diff --git a/userspace/engine/falco_engine.cpp b/userspace/engine/falco_engine.cpp
index 6b5ccbb4..af764a45 100644
--- a/userspace/engine/falco_engine.cpp
+++ b/userspace/engine/falco_engine.cpp
@@ -364,11 +364,34 @@ unique_ptr<falco_engine::rule_result> falco_engine::process_k8s_audit_event(json
 	return res;
 }
 
-bool falco_engine::parse_k8s_audit_json(nlohmann::json &j, std::list<json_event> &evts)
+bool falco_engine::parse_k8s_audit_json(nlohmann::json &j, std::list<json_event> &evts, bool top)
 {
 	// Note that nlohmann::basic_json::value can throw  nlohmann::basic_json::type_error (302, 306)
 	try
 	{
+		// If the object is an array, call parse_k8s_audit_json again for each item.
+		if(j.is_array())
+		{
+			if(top)
+			{
+				for(auto &item : j)
+				{
+					// Note we only handle a single top level array, to
+					// avoid excessive recursion.
+					if(! parse_k8s_audit_json(item, evts, false))
+					{
+						return false;
+					}
+				}
+
+				return true;
+			}
+			else
+			{
+				return false;
+			}
+		}
+
 		// If the kind is EventList, split it into individual events
 		if(j.value("kind", "<NA>") == "EventList")
 		{
diff --git a/userspace/engine/falco_engine.h b/userspace/engine/falco_engine.h
index 19097775..56b0cc91 100644
--- a/userspace/engine/falco_engine.h
+++ b/userspace/engine/falco_engine.h
@@ -163,7 +163,7 @@ public:
 	// Returns true if the json object was recognized as a k8s
 	// audit event(s), false otherwise.
 	//
-	bool parse_k8s_audit_json(nlohmann::json &j, std::list<json_event> &evts);
+	bool parse_k8s_audit_json(nlohmann::json &j, std::list<json_event> &evts, bool top=true);
 
 	//
 	// Given an event, check it against the set of rules in the