diff --git a/Splunk_TA_paloalto/default/eventtypes.conf b/Splunk_TA_paloalto/default/eventtypes.conf
index 0a47612c..724886d9 100644
--- a/Splunk_TA_paloalto/default/eventtypes.conf
+++ b/Splunk_TA_paloalto/default/eventtypes.conf
@@ -44,7 +44,6 @@ search = sourcetype=pan_threat OR sourcetype=pan:threat OR (sourcetype=pan:firew
 
 [pan_file]
 search = sourcetype=pan_threat OR sourcetype=pan:threat OR (sourcetype=pan:firewall_cloud AND LogType="THREAT") AND log_subtype = "file" 
-#tags = ids attack
 
 [pan_url]
 search = sourcetype=pan_threat OR sourcetype=pan:threat OR (sourcetype=pan:firewall_cloud AND LogType="THREAT") AND log_subtype = "url" 
@@ -52,7 +51,6 @@ search = sourcetype=pan_threat OR sourcetype=pan:threat OR (sourcetype=pan:firew
 
 [pan_data]
 search = sourcetype=pan_threat OR sourcetype=pan:threat OR (sourcetype=pan:firewall_cloud AND LogType="THREAT") AND log_subtype = "data" 
-#tags = web 
 
 [pan_virus]
 search = (sourcetype=pan_threat OR sourcetype=pan:threat OR (sourcetype=pan:firewall_cloud AND LogType="THREAT")) AND (log_subtype = "virus" OR log_subtype = "wildfire-virus")
diff --git a/Splunk_TA_paloalto/default/tags.conf b/Splunk_TA_paloalto/default/tags.conf
index 8f3cb4e6..34095a94 100644
--- a/Splunk_TA_paloalto/default/tags.conf
+++ b/Splunk_TA_paloalto/default/tags.conf
@@ -18,9 +18,7 @@ communicate = enabled
 ids = enabled
 attack = enabled
 
-[eventtype=pan_file]
-ids = enabled
-attack = enabled
+#[eventtype=pan_file]
 
 #[eventtype=pan_data]