diff --git a/rules/ml/ml_high_count_network_denies.toml b/rules/ml/ml_high_count_network_denies.toml
index d7f6fdbba..6751a6c52 100644
--- a/rules/ml/ml_high_count_network_denies.toml
+++ b/rules/ml/ml_high_count_network_denies.toml
@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2021/04/05"
 maturity = "production"
-updated_date = "2021/04/05"
+updated_date = "2021/06/15"
 
 [rule]
 anomaly_threshold = 75
@@ -23,7 +23,7 @@ false_positives = [
 from = "now-30m"
 interval = "15m"
 license = "Elastic License"
-machine_learning_job_id = "high-count-network-denies"
+machine_learning_job_id = "high_count_network_denies"
 name = "Spike in Firewall Denies"
 references = ["https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"]
 risk_score = 21
diff --git a/rules/ml/ml_high_count_network_events.toml b/rules/ml/ml_high_count_network_events.toml
index 8f82e3aee..246baf2c3 100644
--- a/rules/ml/ml_high_count_network_events.toml
+++ b/rules/ml/ml_high_count_network_events.toml
@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2021/04/05"
 maturity = "production"
-updated_date = "2021/04/05"
+updated_date = "2021/06/15"
 
 [rule]
 anomaly_threshold = 75
@@ -23,7 +23,7 @@ false_positives = [
 from = "now-30m"
 interval = "15m"
 license = "Elastic License"
-machine_learning_job_id = "high-count-network-events"
+machine_learning_job_id = "high_count_network_events"
 name = "Spike in Network Traffic"
 references = ["https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"]
 risk_score = 21
diff --git a/rules/ml/ml_rare_destination_country.toml b/rules/ml/ml_rare_destination_country.toml
index 84559d6aa..c43a46367 100644
--- a/rules/ml/ml_rare_destination_country.toml
+++ b/rules/ml/ml_rare_destination_country.toml
@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2021/04/05"
 maturity = "production"
-updated_date = "2021/04/05"
+updated_date = "2021/06/15"
 
 [rule]
 anomaly_threshold = 75
@@ -28,7 +28,7 @@ false_positives = [
 from = "now-30m"
 interval = "15m"
 license = "Elastic License"
-machine_learning_job_id = "rare-destination-country"
+machine_learning_job_id = "rare_destination_country"
 name = "Network Traffic to Rare Destination Country"
 references = ["https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"]
 risk_score = 21
diff --git a/rules/ml/ml_spike_in_traffic_to_a_country.toml b/rules/ml/ml_spike_in_traffic_to_a_country.toml
index 42a76680d..b191bde97 100644
--- a/rules/ml/ml_spike_in_traffic_to_a_country.toml
+++ b/rules/ml/ml_spike_in_traffic_to_a_country.toml
@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2021/04/05"
 maturity = "production"
-updated_date = "2021/04/05"
+updated_date = "2021/06/15"
 
 [rule]
 anomaly_threshold = 75
@@ -26,7 +26,7 @@ false_positives = [
 from = "now-30m"
 interval = "15m"
 license = "Elastic License"
-machine_learning_job_id = "high-count-by-destination-country"
+machine_learning_job_id = "high_count_by_destination_country"
 name = "Spike in Network Traffic To a Country"
 references = ["https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"]
 risk_score = 21