From d1cc2814daf91931a8bea8fca837cccf0660b095 Mon Sep 17 00:00:00 2001
From: Liran Ravich <61919718+Liran017@users.noreply.github.com>
Date: Wed, 30 Jul 2025 14:05:31 +0300
Subject: [PATCH] Merge PR #5564 from @Liran017 - update MITRE tag

update: Network Connection Initiated To DevTunnels Domain - MITRE tags
---
 .../network_connection/net_connection_win_domain_devtunnels.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/rules/windows/network_connection/net_connection_win_domain_devtunnels.yml b/rules/windows/network_connection/net_connection_win_domain_devtunnels.yml
index 058eae6cf..8bd64282d 100644
--- a/rules/windows/network_connection/net_connection_win_domain_devtunnels.yml
+++ b/rules/windows/network_connection/net_connection_win_domain_devtunnels.yml
@@ -18,7 +18,9 @@ author: Kamran Saifullah
 date: 2023-11-20
 tags:
     - attack.exfiltration
+    - attack.command-and-control
     - attack.t1567.001
+    - attack.t1572
 logsource:
     category: network_connection
     product: windows