diff --git a/rules/windows/process_creation/proc_creation_win_susp_network_command.yml b/rules/windows/process_creation/proc_creation_win_susp_network_command.yml
index 446e2a456..6fcd7ac9d 100644
--- a/rules/windows/process_creation/proc_creation_win_susp_network_command.yml
+++ b/rules/windows/process_creation/proc_creation_win_susp_network_command.yml
@@ -17,6 +17,7 @@ detection:
             - 'arp -a'
             - 'nbtstat -n'
             - 'net config'
+            - 'route print'
     condition: network_cmd
 falsepositives:
     - Administrator, hotline ask to user