diff --git a/test/falco_tests.yaml b/test/falco_tests.yaml
index 951f0eea..e887ee7d 100644
--- a/test/falco_tests.yaml
+++ b/test/falco_tests.yaml
@@ -579,3 +579,23 @@ trace_files: !mux
       - open_11: 1
       - open_12: 0
       - open_13: 0
+
+  list_append_failure:
+    exit_status: 1
+    stderr_contains: "List my_list has 'append' key but no list by that name already exists. Exiting"
+    rules_file:
+      - rules/list_append_failure.yaml
+    trace_file: trace_files/cat_write.scap
+
+  list_append:
+    detect: True
+    detect_level: WARNING
+    rules_file:
+      - rules/list_append.yaml
+    trace_file: trace_files/cat_write.scap
+
+  list_append_false:
+    detect: False
+    rules_file:
+      - rules/list_append_false.yaml
+    trace_file: trace_files/cat_write.scap
diff --git a/test/rules/list_append.yaml b/test/rules/list_append.yaml
new file mode 100644
index 00000000..064f12a6
--- /dev/null
+++ b/test/rules/list_append.yaml
@@ -0,0 +1,12 @@
+- list: my_list
+  items: [not-cat]
+
+- list: my_list
+  append: true
+  items: [cat]
+
+- rule: Open From Cat
+  desc: A process named cat does an open
+  condition: evt.type=open and proc.name in (my_list)
+  output: "An open was seen (command=%proc.cmdline)"
+  priority: WARNING
\ No newline at end of file
diff --git a/test/rules/list_append_failure.yaml b/test/rules/list_append_failure.yaml
new file mode 100644
index 00000000..11bc54ac
--- /dev/null
+++ b/test/rules/list_append_failure.yaml
@@ -0,0 +1,3 @@
+- list: my_list
+  items: [not-cat]
+  append: true
diff --git a/test/rules/list_append_false.yaml b/test/rules/list_append_false.yaml
new file mode 100644
index 00000000..02d3fa79
--- /dev/null
+++ b/test/rules/list_append_false.yaml
@@ -0,0 +1,12 @@
+- list: my_list
+  items: [cat]
+
+- list: my_list
+  append: false
+  items: [not-cat]
+
+- rule: Open From Cat
+  desc: A process named cat does an open
+  condition: evt.type=open and proc.name in (my_list)
+  output: "An open was seen (command=%proc.cmdline)"
+  priority: WARNING
\ No newline at end of file
diff --git a/userspace/engine/lua/rule_loader.lua b/userspace/engine/lua/rule_loader.lua
index 335474e9..41448e82 100644
--- a/userspace/engine/lua/rule_loader.lua
+++ b/userspace/engine/lua/rule_loader.lua
@@ -222,7 +222,24 @@ function load_rules(rules_content, rules_mgr, verbose, all_events, extra, replac
 	    end
 	 end
 
-	 state.lists_by_name[v['list']] = v
+	 -- Possibly append to an existing list
+	 append = false
+
+	 if v['append'] then
+	    append = v['append']
+	 end
+
+	 if append then
+	    if state.lists_by_name[v['list']] == nil then
+	       error ("List " ..v['list'].. " has 'append' key but no list by that name already exists")
+	    end
+
+	    for i, elem in ipairs(v['items']) do
+	       table.insert(state.lists_by_name[v['list']]['items'], elem)
+	    end
+	 else
+	    state.lists_by_name[v['list']] = v
+	 end
 
       elseif (v['rule']) then