diff --git a/rules/windows/pipe_created/pipe_created_koh_default_pipe.yml b/rules/windows/pipe_created/pipe_created_koh_default_pipe.yml
index 3c3215b83..48c795a94 100644
--- a/rules/windows/pipe_created/pipe_created_koh_default_pipe.yml
+++ b/rules/windows/pipe_created/pipe_created_koh_default_pipe.yml
@@ -17,7 +17,9 @@ detection:
     condition: selection
 falsepositives:
     - Unlikely
-level: high
+level: critical
 tags:
-    - attack.defense_evasion
     - attack.privilege_escalation
+    - attack.credential_access
+    - attack.t1528
+    - attack.t1134.001
diff --git a/rules/windows/powershell/powershell_script/posh_ps_import_module_susp_dirs.yml b/rules/windows/powershell/powershell_script/posh_ps_import_module_susp_dirs.yml
index 79d431191..f73b2a6f8 100644
--- a/rules/windows/powershell/powershell_script/posh_ps_import_module_susp_dirs.yml
+++ b/rules/windows/powershell/powershell_script/posh_ps_import_module_susp_dirs.yml
@@ -33,5 +33,5 @@ falsepositives:
     - Unknown
 level: medium
 tags:
-    - attack.lateral_movement
-    - attack.t1021.006
+    - attack.execution
+    - attack.t1059.001