diff --git a/scenarios/andreasbrett/baikal-bf.yaml b/scenarios/andreasbrett/baikal-bf.yaml
index ee09e7dfdfb..16cb1dde082 100644
--- a/scenarios/andreasbrett/baikal-bf.yaml
+++ b/scenarios/andreasbrett/baikal-bf.yaml
@@ -11,7 +11,12 @@ reprocess: true
 labels:
     service: baikal
     type: bruteforce
+    classification:
+      - attack.T1110
     remediation: true
+    behavior: http:bruteforce
+    spoofable: 0
+    confidence: 3
 ---
 # Baikal user-enum (only for web UI since Baikal doesn't log failed username for CalDAV/CardDAV access)
 type: leaky
@@ -27,3 +32,8 @@ labels:
     service: baikal
     type: bruteforce
     remediation: true
+    behavior: http:bruteforce
+    spoofable: 0
+    confidence: 3
+    classification:
+      - attack.T1110
\ No newline at end of file