diff --git a/test/falco_tests.yaml b/test/falco_tests.yaml
index 6c5afd1460e..62d681cda95 100644
--- a/test/falco_tests.yaml
+++ b/test/falco_tests.yaml
@@ -713,3 +713,30 @@ trace_files: !mux
       - open_dev_null: 1
         dev_null: 0
     trace_file: trace_files/cat_write.scap
+
+  skip_unknown_noevt:
+    detect: False
+    stdout_contains: Skipping rule "Contains Unknown Event And Skipping" that contains unknown filter proc.nobody
+    rules_file:
+      - rules/skip_unknown_evt.yaml
+    trace_file: trace_files/cat_write.scap
+
+  skip_unknown_prefix:
+    detect: False
+    rules_file:
+      - rules/skip_unknown_prefix.yaml
+    trace_file: trace_files/cat_write.scap
+
+  skip_unknown_error:
+    exit_status: 1
+    stderr_contains: Rule "Contains Unknown Event And Not Skipping" contains unknown filter proc.nobody. Exiting.
+    rules_file:
+      - rules/skip_unknown_error.yaml
+    trace_file: trace_files/cat_write.scap
+
+  skip_unknown_unspec_error:
+    exit_status: 1
+    stderr_contains: Rule "Contains Unknown Event And Unspecified" contains unknown filter proc.nobody. Exiting.
+    rules_file:
+      - rules/skip_unknown_unspec.yaml
+    trace_file: trace_files/cat_write.scap
diff --git a/test/rules/skip_unknown_error.yaml b/test/rules/skip_unknown_error.yaml
new file mode 100644
index 00000000000..8d5a63cb373
--- /dev/null
+++ b/test/rules/skip_unknown_error.yaml
@@ -0,0 +1,6 @@
+- rule: Contains Unknown Event And Not Skipping
+  desc: Contains an unknown event
+  condition: proc.nobody=cat
+  output: Never
+  skip-if-unknown-filter: false
+  priority: INFO
diff --git a/test/rules/skip_unknown_evt.yaml b/test/rules/skip_unknown_evt.yaml
new file mode 100644
index 00000000000..46919ad3c4c
--- /dev/null
+++ b/test/rules/skip_unknown_evt.yaml
@@ -0,0 +1,6 @@
+- rule: Contains Unknown Event And Skipping
+  desc: Contains an unknown event
+  condition: evt.type=open and proc.nobody=cat
+  output: Never
+  skip-if-unknown-filter: true
+  priority: INFO
\ No newline at end of file
diff --git a/test/rules/skip_unknown_prefix.yaml b/test/rules/skip_unknown_prefix.yaml
new file mode 100644
index 00000000000..bee6eaea8c1
--- /dev/null
+++ b/test/rules/skip_unknown_prefix.yaml
@@ -0,0 +1,8 @@
+- rule: Contains Prefix of Filter
+  desc: Testing matching filter prefixes
+  condition: >
+    evt.type=open and evt.arg.path="foo" and evt.arg[0]="foo"
+    and proc.aname="ls" and proc.aname[1]="ls"
+    and proc.apid=10 and proc.apid[1]=10
+  output: Never
+  priority: INFO
\ No newline at end of file
diff --git a/test/rules/skip_unknown_unspec.yaml b/test/rules/skip_unknown_unspec.yaml
new file mode 100644
index 00000000000..50a5240314e
--- /dev/null
+++ b/test/rules/skip_unknown_unspec.yaml
@@ -0,0 +1,5 @@
+- rule: Contains Unknown Event And Unspecified
+  desc: Contains an unknown event
+  condition: proc.nobody=cat
+  output: Never
+  priority: INFO