diff --git a/.cspell.json b/.cspell.json
index 629f1ace9..01b05b800 100644
--- a/.cspell.json
+++ b/.cspell.json
@@ -18,10 +18,12 @@
     "Entra",
     "minikube",
     "cloudnativepg",
+    "falcosecurity",
     "srodenhuis",
     "Traefik",
     "rbaumgar",
     "ebpf",
+    "syscalls",
     "Ficy",
     "grype",
     "minio",
diff --git a/docs/get-started/labs/detect-threats.md b/docs/get-started/labs/detect-threats.md
new file mode 100644
index 000000000..2e08abe7b
--- /dev/null
+++ b/docs/get-started/labs/detect-threats.md
@@ -0,0 +1,38 @@
+---
+slug: detect-threats
+title: Detect threats in running containers
+sidebar_label: Detect Threats
+---
+
+:::info
+Falco needs to be activated for this lab.
+:::
+
+Falco is a cloud native security tool that provides runtime security. It leverages custom rules on Linux kernel events and other data sources through plugins, enriching event data with contextual metadata to deliver real-time alerts. Falco enables the detection of abnormal behavior, potential security threats, and compliance violations.
+
+## Generate threats
+
+For this lab we'll deploy the `event-generator` in a Team namespace. The event-generator is a tool designed to generate events for both syscalls and k8s audits. The tool can be used to check if Falco is working properly. It does so by performing a variety of suspects actions which trigger security events. The event-event generator implements a minimalistic framework which makes easy to implement new actions.
+
+1. Add the falcosecurity charts repository:
+
+```bash
+helm repo add falcosecurity https://falcosecurity.github.io/charts
+helm repo update
+```
+
+2. Install the chart in the team namespace:
+
+```bash
+helm install team-labs falcosecurity/event-generator -n team-labs
+```
+
+## See the events in the detected threats in containers dashboard
+
+1. In the left menu, click on `Apps` and open `Grafana`.
+
+2. Click on the `Detected threads in containers` dashboards
+
+3. See all the generated threat events
+
+![falco-dashboard](../../img/falco-dashboard.png)
diff --git a/docs/get-started/labs/scan-containers.md b/docs/get-started/labs/scan-containers.md
index d58aef3c6..824ca166c 100644
--- a/docs/get-started/labs/scan-containers.md
+++ b/docs/get-started/labs/scan-containers.md
@@ -4,6 +4,10 @@ title: Scan your running containers for vulnerabilities
 sidebar_label: Scan Containers
 ---
 
+:::important
+Trivy Operator is not supported when installed using Akamai Connected Cloud or when running Kubernetes version 1.31.
+:::
+
 :::info
 Trivy Operator needs to be activated for this lab.
 :::
diff --git a/docs/img/falco-dashboard.png b/docs/img/falco-dashboard.png
new file mode 100644
index 000000000..132d95371
Binary files /dev/null and b/docs/img/falco-dashboard.png differ
diff --git a/sidebar-docs.js b/sidebar-docs.js
index 62c36d4ec..5edee8aa9 100644
--- a/sidebar-docs.js
+++ b/sidebar-docs.js
@@ -38,6 +38,7 @@ module.exports = {
           "get-started/labs/create-postgresql-db",
           "get-started/labs/scan-images",
           "get-started/labs/scan-containers",
+          "get-started/labs/detect-threats",
           "get-started/labs/view-logs",
           "get-started/labs/view-metrics",
           "get-started/labs/monitor-services",