diff --git a/rules/ml/ml_high_count_network_denies.toml b/rules/ml/ml_high_count_network_denies.toml
index 6751a6c52..ea7f00a4f 100644
--- a/rules/ml/ml_high_count_network_denies.toml
+++ b/rules/ml/ml_high_count_network_denies.toml
@@ -22,7 +22,7 @@ false_positives = [
 ]
 from = "now-30m"
 interval = "15m"
-license = "Elastic License"
+license = "Elastic License v2"
 machine_learning_job_id = "high_count_network_denies"
 name = "Spike in Firewall Denies"
 references = ["https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"]
diff --git a/rules/ml/ml_high_count_network_events.toml b/rules/ml/ml_high_count_network_events.toml
index 246baf2c3..e293f2c61 100644
--- a/rules/ml/ml_high_count_network_events.toml
+++ b/rules/ml/ml_high_count_network_events.toml
@@ -22,7 +22,7 @@ false_positives = [
 ]
 from = "now-30m"
 interval = "15m"
-license = "Elastic License"
+license = "Elastic License v2"
 machine_learning_job_id = "high_count_network_events"
 name = "Spike in Network Traffic"
 references = ["https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"]
diff --git a/rules/ml/ml_rare_destination_country.toml b/rules/ml/ml_rare_destination_country.toml
index c43a46367..59c7a9ebb 100644
--- a/rules/ml/ml_rare_destination_country.toml
+++ b/rules/ml/ml_rare_destination_country.toml
@@ -27,7 +27,7 @@ false_positives = [
 ]
 from = "now-30m"
 interval = "15m"
-license = "Elastic License"
+license = "Elastic License v2"
 machine_learning_job_id = "rare_destination_country"
 name = "Network Traffic to Rare Destination Country"
 references = ["https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"]
diff --git a/rules/ml/ml_spike_in_traffic_to_a_country.toml b/rules/ml/ml_spike_in_traffic_to_a_country.toml
index b191bde97..02b2266bb 100644
--- a/rules/ml/ml_spike_in_traffic_to_a_country.toml
+++ b/rules/ml/ml_spike_in_traffic_to_a_country.toml
@@ -25,7 +25,7 @@ false_positives = [
 ]
 from = "now-30m"
 interval = "15m"
-license = "Elastic License"
+license = "Elastic License v2"
 machine_learning_job_id = "high_count_by_destination_country"
 name = "Spike in Network Traffic To a Country"
 references = ["https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"]
diff --git a/tests/test_all_rules.py b/tests/test_all_rules.py
index da6c3f330..f055327a7 100644
--- a/tests/test_all_rules.py
+++ b/tests/test_all_rules.py
@@ -470,3 +470,15 @@ class TestTuleTiming(BaseRuleTest):
             rules_str = '\n '.join(self.rule_str(r, trailer=None) for r in missing)
             err_msg = f'The following rules should have a longer `from` defined, due to indexes used\n {rules_str}'
             self.fail(err_msg)
+
+
+class TestLicense(BaseRuleTest):
+    """Test rule license."""
+
+    def test_elastic_license_only_v2(self):
+        """Test to ensure that production rules with the elastic license are only v2."""
+        for rule in self.production_rules:
+            rule_license = rule.contents.data.license
+            if 'elastic license' in rule_license.lower():
+                err_msg = f'{self.rule_str(rule)} If Elastic License is used, only v2 should be used'
+                self.assertEqual(rule_license, 'Elastic License v2', err_msg)