diff --git a/rules/windows/process_creation/win_invoke_obfuscation_via_rundll.yml b/rules/windows/process_creation/win_invoke_obfuscation_via_rundll.yml
index a21a4e10b..80b0a0253 100644
--- a/rules/windows/process_creation/win_invoke_obfuscation_via_rundll.yml
+++ b/rules/windows/process_creation/win_invoke_obfuscation_via_rundll.yml
@@ -20,4 +20,4 @@ detection:
     condition: selection
 falsepositives:
     - Unknown
-level: high 
\ No newline at end of file
+level: medium