diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2f2b02f8ad..58c6ffd9ac 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -30,6 +30,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - feat(events)!: add config.merge option [#2643]
 - feat(terraform)!: expect load_config_file to be not set [#2648]
 - feat(otellogs)!: add config.merge option [#2652]
+- chore!: upgrade falco to 2.4.2 [#2659]
 - chore!: move parameters from `fluentd.logs.containers` to `sumologic.logs.container` [#2635]
   - move `fluentd.logs.containers.sourceHost` to `sumologic.logs.container.sourceHost`
   - move `fluentd.logs.containers.sourceName` to `sumologic.logs.container.sourceName`
@@ -144,6 +145,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [#2649]: https://github.com/SumoLogic/sumologic-kubernetes-collection/pull/2649
 [#2654]: https://github.com/SumoLogic/sumologic-kubernetes-collection/pull/2654
 [#2652]: https://github.com/SumoLogic/sumologic-kubernetes-collection/pull/2652
+[#2659]: https://github.com/SumoLogic/sumologic-kubernetes-collection/pull/2659
 [#2635]: https://github.com/SumoLogic/sumologic-kubernetes-collection/pull/2635
 [#2660]: https://github.com/SumoLogic/sumologic-kubernetes-collection/pull/2660
 [#2661]: https://github.com/SumoLogic/sumologic-kubernetes-collection/pull/2661
diff --git a/deploy/helm/sumologic/Chart.yaml b/deploy/helm/sumologic/Chart.yaml
index 2dd4e8d007..5066e1a7a8 100644
--- a/deploy/helm/sumologic/Chart.yaml
+++ b/deploy/helm/sumologic/Chart.yaml
@@ -21,7 +21,7 @@ dependencies:
     repository: https://prometheus-community.github.io/helm-charts
     condition: kube-prometheus-stack.enabled,sumologic.metrics.enabled
   - name: falco
-    version: 1.18.6
+    version: 2.4.2
     repository: https://falcosecurity.github.io/charts
     condition: falco.enabled
   - name: metrics-server
diff --git a/deploy/helm/sumologic/values.yaml b/deploy/helm/sumologic/values.yaml
index c01e4bd346..3403e5e2da 100644
--- a/deploy/helm/sumologic/values.yaml
+++ b/deploy/helm/sumologic/values.yaml
@@ -4248,43 +4248,52 @@ falco:
   enabled: false
   image:
     registry: public.ecr.aws
-    repository: sumologic/falco
+    # repository: falcosecurity/falco-no-driver
     # pullSecrets: []
 
   ## Add kernel-devel package through MachineConfig, required to enable building of missing falco modules (only for OpenShift)
   addKernelDevel: true
-  ## Add initContainers to Falco pod
-  extraInitContainers:
-    ## Add initContainer to wait until kernel-devel is installed on host
-    - name: init-falco
-      image: public.ecr.aws/docker/library/busybox
-      command:
-        - 'sh'
-        - '-c'
-        - |
-          while [ -f /host/etc/redhat-release ] && [ -z "$(ls /host/usr/src/kernels)" ] ; do
-          echo "waiting for kernel headers to be installed"
-          sleep 3
-          done
-      volumeMounts:
-        - mountPath: /host/usr
-          name: usr-fs
-          readOnly: true
-        - mountPath: /host/etc
-          name: etc-fs
-          readOnly: true
+
+  extra:
+    initContainers:
+      ## Add initContainer to wait until kernel-devel is installed on host
+      - name: init-falco
+        image: public.ecr.aws/docker/library/busybox
+        command:
+          - 'sh'
+          - '-c'
+          - |
+            while [ -f /host/etc/redhat-release ] && [ -z "$(ls /host/usr/src/kernels)" ] ; do
+            echo "waiting for kernel headers to be installed"
+            sleep 3
+            done
+        volumeMounts:
+          - mountPath: /host/usr
+            name: usr-fs
+            readOnly: true
+          - mountPath: /host/etc
+            name: etc-fs
+            readOnly: true
+
+  driver:
   ## Enable eBPF support for Falco instead of falco-probe kernel module.
-  ## Set to true for GKE, for details see:
   ## https://github.com/SumoLogic/sumologic-kubernetes-collection/blob/main/docs/troubleshoot-collection.md#falco-and-google-kubernetes-engine-gke
-  # ebpf:
-  #   enabled: true
+  #   kind: ebpf
+    loader:
+      initContainer:
+        image:
+          registry: public.ecr.aws
+          # repository: falcosecurity/falco-driver-loader
   falco:
-    jsonOutput: true
+    load_plugins:
+      - json
+      - k8saudit
+    json_output: true
     ## The location of the rules file(s). This can contain one or more paths to
     ## separate rules files.
     ## Explicitly add missing /etc/falco/rules.available/application_rules.yaml
     ## before https://github.com/falcosecurity/charts/issues/230 gets resolved.
-    rulesFile:
+    rules_file:
       - /etc/falco/falco_rules.yaml
       - /etc/falco/falco_rules.local.yaml
       - /etc/falco/k8s_audit_rules.yaml
diff --git a/docs/best-practices.md b/docs/best-practices.md
index 68c4cf2c9a..85046abe0e 100644
--- a/docs/best-practices.md
+++ b/docs/best-practices.md
@@ -859,11 +859,9 @@ Available log levels can be found in Falco's documentation here: https://falco.o
 falco:
   ## Set the enabled flag to false to disable falco.
   enabled: true
-  #ebpf:
-  #  enabled: true
   falco:
-    jsonOutput: true
-    loglevel: debug
+    json_output: true
+    log_level: debug
 ```
 
 ## Overriding metadata using annotations
diff --git a/docs/troubleshoot-collection.md b/docs/troubleshoot-collection.md
index 0bce161128..f15baca7c8 100644
--- a/docs/troubleshoot-collection.md
+++ b/docs/troubleshoot-collection.md
@@ -463,8 +463,8 @@ For more information see [Falco documentation](https://falco.org/docs/getting-st
 To install on `GKE`, use the provided override file to customize your configuration and uncomment the following lines in the `values.yaml` file referenced below:
 
 ```
-  #ebpf:
-  #  enabled: true
+  #driver:
+  #  kind: ebpf
 ```
 
 ### Falco and OpenShift
diff --git a/docs/v3-migration-doc.md b/docs/v3-migration-doc.md
index 834b9e0f5e..5b529c7b95 100644
--- a/docs/v3-migration-doc.md
+++ b/docs/v3-migration-doc.md
@@ -33,6 +33,8 @@ In this document we detail the changes as well as the exact steps for migration.
   or overwrite default configuration `metadata.metrics.config.override`
 - Removing support for `sumologic.cluster.load_config_file`.
   Leaving this configuration will result in setup job failure.
+- Upgrading Falco helm chart to `v2.4.2` which changed their configuration:
+  Please validate and adjust your configuration to new version according to [Falco documentation]
 
 - Moving parameters from `fluentd.logs.containers` to `sumologic.logs.container`
   - moved `fluentd.logs.containers.sourceHost` to `sumologic.logs.container.sourceHost`
@@ -183,4 +185,5 @@ Error from server: admission webhook "tailing-sidecar.sumologic.com" denied the
 
 Please try to remove pod later.
 
+[Falco documentation]: https://github.com/falcosecurity/charts/tree/falco-2.4.2/falco
 [metrics-server-upgrade]: https://github.com/bitnami/charts/tree/5b09f7a7c0d9232f5752840b6c4e5cdc56d7f796/bitnami/metrics-server#to-600