diff --git a/deprecated/windows/file_event_win_access_susp_teams.yml b/deprecated/windows/file_event_win_access_susp_teams.yml
new file mode 100644
index 00000000000..f5885593df6
--- /dev/null
+++ b/deprecated/windows/file_event_win_access_susp_teams.yml
@@ -0,0 +1,27 @@
+title: Suspicious File Event With Teams Objects
+id: 6902955a-01b7-432c-b32a-6f5f81d8f624
+status: deprecated
+description: Detects an access to authentication tokens and accounts of Microsoft Teams desktop application.
+references:
+    - https://www.bleepingcomputer.com/news/security/microsoft-teams-stores-auth-tokens-as-cleartext-in-windows-linux-macs/
+    - https://www.vectra.ai/blogpost/undermining-microsoft-teams-security-by-mining-tokens
+author: '@SerkinValery'
+date: 2022/09/16
+modified: 2024/07/22
+tags:
+    - attack.credential_access
+    - attack.t1528
+logsource:
+    product: windows
+    category: file_event
+detection:
+    selection:
+        TargetFilename|contains:
+            - '\Microsoft\Teams\Cookies'
+            - '\Microsoft\Teams\Local Storage\leveldb'
+    filter:
+        Image|contains: '\Microsoft\Teams\current\Teams.exe'
+    condition: selection and not filter
+falsepositives:
+    - Unknown
+level: high
diff --git a/deprecated/windows/file_event_win_access_susp_unattend_xml.yml b/deprecated/windows/file_event_win_access_susp_unattend_xml.yml
new file mode 100644
index 00000000000..5260277e669
--- /dev/null
+++ b/deprecated/windows/file_event_win_access_susp_unattend_xml.yml
@@ -0,0 +1,24 @@
+title: Suspicious Unattend.xml File Access
+id: 1a3d42dd-3763-46b9-8025-b5f17f340dfb
+status: deprecated
+description: |
+    Attempts to access unattend.xml, where credentials are commonly stored, within the Panther directory where installation logs are stored.
+    If these files exist, their contents will be displayed. They are used to store credentials/answers during the unattended windows install process
+references:
+    - https://github.com/redcanaryco/atomic-red-team/blob/f339e7da7d05f6057fdfcdd3742bfcf365fee2a9/atomics/T1552.001/T1552.001.md
+author: frack113
+date: 2021/12/19
+modified: 2024/07/22
+tags:
+    - attack.credential_access
+    - attack.t1552.001
+logsource:
+    product: windows
+    category: file_event
+detection:
+    selection:
+        TargetFilename|endswith: '\unattend.xml'
+    condition: selection
+falsepositives:
+    - Unknown
+level: medium
diff --git a/rules-threat-hunting/windows/file/file_access/file_access_win_susp_unattend_xml.yml b/rules-threat-hunting/windows/file/file_access/file_access_win_susp_unattend_xml.yml
index 6d6ba9a35df..1233f841c1d 100644
--- a/rules-threat-hunting/windows/file/file_access/file_access_win_susp_unattend_xml.yml
+++ b/rules-threat-hunting/windows/file/file_access/file_access_win_susp_unattend_xml.yml
@@ -1,5 +1,5 @@
 title: Unattend.XML File Access Attempt
-id: 1a3d42dd-3763-46b9-8025-b5f17f340dfb
+id: 76a26006-0942-430b-8249-bd51d448f8e5
 status: experimental
 description: |
     Detects attempts to access the "unattend.xml" file, where credentials might be stored.
@@ -7,8 +7,7 @@ description: |
 references:
     - https://github.com/redcanaryco/atomic-red-team/blob/f339e7da7d05f6057fdfcdd3742bfcf365fee2a9/atomics/T1552.001/T1552.001.md
 author: frack113
-date: 2021/12/19
-modified: 2024/07/22
+date: 2024/07/22
 tags:
     - attack.credential_access
     - attack.t1552.001
diff --git a/rules/windows/file/file_access/file_access_win_teams_sensitive_files.yml b/rules/windows/file/file_access/file_access_win_teams_sensitive_files.yml
index dbff4a0bd1e..ea68a8c5a27 100644
--- a/rules/windows/file/file_access/file_access_win_teams_sensitive_files.yml
+++ b/rules/windows/file/file_access/file_access_win_teams_sensitive_files.yml
@@ -1,5 +1,5 @@
 title: Microsoft Teams Sensitive File Access By Uncommon Application
-id: 6902955a-01b7-432c-b32a-6f5f81d8f624
+id: 65744385-8541-44a6-8630-ffc824d7d4cc
 status: experimental
 description: |
     Detects file access attempts to sensitive Microsoft teams files (leveldb, cookies) by an uncommon process.
@@ -7,8 +7,7 @@ references:
     - https://www.bleepingcomputer.com/news/security/microsoft-teams-stores-auth-tokens-as-cleartext-in-windows-linux-macs/
     - https://www.vectra.ai/blog/undermining-microsoft-teams-security-by-mining-tokens
 author: '@SerkinValery'
-date: 2022/09/16
-modified: 2024/07/22
+date: 2024/07/22
 tags:
     - attack.credential_access
     - attack.t1528