diff --git a/detections/network/detect_outbound_ldap_traffic.yml b/detections/network/detect_outbound_ldap_traffic.yml
index 378c412d6c..0c6d6e13bc 100644
--- a/detections/network/detect_outbound_ldap_traffic.yml
+++ b/detections/network/detect_outbound_ldap_traffic.yml
@@ -30,16 +30,6 @@ known_false_positives: Unknown at this moment. Outbound LDAP traffic should not
   verify if the activity is legitimate.
 references:
 - https://www.govcert.ch/blog/zero-day-exploit-targeting-popular-java-library-log4j/
-rba:
-  message: An outbound LDAP connection from $src_ip$ in your infrastructure connecting
-    to dest ip $dest_ip$
-  risk_objects:
-  - field: src_ip
-    type: system
-    score: 56
-  threat_objects:
-  - field: dest_ip
-    type: ip_address
 tags:
   analytic_story:
   - Log4Shell CVE-2021-44228
diff --git a/detections/network/ssl_certificates_with_punycode.yml b/detections/network/ssl_certificates_with_punycode.yml
index 8e88d5145d..ac89e4a539 100644
--- a/detections/network/ssl_certificates_with_punycode.yml
+++ b/detections/network/ssl_certificates_with_punycode.yml
@@ -31,14 +31,6 @@ references:
 - https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/
 - https://community.emergingthreats.net/t/out-of-band-ruleset-update-summary-2022-11-01/117
 - https://github.com/corelight/CVE-2022-3602/tree/master/scripts
-rba:
-  message: A x509 certificate has been identified to have punycode in the SSL issuer
-    email domain on $dest$.
-  risk_objects:
-  - field: dest
-    type: system
-    score: 15
-  threat_objects: []
 tags:
   analytic_story:
   - OpenSSL CVE-2022-3602
diff --git a/detections/network/zeek_x509_certificate_with_punycode.yml b/detections/network/zeek_x509_certificate_with_punycode.yml
index 2f9b53863a..fd9fb56df7 100644
--- a/detections/network/zeek_x509_certificate_with_punycode.yml
+++ b/detections/network/zeek_x509_certificate_with_punycode.yml
@@ -31,14 +31,6 @@ references:
 - https://www.splunk.com/en_us/blog/security/nothing-puny-about-cve-2022-3602.html
 - https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/
 - https://docs.zeek.org/en/master/scripts/base/init-bare.zeek.html#type-X509::SubjectAlternativeName
-rba:
-  message: A x509 certificate has been identified to have punycode in the subject
-    alternative name on $dest$.
-  risk_objects:
-  - field: dest
-    type: system
-    score: 15
-  threat_objects: []
 tags:
   analytic_story:
   - OpenSSL CVE-2022-3602