diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index 6e97d0c9..9d4f7278 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -301,8 +301,8 @@
 
 - macro: parent_python_running_sdchecks
   condition: >
-    (proc.name in (python, python2.7) and
-    (proc.cmdline contains /opt/draios/bin/sdchecks))
+    (proc.pname in (python, python2.7) and
+    (proc.pcmdline contains /opt/draios/bin/sdchecks))
 
 - macro: parent_bro_running_python
   condition: (proc.pname=python and proc.cmdline contains /usr/share/broctl)