diff --git a/core/lib/rules.py b/core/lib/rules.py
index f39a4a0..d1eb5da 100644
--- a/core/lib/rules.py
+++ b/core/lib/rules.py
@@ -59,6 +59,16 @@ def process_rules(data):
                         value = [value]
                     if field == "src":
                         continue
+                    if field == "tokens":
+                        for token in value:
+                            if "tokens" in message:
+                                if token in message["tokens"]:
+                                    matched_field_number += 1
+                                    matched_fields.append(field)
+                                    # Break out of the token matching loop
+                                    break
+                        # Continue to next field
+                        continue
                     if field in message and message[field] in value:
                         matched_field_number += 1
                         matched_fields.append(field)