diff --git a/rules/cloud/aws/aws_efs_fileshare_mount_modified_or_deleted.yml b/rules/cloud/aws/aws_efs_fileshare_mount_modified_or_deleted.yml
index b7bcf6e10..d6d22c653 100644
--- a/rules/cloud/aws/aws_efs_fileshare_mount_modified_or_deleted.yml
+++ b/rules/cloud/aws/aws_efs_fileshare_mount_modified_or_deleted.yml
@@ -18,3 +18,4 @@ falsepositives:
 level: medium
 tags:
     - attack.impact
+    - attack.t1485
diff --git a/rules/cloud/aws/aws_eks_cluster_created_or_deleted.yml b/rules/cloud/aws/aws_eks_cluster_created_or_deleted.yml
index 342d57448..1ffc14959 100644
--- a/rules/cloud/aws/aws_eks_cluster_created_or_deleted.yml
+++ b/rules/cloud/aws/aws_eks_cluster_created_or_deleted.yml
@@ -18,6 +18,7 @@ detection:
 level: low
 tags:
     - attack.impact
+    - attack.t1485
 falsepositives:
  - EKS Cluster being created or deleted may be performed by a system administrator. 
  - Verify whether the user identity, user agent, and/or hostname should be making changes in your environment.