diff --git a/detection_rules/etc/version.lock.json b/detection_rules/etc/version.lock.json
index f28dc276b..6b6bf0147 100644
--- a/detection_rules/etc/version.lock.json
+++ b/detection_rules/etc/version.lock.json
@@ -4702,10 +4702,10 @@
     "version": 4
   },
   "93075852-b0f5-4b8b-89c3-a226efae5726": {
-    "rule_name": "AWS Security Token Service (STS) AssumeRole Usage",
-    "sha256": "eccf879f86a18747a6744cb2d0084cf9aef85286bfb2fb37f3302d9f20d3d86c",
-    "type": "query",
-    "version": 207
+    "rule_name": "AWS STS Temporary Credentials via AssumeRole",
+    "sha256": "13767d3266a5abd034b850989f4267218323e93de23074b028f263b2276bb0fc",
+    "type": "new_terms",
+    "version": 208
   },
   "931e25a5-0f5e-4ae0-ba0d-9e94eff7e3a4": {
     "rule_name": "Sudoers File Modification",
@@ -4871,10 +4871,10 @@
     "version": 1
   },
   "979729e7-0c52-4c4c-b71e-88103304a79f": {
-    "rule_name": "AWS SAML Activity",
-    "sha256": "37af41b152c5085758547bee67d9f0387f5f07fcba690c925338905f100cc43d",
+    "rule_name": "AWS IAM SAML Provider Updated",
+    "sha256": "4ef7bf5e39de2d55f436f611e2de8f1d905d1ea116d8ff8000753ceb8d2663fc",
     "type": "query",
-    "version": 206
+    "version": 207
   },
   "97a8e584-fd3b-421f-9b9d-9c9d9e57e9d7": {
     "rule_name": "Potentially Successful MFA Bombing via Push Notifications",