diff --git a/pkg/rulemanager/cel/cel.go b/pkg/rulemanager/cel/cel.go
index 7cc507d980..48b81fc7d4 100644
--- a/pkg/rulemanager/cel/cel.go
+++ b/pkg/rulemanager/cel/cel.go
@@ -5,6 +5,7 @@ import (
 	"sync"
 
 	"github.com/google/cel-go/cel"
+	"github.com/google/cel-go/common/types/ref"
 	"github.com/google/cel-go/ext"
 	"github.com/kubescape/node-agent/pkg/config"
 	"github.com/kubescape/node-agent/pkg/ebpf/events"
@@ -20,7 +21,7 @@ import (
 	"github.com/picatz/xcel"
 )
 
-var _ CELRuleEvaluator = (*CEL)(nil)
+var _ RuleEvaluator = (*CEL)(nil)
 
 type CEL struct {
 	env             *cel.Env
@@ -28,22 +29,20 @@ type CEL struct {
 	programCache    map[string]cel.Program
 	cacheMutex      sync.RWMutex
 	typeMutex       sync.RWMutex
-	evalContextPool sync.Pool
 	ta              xcel.TypeAdapter
 	tp              *xcel.TypeProvider
+	eventConverters map[utils.EventType]func(utils.K8sEvent) utils.K8sEvent
 }
 
 func NewCEL(objectCache objectcache.ObjectCache, cfg config.Config) (*CEL, error) {
 	ta, tp := xcel.NewTypeAdapter(), xcel.NewTypeProvider()
+
 	eventObj, eventTyp := xcel.NewObject(&utils.CelEventImpl{})
 	xcel.RegisterObject(ta, tp, eventObj, eventTyp, utils.CelFields)
-	procObj, procTyp := xcel.NewObject(&events.ProcfsEvent{})
-	xcel.RegisterObject(ta, tp, procObj, procTyp, xcel.NewFields(procObj))
+
 	envOptions := []cel.EnvOption{
-		cel.Variable("event", eventTyp),
+		cel.Variable("event", eventTyp), // All events accessible via "event" variable
 		cel.Variable("eventType", cel.StringType),
-		cel.Variable(string(utils.ProcfsEventType), procTyp),
-		cel.Variable(string(utils.HTTPEventType), cel.AnyType),
 		cel.CustomTypeAdapter(ta),
 		cel.CustomTypeProvider(tp),
 		ext.Strings(),
@@ -60,15 +59,12 @@ func NewCEL(objectCache objectcache.ObjectCache, cfg config.Config) (*CEL, error
 		return nil, err
 	}
 	c := &CEL{
-		env:          env,
-		objectCache:  objectCache,
-		programCache: make(map[string]cel.Program),
-		ta:           ta,
-		tp:           tp,
-	}
-
-	c.evalContextPool.New = func() interface{} {
-		return make(map[string]any, 2)
+		env:             env,
+		objectCache:     objectCache,
+		programCache:    make(map[string]cel.Program),
+		ta:              ta,
+		tp:              tp,
+		eventConverters: make(map[utils.EventType]func(utils.K8sEvent) utils.K8sEvent),
 	}
 
 	return c, nil
@@ -116,61 +112,65 @@ func (c *CEL) getOrCreateProgram(expression string) (cel.Program, error) {
 	return program, nil
 }
 
-func (c *CEL) EvaluateRule(event *events.EnrichedEvent, expressions []typesv1.RuleExpression) (bool, error) {
-	obj, _ := xcel.NewObject(event.Event.(utils.CelEvent)) // FIXME put safety check here
+func (c *CEL) createEvalContext(event *events.EnrichedEvent) map[string]any {
 	eventType := event.Event.GetEventType()
-	input := map[string]any{"event": obj, "eventType": string(eventType)}
 
-	for _, expression := range expressions {
-		if expression.EventType != eventType {
-			continue
-		}
+	// Apply event converter if one is registered, otherwise cast to CelEvent
+	var obj interface{}
+	if converter, exists := c.eventConverters[eventType]; exists {
+		obj, _ = xcel.NewObject(converter(event.Event))
+	} else {
+		obj, _ = xcel.NewObject(event.Event.(utils.CelEvent))
+	}
 
-		program, err := c.getOrCreateProgram(expression.Expression)
-		if err != nil {
-			return false, err
-		}
-		out, _, err := program.Eval(input)
-		if err != nil {
-			return false, err
-		}
+	evalContext := map[string]any{
+		"eventType": string(eventType),
+		"event":     obj,
+	}
 
-		if !out.Value().(bool) {
-			return false, nil
-		}
+	// For HTTP events, also add "http" variable
+	if eventType == utils.HTTPEventType {
+		evalContext["http"] = obj
 	}
 
-	return true, nil
+	return evalContext
 }
 
-func (c *CEL) EvaluateRuleByMap(event map[string]any, eventType utils.EventType, expressions []typesv1.RuleExpression) (bool, error) {
-	// Get evaluation context map from pool to reduce allocations
-	evalContext := c.evalContextPool.Get().(map[string]any)
-	defer func() {
-		// Clear and return to pool
-		clear(evalContext)
-		c.evalContextPool.Put(evalContext)
-	}()
+// evaluateProgramWithContext compiles (or retrieves cached) and evaluates a CEL expression
+// with the provided evaluation context, returning the CEL result value
+func (c *CEL) evaluateProgramWithContext(expression string, evalContext map[string]any) (ref.Val, error) {
+	program, err := c.getOrCreateProgram(expression)
+	if err != nil {
+		return nil, err
+	}
+
+	out, _, err := program.Eval(evalContext)
+	if err != nil {
+		return nil, err
+	}
+
+	return out, nil
+}
 
-	evalContext[string(eventType)] = event
-	evalContext["eventType"] = string(eventType)
+func (c *CEL) EvaluateRule(event *events.EnrichedEvent, expressions []typesv1.RuleExpression) (bool, error) {
+	eventType := event.Event.GetEventType()
+	evalContext := c.createEvalContext(event)
 
 	for _, expression := range expressions {
 		if expression.EventType != eventType {
 			continue
 		}
 
-		program, err := c.getOrCreateProgram(expression.Expression)
+		out, err := c.evaluateProgramWithContext(expression.Expression, evalContext)
 		if err != nil {
 			return false, err
 		}
 
-		out, _, err := program.Eval(evalContext)
-		if err != nil {
-			return false, err
+		boolVal, ok := out.Value().(bool)
+		if !ok {
+			return false, fmt.Errorf("rule expression returned %T, expected bool", out.Value())
 		}
-
-		if !out.Value().(bool) {
+		if !boolVal {
 			return false, nil
 		}
 	}
@@ -178,44 +178,19 @@ func (c *CEL) EvaluateRuleByMap(event map[string]any, eventType utils.EventType,
 	return true, nil
 }
 
-func (c *CEL) EvaluateExpressionByMap(event map[string]any, expression string, eventType utils.EventType) (string, error) {
-	program, err := c.getOrCreateProgram(expression)
-	if err != nil {
-		return "", err
-	}
-
-	// Get evaluation context map from pool to reduce allocations
-	evalContext := c.evalContextPool.Get().(map[string]any)
-	defer func() {
-		// Clear and return to pool
-		clear(evalContext)
-		c.evalContextPool.Put(evalContext)
-	}()
-
-	evalContext[string(eventType)] = event
-	evalContext["eventType"] = string(eventType)
-
-	out, _, err := program.Eval(evalContext)
-	if err != nil {
-		return "", fmt.Errorf("failed to evaluate expression: %s", err)
-	}
-
-	return out.Value().(string), nil
-}
-
 func (c *CEL) EvaluateExpression(event *events.EnrichedEvent, expression string) (string, error) {
-	program, err := c.getOrCreateProgram(expression)
-	if err != nil {
-		return "", err
-	}
+	evalContext := c.createEvalContext(event)
 
-	obj, _ := xcel.NewObject(event.Event.(utils.CelEvent)) // FIXME put safety check here
-	out, _, err := program.Eval(map[string]any{"event": obj, "eventType": string(event.Event.GetEventType())})
+	out, err := c.evaluateProgramWithContext(expression, evalContext)
 	if err != nil {
 		return "", err
 	}
 
-	return out.Value().(string), nil
+	strVal, ok := out.Value().(string)
+	if !ok {
+		return "", fmt.Errorf("expression returned %T, expected string", out.Value())
+	}
+	return strVal, nil
 }
 
 func (c *CEL) RegisterHelper(function cel.EnvOption) error {
@@ -255,3 +230,7 @@ func (c *CEL) RegisterCustomType(eventType utils.EventType, obj interface{}) err
 
 	return nil
 }
+
+func (c *CEL) RegisterEventConverter(eventType utils.EventType, converter func(utils.K8sEvent) utils.K8sEvent) {
+	c.eventConverters[eventType] = converter
+}
diff --git a/pkg/rulemanager/cel/cel_interface.go b/pkg/rulemanager/cel/cel_interface.go
index 94674823ec..500c3cbe14 100644
--- a/pkg/rulemanager/cel/cel_interface.go
+++ b/pkg/rulemanager/cel/cel_interface.go
@@ -7,11 +7,10 @@ import (
 	"github.com/kubescape/node-agent/pkg/utils"
 )
 
-type CELRuleEvaluator interface {
+type RuleEvaluator interface {
 	EvaluateRule(event *events.EnrichedEvent, expressions []typesv1.RuleExpression) (bool, error)
-	EvaluateExpressionByMap(event map[string]any, expression string, eventType utils.EventType) (string, error)
-	EvaluateRuleByMap(event map[string]any, eventType utils.EventType, expressions []typesv1.RuleExpression) (bool, error)
 	EvaluateExpression(event *events.EnrichedEvent, expression string) (string, error)
 	RegisterHelper(function cel.EnvOption) error
 	RegisterCustomType(eventType utils.EventType, obj interface{}) error
+	RegisterEventConverter(eventType utils.EventType, converter func(utils.K8sEvent) utils.K8sEvent)
 }
diff --git a/pkg/rulemanager/cel/serialize.go b/pkg/rulemanager/cel/serialize.go
deleted file mode 100644
index 2cd8bcd6c2..0000000000
--- a/pkg/rulemanager/cel/serialize.go
+++ /dev/null
@@ -1,44 +0,0 @@
-package cel
-
-import (
-	"encoding/json"
-
-	"github.com/kubescape/go-logger"
-	"github.com/kubescape/go-logger/helpers"
-)
-
-// CelSerializer is an interface that serializes events for CEL evaluation.
-type CelSerializer interface {
-	Serialize(event any) map[string]any
-}
-
-// CelEventSerializer is a default implementation of CelSerializer.
-type CelEventSerializer struct{}
-
-func (ces *CelEventSerializer) Serialize(event any) map[string]any {
-	bytes, err := json.Marshal(event)
-	if err != nil {
-		logger.L().Error("Error marshaling event to JSON", helpers.Error(err))
-		// Fallback or return an error map
-		return map[string]any{"error": "serialization failed"}
-	}
-
-	var eventMap map[string]any
-	if err := json.Unmarshal(bytes, &eventMap); err != nil {
-		logger.L().Error("Error unmarshaling JSON to map", helpers.Error(err))
-		// Fallback or return an error map
-		return map[string]any{"error": "deserialization failed"}
-	}
-
-	if eventMap["Event"] != nil {
-		if nestedEvent, ok := eventMap["Event"].(map[string]any); ok && nestedEvent["Event"] != nil {
-			return map[string]any{"event": eventMap["Event"]}
-		}
-	}
-
-	return map[string]any{
-		"event": eventMap,
-	}
-}
-
-var _ CelSerializer = (*CelEventSerializer)(nil)
diff --git a/pkg/rulemanager/rule_manager.go b/pkg/rulemanager/rule_manager.go
index 408631e5a5..a5bebb2ec3 100644
--- a/pkg/rulemanager/rule_manager.go
+++ b/pkg/rulemanager/rule_manager.go
@@ -26,7 +26,6 @@ import (
 	bindingcache "github.com/kubescape/node-agent/pkg/rulebindingmanager"
 	"github.com/kubescape/node-agent/pkg/rulemanager/profilehelper"
 	"github.com/kubescape/node-agent/pkg/rulemanager/ruleadapters"
-	"github.com/kubescape/node-agent/pkg/rulemanager/ruleadapters/adapters"
 	"github.com/kubescape/node-agent/pkg/rulemanager/rulecooldown"
 	"github.com/kubescape/node-agent/pkg/rulemanager/types"
 	typesv1 "github.com/kubescape/node-agent/pkg/rulemanager/types/v1"
@@ -54,7 +53,7 @@ type RuleManager struct {
 	containerIdToPid     maps.SafeMap[string, uint32]
 	enricher             types.Enricher
 	processManager       processtree.ProcessTreeManager
-	celEvaluator         cel.CELRuleEvaluator
+	celEvaluator         cel.RuleEvaluator
 	ruleCooldown         *rulecooldown.RuleCooldown
 	adapterFactory       *ruleadapters.EventRuleAdapterFactory
 	ruleFailureCreator   ruleadapters.RuleFailureCreatorInterface
@@ -78,7 +77,7 @@ func CreateRuleManager(
 	enricher types.Enricher,
 	ruleCooldown *rulecooldown.RuleCooldown,
 	adapterFactory *ruleadapters.EventRuleAdapterFactory,
-	celEvaluator cel.CELRuleEvaluator,
+	celEvaluator cel.RuleEvaluator,
 	mntnsRegistry contextdetection.Registry,
 ) (*RuleManager, error) {
 	ruleFailureCreator := ruleadapters.NewRuleFailureCreator(enricher, dnsManager, adapterFactory)
@@ -214,7 +213,7 @@ func (rm *RuleManager) ReportEnrichedEvent(enrichedEvent *events.EnrichedEvent)
 		}
 
 		startTime := time.Now()
-		shouldAlert, err := rm.evaluateRule(enrichedEvent, eventType, rule)
+		shouldAlert, err := rm.celEvaluator.EvaluateRule(enrichedEvent, rule.Expressions.RuleExpression)
 		evaluationTime := time.Since(startTime)
 		rm.metrics.ReportRuleEvaluationTime(rule.Name, eventType, evaluationTime)
 
@@ -355,35 +354,6 @@ func (rm *RuleManager) EvaluatePolicyRulesForEvent(eventType utils.EventType, ev
 	return results
 }
 
-func (rm *RuleManager) evaluateRule(enrichedEvent *events.EnrichedEvent, eventType utils.EventType, rule typesv1.Rule) (bool, error) {
-	// Special event types are evaluated by map because we're doing parsing optimizations
-	// TODO: Manage special event types in a better way
-	if eventType == utils.HTTPEventType {
-		eventAdapter, ok := rm.adapterFactory.GetAdapter(eventType)
-		if !ok {
-			logger.L().Error("RuleManager - no adapter registered for event type", helpers.String("eventType", string(eventType)))
-			return false, nil
-		}
-
-		eventMap := eventAdapter.ToMap(enrichedEvent)
-		defer adapters.ReleaseEventMap(eventMap)
-
-		shouldAlert, err := rm.celEvaluator.EvaluateRuleByMap(eventMap, eventType, rule.Expressions.RuleExpression)
-		if err != nil {
-			logger.L().Error("RuleManager.evaluateRule - failed to evaluate rule by map", helpers.Error(err), helpers.String("rule", rule.ID), helpers.String("eventType", string(eventType)))
-			return false, err
-		}
-		return shouldAlert, nil
-	} else {
-		shouldAlert, err := rm.celEvaluator.EvaluateRule(enrichedEvent, rule.Expressions.RuleExpression)
-		if err != nil {
-			logger.L().Error("RuleManager.evaluateRule - failed to evaluate rule", helpers.Error(err), helpers.String("rule", rule.ID), helpers.String("eventType", string(eventType)))
-			return false, err
-		}
-		return shouldAlert, nil
-	}
-}
-
 func (rm *RuleManager) validateRulePolicy(rule typesv1.Rule, event utils.K8sEvent, containerID string) bool {
 	ap, _, err := profilehelper.GetContainerApplicationProfile(rm.objectCache, containerID)
 	if err != nil {
@@ -410,42 +380,18 @@ func (rm *RuleManager) getRuleExpressions(rule typesv1.Rule, eventType utils.Eve
 }
 
 func (rm *RuleManager) getUniqueIdAndMessage(enrichedEvent *events.EnrichedEvent, rule typesv1.Rule) (string, string, error) {
-	// Special event types are evaluated by map because we're doing parsing optimizations
-	// TODO: Manage special event types in a better way
-	eventType := enrichedEvent.Event.GetEventType()
-	if eventType == utils.HTTPEventType {
-		eventAdapter, ok := rm.adapterFactory.GetAdapter(eventType)
-		if !ok {
-			logger.L().Error("RuleManager - no adapter registered for event type", helpers.String("eventType", string(eventType)))
-			return "", "", nil
-		}
-		eventMap := eventAdapter.ToMap(enrichedEvent)
-		defer adapters.ReleaseEventMap(eventMap)
-
-		message, err := rm.celEvaluator.EvaluateExpressionByMap(eventMap, rule.Expressions.Message, eventType)
-		if err != nil {
-			logger.L().Error("RuleManager - failed to evaluate message", helpers.Error(err))
-		}
-		uniqueID, err := rm.celEvaluator.EvaluateExpressionByMap(eventMap, rule.Expressions.UniqueID, eventType)
-		if err != nil {
-			logger.L().Error("RuleManager - failed to evaluate unique ID", helpers.Error(err))
-		}
-		uniqueID = hashStringToMD5(uniqueID)
-		return message, uniqueID, err
-	} else {
-		message, err := rm.celEvaluator.EvaluateExpression(enrichedEvent, rule.Expressions.Message)
-		if err != nil {
-			logger.L().Error("RuleManager - failed to evaluate message", helpers.Error(err))
-		}
-		uniqueID, err := rm.celEvaluator.EvaluateExpression(enrichedEvent, rule.Expressions.UniqueID)
-		if err != nil {
-			logger.L().Error("RuleManager - failed to evaluate unique ID", helpers.Error(err))
-		}
+	message, err := rm.celEvaluator.EvaluateExpression(enrichedEvent, rule.Expressions.Message)
+	if err != nil {
+		logger.L().Error("RuleManager - failed to evaluate message", helpers.Error(err))
+	}
+	uniqueID, err := rm.celEvaluator.EvaluateExpression(enrichedEvent, rule.Expressions.UniqueID)
+	if err != nil {
+		logger.L().Error("RuleManager - failed to evaluate unique ID", helpers.Error(err))
+	}
 
-		uniqueID = hashStringToMD5(uniqueID)
+	uniqueID = hashStringToMD5(uniqueID)
 
-		return message, uniqueID, err
-	}
+	return message, uniqueID, err
 }
 
 func isSupportedEventType(rules []typesv1.Rule, enrichedEvent *events.EnrichedEvent) bool {
@@ -472,16 +418,7 @@ func (rm *RuleManager) evaluateHTTPPayloadState(state map[string]any, enrichedEv
 		return state
 	}
 
-	eventAdapter, ok := rm.adapterFactory.GetAdapter(utils.HTTPEventType)
-	if !ok {
-		logger.L().Error("RuleManager - no adapter registered for http payload evaluation", helpers.String("eventType", string(utils.HTTPEventType)))
-		return state
-	}
-
-	eventMap := eventAdapter.ToMap(enrichedEvent)
-	defer adapters.ReleaseEventMap(eventMap)
-
-	payloadValue, err := rm.celEvaluator.EvaluateExpressionByMap(eventMap, payloadExpression, utils.HTTPEventType)
+	payloadValue, err := rm.celEvaluator.EvaluateExpression(enrichedEvent, payloadExpression)
 	if err != nil {
 		logger.L().Error("RuleManager - failed to evaluate http payload expression", helpers.Error(err))
 		return state
diff --git a/pkg/rulemanager/ruleadapters/adapters/bpf.go b/pkg/rulemanager/ruleadapters/adapters/bpf.go
index cbaf5ffb95..04d26f30f6 100644
--- a/pkg/rulemanager/ruleadapters/adapters/bpf.go
+++ b/pkg/rulemanager/ruleadapters/adapters/bpf.go
@@ -69,26 +69,3 @@ func (c *BpfAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedEvent
 	failure.SetRuntimeAlertK8sDetails(runtimeAlertK8sDetails)
 }
 
-func (c *BpfAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{} {
-	//bpfEvent, ok := enrichedEvent.Event.(*tracerbpftype.Event)
-	//if !ok {
-	//	return nil
-	//}
-
-	//result := ConvertToMap(&bpfEvent.Event)
-
-	//result["pid"] = bpfEvent.Pid
-	//result["tid"] = bpfEvent.Tid
-	//result["ppid"] = bpfEvent.PPid
-	//result["uid"] = bpfEvent.Uid
-	//result["gid"] = bpfEvent.Gid
-	//result["upperlayer"] = bpfEvent.UpperLayer
-	//result["comm"] = bpfEvent.Comm
-	//result["exe_path"] = bpfEvent.ExePath
-	//result["cmd"] = bpfEvent.Cmd
-	//result["attr_size"] = bpfEvent.AttrSize
-
-	//result["mountnsid"] = bpfEvent.MountNsID
-
-	return map[string]interface{}{}
-}
diff --git a/pkg/rulemanager/ruleadapters/adapters/capabilities.go b/pkg/rulemanager/ruleadapters/adapters/capabilities.go
index 3e12ae05d6..cd17223ea7 100644
--- a/pkg/rulemanager/ruleadapters/adapters/capabilities.go
+++ b/pkg/rulemanager/ruleadapters/adapters/capabilities.go
@@ -56,30 +56,3 @@ func (c *CapabilitiesAdapter) SetFailureMetadata(failure types.RuleFailure, enri
 	failure.SetRuntimeAlertK8sDetails(runtimeAlertK8sDetails)
 }
 
-func (c *CapabilitiesAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{} {
-	//capEvent, ok := enrichedEvent.Event.(*tracercapabilitiestype.Event)
-	//if !ok {
-	//	return nil
-	//}
-
-	//result := ConvertToMap(&capEvent.Event)
-
-	//result["pid"] = capEvent.Pid
-	//result["comm"] = capEvent.Comm
-	//result["syscall"] = capEvent.Syscall
-	//result["uid"] = capEvent.Uid
-	//result["gid"] = capEvent.Gid
-	//result["cap"] = capEvent.Cap
-	//result["capName"] = capEvent.CapName
-	//result["audit"] = capEvent.Audit
-	//result["verdict"] = capEvent.Verdict
-	//result["insetid"] = capEvent.InsetID
-	//result["targetuserns"] = capEvent.TargetUserNs
-	//result["currentuserns"] = capEvent.CurrentUserNs
-	//result["caps"] = capEvent.Caps
-	//result["capsNames"] = capEvent.CapsNames
-
-	//result["mountnsid"] = capEvent.MountNsID
-
-	return map[string]interface{}{}
-}
diff --git a/pkg/rulemanager/ruleadapters/adapters/common.go b/pkg/rulemanager/ruleadapters/adapters/common.go
deleted file mode 100644
index e485d28a79..0000000000
--- a/pkg/rulemanager/ruleadapters/adapters/common.go
+++ /dev/null
@@ -1,40 +0,0 @@
-package adapters
-
-import "github.com/kubescape/node-agent/pkg/utils"
-
-func ConvertToMap(e utils.EnrichEvent) map[string]interface{} {
-	result := AcquireMap()
-
-	result["timestamp"] = e.GetTimestamp()
-	result["type"] = e.GetEventType()
-	//result["message"] = e.Message
-
-	runtime := AcquireMap()
-	//runtime["runtimeName"] = e.Runtime.RuntimeName
-	runtime["containerId"] = e.GetContainerID()
-	runtime["containerName"] = e.GetContainer()
-	//runtime["containerPid"] = e.Runtime.ContainerPID
-	runtime["containerImageName"] = e.GetContainerImage()
-	runtime["containerImageDigest"] = e.GetContainerImageDigest()
-	//runtime["containerStartedAt"] = e.Runtime.ContainerStartedAt
-	result["runtime"] = runtime
-
-	k8s := AcquireMap()
-	//k8s["node"] = e.K8s.Node
-	k8s["namespace"] = e.GetNamespace()
-	k8s["podName"] = e.GetPod()
-
-	//k8s["podLabels"] = e.GetPodLabels()
-
-	k8s["containerName"] = e.GetContainer()
-	k8s["hostNetwork"] = e.GetHostNetwork()
-
-	//owner := AcquireMap()
-	//owner["kind"] = e.K8s.Owner.Kind
-	//owner["name"] = e.K8s.Owner.Name
-	//k8s["owner"] = owner
-
-	result["k8s"] = k8s
-
-	return result
-}
diff --git a/pkg/rulemanager/ruleadapters/adapters/dns.go b/pkg/rulemanager/ruleadapters/adapters/dns.go
index 76ab7bf928..8442f791f3 100644
--- a/pkg/rulemanager/ruleadapters/adapters/dns.go
+++ b/pkg/rulemanager/ruleadapters/adapters/dns.go
@@ -77,40 +77,3 @@ func (c *DnsAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedEvent
 	failure.SetRuntimeAlertK8sDetails(runtimeAlertK8sDetails)
 }
 
-func (c *DnsAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{} {
-	//dnsEvent, ok := enrichedEvent.Event.(*tracerdnstype.Event)
-	//if !ok {
-	//	return nil
-	//}
-
-	//result := ConvertToMap(&dnsEvent.Event)
-
-	//result["pid"] = dnsEvent.Pid
-	//result["tid"] = dnsEvent.Tid
-	//result["ppid"] = dnsEvent.Ppid
-	//result["comm"] = dnsEvent.Comm
-	//result["pcomm"] = dnsEvent.Pcomm
-	//result["cwd"] = dnsEvent.Cwd
-	//result["exepath"] = dnsEvent.Exepath
-	//result["uid"] = dnsEvent.Uid
-	//result["gid"] = dnsEvent.Gid
-	//result["srcIP"] = dnsEvent.SrcIP
-	//result["dstIP"] = dnsEvent.DstIP
-	//result["srcPort"] = dnsEvent.SrcPort
-	//result["dstPort"] = dnsEvent.DstPort
-	//result["protocol"] = dnsEvent.Protocol
-	//result["id"] = dnsEvent.ID
-	//result["qr"] = dnsEvent.Qr
-	//result["nameserver"] = dnsEvent.Nameserver
-	//result["pktType"] = dnsEvent.PktType
-	//result["qtype"] = dnsEvent.QType
-	//result["name"] = dnsEvent.DNSName
-	//result["rcode"] = dnsEvent.Rcode
-	//result["latency"] = dnsEvent.Latency
-	//result["numAnswers"] = dnsEvent.NumAnswers
-	//result["addresses"] = dnsEvent.Addresses
-
-	//result["mountnsid"] = dnsEvent.MountNsID
-
-	return map[string]interface{}{}
-}
diff --git a/pkg/rulemanager/ruleadapters/adapters/exec.go b/pkg/rulemanager/ruleadapters/adapters/exec.go
index 564cf5ebd3..0db13488de 100644
--- a/pkg/rulemanager/ruleadapters/adapters/exec.go
+++ b/pkg/rulemanager/ruleadapters/adapters/exec.go
@@ -86,35 +86,3 @@ func GetExecFullPathFromEvent(execEvent utils.ExecEvent) string {
 	return utils.GetExecPathFromEvent(execEvent)
 }
 
-func (c *ExecAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{} {
-	//execEvent, ok := enrichedEvent.Event.(*events.ExecEvent)
-	//if !ok {
-	//	return nil
-	//}
-
-	//result := ConvertToMap(&execEvent.Event.Event)
-
-	//result["pid"] = execEvent.Pid
-	//result["tid"] = execEvent.Tid
-	//result["ppid"] = execEvent.Ppid
-	//result["ptid"] = execEvent.Ptid
-	//result["comm"] = execEvent.Comm
-	//result["pcomm"] = execEvent.Pcomm
-	//result["ret"] = execEvent.Retval
-	//result["args"] = execEvent.Args
-	//result["uid"] = execEvent.Uid
-	//result["user"] = execEvent.Username
-	//result["gid"] = execEvent.Gid
-	//result["group"] = execEvent.Groupname
-	//result["upperlayer"] = execEvent.UpperLayer
-	//result["pupperlayer"] = execEvent.PupperLayer
-	//result["loginuid"] = execEvent.LoginUid
-	//result["sessionid"] = execEvent.SessionId
-	//result["cwd"] = execEvent.Cwd
-	//result["exepath"] = execEvent.ExePath
-	//result["file"] = execEvent.File
-
-	//result["mountnsid"] = execEvent.MountNsID
-
-	return map[string]interface{}{}
-}
diff --git a/pkg/rulemanager/ruleadapters/adapters/hardlink.go b/pkg/rulemanager/ruleadapters/adapters/hardlink.go
index 9d8d99dd11..2c51c97225 100644
--- a/pkg/rulemanager/ruleadapters/adapters/hardlink.go
+++ b/pkg/rulemanager/ruleadapters/adapters/hardlink.go
@@ -72,26 +72,3 @@ func (c *HardlinkAdapter) SetFailureMetadata(failure types.RuleFailure, enriched
 	failure.SetRuntimeAlertK8sDetails(runtimeAlertK8sDetails)
 }
 
-func (c *HardlinkAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{} {
-	//hardlinkEvent, ok := enrichedEvent.Event.(*tracerhardlinktype.Event)
-	//if !ok {
-	//	return nil
-	//}
-
-	//result := ConvertToMap(&hardlinkEvent.Event)
-
-	//result["pid"] = hardlinkEvent.Pid
-	//result["tid"] = hardlinkEvent.Tid
-	//result["ppid"] = hardlinkEvent.PPid
-	//result["uid"] = hardlinkEvent.Uid
-	//result["gid"] = hardlinkEvent.Gid
-	//result["upperlayer"] = hardlinkEvent.UpperLayer
-	//result["comm"] = hardlinkEvent.Comm
-	//result["exe_path"] = hardlinkEvent.ExePath
-	//result["oldpath"] = hardlinkEvent.OldPath
-	//result["newpath"] = hardlinkEvent.NewPath
-
-	//result["mountnsid"] = hardlinkEvent.MountNsID
-
-	return map[string]interface{}{}
-}
diff --git a/pkg/rulemanager/ruleadapters/adapters/http.go b/pkg/rulemanager/ruleadapters/adapters/http.go
index 680d8aec4b..5aed6d107c 100644
--- a/pkg/rulemanager/ruleadapters/adapters/http.go
+++ b/pkg/rulemanager/ruleadapters/adapters/http.go
@@ -60,31 +60,3 @@ func (c *HTTPAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedEven
 	}
 	failure.SetRuntimeAlertK8sDetails(runtimeAlertK8sDetails)
 }
-
-func (c *HTTPAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{} {
-	httpEvent, ok := enrichedEvent.Event.(utils.HttpEvent)
-	if !ok {
-		return nil
-	}
-
-	result := ConvertToMap(httpEvent)
-
-	result["pid"] = httpEvent.GetPID()
-	result["uid"] = httpEvent.GetUid()
-	result["gid"] = httpEvent.GetGid()
-	//result["other_port"] = httpEvent.OtherPort
-	result["other_ip"] = httpEvent.GetOtherIp()
-	result["internal"] = httpEvent.GetInternal()
-	result["direction"] = httpEvent.GetDirection()
-
-	if request := httpEvent.GetRequest(); request != nil {
-		result["request"] = request
-	}
-	if response := httpEvent.GetResponse(); response != nil {
-		result["response"] = response
-	}
-
-	//result["mountnsid"] = httpEvent.MountNsID
-
-	return result
-}
diff --git a/pkg/rulemanager/ruleadapters/adapters/iouring.go b/pkg/rulemanager/ruleadapters/adapters/iouring.go
index 684eeff2f7..af8ad2a9ab 100644
--- a/pkg/rulemanager/ruleadapters/adapters/iouring.go
+++ b/pkg/rulemanager/ruleadapters/adapters/iouring.go
@@ -122,26 +122,3 @@ func GetOpcodeName(opcode uint8) (bool, string) {
 	}
 	return false, "Unknown operation"
 }
-
-func (c *IoUringAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{} {
-	//iouringEvent, ok := enrichedEvent.Event.(*traceriouringtype.Event)
-	//if !ok {
-	//	return nil
-	//}
-
-	//result := ConvertToMap(&iouringEvent.Event)
-
-	//result["opcode"] = iouringEvent.Opcode
-	//result["pid"] = iouringEvent.Pid
-	//result["tid"] = iouringEvent.Tid
-	//result["uid"] = iouringEvent.Uid
-	//result["gid"] = iouringEvent.Gid
-	//result["comm"] = iouringEvent.Comm
-	//result["flags"] = iouringEvent.Flags
-	//result["user_data"] = iouringEvent.UserData
-	//result["identifier"] = iouringEvent.Identifier
-
-	//result["mountnsid"] = iouringEvent.MountNsID
-
-	return map[string]interface{}{}
-}
diff --git a/pkg/rulemanager/ruleadapters/adapters/kmod.go b/pkg/rulemanager/ruleadapters/adapters/kmod.go
index d52ae57c73..ace37b6cf5 100644
--- a/pkg/rulemanager/ruleadapters/adapters/kmod.go
+++ b/pkg/rulemanager/ruleadapters/adapters/kmod.go
@@ -67,27 +67,3 @@ func (c *KmodAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedEven
 	}
 	failure.SetRuntimeAlertK8sDetails(runtimeAlertK8sDetails)
 }
-
-func (c *KmodAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{} {
-	//kmodEvent, ok := enrichedEvent.Event.(*tracerkmodtype.Event)
-	//if !ok {
-	//	return nil
-	//}
-
-	//result := ConvertToMap(&kmodEvent.Event)
-
-	//result["pid"] = kmodEvent.Pid
-	//result["tid"] = kmodEvent.Tid
-	//result["ppid"] = kmodEvent.PPid
-	//result["uid"] = kmodEvent.Uid
-	//result["gid"] = kmodEvent.Gid
-	//result["upperlayer"] = kmodEvent.UpperLayer
-	//result["comm"] = kmodEvent.Comm
-	//result["exe_path"] = kmodEvent.ExePath
-	//result["module"] = kmodEvent.Module
-	//result["syscall"] = kmodEvent.Syscall
-
-	//result["mountnsid"] = kmodEvent.MountNsID
-
-	return map[string]interface{}{}
-}
diff --git a/pkg/rulemanager/ruleadapters/adapters/network.go b/pkg/rulemanager/ruleadapters/adapters/network.go
index 8f8048ac99..5bd850e57e 100644
--- a/pkg/rulemanager/ruleadapters/adapters/network.go
+++ b/pkg/rulemanager/ruleadapters/adapters/network.go
@@ -65,38 +65,3 @@ func (c *NetworkAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedE
 	}
 	failure.SetRuntimeAlertK8sDetails(runtimeAlertK8sDetails)
 }
-
-func (c *NetworkAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{} {
-	//networkEvent, ok := enrichedEvent.Event.(*tracernetworktype.Event)
-	//if !ok {
-	//	return nil
-	//}
-
-	//result := ConvertToMap(&networkEvent.Event)
-
-	//result["pid"] = networkEvent.Pid
-	//result["tid"] = networkEvent.Tid
-	//result["comm"] = networkEvent.Comm
-	//result["uid"] = networkEvent.Uid
-	//result["gid"] = networkEvent.Gid
-	//result["pktType"] = networkEvent.PktType
-	//result["proto"] = networkEvent.Proto
-	//result["port"] = networkEvent.Port
-	//result["podHostIP"] = networkEvent.PodHostIP
-	//result["podIP"] = networkEvent.PodIP
-	//result["podOwner"] = networkEvent.PodOwner
-	//result["podLabels"] = networkEvent.PodLabels
-
-	//dst := AcquireMap()
-	//dst["addr"] = networkEvent.DstEndpoint.Addr
-	//dst["version"] = networkEvent.DstEndpoint.Version
-	//dst["namespace"] = networkEvent.DstEndpoint.Namespace
-	//dst["podname"] = networkEvent.DstEndpoint.Name
-	//dst["kind"] = networkEvent.DstEndpoint.Kind
-	//dst["podlabels"] = networkEvent.DstEndpoint.PodLabels
-	//result["dst"] = dst
-
-	//result["mountnsid"] = networkEvent.MountNsID
-
-	return map[string]interface{}{}
-}
diff --git a/pkg/rulemanager/ruleadapters/adapters/open.go b/pkg/rulemanager/ruleadapters/adapters/open.go
index 76b42f01b7..7b894d3766 100644
--- a/pkg/rulemanager/ruleadapters/adapters/open.go
+++ b/pkg/rulemanager/ruleadapters/adapters/open.go
@@ -65,29 +65,3 @@ func (c *OpenAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedEven
 	failure.SetRuntimeAlertK8sDetails(runtimeAlertK8sDetails)
 }
 
-func (c *OpenAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{} {
-	//openEvent, ok := enrichedEvent.Event.(*events.OpenEvent)
-	//if !ok {
-	//	return nil
-	//}
-
-	//result := ConvertToMap(&openEvent.Event.Event)
-
-	//result["pid"] = openEvent.Pid
-	//result["tid"] = openEvent.Tid
-	//result["uid"] = openEvent.Uid
-	//result["gid"] = openEvent.Gid
-	//result["comm"] = openEvent.Comm
-	//result["fd"] = openEvent.Fd
-	//result["err"] = openEvent.Err
-	//result["flags"] = openEvent.Flags
-	//result["flagsRaw"] = openEvent.FlagsRaw
-	//result["mode"] = openEvent.Mode
-	//result["modeRaw"] = openEvent.ModeRaw
-	//result["path"] = openEvent.Path
-	//result["fullPath"] = openEvent.FullPath
-
-	//result["mountnsid"] = openEvent.MountNsID
-
-	return map[string]interface{}{}
-}
diff --git a/pkg/rulemanager/ruleadapters/adapters/pool.go b/pkg/rulemanager/ruleadapters/adapters/pool.go
deleted file mode 100644
index 8d2200d0b4..0000000000
--- a/pkg/rulemanager/ruleadapters/adapters/pool.go
+++ /dev/null
@@ -1,45 +0,0 @@
-package adapters
-
-import "sync"
-
-// mapPool is a pool for map[string]interface{} to reduce allocations.
-// We pre-allocate a capacity of 32, which should be a reasonable starting point
-// for the number of keys in your event maps.
-var mapPool = sync.Pool{
-	New: func() interface{} {
-		return make(map[string]interface{}, 5)
-	},
-}
-
-// AcquireMap gets a map from the pool.
-func AcquireMap() map[string]interface{} {
-	return mapPool.Get().(map[string]interface{})
-}
-
-// ReleaseMap returns a map to the pool after clearing it for reuse.
-func ReleaseMap(m map[string]interface{}) {
-	// Clear all keys from the map to prevent old data from leaking.
-	clear(m)
-	mapPool.Put(m)
-}
-
-// ReleaseEventMap releases the main event map and all its nested maps back to the pool.
-// This function specifically handles the structure created by ConvertToMap and adapter-specific nested maps.
-func ReleaseEventMap(eventMap map[string]interface{}) {
-	// Release nested maps first
-	if runtime, ok := eventMap["runtime"].(map[string]interface{}); ok {
-		ReleaseMap(runtime)
-	}
-	if k8s, ok := eventMap["k8s"].(map[string]interface{}); ok {
-		if owner, ok := k8s["owner"].(map[string]interface{}); ok {
-			ReleaseMap(owner)
-		}
-		ReleaseMap(k8s)
-	}
-	// Release adapter-specific nested maps
-	if dst, ok := eventMap["dst"].(map[string]interface{}); ok {
-		ReleaseMap(dst)
-	}
-	// Release the main map
-	ReleaseMap(eventMap)
-}
diff --git a/pkg/rulemanager/ruleadapters/adapters/ptrace.go b/pkg/rulemanager/ruleadapters/adapters/ptrace.go
index 1c93721624..e20fa09aff 100644
--- a/pkg/rulemanager/ruleadapters/adapters/ptrace.go
+++ b/pkg/rulemanager/ruleadapters/adapters/ptrace.go
@@ -61,23 +61,3 @@ func (c *PtraceAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedEv
 	failure.SetRuntimeAlertK8sDetails(runtimeAlertK8sDetails)
 }
 
-func (c *PtraceAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{} {
-	//ptraceEvent, ok := enrichedEvent.Event.(*tracerptracetype.Event)
-	//if !ok {
-	//	return nil
-	//}
-
-	//result := ConvertToMap(&ptraceEvent.Event)
-
-	//result["pid"] = ptraceEvent.Pid
-	//result["ppid"] = ptraceEvent.PPid
-	//result["uid"] = ptraceEvent.Uid
-	//result["gid"] = ptraceEvent.Gid
-	//result["request"] = ptraceEvent.Request
-	//result["comm"] = ptraceEvent.Comm
-	//result["exe_path"] = ptraceEvent.ExePath
-
-	//result["mountnsid"] = ptraceEvent.MountNsID
-
-	return map[string]interface{}{}
-}
diff --git a/pkg/rulemanager/ruleadapters/adapters/randomx.go b/pkg/rulemanager/ruleadapters/adapters/randomx.go
index 603110231a..aeb29076ac 100644
--- a/pkg/rulemanager/ruleadapters/adapters/randomx.go
+++ b/pkg/rulemanager/ruleadapters/adapters/randomx.go
@@ -56,23 +56,3 @@ func (c *RandomXAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedE
 	failure.SetRuntimeAlertK8sDetails(runtimeAlertK8sDetails)
 }
 
-func (c *RandomXAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{} {
-	//randomXEvent, ok := enrichedEvent.Event.(*tracerrandomxtype.Event)
-	//if !ok {
-	//	return nil
-	//}
-
-	//result := ConvertToMap(&randomXEvent.Event)
-
-	//result["pid"] = randomXEvent.Pid
-	//result["ppid"] = randomXEvent.PPid
-	//result["uid"] = randomXEvent.Uid
-	//result["gid"] = randomXEvent.Gid
-	//result["upperlayer"] = randomXEvent.UpperLayer
-	//result["comm"] = randomXEvent.Comm
-	//result["exe_path"] = randomXEvent.ExePath
-
-	//result["mountnsid"] = randomXEvent.MountNsID
-
-	return map[string]interface{}{}
-}
diff --git a/pkg/rulemanager/ruleadapters/adapters/ssh.go b/pkg/rulemanager/ruleadapters/adapters/ssh.go
index 7084c9c5fc..c7c5e32d54 100644
--- a/pkg/rulemanager/ruleadapters/adapters/ssh.go
+++ b/pkg/rulemanager/ruleadapters/adapters/ssh.go
@@ -66,24 +66,3 @@ func (c *SSHAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedEvent
 	failure.SetRuntimeAlertK8sDetails(runtimeAlertK8sDetails)
 }
 
-func (c *SSHAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{} {
-	//sshEvent, ok := enrichedEvent.Event.(*tracersshtype.Event)
-	//if !ok {
-	//	return nil
-	//}
-
-	//result := ConvertToMap(&sshEvent.Event)
-
-	//result["pid"] = sshEvent.Pid
-	//result["uid"] = sshEvent.Uid
-	//result["gid"] = sshEvent.Gid
-	//result["comm"] = sshEvent.Comm
-	//result["src_port"] = sshEvent.SrcPort
-	//result["dst_port"] = sshEvent.DstPort
-	//result["src_ip"] = sshEvent.SrcIP
-	//result["dst_ip"] = sshEvent.DstIP
-
-	//result["mountnsid"] = sshEvent.MountNsID
-
-	return map[string]interface{}{}
-}
diff --git a/pkg/rulemanager/ruleadapters/adapters/symlink.go b/pkg/rulemanager/ruleadapters/adapters/symlink.go
index a52baa88bf..977aac3502 100644
--- a/pkg/rulemanager/ruleadapters/adapters/symlink.go
+++ b/pkg/rulemanager/ruleadapters/adapters/symlink.go
@@ -72,26 +72,3 @@ func (c *SymlinkAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedE
 	failure.SetRuntimeAlertK8sDetails(runtimeAlertK8sDetails)
 }
 
-func (c *SymlinkAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{} {
-	//symlinkEvent, ok := enrichedEvent.Event.(*tracersymlinktype.Event)
-	//if !ok {
-	//	return nil
-	//}
-
-	//result := ConvertToMap(&symlinkEvent.Event)
-
-	//result["pid"] = symlinkEvent.Pid
-	//result["tid"] = symlinkEvent.Tid
-	//result["ppid"] = symlinkEvent.PPid
-	//result["uid"] = symlinkEvent.Uid
-	//result["gid"] = symlinkEvent.Gid
-	//result["upperlayer"] = symlinkEvent.UpperLayer
-	//result["comm"] = symlinkEvent.Comm
-	//result["exe_path"] = symlinkEvent.ExePath
-	//result["oldpath"] = symlinkEvent.OldPath
-	//result["newpath"] = symlinkEvent.NewPath
-
-	//result["mountnsid"] = symlinkEvent.MountNsID
-
-	return map[string]interface{}{}
-}
diff --git a/pkg/rulemanager/ruleadapters/adapters/syscall.go b/pkg/rulemanager/ruleadapters/adapters/syscall.go
index e0c75fc3fe..9da32cbecc 100644
--- a/pkg/rulemanager/ruleadapters/adapters/syscall.go
+++ b/pkg/rulemanager/ruleadapters/adapters/syscall.go
@@ -56,21 +56,3 @@ func (c *SyscallAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedE
 	failure.SetRuntimeAlertK8sDetails(runtimeAlertK8sDetails)
 }
 
-func (c *SyscallAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{} {
-	//syscallEvent, ok := enrichedEvent.Event.(*types.SyscallEvent)
-	//if !ok {
-	//	return nil
-	//}
-
-	//result := ConvertToMap(&syscallEvent.Event)
-
-	//result["pid"] = syscallEvent.Pid
-	//result["comm"] = syscallEvent.Comm
-	//result["uid"] = syscallEvent.Uid
-	//result["gid"] = syscallEvent.Gid
-	//result["syscallName"] = syscallEvent.SyscallName
-
-	//result["mountnsid"] = syscallEvent.MountNsID
-
-	return map[string]interface{}{}
-}
diff --git a/pkg/rulemanager/ruleadapters/adapters/unshare.go b/pkg/rulemanager/ruleadapters/adapters/unshare.go
index f5f5bb397a..1ca3bd8843 100644
--- a/pkg/rulemanager/ruleadapters/adapters/unshare.go
+++ b/pkg/rulemanager/ruleadapters/adapters/unshare.go
@@ -65,24 +65,3 @@ func (c *UnshareAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedE
 	failure.SetRuntimeAlertK8sDetails(runtimeAlertK8sDetails)
 }
 
-func (c *UnshareAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{} {
-	//unshareEvent, ok := enrichedEvent.Event.(*tracerunsharetype.Event)
-	//if !ok {
-	//	return nil
-	//}
-
-	//result := ConvertToMap(&unshareEvent.Event)
-
-	//result["pid"] = unshareEvent.Pid
-	//result["tid"] = unshareEvent.Tid
-	//result["ppid"] = unshareEvent.PPid
-	//result["uid"] = unshareEvent.Uid
-	//result["gid"] = unshareEvent.Gid
-	//result["upperlayer"] = unshareEvent.UpperLayer
-	//result["comm"] = unshareEvent.Comm
-	//result["exe_path"] = unshareEvent.ExePath
-
-	//result["mountnsid"] = unshareEvent.MountNsID
-
-	return map[string]interface{}{}
-}
diff --git a/pkg/rulemanager/ruleadapters/rule_event_expansion.go b/pkg/rulemanager/ruleadapters/rule_event_expansion.go
index a2eb15fb68..79f0ac8da6 100644
--- a/pkg/rulemanager/ruleadapters/rule_event_expansion.go
+++ b/pkg/rulemanager/ruleadapters/rule_event_expansion.go
@@ -7,6 +7,4 @@ import (
 
 type EventRuleAdapter interface {
 	SetFailureMetadata(failure types.RuleFailure, enrichedEvent *events.EnrichedEvent, state map[string]any)
-
-	ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{}
 }