diff --git a/pkg/logs/logs.go b/pkg/logs/logs.go
index 49d680108..01c4fcbb4 100644
--- a/pkg/logs/logs.go
+++ b/pkg/logs/logs.go
@@ -138,7 +138,12 @@ func New(file io.Reader, profile string) AppArmorLogs {
 
 		aa := make(AppArmorLog)
 		for _, item := range tmp {
-			kv := strings.Split(item, "=")
+			kv := strings.FieldsFunc(item, func(r rune) bool {
+				if r == '"' {
+					quoted = !quoted
+				}
+				return !quoted && r == '='
+			})
 			if len(kv) >= 2 {
 				key, value := kv[0], kv[1]
 				if slices.Contains(toClean, key) {
diff --git a/pkg/logs/logs_test.go b/pkg/logs/logs_test.go
index 0b14ba990..6ddd5ac9e 100644
--- a/pkg/logs/logs_test.go
+++ b/pkg/logs/logs_test.go
@@ -267,6 +267,27 @@ func TestNew(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "startplasma",
+			path: filepath.Join(testdata, "audit.log"),
+			want: AppArmorLogs{
+				{
+					"apparmor":       "ALLOWED",
+					"operation":      "link",
+					"class":          "file",
+					"profile":        "startplasma",
+					"name":           "@{user_cache_dirs}/ksycoca5_de_LQ6f0J2qZg4vOKgw2NbXuW7iuVU=.isNSBz",
+					"target":         "@{user_cache_dirs}/#@{int}",
+					"comm":           "startplasma-way",
+					"denied_mask":    "k",
+					"requested_mask": "k",
+					"fsuid":          "1000",
+					"ouid":           "1000",
+					"FSUID":          "user",
+					"OUID":           "user",
+				},
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
diff --git a/tests/testdata/logs/audit.log b/tests/testdata/logs/audit.log
index ed897ea6c..11b8770d2 100644
--- a/tests/testdata/logs/audit.log
+++ b/tests/testdata/logs/audit.log
@@ -54,4 +54,5 @@ type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="capable"
 type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="getattr" class="file" profile="pacman//null-/usr/share/code-features/patch.py" name="/etc/ld.so.preload" pid=18817 comm="patch.py" requested_mask="r" denied_mask="r" fsuid=0 ouid=0FSUID="root" OUID="root"
 type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="capable" class="cap" info="optional: no audit" error=-1 profile="pacman"  comm="killall" capability=19  capname="sys_ptrace"
 apparmor="ALLOWED" operation="open" class="file" profile="signal-desktop" name="/sys/devices/pci0000:00/0000:00:02.0/boot_vga"  comm="signal-desktop" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 FSUID="user" OUID="root"
+apparmor="ALLOWED" operation="link" class="file" profile="startplasma" name="@{user_cache_dirs}/ksycoca5_de_LQ6f0J2qZg4vOKgw2NbXuW7iuVU=.isNSBz"  comm="startplasma-way" requested_mask="k" denied_mask="k" fsuid=1000 ouid=1000 target="@{user_cache_dirs}/#@{int}" FSUID="user" OUID="user"