diff --git a/rules/promotions/elastic_endpoint.toml b/rules/promotions/elastic_endpoint.toml
index d1500ea75..77c27483a 100644
--- a/rules/promotions/elastic_endpoint.toml
+++ b/rules/promotions/elastic_endpoint.toml
@@ -32,6 +32,7 @@ event.kind:alert and event.module:(endpoint and not endgame)
 
 [[rule.exceptions_list]]
 id = "endpoint_list"
+list_id = "endpoint_list"
 namespace_type = "agnostic"
 type = "endpoint"
 
diff --git a/rules/promotions/external_alerts.toml b/rules/promotions/external_alerts.toml
index e2fa2ed37..ed0b613ab 100644
--- a/rules/promotions/external_alerts.toml
+++ b/rules/promotions/external_alerts.toml
@@ -7,10 +7,10 @@ updated_date = "2020/07/08"
 [rule]
 author = ["Elastic"]
 description = """
-Generates a detection alert for each external alert written to the configured indices. Enabling
-this rule allows you to immediately begin investigating external alerts in the app.
+Generates a detection alert for each external alert written to the configured indices. Enabling this rule allows you to
+immediately begin investigating external alerts in the app.
 """
-index = ["apm-*-transaction*", "auditbeat-*", "endgame-*", "filebeat-*", "logs-*", "packetbeat-*", "winlogbeat-*"]
+index = ["apm-*-transaction*", "auditbeat-*", "filebeat-*", "logs-*", "packetbeat-*", "winlogbeat-*"]
 language = "kuery"
 license = "Elastic License"
 max_signals = 10000
@@ -57,3 +57,4 @@ operator = "equals"
 value = "99"
 severity = "critical"
 
+