diff --git a/rules/windows/dns_query/dns_net_susp_teamviewer.yml b/rules/windows/dns_query/dns_net_susp_teamviewer.yml
index ed64dcf2c..ddfe7f510 100644
--- a/rules/windows/dns_query/dns_net_susp_teamviewer.yml
+++ b/rules/windows/dns_query/dns_net_susp_teamviewer.yml
@@ -3,6 +3,7 @@ id: 778ba9a8-45e4-4b80-8e3e-34a419f0b85e
 description: Detects DNS queries to a TeamViewer domain only resolved by a TeamViewer client by an image that isn't named TeamViewer (sometimes used by threat actors for obfuscation)
 status: experimental
 date: 2022/01/30
+modified: 2022/02/08
 author: Florian Roth
 references:
     - https://www.teamviewer.com/en-us/
@@ -23,4 +24,4 @@ detection:
 falsepositives:
     - Unknown binary names of TeamViewer
     - Other programs that also lookup the observed domain
-level: high
\ No newline at end of file
+level: medium
\ No newline at end of file