/posh_ps_susp_keywords.yml
index 84f0a2ad9..05a66e50b 100644
--- a/rules/windows/powershell/powershell_script/posh_ps_susp_keywords.yml
+++ b/rules/windows/powershell/powershell_script/posh_ps_susp_keywords.yml
@@ -16,7 +16,7 @@ tags:
 logsource:
     product: windows
     category: ps_script
-    definition: 'Requirements: Script Block Logging must be enabled' for 4104
+    definition: 'Requirements: Script Block Logging must be enabled'
 detection:
     selection:
         ScriptBlockText|contains: