diff --git a/rules/windows/process_creation/win_susp_volsnap_disable.yml b/rules/windows/process_creation/win_susp_volsnap_disable.yml
index f82e01ade..416b8f301 100644
--- a/rules/windows/process_creation/win_susp_volsnap_disable.yml
+++ b/rules/windows/process_creation/win_susp_volsnap_disable.yml
@@ -8,8 +8,7 @@ status: experimental
 author: Florian Roth
 tags:
     - attack.defense_evasion
-    - attack.t1562.004
-    - attack.s0108
+    - attack.t1562.001
 logsource:
     category: process_creation
     product: windows