diff --git a/rules/application/opencanary/opencanary_portscan_nmap_fin_scan.yaml b/rules/application/opencanary/opencanary_portscan_nmap_fin_scan.yml
similarity index 100%
rename from rules/application/opencanary/opencanary_portscan_nmap_fin_scan.yaml
rename to rules/application/opencanary/opencanary_portscan_nmap_fin_scan.yml
diff --git a/rules/application/opencanary/opencanary_portscan_nmap_null_scan.yaml b/rules/application/opencanary/opencanary_portscan_nmap_null_scan.yml
similarity index 100%
rename from rules/application/opencanary/opencanary_portscan_nmap_null_scan.yaml
rename to rules/application/opencanary/opencanary_portscan_nmap_null_scan.yml
diff --git a/rules/application/opencanary/opencanary_portscan_nmap_os_scan.yaml b/rules/application/opencanary/opencanary_portscan_nmap_os_scan.yml
similarity index 100%
rename from rules/application/opencanary/opencanary_portscan_nmap_os_scan.yaml
rename to rules/application/opencanary/opencanary_portscan_nmap_os_scan.yml
diff --git a/rules/application/opencanary/opencanary_portscan_nmap_xmas_scan.yaml b/rules/application/opencanary/opencanary_portscan_nmap_xmas_scan.yml
similarity index 100%
rename from rules/application/opencanary/opencanary_portscan_nmap_xmas_scan.yaml
rename to rules/application/opencanary/opencanary_portscan_nmap_xmas_scan.yml
diff --git a/rules/application/opencanary/opencanary_portscan_syn_scan.yaml b/rules/application/opencanary/opencanary_portscan_syn_scan.yml
similarity index 100%
rename from rules/application/opencanary/opencanary_portscan_syn_scan.yaml
rename to rules/application/opencanary/opencanary_portscan_syn_scan.yml
diff --git a/rules/application/opencanary/opencanary_rdp_connection_attempt.yaml b/rules/application/opencanary/opencanary_rdp_connection_attempt.yml
similarity index 96%
rename from rules/application/opencanary/opencanary_rdp_connection_attempt.yaml
rename to rules/application/opencanary/opencanary_rdp_connection_attempt.yml
index e0e65f33f..04705cfab 100644
--- a/rules/application/opencanary/opencanary_rdp_connection_attempt.yaml
+++ b/rules/application/opencanary/opencanary_rdp_connection_attempt.yml
@@ -10,6 +10,7 @@ date: 2026-01-06
 tags:
     - attack.initial-access
     - attack.lateral-movement
+    - attack.persistence
     - attack.t1133
     - attack.t1021.001
 logsource: