diff --git a/rules/windows/registry_event/sysmon_susp_service_installed.yml b/rules/windows/registry_event/sysmon_susp_service_installed.yml
index 920c884ae..0b69557ec 100755
--- a/rules/windows/registry_event/sysmon_susp_service_installed.yml
+++ b/rules/windows/registry_event/sysmon_susp_service_installed.yml
@@ -14,7 +14,6 @@ logsource:
     product: windows
 detection:
     selection_1:
-        
         TargetObject:
             - 'HKLM\System\CurrentControlSet\Services\NalDrv\ImagePath'
             - 'HKLM\System\CurrentControlSet\Services\PROCEXP152\ImagePath'
diff --git a/rules/windows/registry_event/sysmon_suspicious_keyboard_layout_load.yml b/rules/windows/registry_event/sysmon_suspicious_keyboard_layout_load.yml
index ee1ac4d78..aa2a1b1db 100755
--- a/rules/windows/registry_event/sysmon_suspicious_keyboard_layout_load.yml
+++ b/rules/windows/registry_event/sysmon_suspicious_keyboard_layout_load.yml
@@ -14,7 +14,6 @@ logsource:
     definition: 'Requirements: Sysmon config that monitors \Keyboard Layout\Preload subkey of the HKLU hives - see https://github.com/SwiftOnSecurity/sysmon-config/pull/92/files'
 detection:
     selection_registry:
-        
         TargetObject: 
             - '*\Keyboard Layout\Preload\*'
             - '*\Keyboard Layout\Substitutes\*'