diff --git a/docGen/files.go b/docGen/files.go
index f7ce860..5aadaf4 100644
--- a/docGen/files.go
+++ b/docGen/files.go
@@ -3,7 +3,6 @@ package main
 import (
 	"os"
 	"path/filepath"
-	"strings"
 )
 
 func getAllFiles(dir string) ([]string, error) {
@@ -25,18 +24,3 @@ func getAllFiles(dir string) ([]string, error) {
 	}
 	return filesFound, nil
 }
-
-func getAllFilesOfKind(dir string, include string, exclude string) ([]string, error) { // TODO: include and exclude should be slices/variadic
-	var filteredFiles []string
-	files, err := getAllFiles(dir)
-	if err != nil {
-		return nil, err
-	}
-
-	for _, f := range files {
-		if strings.Contains(f, include) && !strings.Contains(f, exclude) {
-			filteredFiles = append(filteredFiles, f)
-		}
-	}
-	return filteredFiles, nil
-}
diff --git a/docGen/go.mod b/docGen/go.mod
index 1c149d0..e60d469 100644
--- a/docGen/go.mod
+++ b/docGen/go.mod
@@ -6,7 +6,6 @@ toolchain go1.22.2
 
 require (
 	github.com/Masterminds/semver v1.5.0
-	github.com/aquasecurity/tracee v0.7.0
 	github.com/aquasecurity/trivy v0.57.0
 	github.com/aquasecurity/vuln-list-update v0.0.0-20191016075347-3d158c2bf9a2
 	github.com/leekchan/gtf v0.0.0-20190214083521-5fba33c5b00b
@@ -56,7 +55,6 @@ require (
 	github.com/agext/levenshtein v1.2.3 // indirect
 	github.com/agnivade/levenshtein v1.1.1 // indirect
 	github.com/alecthomas/chroma v0.10.0 // indirect
-	github.com/aquasecurity/tracee/types v0.0.0-20220228102148-dffb469aed94 // indirect
 	github.com/aquasecurity/trivy-checks v1.2.2 // indirect
 	github.com/araddon/dateparse v0.0.0-20190426192744-0d74ffceef83 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
diff --git a/docGen/go.sum b/docGen/go.sum
index 2272b9e..f9d3ca8 100644
--- a/docGen/go.sum
+++ b/docGen/go.sum
@@ -19,10 +19,6 @@ github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFI
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
 github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY=
 github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4=
-github.com/aquasecurity/tracee v0.7.0 h1:xAsERkCvhTTfjxTh4236ghGnoA0q3zqau3NEEwLQXIA=
-github.com/aquasecurity/tracee v0.7.0/go.mod h1:gdYXY4zhvEYAE8QShFKRHF9xkOKjPI74O0wJGTggH5g=
-github.com/aquasecurity/tracee/types v0.0.0-20220228102148-dffb469aed94 h1:8dNst7rq3V688n0CyVGy0aNV179s5jGfi6i+C8fCeh4=
-github.com/aquasecurity/tracee/types v0.0.0-20220228102148-dffb469aed94/go.mod h1:l8MikK8yNCxoFVFq+WqvRg3kiDUX4wDTQwo7oD7YnWM=
 github.com/aquasecurity/trivy v0.57.0 h1:W3L+VVvAQjYsJsyiBsThs5xec66g2LpbVkWQJNcaZE0=
 github.com/aquasecurity/trivy v0.57.0/go.mod h1:MPExNeIDQASo9nHkVjN4pSsx7Vxoka96FnjryoSnhk0=
 github.com/aquasecurity/trivy-checks v1.2.2 h1:EVHi0gthYzDLfqdAqBBwVGfg2l/gdZ622pIlC9rP+lU=
@@ -39,7 +35,6 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bytecodealliance/wasmtime-go/v3 v3.0.2 h1:3uZCA/BLTIu+DqCfguByNMJa2HVHpXvjfy0Dy7g6fuA=
 github.com/bytecodealliance/wasmtime-go/v3 v3.0.2/go.mod h1:RnUjnIXxEJcL6BgCvNyzCCRzZcxCgsZCi+RNlvYor5Q=
-github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4=
 github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
 github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
 github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
diff --git a/docGen/main.go b/docGen/main.go
index 1ab6f32..2c948ba 100644
--- a/docGen/main.go
+++ b/docGen/main.go
@@ -45,7 +45,9 @@ func main() {
 	generateDefsecComplianceSpecPages("../avd-repo/trivy-policies-repo/rules/specs/compliance", "../avd-repo/content/compliance")
 	generateKubeHunterPages("../avd-repo/kube-hunter-repo/docs/_kb", "../avd-repo/content/misconfig/kubernetes")
 	generateCloudSploitPages("../avd-repo/cloudsploit-repo/plugins", "../avd-repo/content/misconfig", "../avd-repo/remediations-repo/en")
-	generateTraceePages("../avd-repo/tracee-repo/signatures", "../avd-repo/content/tracee", realClock{})
+	if err := generateTraceePages("../avd-repo/tracee-repo/signatures", "../avd-repo/content/tracee", realClock{}); err != nil {
+		fail(err)
+	}
 	generateDefsecPages("../avd-repo/trivy-policies-repo/avd_docs", "../avd-repo/content/misconfig")
 
 	nvdGenerator := NewNvdGenerator()
diff --git a/docGen/tracee.go b/docGen/tracee.go
index e02d99c..8af2390 100644
--- a/docGen/tracee.go
+++ b/docGen/tracee.go
@@ -1,9 +1,7 @@
 package main
 
 import (
-	"encoding/json"
 	"fmt"
-	"io/ioutil"
 	"log"
 	"os"
 	"path/filepath"
@@ -14,7 +12,6 @@ import (
 
 	"github.com/aquasecurity/avd-generator/menu"
 	"github.com/aquasecurity/avd-generator/util"
-	"github.com/aquasecurity/tracee/pkg/rules/regosig"
 )
 
 var (
@@ -83,21 +80,18 @@ func TraceePostToMarkdown(tp TraceePost, outputFile *os.File) error {
 	return nil
 }
 
-func generateTraceePages(rulesDir, postsDir string, clock Clock) {
+func generateTraceePages(rulesDir, postsDir string, clock Clock) error {
 	err := os.MkdirAll(postsDir, 0755)
 	if err != nil {
-		log.Fatal("unable to create tracee directory ", err)
+		return fmt.Errorf("create dir: %w", err)
 	}
 
 	log.Println("generating tracee pages in: ", postsDir)
 
-	if err := generateRegoSigPages(rulesDir, postsDir, clock); err != nil {
-		log.Fatal("failed to generate rego sig pages: ", err)
-	}
-
 	if err := generateGoSigPages(rulesDir, postsDir, clock); err != nil {
-		log.Fatal("failed to generate go sig pages: ", err)
+		return fmt.Errorf("generate go sig pages: %w", err)
 	}
+	return nil
 }
 
 func generateGoSigPages(rulesDir string, postsDir string, clock Clock) error {
@@ -119,7 +113,7 @@ func generateGoSigPages(rulesDir string, postsDir string, clock Clock) error {
 				return
 			}
 
-			b, _ := ioutil.ReadFile(file)
+			b, _ := os.ReadFile(file)
 			r := strings.NewReplacer(`"`, ``)
 			rTitle := strings.NewReplacer("/", "-", `"`, "")
 
@@ -191,93 +185,6 @@ func getRegexMatch(regex, str string) string {
 	return strings.TrimSpace(parts[1])
 }
 
-func generateRegoSigPages(rulesDir string, postsDir string, clock Clock) error {
-	files, err := getAllFilesOfKind(rulesDir, "rego", "_test")
-	if err != nil {
-		log.Println("unable to get rego signature files: ", err)
-		return err
-	}
-
-	helpers, err := ioutil.ReadFile(filepath.Join(rulesDir, "rego", "helpers.rego"))
-	if err != nil {
-		log.Println("unable to read helpers.rego file: ", err)
-		return err
-	}
-
-	for _, file := range files {
-		if findSubstringsInString(file, []string{"helpers", "example", ".go", "aio", "disabled"}) { // TODO: This should be handled by a filter in GetAllFilesOfKind
-			continue
-		}
-
-		log.Printf("Processing Tracee rego signature file: %s", file)
-
-		b, err := ioutil.ReadFile(file)
-		if err != nil {
-			log.Printf("unable to read signature file: %s, %s\n", file, err)
-			return err
-		}
-
-		sig, err := regosig.NewRegoSignature("rego", false, string(b), string(helpers))
-		if err != nil {
-			log.Printf("unable to create new rego signature in file %s: %s\n", file, err)
-			return err
-		}
-		m, _ := sig.GetMetadata()
-
-		var severity int64
-		if m.Properties["Severity"] != nil {
-			severity, _ = m.Properties["Severity"].(json.Number).Int64()
-		}
-		var ma string
-		if m.Properties["MITRE ATT&CK"] != nil {
-			ma = m.Properties["MITRE ATT&CK"].(string)
-		}
-
-		topLevelIDName := strings.TrimSpace(strings.Split(ma, ":")[0])
-		topLevelID := strings.ToLower(strings.ReplaceAll(topLevelIDName, " ", "-"))
-		runTimeSecurityMenu.AddNode(topLevelID, strings.Title(topLevelIDName), postsDir, "tracee", []string{"runtime"}, []menu.BreadCrumb{
-			{Name: "Tracee", Url: "/tracee"},
-		}, "tracee", false)
-		parentID := topLevelID
-
-		outputFilepath := filepath.Join(postsDir, parentID, fmt.Sprintf("%s.md", strings.ReplaceAll(m.ID, "-", "")))
-		if err := os.MkdirAll(filepath.Dir(outputFilepath), 0755); err != nil {
-			log.Printf("error occurred while creating target directory: %s, %s", filepath.Dir(outputFilepath), err)
-		}
-
-		f, err := os.Create(outputFilepath)
-		if err != nil {
-			log.Printf("unable to create tracee markdown file: %s for sig: %s, skipping...\n", err, m.ID)
-			continue
-		}
-
-		if err = TraceePostToMarkdown(TraceePost{
-			Title:      util.Nicify(strings.Title(m.Name)),
-			ParentID:   parentID,
-			ParentName: strings.Title(topLevelIDName),
-			AliasID:    strings.ToLower(strings.ReplaceAll(m.ID, "-", "")),
-			TopLevelID: parentID,
-			Date:       clock.Now("2006-01-02"),
-			Signature: Signature{
-				ID:          m.ID,
-				Version:     m.Version,
-				Name:        strings.ReplaceAll(m.Name, " ", "-"),
-				Description: m.Description,
-				Severity:    SeverityNames[severity],
-				MitreAttack: ma,
-				RegoPolicy:  string(b),
-			},
-		}, f); err != nil {
-			log.Printf("unable to write tracee signature markdown: %s.md, err: %s", m.ID, err)
-			continue
-		}
-
-		// TODO: Add MITRE classification details
-		// TODO: Add ability to append custom aqua blog post from another markdown
-	}
-	return nil
-}
-
 const signaturePostTemplate = `---
 title: {{.Title}}
 id: {{.Signature.ID}}
diff --git a/docGen/tracee_test.go b/docGen/tracee_test.go
index 1dd304b..6e71a99 100644
--- a/docGen/tracee_test.go
+++ b/docGen/tracee_test.go
@@ -1,8 +1,6 @@
 package main
 
 import (
-	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"regexp"
@@ -15,28 +13,23 @@ import (
 )
 
 func Test_generateTraceePages(t *testing.T) {
-	postsDir, _ := ioutil.TempDir("", "Test_generateTraceePages-*")
-	defer func() {
-		_ = os.RemoveAll(postsDir)
-	}()
-	generateTraceePages("../goldens/tracee-sigs", filepath.Join(postsDir, "tracee"), fakeClock{})
+	postsDir := t.TempDir()
+
+	err := generateTraceePages("../goldens/tracee-sigs", filepath.Join(postsDir, "tracee"), fakeClock{})
+	require.NoError(t, err)
 
 	gotFiles, err := getAllFiles(postsDir)
 	require.NoError(t, err)
-	require.Equal(t, 3, len(gotFiles))
+	require.Equal(t, 1, len(gotFiles))
 
 	dirRegex := regexp.MustCompile("(?m).+MITRE ATT&CK\n(.*):")
 
-	// check for various files and contents
-	for i := 1; i <= 3; i++ {
-		want, err := ioutil.ReadFile(fmt.Sprintf("../goldens/tracee-sigs/generated-mds/TRC%d.md", i))
-		require.NoError(t, err)
-
-		dir := strings.ReplaceAll(string(dirRegex.FindSubmatch(want)[1]), " ", "-")
+	want, err := os.ReadFile("../goldens/tracee-sigs/generated-mds/TRC1.md")
+	require.NoError(t, err)
 
-		got, err := ioutil.ReadFile(filepath.Join(postsDir, "tracee", strings.ToLower(dir), fmt.Sprintf("TRC%d.md", i)))
-		require.NoError(t, err)
+	dir := strings.ReplaceAll(string(dirRegex.FindSubmatch(want)[1]), " ", "-")
 
-		assert.Equal(t, string(want), string(got))
-	}
+	got, err := os.ReadFile(filepath.Join(postsDir, "tracee", strings.ToLower(dir), "TRC1.md"))
+	require.NoError(t, err)
+	assert.Equal(t, string(want), string(got))
 }
diff --git a/goldens/tracee-sigs/generated-mds/TRC2.md b/goldens/tracee-sigs/generated-mds/TRC2.md
deleted file mode 100644
index a8aaa63..0000000
--- a/goldens/tracee-sigs/generated-mds/TRC2.md
+++ /dev/null
@@ -1,65 +0,0 @@
----
-title: Anti Debugging
-id: TRC-2
-aliases: [
-    "/tracee/trc2"
-]
-source: Tracee
-icon: aqua
-shortName: Anti Debugging
-severity: high
-draft: false
-version: 0.1.0
-keywords: "TRC-2"
-
-category: runsec
-date: 2021-04-15T20:55:39Z
-
-remediations:
-
-breadcrumbs: 
-  - name: Tracee
-    path: /tracee
-  - name: Defense Evasion
-    path: /tracee/defense-evasion
-
-avd_page_type: avd_page
----
-
-### Anti Debugging
-Process uses anti-debugging technique to block debugger
-
-### MITRE ATT&CK
-Defense Evasion: Execution Guardrails
-
-
-### Rego Policy
-```
-package tracee.TRC_2
-
-__rego_metadoc__ := {
-    "id": "TRC-2",
-    "version": "0.1.0",
-    "name": "Anti-Debugging",
-    "description": "Process uses anti-debugging technique to block debugger",
-    "tags": ["linux", "container"],
-    "properties": {
-        "Severity": 3,
-        "MITRE ATT&CK": "Defense Evasion: Execution Guardrails",
-    }
-}
-
-tracee_selected_events[eventSelector] {
-	eventSelector := {
-		"source": "tracee",
-		"name": "ptrace"
-	}
-}
-
-tracee_match {
-    input.eventName == "ptrace"
-    arg := input.args[_]
-    arg.name == "request"
-    arg.value == "PTRACE_TRACEME"
-}
-```
diff --git a/goldens/tracee-sigs/generated-mds/TRC3.md b/goldens/tracee-sigs/generated-mds/TRC3.md
deleted file mode 100644
index a362943..0000000
--- a/goldens/tracee-sigs/generated-mds/TRC3.md
+++ /dev/null
@@ -1,101 +0,0 @@
----
-title: Code Injection
-id: TRC-3
-aliases: [
-    "/tracee/trc3"
-]
-source: Tracee
-icon: aqua
-shortName: Code Injection
-severity: high
-draft: false
-version: 0.1.0
-keywords: "TRC-3"
-
-category: runsec
-date: 2021-04-15T20:55:39Z
-
-remediations:
-
-breadcrumbs: 
-  - name: Tracee
-    path: /tracee
-  - name: Defense Evasion
-    path: /tracee/defense-evasion
-
-avd_page_type: avd_page
----
-
-### Code Injection
-Possible code injection into another process
-
-### MITRE ATT&CK
-Defense Evasion: Process Injection
-
-
-### Rego Policy
-```
-package tracee.TRC_3
-
-import data.tracee.helpers
-
-__rego_metadoc__ := {
-    "id": "TRC-3",
-    "version": "0.1.0",
-    "name": "Code injection",
-    "description": "Possible code injection into another process",
-    "tags": ["linux", "container"],
-    "properties": {
-        "Severity": 3,
-        "MITRE ATT&CK": "Defense Evasion: Process Injection",
-    }
-}
-
-eventSelectors := [
-    {
-        "source": "tracee",
-        "name": "ptrace"
-    },
-    {
-        "source": "tracee",
-        "name": "security_file_open"
-    },
-    {
-        "source": "tracee",
-        "name": "process_vm_writev"
-    }
-]
-
-tracee_selected_events[eventSelector] {
-	eventSelector := eventSelectors[_]
-}
-
-
-tracee_match {
-    input.eventName == "ptrace"
-    arg_value = helpers.get_tracee_argument("request")
-    arg_value == "PTRACE_POKETEXT"
-}
-
-tracee_match = res {
-    input.eventName == "security_file_open"
-    flags = helpers.get_tracee_argument("flags")
-
-    helpers.is_file_write(flags)
-
-    pathname := helpers.get_tracee_argument("pathname")
-
-    regex.match(`/proc/(?:\d.+|self)/mem`, pathname)
-
-    res := {
-        "file flags": flags,
-        "file path": pathname,
-    }
-}
-
-tracee_match {
-    input.eventName == "process_vm_writev"
-    dst_pid = helpers.get_tracee_argument("pid")
-    dst_pid != input.processId
-}
-```
diff --git a/goldens/tracee-sigs/rego/anti_debugging_ptraceme.rego b/goldens/tracee-sigs/rego/anti_debugging_ptraceme.rego
deleted file mode 100644
index 298cf2e..0000000
--- a/goldens/tracee-sigs/rego/anti_debugging_ptraceme.rego
+++ /dev/null
@@ -1,27 +0,0 @@
-package tracee.TRC_2
-
-__rego_metadoc__ := {
-    "id": "TRC-2",
-    "version": "0.1.0",
-    "name": "Anti-Debugging",
-    "description": "Process uses anti-debugging technique to block debugger",
-    "tags": ["linux", "container"],
-    "properties": {
-        "Severity": 3,
-        "MITRE ATT&CK": "Defense Evasion: Execution Guardrails",
-    }
-}
-
-tracee_selected_events[eventSelector] {
-	eventSelector := {
-		"source": "tracee",
-		"name": "ptrace"
-	}
-}
-
-tracee_match {
-    input.eventName == "ptrace"
-    arg := input.args[_]
-    arg.name == "request"
-    arg.value == "PTRACE_TRACEME"
-}
\ No newline at end of file
diff --git a/goldens/tracee-sigs/rego/code_injection.rego b/goldens/tracee-sigs/rego/code_injection.rego
deleted file mode 100644
index b9dde2a..0000000
--- a/goldens/tracee-sigs/rego/code_injection.rego
+++ /dev/null
@@ -1,63 +0,0 @@
-package tracee.TRC_3
-
-import data.tracee.helpers
-
-__rego_metadoc__ := {
-    "id": "TRC-3",
-    "version": "0.1.0",
-    "name": "Code injection",
-    "description": "Possible code injection into another process",
-    "tags": ["linux", "container"],
-    "properties": {
-        "Severity": 3,
-        "MITRE ATT&CK": "Defense Evasion: Process Injection",
-    }
-}
-
-eventSelectors := [
-    {
-        "source": "tracee",
-        "name": "ptrace"
-    },
-    {
-        "source": "tracee",
-        "name": "security_file_open"
-    },
-    {
-        "source": "tracee",
-        "name": "process_vm_writev"
-    }
-]
-
-tracee_selected_events[eventSelector] {
-	eventSelector := eventSelectors[_]
-}
-
-
-tracee_match {
-    input.eventName == "ptrace"
-    arg_value = helpers.get_tracee_argument("request")
-    arg_value == "PTRACE_POKETEXT"
-}
-
-tracee_match = res {
-    input.eventName == "security_file_open"
-    flags = helpers.get_tracee_argument("flags")
-
-    helpers.is_file_write(flags)
-
-    pathname := helpers.get_tracee_argument("pathname")
-
-    regex.match(`/proc/(?:\d.+|self)/mem`, pathname)
-
-    res := {
-        "file flags": flags,
-        "file path": pathname,
-    }
-}
-
-tracee_match {
-    input.eventName == "process_vm_writev"
-    dst_pid = helpers.get_tracee_argument("pid")
-    dst_pid != input.processId
-}
\ No newline at end of file
diff --git a/goldens/tracee-sigs/rego/example.rego b/goldens/tracee-sigs/rego/example.rego
deleted file mode 100644
index 9d491b4..0000000
--- a/goldens/tracee-sigs/rego/example.rego
+++ /dev/null
@@ -1 +0,0 @@
-a mock example file which should be ignored by avd generator
\ No newline at end of file
diff --git a/goldens/tracee-sigs/rego/helpers.rego b/goldens/tracee-sigs/rego/helpers.rego
deleted file mode 100644
index 17bd671..0000000
--- a/goldens/tracee-sigs/rego/helpers.rego
+++ /dev/null
@@ -1,16 +0,0 @@
-package tracee.helpers
-
-get_tracee_argument(arg_name) = res {
-    arg := input.args[_]
-    arg.name == arg_name
-    res := arg.value
-}
-
-
-default is_file_write(flags) = false
-is_file_write(flags) {
-    contains(lower(flags), "o_wronly")
-}
-is_file_write(flags) {
-    contains(lower(flags), "o_rdwr")
-}
\ No newline at end of file
diff --git a/goldens/tracee-sigs/rego/regosig/aio.go b/goldens/tracee-sigs/rego/regosig/aio.go
deleted file mode 100644
index 1de5213..0000000
--- a/goldens/tracee-sigs/rego/regosig/aio.go
+++ /dev/null
@@ -1,253 +0,0 @@
-package regosig
-
-import (
-	_ "embed"
-
-	"context"
-	"fmt"
-	"sort"
-	"strings"
-
-	"github.com/aquasecurity/tracee/tracee-ebpf/external"
-	"github.com/aquasecurity/tracee/tracee-rules/engine"
-	"github.com/aquasecurity/tracee/tracee-rules/types"
-	"github.com/open-policy-agent/opa/ast"
-	"github.com/open-policy-agent/opa/compile"
-	"github.com/open-policy-agent/opa/rego"
-)
-
-var (
-	//go:embed aio.rego
-	mainRego string
-)
-
-const (
-	moduleMain             = "main.rego"
-	queryMetadataAll       = "data.main.__rego_metadoc_all__"
-	querySelectedEventsAll = "data.main.tracee_selected_events_all"
-	queryMatchAll          = "data.main.tracee_match_all"
-)
-
-// Options holds various Option items that can be passed to the NewAIO constructor.
-type Options struct {
-	// OPATarget optionally specifies which OPA target engine to use for
-	// evaluation. By default, the `rego` engine is used.
-	OPATarget string
-
-	// OPAPartial optionally specifies whether to use OPA partial evaluation
-	// or not. By default, partial evaluation is disabled.
-	//
-	// NOTE: On average partial evaluation performs better by leveraging
-	// OPA rules indexing. However, for some rules we noticed that enabling partial
-	// evaluation significantly degraded performance.
-	//
-	// https://blog.openpolicyagent.org/partial-evaluation-162750eaf422
-	OPAPartial bool
-}
-
-type Option func(*Options)
-
-func OPATarget(target string) Option {
-	return func(o *Options) {
-		o.OPATarget = target
-	}
-}
-
-func OPAPartial(partial bool) Option {
-	return func(o *Options) {
-		o.OPAPartial = partial
-	}
-}
-
-func newDefaultOptions() *Options {
-	return &Options{
-		OPATarget:  compile.TargetRego,
-		OPAPartial: false,
-	}
-}
-
-type aio struct {
-	cb       types.SignatureHandler
-	metadata types.SignatureMetadata
-
-	preparedQuery   rego.PreparedEvalQuery
-	sigIDToMetadata map[string]types.SignatureMetadata
-	selectedEvents  []types.SignatureEventSelector
-}
-
-// NewAIO constructs a new types.Signature with the specified Rego modules and Option items.
-//
-// This implementation compiles all modules once and prepares the single,
-// aka all in one, query for evaluation.
-func NewAIO(modules map[string]string, opts ...Option) (types.Signature, error) {
-	options := newDefaultOptions()
-
-	for _, opt := range opts {
-		opt(options)
-	}
-
-	modules[moduleMain] = mainRego
-	ctx := context.TODO()
-	compiler, err := ast.CompileModules(modules)
-	if err != nil {
-		return nil, fmt.Errorf("compiling modules: %w", err)
-	}
-
-	metadataRS, err := rego.New(
-		rego.Compiler(compiler),
-		rego.Query(queryMetadataAll),
-	).Eval(ctx)
-	if err != nil {
-		return nil, fmt.Errorf("evaluating %s query: %w", queryMetadataAll, err)
-	}
-	sigIDToMetadata, err := MapRS(metadataRS).ToSignatureMetadataAll()
-	if err != nil {
-		return nil, fmt.Errorf("mapping output to metadata: %w", err)
-	}
-
-	selectedEventsRS, err := rego.New(
-		rego.Compiler(compiler),
-		rego.Query(querySelectedEventsAll),
-	).Eval(ctx)
-	if err != nil {
-		return nil, fmt.Errorf("evaluating %s query: %w", querySelectedEventsAll, err)
-	}
-	sigIDToSelectedEvents, err := MapRS(selectedEventsRS).ToSelectedEventsAll()
-	if err != nil {
-		return nil, fmt.Errorf("mapping output to selected events: %w", err)
-	}
-
-	var peq rego.PreparedEvalQuery
-
-	if options.OPAPartial {
-		pr, err := rego.New(
-			rego.Compiler(compiler),
-			rego.Query(queryMatchAll),
-		).PartialResult(ctx)
-		if err != nil {
-			return nil, fmt.Errorf("partially evaluating %s query: %w", queryMatchAll, err)
-		}
-		peq, err = pr.Rego(
-			rego.Target(options.OPATarget),
-		).PrepareForEval(ctx)
-		if err != nil {
-			return nil, fmt.Errorf("preparing %s query: %w", queryMatch, err)
-		}
-	} else {
-		peq, err = rego.New(
-			rego.Target(options.OPATarget),
-			rego.Compiler(compiler),
-			rego.Query(queryMatchAll),
-		).PrepareForEval(ctx)
-		if err != nil {
-			return nil, fmt.Errorf("preparing %s query: %w", queryMetadataAll, err)
-		}
-	}
-
-	var sigIDs []string
-	var selectedEvents []types.SignatureEventSelector
-
-	selectedEventsSet := make(map[types.SignatureEventSelector]bool)
-
-	for sigID, sigEvents := range sigIDToSelectedEvents {
-		sigIDs = append(sigIDs, sigID)
-
-		for _, sigEvent := range sigEvents {
-			if _, value := selectedEventsSet[sigEvent]; !value {
-				selectedEventsSet[sigEvent] = true
-				selectedEvents = append(selectedEvents, sigEvent)
-			}
-		}
-	}
-
-	sort.Strings(sigIDs)
-	metadata := types.SignatureMetadata{
-		ID:      fmt.Sprintf("TRC-AIO (%s)", strings.Join(sigIDs, ",")),
-		Version: "1.0.0",
-		Name:    "AIO",
-	}
-
-	return &aio{
-		metadata:        metadata,
-		preparedQuery:   peq,
-		sigIDToMetadata: sigIDToMetadata,
-		selectedEvents:  selectedEvents,
-	}, nil
-}
-
-func (a *aio) Init(cb types.SignatureHandler) error {
-	a.cb = cb
-	return nil
-}
-
-func (a *aio) GetMetadata() (types.SignatureMetadata, error) {
-	return a.metadata, nil
-}
-
-func (a *aio) GetSelectedEvents() ([]types.SignatureEventSelector, error) {
-	return a.selectedEvents, nil
-}
-
-func (a *aio) OnEvent(ee types.Event) error {
-	input, event, err := toInputOption(ee)
-	if err != nil {
-		return err
-	}
-
-	ctx := context.TODO()
-	rs, err := a.preparedQuery.Eval(ctx, input)
-	if err != nil {
-		return err
-	}
-	data, err := MapRS(rs).ToDataAll()
-	if err != nil {
-		return err
-	}
-	for sigID, value := range data {
-		switch v := value.(type) {
-		case bool:
-			if v {
-				a.cb(types.Finding{
-					Data:        nil,
-					Context:     event,
-					SigMetadata: a.sigIDToMetadata[sigID],
-				})
-			}
-		case map[string]interface{}:
-			a.cb(types.Finding{
-				Data:        v,
-				Context:     event,
-				SigMetadata: a.sigIDToMetadata[sigID],
-			})
-		default:
-			return fmt.Errorf("unrecognized value: %T", v)
-		}
-	}
-	return nil
-}
-
-func toInputOption(ee types.Event) (rego.EvalOption, external.Event, error) {
-	var input rego.EvalOption
-	var event external.Event
-
-	switch ee.(type) {
-	case external.Event:
-		event = ee.(external.Event)
-		input = rego.EvalInput(ee)
-	case engine.ParsedEvent:
-		pe := ee.(engine.ParsedEvent)
-		event = pe.Event
-		input = rego.EvalParsedInput(pe.Value)
-	default:
-		return nil, external.Event{}, fmt.Errorf("unrecognized event type: %T", ee)
-	}
-	return input, event, nil
-}
-
-func (a *aio) Close() {
-	// noop
-}
-
-func (a aio) OnSignal(signal types.Signal) error {
-	return fmt.Errorf("unsupported operation")
-}
diff --git a/goldens/tracee-sigs/rego/regosig/aio.rego b/goldens/tracee-sigs/rego/regosig/aio.rego
deleted file mode 100644
index 0c0bca8..0000000
--- a/goldens/tracee-sigs/rego/regosig/aio.rego
+++ /dev/null
@@ -1,24 +0,0 @@
-package main
-
-# Returns the map of signature identifiers to signature metadata.
-__rego_metadoc_all__[id] = resp {
-	some i
-		resp := data.tracee[i].__rego_metadoc__
-		id := resp.id
-}
-
-# Returns the map of signature identifiers to signature selected events.
-tracee_selected_events_all[id] = resp {
-	some i
-		resp := data.tracee[i].tracee_selected_events
-		metadata := data.tracee[i].__rego_metadoc__
-		id := metadata.id
-}
-
-# Returns the map of signature identifiers to values matching the input event.
-tracee_match_all[id] = resp {
-	some i
-		resp := data.tracee[i].tracee_match
-		metadata := data.tracee[i].__rego_metadoc__
-		id := metadata.id
-}
\ No newline at end of file
diff --git a/goldens/tracee-sigs/rego/regosig/aio_test.go b/goldens/tracee-sigs/rego/regosig/aio_test.go
deleted file mode 100644
index 984e1ed..0000000
--- a/goldens/tracee-sigs/rego/regosig/aio_test.go
+++ /dev/null
@@ -1,293 +0,0 @@
-package regosig_test
-
-import (
-	"encoding/json"
-	"fmt"
-	"os"
-	"testing"
-
-	tracee "github.com/aquasecurity/tracee/tracee-ebpf/external"
-	"github.com/aquasecurity/tracee/tracee-rules/signatures/rego/regosig"
-	"github.com/aquasecurity/tracee/tracee-rules/types"
-	"github.com/open-policy-agent/opa/compile"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestAio_GetMetadata(t *testing.T) {
-	sig, err := regosig.NewAIO(map[string]string{
-		"test_boolean.rego": testRegoCodeBoolean,
-		"test_object.rego":  testRegoCodeObject,
-	})
-	require.NoError(t, err)
-
-	metadata, err := sig.GetMetadata()
-	require.NoError(t, err)
-	assert.Equal(t, types.SignatureMetadata{
-		ID:      "TRC-AIO (TRC-BOOL,TRC-OBJECT)",
-		Version: "1.0.0",
-		Name:    "AIO",
-	}, metadata)
-}
-
-func TestAio_GetSelectedEvents(t *testing.T) {
-	sig, err := regosig.NewAIO(map[string]string{
-		"test_boolean.rego": testRegoCodeBoolean,
-		"test_object.rego":  testRegoCodeObject,
-	})
-	require.NoError(t, err)
-	events, err := sig.GetSelectedEvents()
-	require.NoError(t, err)
-
-	eventsSet := make(map[types.SignatureEventSelector]bool)
-	for _, event := range events {
-		if _, value := eventsSet[event]; !value {
-			eventsSet[event] = true
-		}
-	}
-
-	assert.Equal(t, map[types.SignatureEventSelector]bool{
-		types.SignatureEventSelector{
-			Source: "tracee",
-			Name:   "ptrace",
-		}: true,
-		types.SignatureEventSelector{
-			Source: "tracee",
-			Name:   "execve",
-		}: true,
-	}, eventsSet)
-}
-
-func TestAio_OnEvent(t *testing.T) {
-	options := []struct {
-		target  string
-		partial bool
-	}{
-		{
-			target:  compile.TargetRego,
-			partial: false,
-		},
-		{
-			target:  compile.TargetRego,
-			partial: true,
-		},
-		//{
-		//	target:  compile.TargetWasm,
-		//	partial: false,
-		//},
-		//{
-		//	target:  compile.TargetWasm,
-		//	partial: true,
-		//},
-	}
-
-	for _, tc := range options {
-		t.Run(fmt.Sprintf("target=%s,partial=%t", tc.target, tc.partial), func(t *testing.T) {
-			AioOnEventSpec(t, tc.target, tc.partial)
-		})
-	}
-
-}
-
-// AioOnEventSpec describes the behavior of aio.OnEvent.
-func AioOnEventSpec(t *testing.T, target string, partial bool) {
-	testCases := []struct {
-		name    string
-		modules map[string]string
-		event   tracee.Event
-		// findings are grouped by signature identifier for comparison
-		findings  map[string]types.Finding
-		wantError string
-	}{
-		{
-			name: "Should return finding when single rule matches",
-			modules: map[string]string{
-				"test_boolean.rego": testRegoCodeBoolean,
-				"test_object.rego":  testRegoCodeObject,
-			},
-			event: tracee.Event{
-				Args: []tracee.Argument{
-					{
-						ArgMeta: tracee.ArgMeta{
-							Name: "doesn't matter",
-						},
-						Value: "ends with yo",
-					},
-				},
-			},
-			findings: map[string]types.Finding{
-				"TRC-BOOL": {
-					Data: nil,
-					Context: tracee.Event{
-						Args: []tracee.Argument{
-							{
-								ArgMeta: tracee.ArgMeta{
-									Name: "doesn't matter",
-								},
-								Value: "ends with yo",
-							},
-						},
-					},
-					SigMetadata: types.SignatureMetadata{
-						ID:          "TRC-BOOL",
-						Version:     "0.1.0",
-						Name:        "test name",
-						Description: "test description",
-						Tags: []string{
-							"tag1",
-							"tag2",
-						},
-						Properties: map[string]interface{}{
-							"p1": "test",
-							"p2": json.Number("1"),
-							"p3": true,
-						},
-					},
-				},
-			},
-		},
-		{
-			name: "Should return multiple findings when multiple rules match",
-			modules: map[string]string{
-				"test_boolean.rego": testRegoCodeBoolean,
-				"test_object.rego":  testRegoCodeObject,
-			},
-			event: tracee.Event{
-				Args: []tracee.Argument{
-					{
-						ArgMeta: tracee.ArgMeta{
-							Name: "doesn't matter",
-						},
-						Value: "ends with yo",
-					},
-					{
-						ArgMeta: tracee.ArgMeta{
-							Name: "doesn't matter",
-						},
-						Value: 1337,
-					},
-				},
-			},
-			findings: map[string]types.Finding{
-				"TRC-OBJECT": {
-					Data: map[string]interface{}{
-						"p1": "test",
-						"p2": json.Number("1"),
-						"p3": true,
-					},
-					Context: tracee.Event{
-						Args: []tracee.Argument{
-							{
-								ArgMeta: tracee.ArgMeta{
-									Name: "doesn't matter",
-								},
-								Value: "ends with yo",
-							},
-							{
-								ArgMeta: tracee.ArgMeta{
-									Name: "doesn't matter",
-								},
-								Value: 1337,
-							},
-						},
-					},
-					SigMetadata: types.SignatureMetadata{
-						ID:          "TRC-OBJECT",
-						Version:     "0.3.0",
-						Name:        "test name",
-						Description: "test description",
-						Tags: []string{
-							"tag1",
-							"tag2",
-						},
-						Properties: map[string]interface{}{
-							"p1": "test",
-							"p2": json.Number("1"),
-							"p3": true,
-						},
-					},
-				},
-				"TRC-BOOL": {
-					Data: nil,
-					Context: tracee.Event{
-						Args: []tracee.Argument{
-							{
-								ArgMeta: tracee.ArgMeta{
-									Name: "doesn't matter",
-								},
-								Value: "ends with yo",
-							},
-							{
-								ArgMeta: tracee.ArgMeta{
-									Name: "doesn't matter",
-								},
-								Value: 1337,
-							},
-						},
-					},
-					SigMetadata: types.SignatureMetadata{
-						ID:          "TRC-BOOL",
-						Version:     "0.1.0",
-						Name:        "test name",
-						Description: "test description",
-						Tags: []string{
-							"tag1",
-							"tag2",
-						},
-						Properties: map[string]interface{}{
-							"p1": "test",
-							"p2": json.Number("1"),
-							"p3": true,
-						},
-					},
-				},
-			},
-		},
-		{
-			name: "Should return error when invalid value received",
-			modules: map[string]string{
-				"test_invalid.rego": testRegoCodeInvalidObject,
-			},
-			event: tracee.Event{
-				Args: []tracee.Argument{
-					{
-						ArgMeta: tracee.ArgMeta{
-							Name: "doesn't matter",
-						},
-						Value: "ends with invalid",
-					},
-				},
-			},
-			wantError: "unrecognized value: string",
-		},
-	}
-
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			sig, err := regosig.NewAIO(tc.modules,
-				regosig.OPATarget(target),
-				regosig.OPAPartial(partial),
-			)
-			require.NoError(t, err)
-
-			holder := &findingsHolder{}
-			err = sig.Init(holder.OnFinding)
-			require.NoError(t, err)
-
-			err = sig.OnEvent(tc.event)
-			if tc.wantError != "" {
-				require.EqualError(t, err, tc.wantError, tc.name)
-			} else {
-				require.NoError(t, err, tc.name)
-				assert.Equal(t, tc.findings, holder.GroupBySigID())
-			}
-		})
-	}
-}
-
-func TestAio_OnSignal(t *testing.T) {
-	sig, err := regosig.NewAIO(map[string]string{})
-	require.NoError(t, err)
-	err = sig.OnSignal(os.Kill)
-	assert.EqualError(t, err, "unsupported operation")
-}
diff --git a/goldens/tracee-sigs/rego/regosig/common_test.go b/goldens/tracee-sigs/rego/regosig/common_test.go
deleted file mode 100644
index 780c35f..0000000
--- a/goldens/tracee-sigs/rego/regosig/common_test.go
+++ /dev/null
@@ -1,117 +0,0 @@
-package regosig_test
-
-import (
-	"github.com/aquasecurity/tracee/tracee-rules/types"
-)
-
-const (
-	testRegoCodeBoolean = `package tracee.TRC_BOOL
-
-__rego_metadoc__ := {
-	"id": "TRC-BOOL",
-	"version": "0.1.0",
-	"name": "test name",
-	"description": "test description",
-	"tags": [ "tag1", "tag2" ],
-	"properties": {
-		"p1": "test",
-		"p2": 1,
-		"p3": true
-	}
-}
-
-tracee_selected_events[eventSelector] {
-	eventSelector := {
-		"source": "tracee",
-		"name": "execve"
-	}
-}
-
-tracee_match {
-	endswith(input.args[0].value, "yo")
-}
-`
-	testRegoCodeObject = `package tracee.TRC_OBJECT
-
-__rego_metadoc__ := {
-	"id": "TRC-OBJECT",
-	"version": "0.3.0",
-	"name": "test name",
-	"description": "test description",
-	"tags": [ "tag1", "tag2" ],
-	"properties": {
-		"p1": "test",
-		"p2": 1,
-		"p3": true
-	}
-}
-
-tracee_selected_events[eventSelector] {
-	eventSelector := {
-		"source": "tracee",
-		"name": "ptrace"
-	}
-}
-
-tracee_match = res {
-	endswith(input.args[0].value, "yo")
-	input.args[1].value == 1337
-	res := {
-		"p1": "test",
-		"p2": 1,
-		"p3": true
-	}
-}
-`
-	testRegoCodeInvalidObject = `package tracee.TRC_INVALID
-__rego_metadoc__ := {
-	"id": "TRC-INVALID",
-	"version": "0.3.0",
-	"name": "test name",
-	"description": "test description",
-	"tags": [ "tag1", "tag2" ],
-	"properties": {
-		"p1": "test",
-		"p2": 1,
-		"p3": true
-	}
-}
-
-tracee_selected_events[eventSelector] {
-	eventSelector := {
-		"source": "tracee",
-		"name": "ptrace"
-	}
-}
-
-tracee_match = res {
-	endswith(input.args[0].value, "invalid")
-	res := "foo bar string"
-}
-`
-)
-
-// findingsHolder is a utility struct that defines types.SignatureHandler callback method
-// and holds types.Finding values received as the callback's argument.
-type findingsHolder struct {
-	values []types.Finding
-}
-
-func (h *findingsHolder) OnFinding(f types.Finding) {
-	h.values = append(h.values, f)
-}
-
-func (h *findingsHolder) GroupBySigID() map[string]types.Finding {
-	r := make(map[string]types.Finding)
-	for _, v := range h.values {
-		r[v.SigMetadata.ID] = v
-	}
-	return r
-}
-
-func (h *findingsHolder) FirstValue() *types.Finding {
-	if len(h.values) == 0 {
-		return nil
-	}
-	return &h.values[0]
-}
diff --git a/goldens/tracee-sigs/rego/regosig/mapper.go b/goldens/tracee-sigs/rego/regosig/mapper.go
deleted file mode 100644
index a8871bd..0000000
--- a/goldens/tracee-sigs/rego/regosig/mapper.go
+++ /dev/null
@@ -1,73 +0,0 @@
-package regosig
-
-import (
-	"bytes"
-	"encoding/json"
-	"errors"
-	"fmt"
-
-	"github.com/aquasecurity/tracee/tracee-rules/types"
-	"github.com/open-policy-agent/opa/rego"
-)
-
-type Mapper struct {
-	rego.ResultSet
-}
-
-func MapRS(rs rego.ResultSet) *Mapper {
-	return &Mapper{
-		ResultSet: rs,
-	}
-}
-
-func (m Mapper) ToSignatureMetadataAll() (map[string]types.SignatureMetadata, error) {
-	if m.isEmpty() {
-		return nil, errors.New("empty result set")
-	}
-	resJSON, err := json.Marshal(m.ResultSet[0].Expressions[0].Value)
-	if err != nil {
-		return nil, err
-	}
-	dec := json.NewDecoder(bytes.NewBuffer(resJSON))
-	dec.UseNumber()
-	var res map[string]types.SignatureMetadata
-	err = dec.Decode(&res)
-	if err != nil {
-		return nil, err
-	}
-	return res, nil
-}
-
-func (m Mapper) ToSelectedEventsAll() (map[string][]types.SignatureEventSelector, error) {
-	if m.isEmpty() {
-		return nil, errors.New("empty result set")
-	}
-	resJSON, err := json.Marshal(m.ResultSet[0].Expressions[0].Value)
-	if err != nil {
-		return nil, err
-	}
-	dec := json.NewDecoder(bytes.NewBuffer(resJSON))
-	dec.UseNumber()
-	var res map[string][]types.SignatureEventSelector
-	err = dec.Decode(&res)
-	if err != nil {
-		return nil, err
-	}
-	return res, nil
-}
-
-func (m Mapper) ToDataAll() (map[string]interface{}, error) {
-	if m.isEmpty() {
-		return nil, errors.New("empty result set")
-	}
-	values, ok := m.ResultSet[0].Expressions[0].Value.(map[string]interface{})
-	if !ok {
-		return nil, fmt.Errorf("unrecognized value: %T", m.ResultSet[0].Expressions[0].Value)
-	}
-	return values, nil
-}
-
-func (m Mapper) isEmpty() bool {
-	rs := m.ResultSet
-	return len(rs) == 0 || len(rs[0].Expressions) == 0 || rs[0].Expressions[0].Value == nil
-}
diff --git a/goldens/tracee-sigs/rego/regosig/mapper_test.go b/goldens/tracee-sigs/rego/regosig/mapper_test.go
deleted file mode 100644
index 0dcb347..0000000
--- a/goldens/tracee-sigs/rego/regosig/mapper_test.go
+++ /dev/null
@@ -1 +0,0 @@
-package regosig_test
diff --git a/goldens/tracee-sigs/rego/regosig/traceerego.go b/goldens/tracee-sigs/rego/regosig/traceerego.go
deleted file mode 100644
index 13d0b5c..0000000
--- a/goldens/tracee-sigs/rego/regosig/traceerego.go
+++ /dev/null
@@ -1,227 +0,0 @@
-package regosig
-
-import (
-	"bytes"
-	"context"
-	"encoding/json"
-	"fmt"
-	"regexp"
-	"strings"
-
-	tracee "github.com/aquasecurity/tracee/tracee-ebpf/external"
-	"github.com/aquasecurity/tracee/tracee-rules/engine"
-	"github.com/aquasecurity/tracee/tracee-rules/types"
-	"github.com/open-policy-agent/opa/ast"
-	"github.com/open-policy-agent/opa/rego"
-)
-
-// RegoSignature is an abstract signature that is implemented in rego
-// each struct instance is associated with a rego file
-// the rego file declares the following rules:
-// __rego_metadoc__: a *document* rule that defines the rule's metadata (see GetMetadata())
-// tracee_selected_events: a *set* rule that defines the event selectors (see GetSelectedEvent())
-// tracee_match: a *boolean*, or a *document* rule that defines the logic of the signature (see OnEvent())
-type RegoSignature struct {
-	cb             types.SignatureHandler
-	compiledRego   *ast.Compiler
-	matchPQ        rego.PreparedEvalQuery
-	metadata       types.SignatureMetadata
-	selectedEvents []types.SignatureEventSelector
-}
-
-const queryMatch string = "data.%s.tracee_match"
-const querySelectedEvents string = "data.%s.tracee_selected_events"
-const queryMetadata string = "data.%s.__rego_metadoc__"
-const packageNameRegex string = `package\s.*`
-
-// NewRegoSignature creates a new RegoSignature with the provided rego code string
-func NewRegoSignature(target string, partialEval bool, regoCodes ...string) (types.Signature, error) {
-	var err error
-	res := RegoSignature{}
-	regoMap := make(map[string]string)
-
-	re := regexp.MustCompile(packageNameRegex)
-
-	var pkgName string
-	for _, regoCode := range regoCodes {
-		var regoModuleName string
-		splittedName := strings.Split(re.FindString(regoCode), " ")
-		if len(splittedName) > 1 {
-			regoModuleName = splittedName[1]
-		} else {
-			return nil, fmt.Errorf("invalid rego code received")
-		}
-		if !strings.Contains(regoCode, "package tracee.helpers") {
-			pkgName = regoModuleName
-		}
-		regoMap[regoModuleName] = regoCode
-	}
-
-	res.compiledRego, err = ast.CompileModules(regoMap)
-	if err != nil {
-		return nil, err
-	}
-
-	ctx := context.Background()
-	if partialEval {
-		pr, err := rego.New(
-
-			rego.Compiler(res.compiledRego),
-			rego.Query(fmt.Sprintf(queryMatch, pkgName)),
-		).PartialResult(ctx)
-		if err != nil {
-			return nil, err
-		}
-
-		res.matchPQ, err = pr.Rego(rego.Target(target)).PrepareForEval(ctx)
-		if err != nil {
-			return nil, err
-		}
-	} else {
-		res.matchPQ, err = rego.New(
-			rego.Target(target),
-			rego.Compiler(res.compiledRego),
-			rego.Query(fmt.Sprintf(queryMatch, pkgName)),
-		).PrepareForEval(ctx)
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	res.metadata, err = res.getMetadata(pkgName)
-	if err != nil {
-		return nil, err
-	}
-	res.selectedEvents, err = res.getSelectedEvents(pkgName)
-	if err != nil {
-		return nil, err
-	}
-	return &res, nil
-}
-
-// Init implements the Signature interface by resetting internal state
-func (sig *RegoSignature) Init(cb types.SignatureHandler) error {
-	sig.cb = cb
-	return nil
-}
-
-// GetMetadata implements the Signature interface by evaluating the Rego policy's __rego_metadoc__ rule
-// this is a *document* rule that defines the rule's metadata
-// based on WIP Rego convention for describing policy metadata: https://hackmd.io/@ZtQnh19kS26YiNlJLqKJnw/H1gAv5nBw
-func (sig *RegoSignature) GetMetadata() (types.SignatureMetadata, error) {
-	return sig.metadata, nil
-}
-
-func (sig *RegoSignature) getMetadata(pkgName string) (types.SignatureMetadata, error) {
-	evalRes, err := sig.evalQuery(fmt.Sprintf(queryMetadata, pkgName))
-	if err != nil {
-		return types.SignatureMetadata{}, err
-	}
-	resJSON, err := json.Marshal(evalRes)
-	if err != nil {
-		return types.SignatureMetadata{}, err
-	}
-	dec := json.NewDecoder(bytes.NewBuffer(resJSON))
-	dec.UseNumber()
-	var res types.SignatureMetadata
-	err = dec.Decode(&res)
-	if err != nil {
-		return types.SignatureMetadata{}, err
-	}
-	return res, nil
-}
-
-// GetSelectedEvents implements the Signature interface by evaluating the Rego policy's tracee_selected_events rule
-// this is a *set* rule that defines the rule's SelectedEvents
-func (sig *RegoSignature) GetSelectedEvents() ([]types.SignatureEventSelector, error) {
-	return sig.selectedEvents, nil
-}
-
-func (sig *RegoSignature) getSelectedEvents(pkgName string) ([]types.SignatureEventSelector, error) {
-	evalRes, err := sig.evalQuery(fmt.Sprintf(querySelectedEvents, pkgName))
-	if err != nil {
-		return nil, err
-	}
-	resJSON, err := json.Marshal(evalRes)
-	if err != nil {
-		return nil, err
-	}
-	var res []types.SignatureEventSelector
-	err = json.Unmarshal(resJSON, &res)
-	if err != nil {
-		return nil, err
-	}
-	return res, nil
-}
-
-// OnEvent implements the Signature interface by evaluating the Rego policy's tracee_match rule
-// this is a *boolean* or a *document* rule that defines the logic of the signature
-// if bool is "returned", a true evaluation will generate a Finding with no data
-// if document is "returned", any non-empty evaluation will generate a Finding with the document as the Finding's "Data"
-func (sig *RegoSignature) OnEvent(e types.Event) error {
-	var input rego.EvalOption
-	var ee tracee.Event
-
-	// TODO(danielpacak) OnEvent is called very often. Hence, check what's the performance impact of Go type switch here.
-	switch v := e.(type) {
-	// This case is for backward compatibility. From OPA Go SDK stand point it's more efficient to enter ParsedEvent case.
-	case tracee.Event:
-		ee = e.(tracee.Event)
-		input = rego.EvalInput(e)
-	case engine.ParsedEvent:
-		pe := e.(engine.ParsedEvent)
-		ee = pe.Event
-		input = rego.EvalParsedInput(pe.Value)
-	default:
-		return fmt.Errorf("unrecognized event type: %T", v)
-	}
-	results, err := sig.matchPQ.Eval(context.TODO(), input)
-	if err != nil {
-		return fmt.Errorf("evaluating rego: %w", err)
-	}
-
-	if len(results) > 0 && len(results[0].Expressions) > 0 && results[0].Expressions[0].Value != nil {
-		switch v := results[0].Expressions[0].Value.(type) {
-		case bool:
-			if v {
-				sig.cb(types.Finding{
-					Data:        nil,
-					Context:     ee,
-					SigMetadata: sig.metadata,
-				})
-			}
-		case map[string]interface{}:
-			sig.cb(types.Finding{
-				Data:        v,
-				Context:     ee,
-				SigMetadata: sig.metadata,
-			})
-		}
-	}
-	return nil
-}
-
-// OnSignal implements the Signature interface by handling lifecycle events of the signature
-func (sig *RegoSignature) OnSignal(signal types.Signal) error {
-	return fmt.Errorf("function OnSignal is not implemented")
-}
-
-func (sig *RegoSignature) Close() {}
-
-func (sig *RegoSignature) evalQuery(query string) (interface{}, error) {
-	pq, err := rego.New(
-		rego.Compiler(sig.compiledRego),
-		rego.Query(query),
-	).PrepareForEval(context.TODO())
-	if err != nil {
-		return nil, err
-	}
-	evalRes, err := pq.Eval(context.TODO())
-	if err != nil {
-		return nil, err
-	}
-	if len(evalRes) > 0 && len(evalRes[0].Expressions) > 0 && evalRes[0].Expressions[0].Value != nil {
-		return evalRes[0].Expressions[0].Value, nil
-	}
-	return nil, nil
-}
diff --git a/goldens/tracee-sigs/rego/regosig/traceerego_test.go b/goldens/tracee-sigs/rego/regosig/traceerego_test.go
deleted file mode 100644
index d4905d8..0000000
--- a/goldens/tracee-sigs/rego/regosig/traceerego_test.go
+++ /dev/null
@@ -1,372 +0,0 @@
-package regosig_test
-
-import (
-	"encoding/json"
-	"fmt"
-	"os"
-	"testing"
-
-	tracee "github.com/aquasecurity/tracee/tracee-ebpf/external"
-	"github.com/aquasecurity/tracee/tracee-rules/engine"
-	"github.com/aquasecurity/tracee/tracee-rules/signatures/rego/regosig"
-	"github.com/aquasecurity/tracee/tracee-rules/types"
-	"github.com/open-policy-agent/opa/compile"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestRegoSignature_GetMetadata(t *testing.T) {
-	sig, err := regosig.NewRegoSignature(compile.TargetRego, false, testRegoCodeBoolean)
-	require.NoError(t, err)
-
-	metadata, err := sig.GetMetadata()
-	require.NoError(t, err)
-	assert.Equal(t, types.SignatureMetadata{
-		ID:          "TRC-BOOL",
-		Version:     "0.1.0",
-		Name:        "test name",
-		Description: "test description",
-		Tags: []string{
-			"tag1",
-			"tag2",
-		},
-		Properties: map[string]interface{}{
-			"p1": "test",
-			"p2": json.Number("1"),
-			"p3": true,
-		},
-	}, metadata)
-}
-
-func TestRegoSignature_GetSelectedEvents(t *testing.T) {
-	sig, err := regosig.NewRegoSignature(compile.TargetRego, false, testRegoCodeBoolean)
-	require.NoError(t, err)
-	events, err := sig.GetSelectedEvents()
-	require.NoError(t, err)
-	assert.Equal(t, []types.SignatureEventSelector{
-		{
-			Source: "tracee",
-			Name:   "execve",
-		},
-	}, events)
-}
-
-func TestRegoSignature_OnEvent(t *testing.T) {
-	options := []struct {
-		target  string
-		partial bool
-	}{
-		{
-			target:  compile.TargetRego,
-			partial: false,
-		},
-		{
-			target:  compile.TargetRego,
-			partial: true,
-		},
-		//{
-		//	target:  compile.TargetWasm,
-		//	partial: false,
-		//},
-		//{
-		//	target:  compile.TargetWasm,
-		//	partial: true,
-		//},
-	}
-
-	for _, tc := range options {
-		t.Run(fmt.Sprintf("target=%s,partial=%t", tc.target, tc.partial), func(t *testing.T) {
-			OnEventSpec(t, tc.target, tc.partial)
-		})
-	}
-
-}
-
-// OnEventSpec describes the behavior of RegoSignature.OnEvent.
-func OnEventSpec(t *testing.T, target string, partial bool) {
-	testCases := []struct {
-		name       string
-		regoCode   string
-		event      tracee.Event
-		parseEvent bool
-
-		finding *types.Finding
-		error   string
-	}{
-		{
-			name:     "Should trigger finding when tracee_match rule returns boolean and event matches",
-			regoCode: testRegoCodeBoolean,
-			event: tracee.Event{
-				Args: []tracee.Argument{
-					{
-						ArgMeta: tracee.ArgMeta{
-							Name: "doesn't matter",
-						},
-						Value: "ends with yo",
-					},
-				},
-			},
-			finding: &types.Finding{
-				Data: nil,
-				Context: tracee.Event{
-					Args: []tracee.Argument{
-						{
-							ArgMeta: tracee.ArgMeta{
-								Name: "doesn't matter",
-							},
-							Value: "ends with yo",
-						},
-					},
-				},
-				SigMetadata: types.SignatureMetadata{
-					ID:          "TRC-BOOL",
-					Version:     "0.1.0",
-					Name:        "test name",
-					Description: "test description",
-					Tags: []string{
-						"tag1",
-						"tag2",
-					},
-					Properties: map[string]interface{}{
-						"p1": "test",
-						"p2": json.Number("1"),
-						"p3": true,
-					},
-				},
-			},
-		},
-		{
-			name:     "Should trigger finding when tracee_match rule returns boolean and parsed event matches",
-			regoCode: testRegoCodeBoolean,
-			event: tracee.Event{
-				Args: []tracee.Argument{
-					{
-						ArgMeta: tracee.ArgMeta{
-							Name: "doesn't matter",
-						},
-						Value: "ends with yo",
-					},
-				},
-			},
-			parseEvent: true,
-			finding: &types.Finding{
-				Data: nil,
-				Context: tracee.Event{
-					Args: []tracee.Argument{
-						{
-							ArgMeta: tracee.ArgMeta{
-								Name: "doesn't matter",
-							},
-							Value: "ends with yo",
-						},
-					},
-				},
-				SigMetadata: types.SignatureMetadata{
-					ID:          "TRC-BOOL",
-					Version:     "0.1.0",
-					Name:        "test name",
-					Description: "test description",
-					Tags: []string{
-						"tag1",
-						"tag2",
-					},
-					Properties: map[string]interface{}{
-						"p1": "test",
-						"p2": json.Number("1"),
-						"p3": true,
-					},
-				},
-			},
-		},
-		{
-			name:     "Shouldn't trigger finding when tracee_match rule returns boolean but event doesn't match",
-			regoCode: testRegoCodeBoolean,
-			event: tracee.Event{
-				Args: []tracee.Argument{
-					{
-						ArgMeta: tracee.ArgMeta{
-							Name: "doesn't matter",
-						},
-						Value: "doesn't end with yo!",
-					},
-				},
-			},
-			finding: nil,
-		},
-		{
-			name:     "Should trigger finding when tracee_match rule returns object and event matches",
-			regoCode: testRegoCodeObject,
-			event: tracee.Event{
-				Args: []tracee.Argument{
-					{
-						ArgMeta: tracee.ArgMeta{
-							Name: "doesn't matter",
-						},
-						Value: "ends with yo",
-					},
-					{
-						ArgMeta: tracee.ArgMeta{
-							Name: "doesn't matter",
-						},
-						Value: 1337,
-					},
-				},
-			},
-			finding: &types.Finding{
-				Data: map[string]interface{}{
-					"p1": "test",
-					"p2": json.Number("1"),
-					"p3": true,
-				},
-				Context: tracee.Event{
-					Args: []tracee.Argument{
-						{
-							ArgMeta: tracee.ArgMeta{
-								Name: "doesn't matter",
-							},
-							Value: "ends with yo",
-						},
-						{
-							ArgMeta: tracee.ArgMeta{
-								Name: "doesn't matter",
-							},
-							Value: 1337,
-						},
-					},
-				},
-				SigMetadata: types.SignatureMetadata{
-					ID:          "TRC-OBJECT",
-					Version:     "0.3.0",
-					Name:        "test name",
-					Description: "test description",
-					Tags: []string{
-						"tag1",
-						"tag2",
-					},
-					Properties: map[string]interface{}{
-						"p1": "test",
-						"p2": json.Number("1"),
-						"p3": true,
-					},
-				},
-			},
-		},
-		{
-			name:     "Should trigger finding when tracee_match rule returns object and parsed event matches",
-			regoCode: testRegoCodeObject,
-			event: tracee.Event{
-				Args: []tracee.Argument{
-					{
-						ArgMeta: tracee.ArgMeta{
-							Name: "doesn't matter",
-						},
-						Value: "ends with yo",
-					},
-					{
-						ArgMeta: tracee.ArgMeta{
-							Name: "doesn't matter",
-						},
-						Value: 1337,
-					},
-				},
-			},
-			parseEvent: true,
-			finding: &types.Finding{
-				Data: map[string]interface{}{
-					"p1": "test",
-					"p2": json.Number("1"),
-					"p3": true,
-				},
-				Context: tracee.Event{
-					Args: []tracee.Argument{
-						{
-							ArgMeta: tracee.ArgMeta{
-								Name: "doesn't matter",
-							},
-							Value: "ends with yo",
-						},
-						{
-							ArgMeta: tracee.ArgMeta{
-								Name: "doesn't matter",
-							},
-							Value: 1337,
-						},
-					},
-				},
-				SigMetadata: types.SignatureMetadata{
-					ID:          "TRC-OBJECT",
-					Version:     "0.3.0",
-					Name:        "test name",
-					Description: "test description",
-					Tags: []string{
-						"tag1",
-						"tag2",
-					},
-					Properties: map[string]interface{}{
-						"p1": "test",
-						"p2": json.Number("1"),
-						"p3": true,
-					},
-				},
-			},
-		},
-		{
-			name:     "Shouldn't trigger finding when tracee_match rule returns object but event doesn't match",
-			regoCode: testRegoCodeObject,
-			event: tracee.Event{
-				Args: []tracee.Argument{
-					{
-						ArgMeta: tracee.ArgMeta{
-							Name: "doesn't matter",
-						},
-						Value: "yo is not at end",
-					},
-				},
-			},
-			finding: nil,
-		},
-	}
-
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			sig, err := regosig.NewRegoSignature(target, partial, tc.regoCode)
-			require.NoError(t, err)
-
-			holder := &findingsHolder{}
-			err = sig.Init(holder.OnFinding)
-			require.NoError(t, err)
-
-			var event interface{}
-
-			if tc.parseEvent {
-				event, err = engine.ToParsedEvent(tc.event)
-				require.NoError(t, err)
-			} else {
-				event = tc.event
-			}
-
-			err = sig.OnEvent(event)
-			if tc.error != "" {
-				assert.EqualError(t, err, tc.error)
-			} else {
-				require.NoError(t, err)
-				assert.Equal(t, tc.finding, holder.FirstValue())
-			}
-		})
-	}
-
-	t.Run("Should return error when event has unrecognized type", func(t *testing.T) {
-		sig, err := regosig.NewRegoSignature(target, partial, testRegoCodeBoolean)
-		require.NoError(t, err)
-
-		err = sig.OnEvent("UNRECOGNIZED")
-		assert.EqualError(t, err, "unrecognized event type: string")
-	})
-}
-
-func TestRegoSignature_OnSignal(t *testing.T) {
-	sig, err := regosig.NewRegoSignature(compile.TargetRego, false, testRegoCodeBoolean)
-	require.NoError(t, err)
-	err = sig.OnSignal(os.Kill)
-	assert.EqualError(t, err, "function OnSignal is not implemented")
-}