diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index 8688ce90..7e771ebf 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -3095,7 +3095,14 @@
   condition: (never_true)
 
 -  macro: curl_download
-   condition: proc.name = curl and (proc.cmdline contains (" > ") or proc.cmdline contains (" >> ") or proc.cmdline contains (" | "))
+   condition: proc.name = curl and
+              (proc.cmdline contains (" > ") or
+              proc.cmdline contains (" >> ") or
+              proc.cmdline contains (" | ") or
+              proc.cmdline contains (" -o ") or
+              proc.cmdline contains (" --output ") or
+              proc.cmdline contains (" -O ") or
+              proc.cmdline contains (" --remote-name "))
 
 - rule: Launch Ingress Remote File Copy Tools in Container
   desc: Detect ingress remote file copy tools launched in container