diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index 689e3bc1e19..2341adcf93d 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -493,7 +493,7 @@
 # systemd can listen on ports to launch things like sshd on demand
 - rule: System procs network activity
   desc: any network activity performed by system binaries that are not expected to send or receive any network traffic
-  condition: (fd.sockfamily = ip and system_procs and not proc.name=systemd) and (inbound or outbound)
+  condition: (fd.sockfamily = ip and system_procs) and (inbound or outbound) and not proc.name=systemd
   output: "Known system binary sent/received network traffic (user=%user.name command=%proc.cmdline connection=%fd.name)"
   priority: NOTICE
   tags: [network]