diff --git a/userspace/engine/CMakeLists.txt b/userspace/engine/CMakeLists.txt
index 78f681ce..b3d6f086 100644
--- a/userspace/engine/CMakeLists.txt
+++ b/userspace/engine/CMakeLists.txt
@@ -16,6 +16,7 @@ add_library(falco_engine STATIC
     falco_engine.cpp
     falco_load_result.cpp
     falco_utils.cpp
+    filter_ruleset.cpp
     evttype_index_ruleset.cpp
     formats.cpp
     filter_details_resolver.cpp
diff --git a/userspace/engine/falco_engine.cpp b/userspace/engine/falco_engine.cpp
index e02711b4..cc13461f 100644
--- a/userspace/engine/falco_engine.cpp
+++ b/userspace/engine/falco_engine.cpp
@@ -66,6 +66,8 @@ falco_engine::falco_engine(bool seed_rng)
 	}
 
 	m_default_ruleset_id = find_ruleset_id(s_default_ruleset);
+
+	fill_engine_state_funcs(m_engine_state);
 }
 
 falco_engine::~falco_engine()
@@ -208,7 +210,7 @@ std::unique_ptr<load_result> falco_engine::load_rules(const std::string &rules_c
 
 		// add rules to each ruleset
 		{
-			src.ruleset = src.ruleset_factory->new_ruleset();
+			src.ruleset = create_ruleset(src.ruleset_factory);
 			src.ruleset->add_compile_output(*(m_last_compile_output.get()),
 							m_min_priority,
 							src.name);
@@ -467,7 +469,7 @@ std::size_t falco_engine::add_source(const std::string &source,
 	src.filter_factory = filter_factory;
 	src.formatter_factory = formatter_factory;
 	src.ruleset_factory = ruleset_factory;
-	src.ruleset = ruleset_factory->new_ruleset();
+	src.ruleset = create_ruleset(src.ruleset_factory);
 	return m_sources.insert(src, source);
 }
 
@@ -1007,6 +1009,31 @@ bool falco_engine::check_plugin_requirements(
 	return true;
 }
 
+std::shared_ptr<filter_ruleset> falco_engine::create_ruleset(std::shared_ptr<filter_ruleset_factory> &ruleset_factory)
+{
+	auto ret = ruleset_factory->new_ruleset();
+
+	ret->set_engine_state(m_engine_state);
+
+	return ret;
+}
+
+void falco_engine::fill_engine_state_funcs(filter_ruleset::engine_state_funcs &engine_state)
+{
+	engine_state.get_ruleset = [this](const std::string &source_name, std::shared_ptr<filter_ruleset> &ruleset) -> bool
+	{
+		falco_source *src = m_sources.at(source_name);
+		if(src == nullptr)
+		{
+			return false;
+		}
+
+		ruleset = src->ruleset;
+
+		return true;
+	};
+};
+
 void falco_engine::complete_rule_loading() const
 {
 	for (const auto &src : m_sources)
diff --git a/userspace/engine/falco_engine.h b/userspace/engine/falco_engine.h
index cc9487aa..07b0f4ba 100644
--- a/userspace/engine/falco_engine.h
+++ b/userspace/engine/falco_engine.h
@@ -321,6 +321,14 @@ public:
 		std::string& err) const;
 
 private:
+	// Create a ruleset using the provided factory and set the
+	// engine state funcs for it.
+	std::shared_ptr<filter_ruleset> create_ruleset(std::shared_ptr<filter_ruleset_factory>& ruleset_factory);
+
+	// Functions to retrieve state from this engine
+	void fill_engine_state_funcs(filter_ruleset::engine_state_funcs& engine_state);
+
+	filter_ruleset::engine_state_funcs m_engine_state;
 
 	// Throws falco_exception if the file can not be read
 	void read_file(const std::string& filename, std::string& contents);
diff --git a/userspace/engine/filter_ruleset.cpp b/userspace/engine/filter_ruleset.cpp
new file mode 100644
index 00000000..f99c2434
--- /dev/null
+++ b/userspace/engine/filter_ruleset.cpp
@@ -0,0 +1,28 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2024 The Falco Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+#include "filter_ruleset.h"
+
+void filter_ruleset::set_engine_state(filter_ruleset::engine_state_funcs& engine_state)
+{
+	m_engine_state = engine_state;
+}
+
+filter_ruleset::engine_state_funcs& filter_ruleset::get_engine_state()
+{
+	return m_engine_state;
+}
diff --git a/userspace/engine/filter_ruleset.h b/userspace/engine/filter_ruleset.h
index 34f9be7a..1214b983 100644
--- a/userspace/engine/filter_ruleset.h
+++ b/userspace/engine/filter_ruleset.h
@@ -21,6 +21,7 @@ limitations under the License.
 #include "rule_loader_compile_output.h"
 #include <filter/ast.h>
 #include <filter.h>
+#include <functional>
 #include <event.h>
 #include <gen_filter.h>
 #include <events/sinsp_events.h>
@@ -29,11 +30,24 @@ limitations under the License.
 	\brief Manages a set of rulesets. A ruleset is a set of
 	enabled rules that is able to process events and find matches for those rules.
 */
+
 class filter_ruleset
 {
 public:
+	// A set of functions that can be used to retrieve state from
+	// the falco engine that created this ruleset.
+	struct engine_state_funcs
+	{
+		using ruleset_retriever_func_t = std::function<bool(const std::string &, std::shared_ptr<filter_ruleset> &ruleset)>;
+
+		ruleset_retriever_func_t get_ruleset;
+	};
+
 	virtual ~filter_ruleset() = default;
 
+	void set_engine_state(engine_state_funcs &engine_state);
+	engine_state_funcs &get_engine_state();
+
 	/*!
 		\brief Adds a rule and its filtering filter + condition inside the manager.
 	        This method only adds the rule inside the internal collection,
@@ -211,6 +225,9 @@ public:
 	virtual void disable_tags(
 		const std::set<std::string> &tags,
 		uint16_t ruleset_id) = 0;
+
+private:
+	engine_state_funcs m_engine_state;
 };
 
 /*!