diff --git a/rules/windows/driver_load/driver_load_vuln_dell_driver.yml b/rules/windows/driver_load/driver_load_vuln_dell_driver.yml
index 8ed85ec97..000b6adfa 100644
--- a/rules/windows/driver_load/driver_load_vuln_dell_driver.yml
+++ b/rules/windows/driver_load/driver_load_vuln_dell_driver.yml
@@ -12,6 +12,7 @@ logsource:
 tags:
     - attack.privilege_escalation
     - cve.2021.21551
+    - attack.t1543 
 detection:
     selection_image:
         ImageLoaded|contains: '\DBUtil_2_3.Sys'
@@ -27,7 +28,3 @@ detection:
 falsepositives:
     - legitimate BIOS driver updates (should be rare)
 level: high
-tags:
-    - attack.persistence
-    - attack.defense_evasion
-    - attack.t1542.001
\ No newline at end of file
diff --git a/rules/windows/file_event/file_event_susp_task_write.yml b/rules/windows/file_event/file_event_susp_task_write.yml
index b3c9bff4c..1204a2901 100644
--- a/rules/windows/file_event/file_event_susp_task_write.yml
+++ b/rules/windows/file_event/file_event_susp_task_write.yml
@@ -8,6 +8,8 @@ author: Florian Roth
 date: 2021/11/16
 tags:
     - attack.persistence
+    - attack.execution
+    - attack.t1053 
 logsource:
     product: windows
     category: file_event
@@ -22,6 +24,3 @@ detection:
 falsepositives:
     - Unknown
 level: high
-tags:
-    - attack.execution
-    - attack.t1053 
\ No newline at end of file
diff --git a/rules/windows/file_event/win_cve_2021_1675_printspooler.yml b/rules/windows/file_event/win_cve_2021_1675_printspooler.yml
index f9acfa4af..47b70d211 100644
--- a/rules/windows/file_event/win_cve_2021_1675_printspooler.yml
+++ b/rules/windows/file_event/win_cve_2021_1675_printspooler.yml
@@ -13,6 +13,8 @@ modified: 2021/07/01
 tags:
     - attack.execution
     - attack.privilege_escalation
+    - attack.resource_development
+    - attack.t1587
     - cve.2021.1675
 logsource:
     category: file_event
@@ -28,6 +30,3 @@ fields:
     - TargetFilename
 falsepositives:
     - Unknown
-tags:
-    - attack.resource_development
-    - attack.t1587
\ No newline at end of file