From f354697969db47a282d6eaedbbcfb8775045b30d Mon Sep 17 00:00:00 2001
From: Liran Ravich <61919718+Liran017@users.noreply.github.com>
Date: Wed, 30 Jul 2025 14:08:43 +0300
Subject: [PATCH] Merge PR #5563 from @Liran017 - update MITRE tag

update: Network Connection Initiated To Cloudflared Tunnels Domains - MITRE tags
---
 .../net_connection_win_domain_cloudflared_communication.yml    | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/rules/windows/network_connection/net_connection_win_domain_cloudflared_communication.yml b/rules/windows/network_connection/net_connection_win_domain_cloudflared_communication.yml
index 36df578c3..30b9c301c 100644
--- a/rules/windows/network_connection/net_connection_win_domain_cloudflared_communication.yml
+++ b/rules/windows/network_connection/net_connection_win_domain_cloudflared_communication.yml
@@ -16,7 +16,8 @@ date: 2024-05-27
 tags:
     - attack.exfiltration
     - attack.command-and-control
-    - attack.t1567.001
+    - attack.t1567
+    - attack.t1572
 logsource:
     category: network_connection
     product: windows