From 2bfd4ea654d0cfe77d5c2ec4e7cb8692e3cd08bb Mon Sep 17 00:00:00 2001
From: webhead404 <kvvincentvalentine@gmail.com>
Date: Wed, 20 Nov 2019 16:18:03 -0600
Subject: [PATCH] Added MITRE tags

---
 rules/windows/builtin/win_external_device.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/rules/windows/builtin/win_external_device.yml b/rules/windows/builtin/win_external_device.yml
index d9a355f86..653934ad0 100644
--- a/rules/windows/builtin/win_external_device.yml
+++ b/rules/windows/builtin/win_external_device.yml
@@ -3,6 +3,12 @@ id: f69a87ea-955e-4fb4-adb2-bb9fd6685632
 description: Detects diskdrives or plugged in USB devices
 status: experimental
 author: Keith Wright
+date: 2019/11/20
+tags:
+    - attack.t1091
+    - attack.t1200
+    - attack.lateral_movement
+    - attack.initial_access
 logsource:
     product: windows
     service: security