diff --git a/rules/linux/credential_access_kubernetes_service_account_secret_access.toml b/rules/linux/credential_access_kubernetes_service_account_secret_access.toml
index 28b395beff5..0ac38fde136 100644
--- a/rules/linux/credential_access_kubernetes_service_account_secret_access.toml
+++ b/rules/linux/credential_access_kubernetes_service_account_secret_access.toml
@@ -2,7 +2,7 @@
 creation_date = "2025/06/17"
 integration = ["endpoint"]
 maturity = "production"
-updated_date = "2025/06/17"
+updated_date = "2025/06/19"
 
 [rule]
 author = ["Elastic"]
@@ -49,6 +49,7 @@ severity = "medium"
 tags = [
     "Domain: Endpoint",
     "Domain: Container",
+    "Domain: Kubernetes",
     "OS: Linux",
     "Use Case: Threat Detection",
     "Tactic: Credential Access",
diff --git a/rules/linux/discovery_kubeconfig_file_discovery.toml b/rules/linux/discovery_kubeconfig_file_discovery.toml
index 5ba0b9d2e61..310507debe0 100644
--- a/rules/linux/discovery_kubeconfig_file_discovery.toml
+++ b/rules/linux/discovery_kubeconfig_file_discovery.toml
@@ -2,7 +2,7 @@
 creation_date = "2025/06/17"
 integration = ["endpoint"]
 maturity = "production"
-updated_date = "2025/06/17"
+updated_date = "2025/06/19"
 
 [rule]
 author = ["Elastic"]
@@ -56,6 +56,7 @@ severity = "low"
 tags = [
     "Domain: Endpoint",
     "Domain: Container",
+    "Domain: Kubernetes",
     "OS: Linux",
     "Use Case: Threat Detection",
     "Tactic: Discovery",
diff --git a/rules/linux/discovery_kubectl_permission_discovery.toml b/rules/linux/discovery_kubectl_permission_discovery.toml
index feefba4d9a1..c2a81330d7a 100644
--- a/rules/linux/discovery_kubectl_permission_discovery.toml
+++ b/rules/linux/discovery_kubectl_permission_discovery.toml
@@ -2,7 +2,7 @@
 creation_date = "2025/06/17"
 integration = ["endpoint"]
 maturity = "production"
-updated_date = "2025/06/17"
+updated_date = "2025/06/19"
 
 [rule]
 author = ["Elastic"]
@@ -52,6 +52,7 @@ severity = "low"
 tags = [
     "Domain: Endpoint",
     "Domain: Container",
+    "Domain: Kubernetes",
     "OS: Linux",
     "Use Case: Threat Detection",
     "Tactic: Discovery",
diff --git a/rules/linux/lateral_movement_kubeconfig_file_activity.toml b/rules/linux/lateral_movement_kubeconfig_file_activity.toml
index cd4e298d786..94a98959e72 100644
--- a/rules/linux/lateral_movement_kubeconfig_file_activity.toml
+++ b/rules/linux/lateral_movement_kubeconfig_file_activity.toml
@@ -2,7 +2,7 @@
 creation_date = "2025/06/17"
 integration = ["endpoint"]
 maturity = "production"
-updated_date = "2025/06/17"
+updated_date = "2025/06/19"
 
 [rule]
 author = ["Elastic"]
@@ -53,6 +53,7 @@ severity = "medium"
 tags = [
     "Domain: Endpoint",
     "Domain: Container",
+    "Domain: Kubernetes",
     "OS: Linux",
     "Use Case: Threat Detection",
     "Tactic: Lateral Movement",