diff --git a/rules/ml/ml_cloudtrail_rare_error_code.toml b/rules/ml/ml_cloudtrail_rare_error_code.toml
index 519eb51eb..7ebf968f9 100644
--- a/rules/ml/ml_cloudtrail_rare_error_code.toml
+++ b/rules/ml/ml_cloudtrail_rare_error_code.toml
@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2020/07/13"
 maturity = "production"
-updated_date = "2021/03/03"
+updated_date = "2021/04/12"
 
 [rule]
 anomaly_threshold = 50
@@ -17,7 +17,7 @@ false_positives = [
     automation scripts or workflows, or changes to IAM privileges.
     """,
 ]
-from = "now-60m"
+from = "now-2h"
 interval = "15m"
 license = "Elastic License v2"
 machine_learning_job_id = "rare_error_code"
diff --git a/rules/ml/ml_cloudtrail_rare_method_by_city.toml b/rules/ml/ml_cloudtrail_rare_method_by_city.toml
index 5f0dafe15..48da5e8e8 100644
--- a/rules/ml/ml_cloudtrail_rare_method_by_city.toml
+++ b/rules/ml/ml_cloudtrail_rare_method_by_city.toml
@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2020/07/13"
 maturity = "production"
-updated_date = "2021/03/03"
+updated_date = "2021/04/12"
 
 [rule]
 anomaly_threshold = 50
@@ -18,7 +18,7 @@ false_positives = [
     adoption of work from home policies; or users who travel frequently.
     """,
 ]
-from = "now-60m"
+from = "now-2h"
 interval = "15m"
 license = "Elastic License v2"
 machine_learning_job_id = "rare_method_for_a_city"
diff --git a/rules/ml/ml_cloudtrail_rare_method_by_country.toml b/rules/ml/ml_cloudtrail_rare_method_by_country.toml
index febcfd51b..7e34c2d3d 100644
--- a/rules/ml/ml_cloudtrail_rare_method_by_country.toml
+++ b/rules/ml/ml_cloudtrail_rare_method_by_country.toml
@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2020/07/13"
 maturity = "production"
-updated_date = "2021/03/03"
+updated_date = "2021/04/12"
 
 [rule]
 anomaly_threshold = 50
@@ -18,7 +18,7 @@ false_positives = [
     adoption of work from home policies; or users who travel frequently.
     """,
 ]
-from = "now-60m"
+from = "now-2h"
 interval = "15m"
 license = "Elastic License v2"
 machine_learning_job_id = "rare_method_for_a_country"
diff --git a/rules/ml/ml_cloudtrail_rare_method_by_user.toml b/rules/ml/ml_cloudtrail_rare_method_by_user.toml
index d46edbdc1..ce0750614 100644
--- a/rules/ml/ml_cloudtrail_rare_method_by_user.toml
+++ b/rules/ml/ml_cloudtrail_rare_method_by_user.toml
@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2020/07/13"
 maturity = "production"
-updated_date = "2021/03/03"
+updated_date = "2021/04/12"
 
 [rule]
 anomaly_threshold = 75
@@ -17,7 +17,7 @@ false_positives = [
     automation scripts or workflows; adoption of new services; or changes in the way services are used.
     """,
 ]
-from = "now-60m"
+from = "now-2h"
 interval = "15m"
 license = "Elastic License v2"
 machine_learning_job_id = "rare_method_for_a_username"