diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index 10c3bae5dd4..9b874980dc6 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -907,7 +907,7 @@
     iptables, ps, lsb_release, check-new-relea, dumpe2fs, accounts-daemon, sshd,
     vsftpd, systemd, mysql_install_d, psql, screen, debconf-show, sa-update,
     pam-auth-update, /usr/sbin/spamd, polkit-agent-he, lsattr, file, sosreport,
-    scxcimservera, adclient, rtvscand, cockpit-session, userhelper
+    scxcimservera, adclient, rtvscand, cockpit-session, userhelper, ossec-syscheckd
     ]
 
 # Add conditions to this macro (probably in a separate file,