diff --git a/rules/network/net_mal_dns_cobaltstrike.yml b/rules/network/net_mal_dns_cobaltstrike.yml
index b7efbe5c..3775bc79 100644
--- a/rules/network/net_mal_dns_cobaltstrike.yml
+++ b/rules/network/net_mal_dns_cobaltstrike.yml
@@ -18,7 +18,7 @@ detection:
     condition: selection
 falsepositives:
     - Unknown
-level: high
+level: critical
 tags:
     - attack.command_and_control
     - attack.t1071 # an old one