diff --git a/detection-rules/suspicious_request_for_quote_or_purchase.yml b/detection-rules/suspicious_request_for_quote_or_purchase.yml
index 240ec4ec4f8..cc775348362 100644
--- a/detection-rules/suspicious_request_for_quote_or_purchase.yml
+++ b/detection-rules/suspicious_request_for_quote_or_purchase.yml
@@ -68,7 +68,7 @@ source: |
                regex.icontains(.file_name, "(purchase.?order|Quot(e|ation))")
         )
         or any(ml.nlu_classifier(body.current_thread.text).tags,
-               .name == "purchase_order" and .confidence == "high"
+               .name == "purchase_order" and .confidence != "low"
         )
         or any(ml.nlu_classifier(body.current_thread.text).entities,
                .name == "financial" and regex.imatch(.text, "rfp|rfq")