diff --git a/rules/macos/execution_installer_spawned_network_event.toml b/rules/macos/execution_installer_spawned_network_event.toml
index b326c5fae..09963aaea 100644
--- a/rules/macos/execution_installer_spawned_network_event.toml
+++ b/rules/macos/execution_installer_spawned_network_event.toml
@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2021/02/23"
 maturity = "production"
-updated_date = "2022/03/31"
+updated_date = "2022/07/21"
 
 [rule]
 author = ["Elastic"]
@@ -27,7 +27,7 @@ references = [
 risk_score = 47
 rule_id = "99239e7d-b0d4-46e3-8609-acafcf99f68c"
 severity = "medium"
-tags = ["Elastic", "Host", "macOS", "Threat Detection", "Execution"]
+tags = ["Elastic", "Host", "macOS", "Threat Detection", "Execution", "Command and Control"]
 type = "eql"
 
 query = '''