diff --git a/queries/linux/nix_network_sniffing.yml b/queries/linux/nix_network_sniffing.yml
deleted file mode 100644
index fce33d2..0000000
--- a/queries/linux/nix_network_sniffing.yml
+++ /dev/null
@@ -1,15 +0,0 @@
-title: Linux Network Sniffing
-description: Detect scripted packet capture using tcpdump or tshark, not limited by packet count or interface.
-author: keyboardcrunch
-date: 17/03/2021
-modified: null
-mitre: 
-   tactic: Credential Access
-   technique: T1040
-   subtechnique: null
-operating_system: linux
-query: TgtProcName In AnyCase ("tcpdump","tshark")
-false_positives: null
-tags: null
-references:
-   - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1040/T1040.md
\ No newline at end of file
diff --git a/queries/windows/network_sniffing.yml b/queries/windows/network_sniffing.yml
deleted file mode 100644
index ad8fe23..0000000
--- a/queries/windows/network_sniffing.yml
+++ /dev/null
@@ -1,15 +0,0 @@
-title: Windows Network Sniffing
-description: Detect scripted packet capture using tshark or netsh, not limited by packet count or interface.
-author: keyboardcrunch
-date: 17/03/2021
-modified: null
-mitre: 
-   tactic: Credential Access
-   technique: T1040
-   subtechnique: null
-operating_system: windows
-query: TgtProcName = "netsh.exe" and TgtProcCmdLine ContainsCIS "trace start" ) OR ProcessName = "tshark.exe"
-false_positives: null
-tags: null
-references:
-   - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1040/T1040.md
\ No newline at end of file