diff --git a/detection/persistence/suspicious-systemd-unit.sql b/detection/persistence/suspicious-systemd-unit.sql
index f968128..9742803 100644
--- a/detection/persistence/suspicious-systemd-unit.sql
+++ b/detection/persistence/suspicious-systemd-unit.sql
@@ -8,7 +8,7 @@
 -- false positives:
 --   * home-made systemd files
 --
--- tags: persistent filesystem systemd
+-- tags: persistent filesystem systemd extra
 -- platform: linux
 SELECT
   file.path,
diff --git a/detection/persistence/suspicious-udev-runner-linux.sql b/detection/persistence/suspicious-udev-runner-linux.sql
index 3504032..8b6c62f 100644
--- a/detection/persistence/suspicious-udev-runner-linux.sql
+++ b/detection/persistence/suspicious-udev-runner-linux.sql
@@ -4,7 +4,7 @@
 --  * https://www.aon.com/en/insights/cyber-labs/unveiling-sedexp
 --  * https://ch4ik0.github.io/en/posts/leveraging-Linux-udev-for-persistence/
 --
--- tags: volume filesystem extra
+-- tags: volume filesystem
 -- platform: linux
 SELECT
   file.path,