diff --git a/rules/windows/builtin/security/win_security_register_new_logon_process_by_rubeus.yml b/rules/windows/builtin/security/win_security_register_new_logon_process_by_rubeus.yml
index 12b6abebf09..3ec1b616e18 100644
--- a/rules/windows/builtin/security/win_security_register_new_logon_process_by_rubeus.yml
+++ b/rules/windows/builtin/security/win_security_register_new_logon_process_by_rubeus.yml
@@ -10,6 +10,7 @@ modified: 2022-10-09
 tags:
     - attack.lateral-movement
     - attack.privilege-escalation
+    - attack.credential-access
     - attack.t1558.003
 logsource:
     product: windows