diff --git a/rules/windows/network_connection/sysmon_powershell_network_connection.yml b/rules/windows/network_connection/sysmon_powershell_network_connection.yml
index 4a110b53e..7f922e323 100755
--- a/rules/windows/network_connection/sysmon_powershell_network_connection.yml
+++ b/rules/windows/network_connection/sysmon_powershell_network_connection.yml
@@ -18,6 +18,7 @@ detection:
     selection:
         Image|endswith: '\powershell.exe'
         Initiated: 'true'
+        DestinationIsIpv6: 'false'
     filter:
         DestinationIp|startswith:
             - '10.'
@@ -39,7 +40,6 @@ detection:
             - '172.30.'
             - '172.31.'
             - '127.0.0.1'
-        DestinationIsIpv6: 'false'
         User: 'NT AUTHORITY\SYSTEM'
     condition: selection and not filter
 falsepositives: