diff --git a/rules/linux/auditd/lnx_auditd_hidden_files_directories.yml b/rules/linux/auditd/lnx_auditd_hidden_files_directories.yml
index c36567a58..ec1dac527 100644
--- a/rules/linux/auditd/lnx_auditd_hidden_files_directories.yml
+++ b/rules/linux/auditd/lnx_auditd_hidden_files_directories.yml
@@ -24,7 +24,7 @@ detection:
        - a2|re: '\.(.*)' # in case there are some other arguments being used in a1
    condition: commands and arguments
 tags:
-   - attack.defenseevasion
+   - attack.defense_evasion
    - attack.t1564.001
 falsepositives:
    - None