diff --git a/rules/windows/process_creation/proc_creation_win_rundll32_webdav_client_susp_execution.yml b/rules/windows/process_creation/proc_creation_win_rundll32_webdav_client_susp_execution.yml
index 51cd22710..75fa07955 100644
--- a/rules/windows/process_creation/proc_creation_win_rundll32_webdav_client_susp_execution.yml
+++ b/rules/windows/process_creation/proc_creation_win_rundll32_webdav_client_susp_execution.yml
@@ -23,7 +23,7 @@ detection:
         CommandLine|contains:
             - 'C:\windows\system32\davclnt.dll,DavSetCookie'
             - '://'
-        CommandLine|re: '\d{1-3}\.\d{1-3}.\d{1-3}'
+        CommandLine|re: '\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}'
     filter_local_ips:
         CommandLine|contains:
             - '://10.' #10.0.0.0/8