diff --git a/rules/windows/persistence_remote_password_reset.toml b/rules/windows/persistence_remote_password_reset.toml
index 05c216a88..7754a0e5a 100644
--- a/rules/windows/persistence_remote_password_reset.toml
+++ b/rules/windows/persistence_remote_password_reset.toml
@@ -2,9 +2,9 @@
 creation_date = "2021/10/18"
 integration = ["system", "windows"]
 maturity = "production"
-min_stack_comments = "New fields added: required_fields, related_integrations, setup"
-min_stack_version = "8.3.0"
-updated_date = "2023/12/14"
+min_stack_comments = "Forking rule to resolve double bump version issue."
+min_stack_version = "8.13.0"
+updated_date = "2024/04/18"
 
 [rule]
 author = ["Elastic"]
@@ -18,7 +18,11 @@ index = ["winlogbeat-*", "logs-system.security*", "logs-windows.forwarded*"]
 language = "eql"
 license = "Elastic License v2"
 name = "Account Password Reset Remotely"
-note = "This rule may cause medium to high performance impact due to logic scoping all remote Windows logon activity."
+note = """
+
+## Performance
+This rule may cause medium to high performance impact due to scoping all remote Windows logon activity within the first sequence. This rule by default will be noisy if not scoped to custom privileged accounts. If noisy, duplicate the rule and replace the `TargetUserName` or `TargetSid` filters with your own naming convention and accounts of interest.
+"""
 references = [
     "https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4724",
     "https://stealthbits.com/blog/manipulating-user-passwords-with-mimikatz/",