diff --git a/rules/windows/other/win_exchange_TransportAgent.yml b/rules/windows/other/win_exchange_TransportAgent.yml
index 13d20e54..c8ac3c18 100644
--- a/rules/windows/other/win_exchange_TransportAgent.yml
+++ b/rules/windows/other/win_exchange_TransportAgent.yml
@@ -1,12 +1,12 @@
-title: Installation of MSExchange Transport Agent
+title: MSExchange Transport Agent Installation
 id: 83809e84-4475-4b69-bc3e-4aad8568612f
 status: experimental
 description: Detects the Installation of a Exchange Transport Agent
 references:
     - https://twitter.com/blueteamsec1/status/1401290874202382336?s=20
 tags:
-    - attack.persistance  
-    - attack.T1505.002    
+    - attack.persistence  
+    - attack.t1505.002    
 author: Tobias Michalski  
 date: 2021/06/08  
 logsource:        
diff --git a/rules/windows/other/win_exchange_TransportAgent_failed.yml b/rules/windows/other/win_exchange_TransportAgent_failed.yml
index 2e7d5d3f..9cad0aea 100644
--- a/rules/windows/other/win_exchange_TransportAgent_failed.yml
+++ b/rules/windows/other/win_exchange_TransportAgent_failed.yml
@@ -1,12 +1,12 @@
-title: Failed Installation of MSExchange Transport Agent
+title: Failed MSExchange Transport Agent Installation
 id: c7d16cae-aaf3-42e5-9c1c-fb8553faa6fa
 status: experimental
 description: Detects a failed installation of a Exchange Transport Agent
 references:
     - https://twitter.com/blueteamsec1/status/1401290874202382336?s=20
 tags:
-    - attack.persistance  
-    - attack.T1505.002    
+    - attack.persistence  
+    - attack.t1505.002    
 author: Tobias Michalski  
 date: 2021/06/08  
 logsource:        
diff --git a/rules/windows/registry_event/win_outlook_registry_TodayPage.yml b/rules/windows/registry_event/win_outlook_registry_TodayPage.yml
index 994759af..f2ce7654 100644
--- a/rules/windows/registry_event/win_outlook_registry_TodayPage.yml
+++ b/rules/windows/registry_event/win_outlook_registry_TodayPage.yml
@@ -7,7 +7,7 @@ references:
 author: Tobias Michalski
 date: 2021/06/10
 tags:
-  - attack.persitence
+  - attack.persistence
   - attack.t1112
 logsource:
   product: windows
diff --git a/rules/windows/registry_event/win_outlook_registry_WebView.yml b/rules/windows/registry_event/win_outlook_registry_WebView.yml
index ec2b9aba..a03b1e7d 100644
--- a/rules/windows/registry_event/win_outlook_registry_WebView.yml
+++ b/rules/windows/registry_event/win_outlook_registry_WebView.yml
@@ -8,7 +8,7 @@ references:
 author: Tobias Michalski
 date: 2021/06/09
 tags:
-  - attack.persitence
+  - attack.persistence
   - attack.t1112
 logsource:
   product: windows
diff --git a/rules/windows/sysmon/sysmon_outlook_newForm.yml b/rules/windows/sysmon/sysmon_outlook_newForm.yml
index 20577be1..b4b26db2 100644
--- a/rules/windows/sysmon/sysmon_outlook_newForm.yml
+++ b/rules/windows/sysmon/sysmon_outlook_newForm.yml
@@ -1,12 +1,12 @@
-title: Installation of Outlook form
+title:  Outlook Form Installation
 id: c3edc6a5-d9d4-48d8-930e-aab518390917
 status: experimental
 description: Detects the creation of new Outlook form which can contain malicious code
 references:
     - https://twitter.com/blueteamsec1/status/1401290874202382336?s=20
 tags:
-    - attack.persistance  
-    - attack.T1137.003  
+    - attack.persistence  
+    - attack.t1137.003  
 author: Tobias Michalski  
 date: 2021/06/10  
 logsource: