diff --git a/rules/windows/builtin/win_hack_smbexec.yml b/rules/windows/builtin/win_hack_smbexec.yml
index d4d0368a7..c9959e71a 100644
--- a/rules/windows/builtin/win_hack_smbexec.yml
+++ b/rules/windows/builtin/win_hack_smbexec.yml
@@ -11,6 +11,7 @@ tags:
     - attack.t1035
 logsource:
     product: windows
+    service: system
 detection:
     service_installation:
         EventID: 7045