diff --git a/dns/saas-service-detection.yaml b/dns/saas-service-detection.yaml
index 19d699f7e5..1e624f9e5e 100644
--- a/dns/saas-service-detection.yaml
+++ b/dns/saas-service-detection.yaml
@@ -13,6 +13,12 @@ dns:
   - name: "{{FQDN}}"
     type: A
 
+    extractors:
+      - type: regex
+        group: 1
+        regex:
+          - 'IN\t(?:A|CNAME)\t([A-Za-z0-9-_.]*([a-zA-Z]+[0-9]+|[0-9.]+[a-zA-Z]+))'
+
     matchers-condition: or
     matchers: