diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index ba6b3e04..7267fc5e 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -178,7 +178,7 @@
 # The explicit quotes are needed to avoid the - characters being
 # interpreted by the filter expression.
 - list: rpm_binaries
-  items: [dnf, rpm, rpmkey, yum, '"75-system-updat"', rhsmcertd-worke]
+  items: [dnf, rpm, rpmkey, yum, '"75-system-updat"', rhsmcertd-worke, subscription-ma]
 
 - macro: rpm_procs
   condition: proc.name in (rpm_binaries)