diff --git a/detection/privesc/setxid-cmdline-overflow-attempt.sql b/detection/privesc/setxid-cmdline-overflow-attempt.sql
index c60f2d7..3e02516 100644
--- a/detection/privesc/setxid-cmdline-overflow-attempt.sql
+++ b/detection/privesc/setxid-cmdline-overflow-attempt.sql
@@ -2,7 +2,7 @@
 --
 -- platform: posix
 -- interval: 300
--- tags: events
+-- tags: events extra
 SELECT
   file.mode AS p0_binary_mode,
   pe.cmdline_size AS p0_cmd_size,