diff --git a/assets/queries/azureResourceManager/network_security_group_with_unrestricted_access_to_ssh/metadata.json b/assets/queries/azureResourceManager/network_security_group_with_unrestricted_access_to_ssh/metadata.json
index b2a4c7972be..385ac1cd466 100644
--- a/assets/queries/azureResourceManager/network_security_group_with_unrestricted_access_to_ssh/metadata.json
+++ b/assets/queries/azureResourceManager/network_security_group_with_unrestricted_access_to_ssh/metadata.json
@@ -4,7 +4,7 @@
   "severity": "MEDIUM",
   "category": "Networking and Firewall",
   "descriptionText": "Port 22 (SSH) is exposed to the Internet",
-  "descriptionUrl": "https://docs.microsoft.com/en-us/azure/templates/microsoft.network/2020-07-01/networksecuritygroups?tabs=json#securityrulepropertiesformat-object",
+  "descriptionUrl": "https://learn.microsoft.com/en-us/azure/templates/microsoft.network/networksecuritygroups?pivots=deployment-language-bicep#securityrulepropertiesformat",
   "platform": "AzureResourceManager",
   "descriptionID": "97b6233c",
   "cloudProvider": "azure",
diff --git a/assets/queries/azureResourceManager/network_security_group_with_unrestricted_access_to_ssh/query.rego b/assets/queries/azureResourceManager/network_security_group_with_unrestricted_access_to_ssh/query.rego
index 7b92056eef7..c821982dc6d 100644
--- a/assets/queries/azureResourceManager/network_security_group_with_unrestricted_access_to_ssh/query.rego
+++ b/assets/queries/azureResourceManager/network_security_group_with_unrestricted_access_to_ssh/query.rego
@@ -12,7 +12,7 @@ CxPolicy[result] {
 	properties := value.properties.securityRules[x].properties
 
 	properties.access == "Allow"
-	properties.protocol == "Tcp"
+	lower(properties.protocol) == "tcp"
 	properties.direction == "Inbound"
 	arm_lib.contains_port(properties, 22)
 	arm_lib.source_address_prefix_is_open(properties)
@@ -38,7 +38,7 @@ CxPolicy[result] {
 	properties := typeInfo.properties
 
 	properties.access == "Allow"
-	properties.protocol == "Tcp"
+	lower(properties.protocol) == "tcp"
 	properties.direction == "Inbound"
 	arm_lib.contains_port(properties, 22)
 	arm_lib.source_address_prefix_is_open(properties)
diff --git a/assets/queries/azureResourceManager/network_security_group_with_unrestricted_access_to_ssh/test/positive7.json b/assets/queries/azureResourceManager/network_security_group_with_unrestricted_access_to_ssh/test/positive7.json
new file mode 100644
index 00000000000..f9ff447d608
--- /dev/null
+++ b/assets/queries/azureResourceManager/network_security_group_with_unrestricted_access_to_ssh/test/positive7.json
@@ -0,0 +1,47 @@
+{
+    "properties": {
+        "template": {
+            "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+            "contentVersion": "2.0.0.0",
+            "apiProfile": "2019-03-01-hybrid",
+            "parameters": {},
+            "variables": {},
+            "functions": [],
+            "resources": [
+                {
+                    "name": "securitygroup",
+                    "type": "Microsoft.Network/networkSecurityGroups",
+                    "apiVersion": "2020-11-01",
+                    "location": "location1",
+                    "tags": {},
+                    "properties": {},
+                    "resources": [
+                        {
+                            "type": "securityRules",
+                            "apiVersion": "2020-11-01",
+                            "properties": {
+                                "description": "access to SSH",
+                                "protocol": "TCP",
+                                "sourcePortRange": "*",
+                                "destinationPortRanges": [
+                                    "22-23"
+                                ],
+                                "sourceAddressPrefix": "*",
+                                "destinationAddressPrefix": "*",
+                                "access": "Allow",
+                                "priority": 100,
+                                "direction": "Inbound"
+                            },
+                            "name": "sr"
+                        }
+                    ]
+                }
+            ],
+            "outputs": {}
+        },
+        "parameters": {}
+    },
+    "kind": "template",
+    "type": "Microsoft.Blueprint/blueprints/artifacts",
+    "name": "myTemplate"
+}
\ No newline at end of file
diff --git a/assets/queries/azureResourceManager/network_security_group_with_unrestricted_access_to_ssh/test/positive_expected_result.json b/assets/queries/azureResourceManager/network_security_group_with_unrestricted_access_to_ssh/test/positive_expected_result.json
index a2a2afda9bc..89f5d2d09c0 100644
--- a/assets/queries/azureResourceManager/network_security_group_with_unrestricted_access_to_ssh/test/positive_expected_result.json
+++ b/assets/queries/azureResourceManager/network_security_group_with_unrestricted_access_to_ssh/test/positive_expected_result.json
@@ -34,5 +34,11 @@
     "severity": "MEDIUM",
     "line": 22,
     "fileName": "positive6.json"
+  },
+  {
+    "queryName": "Network Security Group With Unrestricted Access To SSH",
+    "severity": "MEDIUM",
+    "line": 22,
+    "fileName": "positive7.json"
   }
 ]
\ No newline at end of file