diff --git a/file/audit/fortigate/auto-usb-install.yaml b/file/audit/fortigate/auto-usb-install.yaml
index 0f971fe501..b5394056d7 100644
--- a/file/audit/fortigate/auto-usb-install.yaml
+++ b/file/audit/fortigate/auto-usb-install.yaml
@@ -6,7 +6,7 @@ info:
   severity: info
   description: If USB installation is not disabled, an attacker with physical access to a FortiGate could load a new configuration or firmware using the USB port.
   reference: https://docs.fortinet.com/document/fortigate/6.2.0/hardening-your-fortigate/582009/system-administrator-best-practices
-  tags: fortigate,config,audit,firewall
+  tags: audit,config,file,firewall,fortigate
 
 file:
   - extensions: