diff --git a/CMakeLists.txt b/CMakeLists.txt
index 6bea0a07..2a6ce3c7 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -123,9 +123,6 @@ include(njson)
 include(yaml-cpp)
 
 if(NOT WIN32 AND NOT APPLE AND NOT MINIMAL_BUILD AND NOT EMSCRIPTEN)
-  # jq
-  include(jq)
-
   # OpenSSL
   include(openssl)
 
@@ -144,8 +141,8 @@ if (NOT EMSCRIPTEN)
   include(tbb)
 endif()
 
+include(zlib)
 if (NOT MINIMAL_BUILD)
-  include(zlib)
   if (NOT WIN32 AND NOT APPLE AND NOT EMSCRIPTEN)
     include(cares)
     include(protobuf)
diff --git a/cmake/modules/falcosecurity-libs.cmake b/cmake/modules/falcosecurity-libs.cmake
index 21fc6466..ae1537c0 100644
--- a/cmake/modules/falcosecurity-libs.cmake
+++ b/cmake/modules/falcosecurity-libs.cmake
@@ -88,6 +88,8 @@ set(USE_BUNDLED_B64 ON CACHE BOOL "")
 set(USE_BUNDLED_JSONCPP ON CACHE BOOL "")
 set(USE_BUNDLED_VALIJSON ON CACHE BOOL "")
 set(USE_BUNDLED_RE2 ON CACHE BOOL "")
+set(USE_BUNDLED_UTHASH ON CACHE BOOL "")
+set(USE_BUNDLED_TINYDIR ON CACHE BOOL "")
 
 list(APPEND CMAKE_MODULE_PATH "${FALCOSECURITY_LIBS_SOURCE_DIR}/cmake/modules")
 
diff --git a/unit_tests/engine/test_rulesets.cpp b/unit_tests/engine/test_rulesets.cpp
index d0218b45..4d2fcf28 100644
--- a/unit_tests/engine/test_rulesets.cpp
+++ b/unit_tests/engine/test_rulesets.cpp
@@ -23,9 +23,9 @@ limitations under the License.
 #define RULESET_2 2
 
 /* Helpers methods */
-static std::shared_ptr<gen_event_filter_factory> create_factory()
+static std::shared_ptr<gen_event_filter_factory> create_factory(filter_check_list& list)
 {
-	std::shared_ptr<gen_event_filter_factory> ret(new sinsp_filter_factory(NULL));
+	std::shared_ptr<gen_event_filter_factory> ret(new sinsp_filter_factory(NULL, list));
 	return ret;
 }
 
@@ -53,7 +53,8 @@ static std::shared_ptr<gen_event_filter> create_filter(
 
 TEST(Ruleset, enable_disable_rules_using_names)
 {
-	auto f = create_factory();
+	sinsp_filter_check_list filterlist;
+	auto f = create_factory(filterlist);
 	auto r = create_ruleset(f);
 	auto ast = create_ast(f);
 	auto filter = create_filter(f, ast);
@@ -119,7 +120,8 @@ TEST(Ruleset, enable_disable_rules_using_names)
 
 TEST(Ruleset, enable_disable_rules_using_tags)
 {
-	auto f = create_factory();
+	sinsp_filter_check_list filterlist;
+	auto f = create_factory(filterlist);
 	auto r = create_ruleset(f);
 	auto ast = create_ast(f);
 	auto filter = create_filter(f, ast);
diff --git a/unit_tests/falco/app/actions/test_configure_interesting_sets.cpp b/unit_tests/falco/app/actions/test_configure_interesting_sets.cpp
index 277832d7..f9701614 100644
--- a/unit_tests/falco/app/actions/test_configure_interesting_sets.cpp
+++ b/unit_tests/falco/app/actions/test_configure_interesting_sets.cpp
@@ -77,11 +77,12 @@ static std::shared_ptr<falco_engine> mock_engine_from_filters(const strset_t& fi
 	}
 
 	// create a falco engine and load the ruleset
+	sinsp_filter_check_list filterlist;
 	std::shared_ptr<falco_engine> res(new falco_engine());
 	auto filter_factory = std::shared_ptr<gen_event_filter_factory>(
-			new sinsp_filter_factory(nullptr));
+			new sinsp_filter_factory(nullptr, filterlist));
 	auto formatter_factory = std::shared_ptr<gen_event_formatter_factory>(
-			new sinsp_evt_formatter_factory(nullptr));
+			new sinsp_evt_formatter_factory(nullptr, filterlist));
 	res->add_source(s_sample_source, filter_factory, formatter_factory);
 	res->load_rules(dummy_rules, "dummy_rules.yaml");
 	res->enable_rule("", true, s_sample_ruleset);
diff --git a/userspace/engine/CMakeLists.txt b/userspace/engine/CMakeLists.txt
index d2a8a7b8..bfe91c40 100644
--- a/userspace/engine/CMakeLists.txt
+++ b/userspace/engine/CMakeLists.txt
@@ -35,8 +35,7 @@ endif()
 
 add_dependencies(falco_engine yamlcpp njson)
 
-if(MINIMAL_BUILD)
-  target_include_directories(
+target_include_directories(
     falco_engine
     PUBLIC
       "${NJSON_INCLUDE}"
@@ -45,16 +44,5 @@ if(MINIMAL_BUILD)
       "${LIBSINSP_INCLUDE_DIRS}"
       "${YAMLCPP_INCLUDE_DIR}"
       "${PROJECT_BINARY_DIR}/userspace/engine")
-else()
-  target_include_directories(
-    falco_engine
-    PUBLIC
-      "${NJSON_INCLUDE}"
-      "${TBB_INCLUDE_DIR}"
-      "${LIBSCAP_INCLUDE_DIRS}"
-      "${LIBSINSP_INCLUDE_DIRS}"
-      "${YAMLCPP_INCLUDE_DIR}"
-      "${PROJECT_BINARY_DIR}/userspace/engine")
-endif()
 
 target_link_libraries(falco_engine "${FALCO_SINSP_LIBRARY}" "${YAMLCPP_LIB}")
diff --git a/userspace/falco/CMakeLists.txt b/userspace/falco/CMakeLists.txt
index b0f188cf..c2fc26f8 100644
--- a/userspace/falco/CMakeLists.txt
+++ b/userspace/falco/CMakeLists.txt
@@ -26,7 +26,6 @@ set(
   app/actions/pidfile.cpp
   app/actions/init_falco_engine.cpp
   app/actions/init_inspectors.cpp
-  app/actions/init_clients.cpp
   app/actions/init_outputs.cpp
   app/actions/list_fields.cpp
   app/actions/list_plugins.cpp
diff --git a/userspace/falco/app/actions/actions.h b/userspace/falco/app/actions/actions.h
index 5f8db767..1910e5fa 100644
--- a/userspace/falco/app/actions/actions.h
+++ b/userspace/falco/app/actions/actions.h
@@ -30,7 +30,6 @@ falco::app::run_result configure_syscall_buffer_num(falco::app::state& s);
 falco::app::run_result create_requested_paths(falco::app::state& s);
 falco::app::run_result create_signal_handlers(falco::app::state& s);
 falco::app::run_result pidfile(falco::app::state& s);
-falco::app::run_result init_clients(falco::app::state& s);
 falco::app::run_result init_falco_engine(falco::app::state& s);
 falco::app::run_result init_inspectors(falco::app::state& s);
 falco::app::run_result init_outputs(falco::app::state& s);
diff --git a/userspace/falco/app/actions/init_clients.cpp b/userspace/falco/app/actions/init_clients.cpp
deleted file mode 100644
index 7c64a462..00000000
--- a/userspace/falco/app/actions/init_clients.cpp
+++ /dev/null
@@ -1,71 +0,0 @@
-// SPDX-License-Identifier: Apache-2.0
-/*
-Copyright (C) 2023 The Falco Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-#include "actions.h"
-
-using namespace falco::app;
-using namespace falco::app::actions;
-
-falco::app::run_result falco::app::actions::init_clients(falco::app::state& s)
-{
-#if !defined(_WIN32) && !defined(__EMSCRIPTEN__) && !defined(MINIMAL_BUILD)
-	// k8s is useful only if the syscall source is enabled
-	if (s.is_capture_mode() || !s.is_source_enabled(falco_common::syscall_source))
-	{
-		return run_result::ok();
-	}
-
-	auto inspector = s.source_infos.at(falco_common::syscall_source)->inspector;
-
-	falco_logger::log(falco_logger::level::DEBUG, "Setting metadata download max size to " + std::to_string(s.config->m_metadata_download_max_mb) + " MB\n");
-	falco_logger::log(falco_logger::level::DEBUG, "Setting metadata download chunk wait time to " + std::to_string(s.config->m_metadata_download_chunk_wait_us) + " μs\n");
-	falco_logger::log(falco_logger::level::DEBUG, "Setting metadata download watch frequency to " + std::to_string(s.config->m_metadata_download_watch_freq_sec) + " seconds\n");
-	inspector->set_metadata_download_params(s.config->m_metadata_download_max_mb * 1024 * 1024, s.config->m_metadata_download_chunk_wait_us, s.config->m_metadata_download_watch_freq_sec);
-
-	if (s.options.dry_run)
-	{
-		falco_logger::log(falco_logger::level::DEBUG, "Skipping clients initialization in dry-run\n");
-		return run_result::ok();
-	}
-
-	//
-	// Run k8s, if required
-	//
-	char *k8s_api_env = NULL;
-	if(!s.options.k8s_api.empty() ||
-	   (k8s_api_env = getenv("FALCO_K8S_API")))
-	{
-		// Create string pointers for some config vars
-		// and pass to inspector. The inspector then
-		// owns the pointers.
-		std::string *k8s_api_ptr = new std::string((!s.options.k8s_api.empty() ? s.options.k8s_api : k8s_api_env));
-		std::string *k8s_api_cert_ptr = new std::string(s.options.k8s_api_cert);
-		std::string *k8s_node_name_ptr = new std::string(s.options.k8s_node_name);
-
-		if(k8s_api_cert_ptr->empty())
-		{
-			if(char* k8s_cert_env = getenv("FALCO_K8S_API_CERT"))
-			{
-				*k8s_api_cert_ptr = k8s_cert_env;
-			}
-		}
-		inspector->init_k8s_client(k8s_api_ptr, k8s_api_cert_ptr, k8s_node_name_ptr, s.options.verbose);
-	}
-#endif
-
-	return run_result::ok();
-}
diff --git a/userspace/falco/app/app.cpp b/userspace/falco/app/app.cpp
index b35674bd..6d1578a0 100644
--- a/userspace/falco/app/app.cpp
+++ b/userspace/falco/app/app.cpp
@@ -82,7 +82,6 @@ bool falco::app::run(falco::app::state& s, bool& restart, std::string& errstr)
 		falco::app::actions::create_signal_handlers,
 		falco::app::actions::create_requested_paths,
 		falco::app::actions::pidfile,
-		falco::app::actions::init_clients,
 		falco::app::actions::configure_interesting_sets,
 		falco::app::actions::configure_syscall_buffer_size,
 		falco::app::actions::configure_syscall_buffer_num,
diff --git a/userspace/falco/app/options.cpp b/userspace/falco/app/options.cpp
index 582dff09..7268b46a 100644
--- a/userspace/falco/app/options.cpp
+++ b/userspace/falco/app/options.cpp
@@ -194,11 +194,6 @@ void options::define(cxxopts::Options& opts)
 		("modern-bpf",				  "Use the BPF modern probe driver to instrument the kernel and observe 'syscall' events.", cxxopts::value(modern_bpf)->default_value("false"))
 #endif
 		("i",                             "Print those events that are ignored by default for performance reasons and exit. See -A for more details.", cxxopts::value(print_ignored_events)->default_value("false"))
-#if !defined(_WIN32) && !defined(__EMSCRIPTEN__) && !defined(MINIMAL_BUILD)
-		("k,k8s-api",                     "Enable Kubernetes metadata support by connecting to the given API server <URL>\n(e.g. \"http://admin:password@127.0.0.1:8080\". The API server can also be specified via the environment variable FALCO_K8S_API.", cxxopts::value(k8s_api), "<URL>")
-		("K,k8s-api-cert",                "Use the provided file names to authenticate the user and (optionally) verify the K8S API server identity. Each entry must specify the full (absolute or relative to the current directory) path to the respective file. Passing a private key password is optional (unless the key is password-protected). CA certificate is optional. For all files, only the PEM file format is supported. Specifying the CA certificate only is obsoleted - when a single entry is provided for this option, it will be interpreted as the name of a file containing the bearer token. Note that the format of this command-line option prohibits the use of files whose names contain ':' or '#' characters in the file name. This option has effect only when used in conjunction with -k.", cxxopts::value(k8s_api_cert), "(<bt_file> | <cert_file>:<key_file[#password]>[:<ca_cert_file>])")
-		("k8s-node",                      "Filter Kubernetes metadata for a specified <node_name>. The node name will be used as a filter when requesting metadata of pods to the API server. Usually, this should be set to the current node on which Falco is running. No filter is set if empty, which may have a performance penalty on large clusters. This option has effect only when used in conjunction with -k.", cxxopts::value(k8s_node_name), "<node_name>")
-#endif
 		("L",                             "Show the name and description of all rules and exit. If json_output is set to true, it prints details about all rules, macros, and lists in JSON format.", cxxopts::value(describe_all_rules)->default_value("false"))
 		("l",                             "Show the name and description of the rule specified <rule> and exit. If json_output is set to true, it prints details about the rule in JSON format.", cxxopts::value(describe_rule), "<rule>")
 		("list",                          "List all defined fields and exit. If <source> is provided, only list those fields for the source <source>. Current values for <source> are \"syscall\" or any source from a configured plugin with event sourcing capability.", cxxopts::value(list_source_fields)->implicit_value(""), "<source>")
diff --git a/userspace/falco/app/options.h b/userspace/falco/app/options.h
index b12b3f33..8ff2a1c6 100644
--- a/userspace/falco/app/options.h
+++ b/userspace/falco/app/options.h
@@ -51,9 +51,6 @@ public:
 	std::string gvisor_config;
 	std::string gvisor_generate_config_with_socket;
 	std::string gvisor_root;
-	std::string k8s_api;
-	std::string k8s_api_cert;
-	std::string k8s_node_name;
 	bool describe_all_rules;
 	std::string describe_rule;
 	bool print_ignored_events;
diff --git a/userspace/falco/configuration.cpp b/userspace/falco/configuration.cpp
index d571322f..e36fe3be 100644
--- a/userspace/falco/configuration.cpp
+++ b/userspace/falco/configuration.cpp
@@ -63,9 +63,6 @@ falco_configuration::falco_configuration():
 	m_syscall_evt_drop_max_burst(1),
 	m_syscall_evt_simulate_drops(false),
 	m_syscall_evt_timeout_max_consecutives(1000),
-	m_metadata_download_max_mb(100),
-	m_metadata_download_chunk_wait_us(1000),
-	m_metadata_download_watch_freq_sec(1),
 	m_syscall_buf_size_preset(4),
 	m_cpus_for_each_syscall_buffer(2),
 	m_syscall_drop_failed_exit(false),
@@ -365,18 +362,6 @@ void falco_configuration::load_yaml(const std::string& config_name, const yaml_h
 		throw std::logic_error("Error reading config file(" + config_name + "): the maximum consecutive timeouts without an event must be an unsigned integer > 0");
 	}
 
-	m_metadata_download_max_mb = config.get_scalar<uint32_t>("metadata_download.max_mb", 100);
-	if(m_metadata_download_max_mb > 1024)
-	{
-		throw std::logic_error("Error reading config file(" + config_name + "): metadata download maximum size should be < 1024 Mb");
-	}
-	m_metadata_download_chunk_wait_us = config.get_scalar<uint32_t>("metadata_download.chunk_wait_us", 1000);
-	m_metadata_download_watch_freq_sec = config.get_scalar<uint32_t>("metadata_download.watch_freq_sec", 1);
-	if(m_metadata_download_watch_freq_sec == 0)
-	{
-		throw std::logic_error("Error reading config file(" + config_name + "): metadata download watch frequency seconds must be an unsigned integer > 0");
-	}
-
 	/* We put this value in the configuration file because in this way we can change the dimension at every reload.
 	 * The default value is `4` -> 8 MB.
 	 */
diff --git a/userspace/falco/configuration.h b/userspace/falco/configuration.h
index 052e4a80..ce6fb459 100644
--- a/userspace/falco/configuration.h
+++ b/userspace/falco/configuration.h
@@ -103,10 +103,6 @@ public:
 
 	uint32_t m_syscall_evt_timeout_max_consecutives;
 
-	uint32_t m_metadata_download_max_mb;
-	uint32_t m_metadata_download_chunk_wait_us;
-	uint32_t m_metadata_download_watch_freq_sec;
-
 	// Index corresponding to the syscall buffer dimension.
 	uint16_t m_syscall_buf_size_preset;
 
diff --git a/userspace/falco/stats_writer.cpp b/userspace/falco/stats_writer.cpp
index 14f26754..450d3def 100644
--- a/userspace/falco/stats_writer.cpp
+++ b/userspace/falco/stats_writer.cpp
@@ -356,7 +356,6 @@ void stats_writer::collector::get_metrics_output_fields_additional(
 		double stats_snapshot_time_delta_sec, const std::string& src)
 {
 	const scap_agent_info* agent_info = inspector->get_agent_info();
-	const scap_machine_info* machine_info = inspector->get_machine_info();
 
 #if !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__)
 	/* Resource utilization, CPU and memory usage etc. */
@@ -431,7 +430,7 @@ void stats_writer::collector::get_metrics_output_fields_additional(
 	{
 		flags |= PPM_SCAP_STATS_KERNEL_COUNTERS;
 	}
-	if (m_writer->m_config->m_metrics_libbpf_stats_enabled && (inspector->check_current_engine(BPF_ENGINE) || inspector->check_current_engine(MODERN_BPF_ENGINE)) && (machine_info->flags & PPM_BPF_STATS_ENABLED))
+	if (m_writer->m_config->m_metrics_libbpf_stats_enabled && (inspector->check_current_engine(BPF_ENGINE) || inspector->check_current_engine(MODERN_BPF_ENGINE)))
 	{
 		flags |= PPM_SCAP_STATS_LIBBPF_STATS;
 	}