diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index 1a1ce3b5..db5e9890 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -928,6 +928,7 @@
     relevant to your environment, and adjust the profiled containers you wish not to be alerted on.
   condition: >
     open_write 
+    and container
     and access_log_files 
     and evt.arg.flags contains "O_TRUNC" 
     and not trusted_logging_images