diff --git a/http/technologies/splunkhec-detect.yaml b/http/technologies/splunkhec-detect.yaml
index 4952850e05..02f11485b9 100644
--- a/http/technologies/splunkhec-detect.yaml
+++ b/http/technologies/splunkhec-detect.yaml
@@ -24,4 +24,5 @@ http:
         dsl:
           - 'status_code == 200'
           - 'contains_any(body, "text\":\"HEC is healthy\",\"code")'
+          - 'contains(header, "application/json")'
         condition: and