diff --git a/observation/src/filesnoop/filesnoop.bpf.c b/observation/src/filesnoop/filesnoop.bpf.c
index 479f0cf7d2f21386061b2379854d82e56647e8a0..cfce8645ea0fd15d25348242abfd9c3f4d235291 100644
--- a/observation/src/filesnoop/filesnoop.bpf.c
+++ b/observation/src/filesnoop/filesnoop.bpf.c
@@ -31,3 +31,24 @@ struct print_value {
 	struct key_t key;
 	struct fsfilename *filename;
 };
+
+struct {
+	__uint(type, BPF_MAP_TYPE_HASH);
+	__uint(max_entries, MAX_ENTRIES);
+	__type(key, struct key_t);
+	__type(value, struct fsfilename);
+} files SEC(".maps");
+
+struct {
+	__uint(type, BPF_MAP_TYPE_HASH);
+	__uint(max_entries, MAX_ENTRIES);
+	__type(key, pid_t);
+	__type(value, struct fsfilename);
+} opens SEC(".maps");
+
+struct {
+	__uint(type, BPF_MAP_TYPE_HASH);
+	__uint(max_entries, MAX_ENTRIES);
+	__type(key, pid_t);
+	__type(value, struct print_value);
+} prints SEC(".maps");