diff --git a/detection-rules/attachment_encrypted_ole_unsolicited.yml b/detection-rules/attachment_encrypted_ole_unsolicited.yml
index 556d713d4e4..5ff81403b9c 100644
--- a/detection-rules/attachment_encrypted_ole_unsolicited.yml
+++ b/detection-rules/attachment_encrypted_ole_unsolicited.yml
@@ -19,6 +19,8 @@ source: |
       and not profile.by_sender().any_false_positives
     )
   )
+tags:
+  - "Attack surface reduction"
 attack_types:
   - "Malware/Ransomware"
 tactics_and_techniques: