diff --git a/rules/windows/network_connection/net_connection_win_domain_devtunnels.yml b/rules/windows/network_connection/net_connection_win_domain_devtunnels.yml
index 058eae6cf..8bd64282d 100644
--- a/rules/windows/network_connection/net_connection_win_domain_devtunnels.yml
+++ b/rules/windows/network_connection/net_connection_win_domain_devtunnels.yml
@@ -18,7 +18,9 @@ author: Kamran Saifullah
 date: 2023-11-20
 tags:
     - attack.exfiltration
+    - attack.command-and-control
     - attack.t1567.001
+    - attack.t1572
 logsource:
     category: network_connection
     product: windows