diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index a12a01dd..f7544287 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -95,7 +95,7 @@
   condition: ((fd.directory=/ or fd.name startswith /root) and fd.name contains "/")
 
 - list: shell_binaries
-  items: [bash, csh, ksh, sh, tcsh, zsh, dash]
+  items: [ash, bash, csh, ksh, sh, tcsh, zsh, dash]
 
 - list: ssh_binaries
   items: [