diff --git a/charts/falco-talon/rules.yaml b/charts/falco-talon/rules.yaml
index dbc9f315c..56860a748 100644
--- a/charts/falco-talon/rules.yaml
+++ b/charts/falco-talon/rules.yaml
@@ -6,12 +6,3 @@
   parameters:
     labels:
       analysis/status: "suspicious"
-
-- rule: Terminal shell in container 
-  match:
-    rules:
-      - Terminal shell in container
-    output_fields:
-      - k8s.ns.name!=kube-system, k8s.ns.name!=falco
-  actions:
-    - action: Label Pod as Suspicious
diff --git a/charts/falco-talon/rules_override.yaml b/charts/falco-talon/rules_override.yaml
deleted file mode 100644
index a75af42c4..000000000
--- a/charts/falco-talon/rules_override.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-- action: Terminate Pod
-  actionner: kubernetes:terminate
-  parameters:
-    ignore_daemonsets: true
-    ignore_statefulsets: true
-    grace_period_seconds: 2
\ No newline at end of file
diff --git a/charts/falco-talon/templates/configmap.yaml b/charts/falco-talon/templates/configmap.yaml
index fcb0998ef..fbbc2ef5e 100644
--- a/charts/falco-talon/templates/configmap.yaml
+++ b/charts/falco-talon/templates/configmap.yaml
@@ -6,7 +6,8 @@ metadata:
     {{- include "falco-talon.labels" . | nindent 4 }}
 data:
   rules.yaml: |-
-{{- range $file := .Values.config.rulesFiles -}}
-{{ $fileContent := $.Files.Get . }}
-{{- $fileContent | nindent 4 -}}
-{{- end -}}
+    {{ $.Files.Get "rules.yaml" | nindent 4 }}
+    {{- if .Values.config.rulesOverride }}
+    {{ .Values.config.rulesOverride | nindent 4 }}
+    {{- end }}
+    
diff --git a/charts/falco-talon/values.yaml b/charts/falco-talon/values.yaml
index 380cba120..2ff98e0d0 100644
--- a/charts/falco-talon/values.yaml
+++ b/charts/falco-talon/values.yaml
@@ -141,11 +141,6 @@ config:
   # -- auto reload the rules when the files change
   watchRules: true
 
-  # -- list of locale rules to load, they will be concatenated into a single config map
-  rulesFiles:
-    - rules.yaml
-    - rules_override.yaml
-
   # -- deduplication of the Falco events
   deduplication:
     # -- enable the leader election for cluster mode
@@ -156,6 +151,15 @@ config:
   # -- print in stdout all received events, not only those which match a rule
   printAllEvents: false
 
+  # User-defined additional rules for rules_override.yaml
+  rulesOverride: |
+    - action: Terminate Pod
+      actionner: kubernetes:terminate
+      parameters:
+        ignore_daemonsets: true
+        ignore_statefulsets: true
+        grace_period_seconds: 20
+
   # -- open telemetry parameters
   otel:
     # -- enable otel traces