diff --git a/default/eventtypes.conf b/default/eventtypes.conf
index bd1004c..0584239 100644
--- a/default/eventtypes.conf
+++ b/default/eventtypes.conf
@@ -1,11 +1,8 @@
 [ms-windefender-operation]
 search = source="*WinEventLog:*Defender*" NOT category IN ("detection")
-tags = malware operations
 
 [ms-windefender-attack]
 search = source="*WinEventLog:*Defender*" category IN ("detection")
-tags = malware attack
 
 [ms-windefender-alert]
 search = source="*WinEventLog:*Defender*" category IN ("detection") AND action IN ("deferred", "allowed")
-tags = alert