diff --git a/monkey/infection_monkey/exploit/zerologon.py b/monkey/infection_monkey/exploit/zerologon.py
index 36686a728..ae8eb5d79 100644
--- a/monkey/infection_monkey/exploit/zerologon.py
+++ b/monkey/infection_monkey/exploit/zerologon.py
@@ -9,7 +9,6 @@ import os
 import re
 import tempfile
 from binascii import unhexlify
-from time import time
 from typing import Dict, List, Optional, Sequence, Tuple
 
 import impacket
@@ -19,7 +18,6 @@ from impacket.dcerpc.v5.dtypes import NULL
 from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT
 from common.credentials import Credentials, LMHash, NTHash, Username
 from common.events import CredentialsStolenEvent
-from infection_monkey.config import IGUID
 from infection_monkey.exploit.HostExploiter import HostExploiter
 from infection_monkey.exploit.tools.wmi_tools import WmiTools
 from infection_monkey.exploit.zerologon_utils.dump_secrets import DumpSecrets
@@ -33,6 +31,10 @@ from infection_monkey.utils.threading import interruptible_iter
 
 logger = logging.getLogger(__name__)
 
+ZEROLOGON_EXPLOIT_TAG = "ZerologonCredentialsStolen"
+
+ZEROLOGON_EVENT_TAGS = {ZEROLOGON_EXPLOIT_TAG}
+
 
 class ZerologonExploiter(HostExploiter):
     _EXPLOITED_SERVICE = "Netlogon"
@@ -297,10 +299,8 @@ class ZerologonExploiter(HostExploiter):
 
     def _publish_credentials_stolen_event(self, extracted_credentials: Sequence[Credentials]):
         credentials_stolen_event = CredentialsStolenEvent(
-            source=IGUID,
             target=None,
-            timestamp=time(),
-            tags=({"ZerologonCredentialsStolen"}),
+            tags=(ZEROLOGON_EVENT_TAGS),
             stolen_credentials=extracted_credentials,
         )
         self.event_queue.publish(credentials_stolen_event)