diff --git a/cmake/modules/falcosecurity-libs.cmake b/cmake/modules/falcosecurity-libs.cmake
index 2adb9be7..d1db9923 100644
--- a/cmake/modules/falcosecurity-libs.cmake
+++ b/cmake/modules/falcosecurity-libs.cmake
@@ -42,9 +42,9 @@ else()
 	# version (or branch, or commit) just pass the variable - ie., `cmake
 	# -DFALCOSECURITY_LIBS_VERSION=dev ..`
 	if(NOT FALCOSECURITY_LIBS_VERSION)
-		set(FALCOSECURITY_LIBS_VERSION "6c5659b814f775bdbb3831577b2aeb2bad909289")
+		set(FALCOSECURITY_LIBS_VERSION "227346f7eb4133b6f7463193cfdb346aa06e06f7")
 		set(FALCOSECURITY_LIBS_CHECKSUM
-			"SHA256=5286d10b90fa687d2c81e35814eaa6cd1969166af4e702655e04f72d2d15186b"
+			# "SHA256=5286d10b90fa687d2c81e35814eaa6cd1969166af4e702655e04f72d2d15186b"
 		)
 	endif()
 
diff --git a/falco.yaml b/falco.yaml
index 68f8d477..6a5d9d0e 100644
--- a/falco.yaml
+++ b/falco.yaml
@@ -691,7 +691,7 @@ outputs_queue:
 #             affect the regular Falco message in any way. These can be specified as a
 #             custom name with a custom format or as any supported field
 #             (see: https://falco.org/docs/reference/rules/supported-fields/)
-#   `suggested_output`: enable the use of extractor plugins suggested fields for the matching source output.
+#   `suggested_output`: automatically append fields that are suggested to rules output
 #
 # Example:
 # 
@@ -715,6 +715,17 @@ outputs_queue:
 append_output:
   - suggested_output: true
 
+# [Sandbox] `static_fields`
+#
+# Add statically defined fields to the Falco engine.
+# Then, they can be used as normal rule conditions, by prepending `static.` prefix,
+# eg: evt.type=open and static.foo=bar
+# Also, if `append_output.suggested_output` is true,
+# they'll be automatically appended to each rule output,
+# in the form "static_foo=bar"
+# static_fields:
+#  foo: bar
+#  foo2: ${env}
 
 ##########################
 # Falco outputs channels #
diff --git a/userspace/falco/app/actions/init_inspectors.cpp b/userspace/falco/app/actions/init_inspectors.cpp
index 8e6d67a9..7291cca5 100644
--- a/userspace/falco/app/actions/init_inspectors.cpp
+++ b/userspace/falco/app/actions/init_inspectors.cpp
@@ -21,6 +21,7 @@ limitations under the License.
 #include <unordered_set>
 
 #include <libsinsp/plugin_manager.h>
+#include <libsinsp/sinsp_filtercheck_static.h>
 
 using namespace falco::app;
 using namespace falco::app::actions;
@@ -53,6 +54,7 @@ static bool populate_filterchecks(const std::shared_ptr<sinsp>& inspector,
                                   const std::string& source,
                                   filter_check_list& filterchecks,
                                   std::unordered_set<std::string>& used_plugins,
+                                  std::map<std::string, std::string> static_fields,
                                   std::string& err) {
 	std::vector<const filter_check_info*> infos;
 	for(const auto& plugin : inspector->get_plugin_manager()->plugins()) {
@@ -82,6 +84,10 @@ static bool populate_filterchecks(const std::shared_ptr<sinsp>& inspector,
 		filterchecks.add_filter_check(sinsp_plugin::new_filtercheck(plugin));
 		used_plugins.insert(plugin->name());
 	}
+
+	if(!static_fields.empty()) {
+		filterchecks.add_filter_check(std::make_unique<sinsp_filter_check_static>(static_fields));
+	}
 	return true;
 }
 
@@ -162,6 +168,7 @@ falco::app::run_result falco::app::actions::init_inspectors(falco::app::state& s
 		                          src,
 		                          *src_info->filterchecks,
 		                          used_plugins,
+		                          s.config->m_static_fields,
 		                          err)) {
 			return run_result::fatal(err);
 		}
diff --git a/userspace/falco/config_json_schema.h b/userspace/falco/config_json_schema.h
index 3a58faac..277ff7f7 100644
--- a/userspace/falco/config_json_schema.h
+++ b/userspace/falco/config_json_schema.h
@@ -35,6 +35,9 @@ const char config_schema_string[] = LONG_STRING_CONST(
                         "$ref": "#/definitions/AppendOutput"
                     }
                 },
+                "static_fields": {
+                    "type": "object"
+                },
                 "config_files": {
                     "type": "array",
                     "items": {
diff --git a/userspace/falco/configuration.cpp b/userspace/falco/configuration.cpp
index f334ce38..67575616 100644
--- a/userspace/falco/configuration.cpp
+++ b/userspace/falco/configuration.cpp
@@ -663,6 +663,8 @@ void falco_configuration::load_yaml(const std::string &config_name) {
 		}
 	}
 
+	m_static_fields = m_config.get_scalar<std::map<std::string, std::string>>("static_fields", {});
+
 	std::vector<std::string> load_plugins;
 
 	bool load_plugins_node_defined = m_config.is_defined("load_plugins");
diff --git a/userspace/falco/configuration.h b/userspace/falco/configuration.h
index 0f4d4ab9..44dc21f2 100644
--- a/userspace/falco/configuration.h
+++ b/userspace/falco/configuration.h
@@ -147,6 +147,8 @@ public:
 	std::vector<rule_selection_config> m_rules_selection;
 	// Append output configuration passed by the user
 	std::vector<append_output_config> m_append_output;
+	// Static fields configuration passed by the user
+	std::map<std::string, std::string> m_static_fields;
 
 	bool m_json_output;
 	bool m_json_include_output_property;