diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index 30047dae..389d4ed7 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -547,6 +547,10 @@
 - macro: parent_java_running_install4j
   condition: (proc.pname=java and proc.pcmdline contains "-classpath i4jruntime.jar")
 
+- macro: parent_running_datastax
+  condition: ((proc.pname=java and proc.pcmdline contains "-jar datastax-agent") or
+              (proc.pcmdline startswith "nodetool /opt/dse/bin/"))
+
 - macro: parent_dovecot_running_auth
   condition: (proc.pname=auth and proc.aname[2]=dovecot)
 
@@ -886,6 +890,7 @@
     and not run_by_openshift
     and not parent_java_running_tomcat
     and not parent_java_running_install4j
+    and not parent_running_datastax
     and not parent_java_running_appdynamics
     and not parent_cpanm_running_perl
     and not parent_ruby_running_discourse
@@ -1137,6 +1142,7 @@
     and not parent_java_running_confluence
     and not parent_java_running_tomcat
     and not parent_java_running_install4j
+    and not parent_running_datastax
     and not ics_running_java
     and not parent_ruby_running_discourse
     and not assemble_running_php