diff --git a/decoders/0040-auditd_decoders.xml b/decoders/0040-auditd_decoders.xml
index 590048cfd..8b3213e9e 100644
--- a/decoders/0040-auditd_decoders.xml
+++ b/decoders/0040-auditd_decoders.xml
@@ -342,6 +342,6 @@ type=TEST_GENERIC msg=audit(1234567890.123:1234): addr=10.10.10.10 ses=20 exe="l
 
 <decoder name="auditd-generic">
     <parent>auditd</parent>
-    <regex>res=(\S+)</regex>
+    <regex>res=(\w+)</regex>
     <order>audit.res</order>
 </decoder>