diff --git a/docker/event-generator/event-generator-k8saudit-deployment.yaml b/docker/event-generator/event-generator-k8saudit-deployment.yaml
new file mode 100644
index 00000000..505d2ab4
--- /dev/null
+++ b/docker/event-generator/event-generator-k8saudit-deployment.yaml
@@ -0,0 +1,23 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: falco-event-generator-k8saudit
+  labels:
+    app: falco-event-generator-k8saudit
+  namespace: falco-event-generator
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: falco-event-generator-k8saudit
+  template:
+    metadata:
+      labels:
+        app: falco-event-generator-k8saudit
+    spec:
+      serviceAccount: falco-event-generator
+      containers:
+      - name: falco-event-generator
+        image: falcosecurity/falco-event-generator:eg-sandbox
+        imagePullPolicy: Always
+        args: ["k8s_audit"]
diff --git a/docker/event-generator/event-generator-role-rolebinding-serviceaccount.yaml b/docker/event-generator/event-generator-role-rolebinding-serviceaccount.yaml
new file mode 100644
index 00000000..9c4ad916
--- /dev/null
+++ b/docker/event-generator/event-generator-role-rolebinding-serviceaccount.yaml
@@ -0,0 +1,71 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: falco-event-generator
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - services
+  - serviceaccounts
+  - pods
+  verbs:
+  - list
+  - get
+  - create
+  - delete
+- apiGroups:
+  - apps
+  - extensions
+  resources:
+  - deployments
+  verbs:
+  - list
+  - get
+  - create
+  - delete
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - roles
+  - rolebindings
+  verbs:
+  - get
+  - list
+  - create
+  - delete
+# These are only so the event generator can create roles that have these properties.
+# It will result in a falco alert for the rules "ClusterRole With Wildcard Created", "ClusterRole With Pod Exec Created"
+- apiGroups:
+  - ""
+  resources:
+  - pods/exec
+  verbs:
+  - get
+- apiGroups:
+  - ""
+  resources:
+  - '*'
+  verbs:
+  - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: falco-event-generator
+  namespace: falco-eg-sandbox
+subjects:
+  - kind: ServiceAccount
+    name: falco-event-generator
+    namespace: falco-event-generator
+roleRef:
+  kind: ClusterRole
+  name: falco-event-generator
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: falco-event-generator
+  namespace: falco-event-generator
diff --git a/docker/event-generator/k8s_event_generator.sh b/docker/event-generator/k8s_event_generator.sh
index 79b406a0..db21497b 100644
--- a/docker/event-generator/k8s_event_generator.sh
+++ b/docker/event-generator/k8s_event_generator.sh
@@ -17,15 +17,18 @@ kubectl version --short
 
 while true; do
 
-    RET=$(kubectl get namespaces --output=name | grep falco-event-generator || true)
+    # Delete all resources in the falco-eg-sandbox namespace
+    echo "***Deleting all resources in falco-eg-sandbox namespace..."
+    kubectl delete --all configmaps -n falco-eg-sandbox
+    kubectl delete --all deployments -n falco-eg-sandbox
+    kubectl delete --all services -n falco-eg-sandbox
+    kubectl delete --all roles -n falco-eg-sandbox
+    kubectl delete --all serviceaccounts -n falco-eg-sandbox
 
-    if [[ "$RET" == *falco-event-generator* ]]; then
-	echo "***Deleting existing falco-event-generator namespace..."
-	kubectl delete namespace falco-event-generator
-    fi
-
-    echo "***Creating falco-event-generator namespace..."
-    kubectl create namespace falco-event-generator
+    # We don't delete all rolebindings in the falco-eg-sandbox
+    # namespace, as that would also delete the rolebinding for the
+    # event generator itself.
+    kubectl delete rolebinding vanilla-role-binding -n falco-eg-sandbox || true
 
     for file in yaml/*.yaml; do
 
@@ -48,7 +51,7 @@ while true; do
 	    RULES=$(echo "$RULES" | tr '-' ' '| tr '.' '/' | sed -e 's/ *//' | sed  -e 's/,$//')
 
 	    echo "***$MESSAGES (Rule(s) $RULES)..."
-	    kubectl apply -f $file
+	    kubectl apply -f $file -n falco-eg-sandbox
 	    sleep 2
 	fi
     done
diff --git a/docker/event-generator/yaml/configmap-private-creds.yaml b/docker/event-generator/yaml/configmap-private-creds.yaml
index 4735798e..5754bffa 100644
--- a/docker/event-generator/yaml/configmap-private-creds.yaml
+++ b/docker/event-generator/yaml/configmap-private-creds.yaml
@@ -2,7 +2,6 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: private-creds-configmap
-  namespace: falco-event-generator
   labels:
     app.kubernetes.io/name: private-creds-configmap
     app.kubernetes.io/part-of: falco-event-generator
diff --git a/docker/event-generator/yaml/disallowed-pod-deployment.yaml b/docker/event-generator/yaml/disallowed-pod-deployment.yaml
index a12eb773..22d6ae63 100644
--- a/docker/event-generator/yaml/disallowed-pod-deployment.yaml
+++ b/docker/event-generator/yaml/disallowed-pod-deployment.yaml
@@ -2,7 +2,6 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: disallowed-pod-deployment
-  namespace: falco-event-generator
   labels:
     app.kubernetes.io/name: disallowed-pod-deployment
     app.kubernetes.io/part-of: falco-event-generator
diff --git a/docker/event-generator/yaml/hostnetwork-deployment.yaml b/docker/event-generator/yaml/hostnetwork-deployment.yaml
index 1dc3f93d..74ed2f08 100644
--- a/docker/event-generator/yaml/hostnetwork-deployment.yaml
+++ b/docker/event-generator/yaml/hostnetwork-deployment.yaml
@@ -2,7 +2,6 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: hostnetwork-deployment
-  namespace: falco-event-generator
   labels:
     app.kubernetes.io/name: hostnetwork-deployment
     app.kubernetes.io/part-of: falco-event-generator
diff --git a/docker/event-generator/yaml/nodeport-service.yaml b/docker/event-generator/yaml/nodeport-service.yaml
index d6f83951..8e340e17 100644
--- a/docker/event-generator/yaml/nodeport-service.yaml
+++ b/docker/event-generator/yaml/nodeport-service.yaml
@@ -2,7 +2,6 @@ apiVersion: v1
 kind: Service
 metadata:
   name: nodeport-service
-  namespace: falco-event-generator
   labels:
     app.kubernetes.io/name: nodeport-service
     app.kubernetes.io/part-of: falco-event-generator
diff --git a/docker/event-generator/yaml/privileged-deployment.yaml b/docker/event-generator/yaml/privileged-deployment.yaml
index de96279f..03b5c35f 100644
--- a/docker/event-generator/yaml/privileged-deployment.yaml
+++ b/docker/event-generator/yaml/privileged-deployment.yaml
@@ -2,7 +2,6 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: privileged-deployment
-  namespace: falco-event-generator
   labels:
     app.kubernetes.io/name: privileged-deployment
     app.kubernetes.io/part-of: falco-event-generator
diff --git a/docker/event-generator/yaml/role-pod-exec.yaml b/docker/event-generator/yaml/role-pod-exec.yaml
index 626077f3..4e20c953 100644
--- a/docker/event-generator/yaml/role-pod-exec.yaml
+++ b/docker/event-generator/yaml/role-pod-exec.yaml
@@ -2,7 +2,6 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   name: pod-exec-role
-  namespace: falco-event-generator
   labels:
     app.kubernetes.io/name: pod-exec-role
     app.kubernetes.io/part-of: falco-event-generator
diff --git a/docker/event-generator/yaml/role-wildcard-resources.yaml b/docker/event-generator/yaml/role-wildcard-resources.yaml
index 1344e990..aae8c8e4 100644
--- a/docker/event-generator/yaml/role-wildcard-resources.yaml
+++ b/docker/event-generator/yaml/role-wildcard-resources.yaml
@@ -2,7 +2,6 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   name: wildcard-resources-role
-  namespace: falco-event-generator
   labels:
     app.kubernetes.io/name: wildcard-resources-role
     app.kubernetes.io/part-of: falco-event-generator
diff --git a/docker/event-generator/yaml/role-write-privileges.yaml b/docker/event-generator/yaml/role-write-privileges.yaml
index e3065deb..1862f3db 100644
--- a/docker/event-generator/yaml/role-write-privileges.yaml
+++ b/docker/event-generator/yaml/role-write-privileges.yaml
@@ -2,7 +2,6 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   name: write-privileges-role
-  namespace: falco-event-generator
   labels:
     app.kubernetes.io/name: write-privileges-role
     app.kubernetes.io/part-of: falco-event-generator
diff --git a/docker/event-generator/yaml/sensitive-mount-deployment.yaml b/docker/event-generator/yaml/sensitive-mount-deployment.yaml
index ca7cbbfa..f6320c2d 100644
--- a/docker/event-generator/yaml/sensitive-mount-deployment.yaml
+++ b/docker/event-generator/yaml/sensitive-mount-deployment.yaml
@@ -2,7 +2,6 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: sensitive-mount-deployment
-  namespace: falco-event-generator
   labels:
     app.kubernetes.io/name: sensitive-mount-deployment
     app.kubernetes.io/part-of: falco-event-generator
diff --git a/docker/event-generator/yaml/vanilla-configmap.yaml b/docker/event-generator/yaml/vanilla-configmap.yaml
index 0dd9f45a..71e0e39f 100644
--- a/docker/event-generator/yaml/vanilla-configmap.yaml
+++ b/docker/event-generator/yaml/vanilla-configmap.yaml
@@ -2,7 +2,6 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: vanilla-configmap
-  namespace: falco-event-generator
   labels:
     app.kubernetes.io/name: vanilla-configmap
     app.kubernetes.io/part-of: falco-event-generator
diff --git a/docker/event-generator/yaml/vanilla-deployment.yaml b/docker/event-generator/yaml/vanilla-deployment.yaml
index 34f41c7e..1336c898 100644
--- a/docker/event-generator/yaml/vanilla-deployment.yaml
+++ b/docker/event-generator/yaml/vanilla-deployment.yaml
@@ -2,7 +2,6 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: vanilla-deployment
-  namespace: falco-event-generator
   labels:
     app.kubernetes.io/name: vanilla-deployment
     app.kubernetes.io/part-of: falco-event-generator
diff --git a/docker/event-generator/yaml/vanilla-role-rolebinding-serviceaccount.yaml b/docker/event-generator/yaml/vanilla-role-rolebinding-serviceaccount.yaml
index 580b4e8e..40813438 100644
--- a/docker/event-generator/yaml/vanilla-role-rolebinding-serviceaccount.yaml
+++ b/docker/event-generator/yaml/vanilla-role-rolebinding-serviceaccount.yaml
@@ -2,7 +2,6 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   name: vanilla-role
-  namespace: falco-event-generator
   labels:
     app.kubernetes.io/name: vanilla-role
     app.kubernetes.io/part-of: falco-event-generator
@@ -20,7 +19,6 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: vanilla-role-binding
-  namespace: falco-event-generator
   labels:
     app.kubernetes.io/name: vanilla-role-binding
     app.kubernetes.io/part-of: falco-event-generator
@@ -38,7 +36,6 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: vanilla-serviceaccount
-  namespace: falco-event-generator
   labels:
     app.kubernetes.io/name: vanilla-serviceaccount
     app.kubernetes.io/part-of: falco-event-generator
diff --git a/docker/event-generator/yaml/vanilla-service.yaml b/docker/event-generator/yaml/vanilla-service.yaml
index db91cdbe..317baa2d 100644
--- a/docker/event-generator/yaml/vanilla-service.yaml
+++ b/docker/event-generator/yaml/vanilla-service.yaml
@@ -2,7 +2,6 @@ apiVersion: v1
 kind: Service
 metadata:
   name: vanilla-service
-  namespace: falco-event-generator
   labels:
     app.kubernetes.io/name: vanilla-service
     app.kubernetes.io/part-of: falco-event-generator