diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index ce2290d0692..0b85b39e479 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -2595,13 +2595,16 @@
   priority: CRITICAL
   tags: [process, mitre_execution]
 
-# Application rules have moved to application_rules.yaml. Please look
-# there if you want to enable them by adding to
-# falco_rules.local.yaml.
-
+- list: k8s_client_binaries
+  items: [docker, kubectl, crictl]
+  
 - rule: The docker client is executed in a container
   desc: Detect a k8s client tool executed inside a container
   condition: spawned_process and container and proc.name in (k8s_client_binaries)
   output: "Docker or kubernetes client executed in container (user=%user.name %container.info parent=%proc.pname cmdline=%proc.cmdline)"
   priority: WARNING
-  tags: [container, mitre_execution]
\ No newline at end of file
+  tags: [container, mitre_execution]
+  
+# Application rules have moved to application_rules.yaml. Please look
+# there if you want to enable them by adding to
+# falco_rules.local.yaml.