diff --git a/monkey/infection_monkey/credential_collectors/ssh_collector/ssh_handler.py b/monkey/infection_monkey/credential_collectors/ssh_collector/ssh_handler.py
index 2c5b55887..7d8a046f4 100644
--- a/monkey/infection_monkey/credential_collectors/ssh_collector/ssh_handler.py
+++ b/monkey/infection_monkey/credential_collectors/ssh_collector/ssh_handler.py
@@ -20,12 +20,14 @@ T1003_ATTACK_TECHNIQUE_TAG = "attack-t1003"
 T1005_ATTACK_TECHNIQUE_TAG = "attack-t1005"
 T1145_ATTACK_TECHNIQUE_TAG = "attack-t1145"
 
-SSH_COLLECTOR_EVENT_TAGS = {
-    SSH_CREDENTIAL_COLLECTOR_TAG,
-    T1003_ATTACK_TECHNIQUE_TAG,
-    T1005_ATTACK_TECHNIQUE_TAG,
-    T1145_ATTACK_TECHNIQUE_TAG,
-}
+SSH_COLLECTOR_EVENT_TAGS = frozenset(
+    (
+        SSH_CREDENTIAL_COLLECTOR_TAG,
+        T1003_ATTACK_TECHNIQUE_TAG,
+        T1005_ATTACK_TECHNIQUE_TAG,
+        T1145_ATTACK_TECHNIQUE_TAG,
+    )
+)
 
 
 def get_ssh_info(
@@ -165,7 +167,7 @@ def to_credentials(ssh_info: Iterable[Dict]) -> Sequence[Credentials]:
 
 def _publish_credentials_stolen_event(collected_credentials: Credentials, event_queue: IEventQueue):
     credentials_stolen_event = CredentialsStolenEvent(
-        tags=frozenset(SSH_COLLECTOR_EVENT_TAGS),
+        tags=SSH_COLLECTOR_EVENT_TAGS,
         stolen_credentials=[collected_credentials],
     )