diff --git a/rules/windows/process_creation/win_susp_ping_hex_ip.yml b/rules/windows/process_creation/win_susp_ping_hex_ip.yml
index a2ec5a5af..6aa11c82b 100644
--- a/rules/windows/process_creation/win_susp_ping_hex_ip.yml
+++ b/rules/windows/process_creation/win_susp_ping_hex_ip.yml
@@ -15,7 +15,7 @@ logsource:
     product: windows
 detection:
     selection:
-        CommandLine:
+        CommandLine|contains:
             - 'ping.exe*0x*'
             - 'ping*0x*'
     condition: selection