diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index 6dcf7513..beae1603 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -1546,7 +1546,7 @@
   condition: >
     evt.type = setns
     and not proc.name in (docker_binaries, k8s_binaries, lxd_binaries, sysdigcloud_binaries,
-                          sysdig, nsenter, calico, oci-umount, network_plugin_binaries)
+                          sysdig, nsenter, calico, oci-umount, cilium-cni, network_plugin_binaries)
     and not proc.name in (user_known_change_thread_namespace_binaries)
     and not proc.name startswith "runc"
     and not proc.cmdline startswith "containerd"