diff --git a/rules/windows/builtin/win_external_device.yml b/rules/windows/builtin/win_external_device.yml
index d9a355f86..653934ad0 100644
--- a/rules/windows/builtin/win_external_device.yml
+++ b/rules/windows/builtin/win_external_device.yml
@@ -3,6 +3,12 @@ id: f69a87ea-955e-4fb4-adb2-bb9fd6685632
 description: Detects diskdrives or plugged in USB devices
 status: experimental
 author: Keith Wright
+date: 2019/11/20
+tags:
+    - attack.t1091
+    - attack.t1200
+    - attack.lateral_movement
+    - attack.initial_access
 logsource:
     product: windows
     service: security