diff --git a/detection/execution/unexpected-setuid-binaries.sql b/detection/execution/unexpected-setuid-binaries.sql
index 453ca2cf..c095c56d 100644
--- a/detection/execution/unexpected-setuid-binaries.sql
+++ b/detection/execution/unexpected-setuid-binaries.sql
@@ -119,7 +119,9 @@ FROM
           '/usr/sbin/umount.nfs',
           '/usr/sbin/umount.nfs4',
           '/usr/sbin/userhelper',
-          '/usr/sbin/wodim'
+          '/usr/sbin/wodim',
+          '/bin/bwrap',
+          '/usr/bin/bwrap'
         )
       )
       AND NOT (
diff --git a/detection/impact/evenly-timestomped.sql b/detection/impact/evenly-timestomped.sql
index 8be112da..05f29b85 100644
--- a/detection/impact/evenly-timestomped.sql
+++ b/detection/impact/evenly-timestomped.sql
@@ -26,7 +26,6 @@ WHERE
     OR file.path LIKE "/etc/%%"
     OR file.path LIKE "/sbin/%%"
     OR file.path LIKE "/lib/%%"
-    OR file.path LIKE "/usr/%%"
   )
   -- This timestamp is in UTC
   AND file.mtime > (strftime('%s', 'now') - (86400 * 720))
@@ -51,5 +50,3 @@ WHERE
   AND file.path NOT LIKE '%/lynis%'
   AND file.path NOT LIKE '%/yelp-xsl%'
   AND file.path NOT LIKE '/etc/cups/%'
-  AND file.path NOT LIKE '/usr/share/libinput/%.quirks'
-  AND file.path NOT LIKE '/usr/lib64/electron/locales/%.pak'