diff --git a/rules/windows/discovery_enumerating_domain_trusts_via_dsquery.toml b/rules/windows/discovery_enumerating_domain_trusts_via_dsquery.toml
index 258fb593b..f8bec73ea 100644
--- a/rules/windows/discovery_enumerating_domain_trusts_via_dsquery.toml
+++ b/rules/windows/discovery_enumerating_domain_trusts_via_dsquery.toml
@@ -4,7 +4,7 @@ integration = ["endpoint", "windows"]
 maturity = "production"
 min_stack_comments = "New fields added: required_fields, related_integrations, setup"
 min_stack_version = "8.3.0"
-updated_date = "2023/01/27"
+updated_date = "2023/02/09"
 
 [rule]
 author = ["Elastic"]
@@ -49,7 +49,10 @@ framework = "MITRE ATT&CK"
 id = "T1482"
 name = "Domain Trust Discovery"
 reference = "https://attack.mitre.org/techniques/T1482/"
-
+[[rule.threat.technique]]
+id = "T1018"
+name = "Remote System Discovery"
+reference = "https://attack.mitre.org/techniques/T1018/"
 
 [rule.threat.tactic]
 id = "TA0007"
diff --git a/rules/windows/discovery_enumerating_domain_trusts_via_nltest.toml b/rules/windows/discovery_enumerating_domain_trusts_via_nltest.toml
index df7589298..9911c0564 100644
--- a/rules/windows/discovery_enumerating_domain_trusts_via_nltest.toml
+++ b/rules/windows/discovery_enumerating_domain_trusts_via_nltest.toml
@@ -4,7 +4,7 @@ integration = ["endpoint", "windows"]
 maturity = "production"
 min_stack_comments = "New fields added: required_fields, related_integrations, setup"
 min_stack_version = "8.3.0"
-updated_date = "2022/12/14"
+updated_date = "2023/02/09"
 
 [rule]
 author = ["Elastic"]
@@ -54,7 +54,10 @@ framework = "MITRE ATT&CK"
 id = "T1482"
 name = "Domain Trust Discovery"
 reference = "https://attack.mitre.org/techniques/T1482/"
-
+[[rule.threat.technique]]
+id = "T1018"
+name = "Remote System Discovery"
+reference = "https://attack.mitre.org/techniques/T1018/"
 
 [rule.threat.tactic]
 id = "TA0007"