diff --git a/rules/linux/process_creation/proc_creation_lnx_webshell_detection.yml b/rules/linux/process_creation/proc_creation_lnx_webshell_detection.yml
index 4816e3fe1..7a1fac49c 100644
--- a/rules/linux/process_creation/proc_creation_lnx_webshell_detection.yml
+++ b/rules/linux/process_creation/proc_creation_lnx_webshell_detection.yml
@@ -5,7 +5,7 @@ description: Detects suspicious sub processes of web server processes
 references:
    - https://www.acunetix.com/blog/articles/web-shells-101-using-php-introduction-web-shells-part-2/
 date: 2021/10/15
-modified: 2022/05/09
+modified: 2022/06/03
 author: Florian Roth
 tags:
     - attack.persistence
@@ -39,5 +39,5 @@ detection:
    condition: selection_sub_processes and ( selection_general or selection_tomcat or selection_websphere)
 falsepositives:
    - Web applications that invoke Linux command line tools
-level: critical
+level: high