diff --git a/userspace/engine/evttype_index_ruleset.cpp b/userspace/engine/evttype_index_ruleset.cpp
index cb17f735..d79e408c 100644
--- a/userspace/engine/evttype_index_ruleset.cpp
+++ b/userspace/engine/evttype_index_ruleset.cpp
@@ -15,7 +15,6 @@ limitations under the License.
 */
 
 #include "evttype_index_ruleset.h"
-#include "filter_evttype_resolver.h"
 #include "banned.h" // This raises a compilation error when certain functions are used
 
 #include <algorithm>
@@ -145,7 +144,10 @@ void evttype_index_ruleset::ruleset_filters::evttypes_for_ruleset(std::set<uint1
 
 	for(auto &wrap : m_filters)
 	{
-		evttypes.insert(wrap->evttypes.begin(), wrap->evttypes.end());
+		for (const auto& e : wrap->evttypes)
+		{
+			evttypes.insert((uint16_t) e);
+		}
 	}
 }
 
@@ -161,12 +163,11 @@ void evttype_index_ruleset::add(
 		wrap->filter = filter;
 		if(rule.source == falco_common::syscall_source)
 		{
-			filter_evttype_resolver resolver;
-			resolver.evttypes(condition, wrap->evttypes);
+			wrap->evttypes = libsinsp::filter::ast::ppm_event_codes(condition.get());
 		}
 		else
 		{
-			wrap->evttypes = { ppm_event_type::PPME_PLUGINEVENT_E };
+			wrap->evttypes = { ppm_event_code::PPME_PLUGINEVENT_E };
 		}
 		m_filters.insert(wrap);
 	}
diff --git a/userspace/engine/evttype_index_ruleset.h b/userspace/engine/evttype_index_ruleset.h
index e7644abc..3dba1351 100644
--- a/userspace/engine/evttype_index_ruleset.h
+++ b/userspace/engine/evttype_index_ruleset.h
@@ -93,7 +93,7 @@ private:
 	struct filter_wrapper
 	{
 		falco_rule rule;
-		std::set<uint16_t> evttypes;
+		libsinsp::events::set<ppm_event_code> evttypes;
 		std::shared_ptr<gen_event_filter> filter;
 	};
 
diff --git a/userspace/engine/json_evt.h b/userspace/engine/json_evt.h
index cd6a5de1..009f20d0 100644
--- a/userspace/engine/json_evt.h
+++ b/userspace/engine/json_evt.h
@@ -48,7 +48,7 @@ public:
 	inline uint16_t get_type() const
 	{
 		// All k8s audit events have the single tag "1". - see falco_engine::process_k8s_audit_event
-		return ppm_event_type::PPME_PLUGINEVENT_E;
+		return ppm_event_code::PPME_PLUGINEVENT_E;
 	}
 
 protected:
diff --git a/userspace/engine/rule_loader_compiler.cpp b/userspace/engine/rule_loader_compiler.cpp
index b9a1ee5f..47dec22a 100644
--- a/userspace/engine/rule_loader_compiler.cpp
+++ b/userspace/engine/rule_loader_compiler.cpp
@@ -21,7 +21,6 @@ limitations under the License.
 
 #include "rule_loader_compiler.h"
 #include "filter_macro_resolver.h"
-#include "filter_evttype_resolver.h"
 #include "filter_warning_resolver.h"
 
 #define MAX_VISIBILITY		((uint32_t) -1)
@@ -496,11 +495,10 @@ void rule_loader::compiler::compile_rule_infos(
 		}
 
 		// populate set of event types and emit an special warning
-		std::set<uint16_t> evttypes = { ppm_event_type::PPME_PLUGINEVENT_E };
+		libsinsp::events::set<ppm_event_code> evttypes = { ppm_event_code::PPME_PLUGINEVENT_E };
 		if(rule.source == falco_common::syscall_source)
 		{
-			evttypes.clear();
-			filter_evttype_resolver().evttypes(ast, evttypes);
+			evttypes = libsinsp::filter::ast::ppm_event_codes(ast.get());
 			if ((evttypes.empty() || evttypes.size() > 100)
 			    && r.warn_evttypes)
 			{