diff --git a/rules/linux/execution_abnormal_process_id_file_created.toml b/rules/linux/execution_abnormal_process_id_file_created.toml
index e6d835227..1d4b67ba4 100644
--- a/rules/linux/execution_abnormal_process_id_file_created.toml
+++ b/rules/linux/execution_abnormal_process_id_file_created.toml
@@ -61,7 +61,17 @@ file where event.type == "creation" and user.id == "0" and
     "unattended-upgrades.lock",
     "unattended-upgrades.pid",
     "cmd.pid",
-    "cron*.pid"
+    "cron*.pid",
+    "yum.pid",
+    "netconfig.pid",
+    "docker.pid",
+    "atd.pid",
+    "lfd.pid",
+    "atop.pid",
+    "nginx.pid",
+    "dhclient.pid",
+    "smtpd.pid",
+    "stunnel.pid"
     )
 '''