diff --git a/hayabusa/builtin/Security/LogonLogoff/Logon/Sec_4625_Med_LogonFail_UserGuessing_Correlation.yml b/hayabusa/builtin/Security/LogonLogoff/Logon/Sec_4625_Med_LogonFail_UserGuessing_Correlation.yml
index ee47426a5..591cd13db 100644
--- a/hayabusa/builtin/Security/LogonLogoff/Logon/Sec_4625_Med_LogonFail_UserGuessing_Correlation.yml
+++ b/hayabusa/builtin/Security/LogonLogoff/Logon/Sec_4625_Med_LogonFail_UserGuessing_Correlation.yml
@@ -60,7 +60,7 @@ detection:
         IpAddress: "-"
     condition: selection and not filter
 falsepositives:
-level: informational
+level: medium
 ruletype: Hayabusa
 
 sample-evtx: |
diff --git a/hayabusa/builtin/Security/LogonLogoff/Logon/Sec_4625_Med_LogonFail_WrongPW_PW-Guessing_Correlation.yml b/hayabusa/builtin/Security/LogonLogoff/Logon/Sec_4625_Med_LogonFail_WrongPW_PW-Guessing_Correlation.yml
index f42d78267..1e0bd05c1 100644
--- a/hayabusa/builtin/Security/LogonLogoff/Logon/Sec_4625_Med_LogonFail_WrongPW_PW-Guessing_Correlation.yml
+++ b/hayabusa/builtin/Security/LogonLogoff/Logon/Sec_4625_Med_LogonFail_WrongPW_PW-Guessing_Correlation.yml
@@ -59,7 +59,7 @@ detection:
        - TargetUserName|endswith: "$"
     condition: selection and not filter
 falsepositives:
-level: informational
+level: medium
 ruletype: Hayabusa
 
 sample-evtx: |
diff --git a/hayabusa/builtin/Security/LogonLogoff/Logon/Sec_4648_Med_ExplicitLogon_PW-Spray_Correlation.yml b/hayabusa/builtin/Security/LogonLogoff/Logon/Sec_4648_Med_ExplicitLogon_PW-Spray_Correlation.yml
index bf64f3915..4c8e9ee91 100644
--- a/hayabusa/builtin/Security/LogonLogoff/Logon/Sec_4648_Med_ExplicitLogon_PW-Spray_Correlation.yml
+++ b/hayabusa/builtin/Security/LogonLogoff/Logon/Sec_4648_Med_ExplicitLogon_PW-Spray_Correlation.yml
@@ -53,5 +53,5 @@ detection:
        - IpAddress: "-"
     condition: selection and not filter
 falsepositives:
-level: informational
+level: medium
 ruletype: Hayabusa