diff --git a/rules/proxy/proxy_exchange_owassrf_exploitation.yml b/rules/proxy/proxy_exchange_owassrf_exploitation.yml
index d421eee17..30760d4ad 100644
--- a/rules/proxy/proxy_exchange_owassrf_exploitation.yml
+++ b/rules/proxy/proxy_exchange_owassrf_exploitation.yml
@@ -17,7 +17,7 @@ detection:
         # Look for the header: X-OWA-ExplicitLogonUser: owa/mastermailbox@outlook.com
         cs-method: 'POST'
         c-uri|contains|all:
-            - '/owa/mastermailbox'
+            - '/owa/'
             - '/powershell'
     condition: selection
 falsepositives:
diff --git a/rules/web/web_exchange_owassrf_exploitation.yml b/rules/web/web_exchange_owassrf_exploitation.yml
index b72bb9181..0d71e438c 100644
--- a/rules/web/web_exchange_owassrf_exploitation.yml
+++ b/rules/web/web_exchange_owassrf_exploitation.yml
@@ -17,7 +17,8 @@ detection:
         # Look for the header: X-OWA-ExplicitLogonUser: owa/mastermailbox@outlook.com
         cs-method: 'POST'
         c-uri|contains|all:
-            - '/owa/mastermailbox'
+            - '/owa/'
+            - `@`
             - '/powershell'
     condition: selection
 falsepositives: