diff --git a/assets/queries/common/passwords_and_secrets/regex_rules.json b/assets/queries/common/passwords_and_secrets/regex_rules.json
index c6e2ecb2eb5..e4bf3bb5459 100644
--- a/assets/queries/common/passwords_and_secrets/regex_rules.json
+++ b/assets/queries/common/passwords_and_secrets/regex_rules.json
@@ -50,9 +50,9 @@
     {
       "id": "51b5b840-cd0c-4556-98a7-fe5f4def80cf",
       "name": "Asymmetric private key",
-      "regex": "-----BEGIN ((EC|PGP|DSA|RSA|OPENSSH) )?PRIVATE KEY( BLOCK)?-----(\\s*([A-Za-z0-9+,:\\-\\/=\\n\\r]+))+\\s*-----END ((EC|PGP|DSA|RSA|OPENSSH) )?PRIVATE KEY( BLOCK)?-----",
+      "regex": "-----BEGIN ((EC|PGP|DSA|RSA|OPENSSH) )?PRIVATE KEY( BLOCK)?-----\\s*(([A-Za-z0-9+,:\\-\\/=\\n\\r]+\\s*)+)-----END ((EC|PGP|DSA|RSA|OPENSSH) )?PRIVATE KEY( BLOCK)?-----",
       "multiline": {
-        "detectLineGroup": 5
+        "detectLineGroup": 4
       },
       "entropies": [
         {
@@ -65,8 +65,12 @@
     },
     {
       "id": "a007a85e-a2a7-4a81-803a-7a2ca0c65abb",
-      "name": "Putty Private Key",
-      "regex": "PuTTY-User-Key-File-2"
+      "name": "Putty User Key File Content",
+      "regex": "PuTTY-User-Key-File-\\d: ([\\w\\d-:\\n\\s+/=]+Private-MAC: [\\d\\w\"]+)",
+      "multiline": {
+        "detectLineGroup": 1
+      },
+      "specialMask": "all"
     },
     {
       "id": "c4d3b58a-e6d4-450f-9340-04f1e702eaae",
diff --git a/assets/queries/common/passwords_and_secrets/test/positive_expected_result.json b/assets/queries/common/passwords_and_secrets/test/positive_expected_result.json
index c28d005349c..4c2f0e589f3 100644
--- a/assets/queries/common/passwords_and_secrets/test/positive_expected_result.json
+++ b/assets/queries/common/passwords_and_secrets/test/positive_expected_result.json
@@ -312,7 +312,7 @@
     "fileName": "positive35.yaml"
   },
   {
-    "queryName": "Passwords And Secrets - Putty Private Key",
+    "queryName": "Passwords And Secrets - Putty User Key File Content",
     "severity": "HIGH",
     "line": 5,
     "fileName": "positive36.tf"
@@ -350,7 +350,7 @@
   {
     "queryName": "Passwords And Secrets - Asymmetric private key",
     "severity": "HIGH",
-    "line": 7,
+    "line": 6,
     "fileName": "positive41.tf"
   },
   {
diff --git a/pkg/engine/secrets/inspector.go b/pkg/engine/secrets/inspector.go
index 8050382d84f..7e19b85ce89 100644
--- a/pkg/engine/secrets/inspector.go
+++ b/pkg/engine/secrets/inspector.go
@@ -661,7 +661,7 @@ func hideSecret(linesVuln *model.VulnerabilityLines,
 	query *RegexQuery,
 	secretTracker *[]SecretTracker) *[]model.CodeLine {
 	for idx := range *linesVuln.VulnLines {
-		if query.SpecialMask == "all" {
+		if query.SpecialMask == "all" && idx != 0 {
 			addToSecretTracker(secretTracker, linesVuln.ResolvedFile, linesVuln.Line, (*linesVuln.VulnLines)[idx].Line, "<SECRET-MASKED-ON-PURPOSE>")
 			(*linesVuln.VulnLines)[idx].Line = "<SECRET-MASKED-ON-PURPOSE>"
 			continue