diff --git a/rules/windows/process_creation/proc_creation_win_wmic_recon_service.yml b/rules/windows/process_creation/proc_creation_win_wmic_recon_service.yml
index dc0a3aee5..5923ab0e3 100644
--- a/rules/windows/process_creation/proc_creation_win_wmic_recon_service.yml
+++ b/rules/windows/process_creation/proc_creation_win_wmic_recon_service.yml
@@ -1,5 +1,8 @@
 title: Service Reconnaissance Via Wmic.EXE
 id: 76f55eaa-d27f-4213-9d45-7b0e4b60bbae
+related:
+    - id: 68bcd73b-37ef-49cb-95fc-edc809730be6
+      type: similar
 status: experimental
 description: |
     An adversary might use WMI to check if a certain Remote Service is running on a remote device.
diff --git a/rules/windows/process_creation/proc_creation_win_wmic_recon_unquoted_service_search.yml b/rules/windows/process_creation/proc_creation_win_wmic_recon_unquoted_service_search.yml
index 96ef6cab4..45d72267b 100644
--- a/rules/windows/process_creation/proc_creation_win_wmic_recon_unquoted_service_search.yml
+++ b/rules/windows/process_creation/proc_creation_win_wmic_recon_unquoted_service_search.yml
@@ -3,6 +3,8 @@ id: 68bcd73b-37ef-49cb-95fc-edc809730be6
 related:
     - id: 09658312-bc27-4a3b-91c5-e49ab9046d1b # PowerShell Variant
       type: similar
+    - id: 76f55eaa-d27f-4213-9d45-7b0e4b60bbae
+      type: similar
 status: experimental
 description: Detects known wmi recon method to look for unquoted service paths using wmic. Often used by pentesters and attackers enumeration scripts
 references: