diff --git a/rules/windows/sysmon/sysmon_uac_bypass_eventvwr.yml b/rules/windows/sysmon/sysmon_uac_bypass_eventvwr.yml
index f3a28a27c..5d861b40a 100644
--- a/rules/windows/sysmon/sysmon_uac_bypass_eventvwr.yml
+++ b/rules/windows/sysmon/sysmon_uac_bypass_eventvwr.yml
@@ -21,6 +21,10 @@ detection:
 fields:
     - CommandLine
     - ParentCommandLine
+tags:
+    - attack.defense_evasion
+    - attack.privilege_escalation
+    - attack.t1088
 falsepositives:
     - unknown
 level: critical