diff --git a/rules/linux/process_creation/lnx_bpftrace_unsafe_option_usage.yml b/rules/linux/process_creation/lnx_bpftrace_unsafe_option_usage.yml
index 0c1081b9d..d6723d8e0 100644
--- a/rules/linux/process_creation/lnx_bpftrace_unsafe_option_usage.yml
+++ b/rules/linux/process_creation/lnx_bpftrace_unsafe_option_usage.yml
@@ -3,6 +3,9 @@ id: f8341cb2-ee25-43fa-a975-d8a5a9714b39
 status: experimental
 description: Detects the usage of the unsafe bpftrace option
 author: Andreas Hunkeler (@Karneades)
+tags: 
+  - attack.execution
+  - attack.t1059.004
 references:
   - https://embracethered.com/blog/posts/2021/offensive-bpf-bpftrace/
   - https://bpftrace.org/