diff --git a/network/cql-native-transport-detect.yaml b/network/detection/cql-native-transport.yaml
similarity index 73%
rename from network/cql-native-transport-detect.yaml
rename to network/detection/cql-native-transport.yaml
index c103632ac6..34e00e427f 100644
--- a/network/cql-native-transport-detect.yaml
+++ b/network/detection/cql-native-transport.yaml
@@ -1,7 +1,7 @@
-id: cql-native-transport-detect
+id: cql-native-transport
 
 info:
-  name: CQL Native Transport Detection
+  name: CQL Native Transport Detect
   author: pussycat0x
   severity: info
   description: |
@@ -9,7 +9,7 @@ info:
   metadata:
     verified: true
     shodan-query: "cassandra"
-  tags: network,cassandra
+  tags: network,cassandra,cql
 
 network:
   - inputs:
@@ -26,6 +26,11 @@ network:
       - "{{Hostname}}"
       - "{{Host}}:9042"
 
+    matchers:
+      - type: word
+        words:
+          - "valid or unsupported protocol"
+
     extractors:
       - type: regex
         regex: