diff --git a/monkey/infection_monkey/exploit/mssqlexec.py b/monkey/infection_monkey/exploit/mssqlexec.py
index 6b4de1fc2..f3bda8d52 100644
--- a/monkey/infection_monkey/exploit/mssqlexec.py
+++ b/monkey/infection_monkey/exploit/mssqlexec.py
@@ -7,6 +7,10 @@ import pymssql
 
 from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT
 from common.credentials import get_plaintext
+from common.tags import (
+    T1110_ATTACK_TECHNIQUE_TAG,
+    T1210_ATTACK_TECHNIQUE_TAG,
+)
 from common.utils.exceptions import FailedExploitationError
 from infection_monkey.exploit.HostExploiter import HostExploiter
 from infection_monkey.exploit.tools.helpers import get_agent_dst_path
@@ -20,6 +24,9 @@ from infection_monkey.utils.threading import interruptible_iter
 
 logger = logging.getLogger(__name__)
 
+MSSQL_EXPLOITER_TAG = "mssql-exploiter"
+EXPLOITER_TAGS = (MSSQL_EXPLOITER_TAG, T1110_ATTACK_TECHNIQUE_TAG, T1210_ATTACK_TECHNIQUE_TAG)
+
 
 class MSSQLExploiter(HostExploiter):
     _EXPLOITED_SERVICE = "MSSQL"
@@ -57,7 +64,9 @@ class MSSQLExploiter(HostExploiter):
                 f" no credentials were successful"
             )
             logger.error(error_message)
-            self._publish_exploitation_event(self.host.ip_addr, False, error_message=error_message)
+            self._publish_exploitation_event(
+                self.host.ip_addr, False, EXPLOITER_TAGS, error_message
+            )
             return self.exploit_result
 
         if self._is_interrupted():
@@ -147,7 +156,7 @@ class MSSQLExploiter(HostExploiter):
     def _report_login_attempt(
         self, success: bool, host: str, user, password: str, message: str = ""
     ):
-        self._publish_exploitation_event(host, success, error_message=message)
+        self._publish_exploitation_event(host, success, EXPLOITER_TAGS, error_message=message)
         self.report_login_attempt(success, user, password)
 
     def _upload_agent(self, agent_path_on_victim: PureWindowsPath):