diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index 98d9bc7b..df887f67 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -3059,7 +3059,7 @@
 - macro: consider_userfaultfd_activities
   condition: (always_true)
 
-- list: user_known_userfaultfd_activities
+- list: user_known_userfaultfd_processes
   items: []
 
 - rule: Unprivileged Delegation of Page Faults Handling to a Userspace Process
@@ -3069,7 +3069,7 @@
     evt.type = userfaultfd and
     user.uid != 0 and
     (evt.rawres >= 0 or evt.res != -1) and
-    not proc.name in (user_known_userfaultfd_activities)
+    not proc.name in (user_known_userfaultfd_processes)
   output: An userfaultfd syscall was successfully executed by an unprivileged user (user=%user.name user_loginuid=%user.loginuid process=%proc.name command=%proc.cmdline %container.info image=%container.image.repository:%container.image.tag)
   priority: CRITICAL
   tags: [syscall, mitre_defense_evasion]