diff --git a/test/falco_tests.yaml.in b/test/falco_tests.yaml.in
index 37fe61d3..8dca99d4 100644
--- a/test/falco_tests.yaml.in
+++ b/test/falco_tests.yaml.in
@@ -95,6 +95,34 @@ trace_files: !mux
       - rules/double_rule.yaml
     trace_file: trace_files/cat_write.scap
 
+  multiple_rules_overriding:
+    detect: False
+    rules_file:
+      - rules/single_rule.yaml
+      - rules/override_rule.yaml
+    trace_file: trace_files/cat_write.scap
+
+  macro_overriding:
+    detect: False
+    rules_file:
+      - rules/single_rule.yaml
+      - rules/override_macro.yaml
+    trace_file: trace_files/cat_write.scap
+
+  list_overriding:
+    detect: False
+    rules_file:
+      - rules/single_rule.yaml
+      - rules/override_list.yaml
+    trace_file: trace_files/cat_write.scap
+
+  nested_list_overriding:
+    detect: False
+    rules_file:
+      - rules/single_rule.yaml
+      - rules/override_nested_list.yaml
+    trace_file: trace_files/cat_write.scap
+
   invalid_rule_output:
     exit_status: 1
     stderr_contains: "Runtime error: Error loading rules:.* Invalid output format 'An open was seen %not_a_real_field': 'invalid formatting token not_a_real_field'. Exiting."
diff --git a/test/rules/override_list.yaml b/test/rules/override_list.yaml
new file mode 100644
index 00000000..f5a8cfbb
--- /dev/null
+++ b/test/rules/override_list.yaml
@@ -0,0 +1,2 @@
+- list: cat_capable_binaries
+  items: [not-cat]
\ No newline at end of file
diff --git a/test/rules/override_macro.yaml b/test/rules/override_macro.yaml
new file mode 100644
index 00000000..676d0243
--- /dev/null
+++ b/test/rules/override_macro.yaml
@@ -0,0 +1,2 @@
+- macro: is_cat
+  condition: proc.name in (not-cat)
diff --git a/test/rules/override_nested_list.yaml b/test/rules/override_nested_list.yaml
new file mode 100644
index 00000000..4d1aebc0
--- /dev/null
+++ b/test/rules/override_nested_list.yaml
@@ -0,0 +1,2 @@
+- list: cat_binaries
+  items: [not-cat]
\ No newline at end of file
diff --git a/test/rules/override_rule.yaml b/test/rules/override_rule.yaml
new file mode 100644
index 00000000..20a2191a
--- /dev/null
+++ b/test/rules/override_rule.yaml
@@ -0,0 +1,5 @@
+- rule: open_from_cat
+  desc: A process named cat does an open
+  condition: evt.type=open and proc.name=not-cat
+  output: "An open was seen (command=%proc.cmdline)"
+  priority: WARNING
\ No newline at end of file
diff --git a/test/rules/single_rule.yaml b/test/rules/single_rule.yaml
index 3044c6b8..ccba5ea9 100644
--- a/test/rules/single_rule.yaml
+++ b/test/rules/single_rule.yaml
@@ -1,5 +1,11 @@
+- list: cat_binaries
+  items: [cat]
+
+- list: cat_capable_binaries
+  items: [cat_binaries]
+
 - macro: is_cat
-  condition: proc.name=cat
+  condition: proc.name in (cat_capable_binaries)
 
 - rule: open_from_cat
   desc: A process named cat does an open