diff --git a/driver/SCHEMA_VERSION b/driver/SCHEMA_VERSION
index 7524906967..d76bd2ba3e 100644
--- a/driver/SCHEMA_VERSION
+++ b/driver/SCHEMA_VERSION
@@ -1 +1 @@
-2.16.0
+2.17.0
diff --git a/driver/bpf/fillers.h b/driver/bpf/fillers.h
index 17c7ae7081..e87c2c160b 100644
--- a/driver/bpf/fillers.h
+++ b/driver/bpf/fillers.h
@@ -5802,8 +5802,8 @@ FILLER(sys_bpf_x, true)
 	bpf_push_s64_to_ring(data, fd);
 
 	/* Parameter 2: cmd (type: PT_INT32) */
-	int32_t cmd = (int32_t)bpf_syscall_get_argument(data, 0);
-	return bpf_push_s32_to_ring(data, cmd);
+	unsigned long cmd = bpf_syscall_get_argument(data, 0);
+	return bpf_push_s32_to_ring(data, (int32_t)bpf_cmd_to_scap(cmd));
 }
 
 FILLER(sys_unlinkat_x, true)
diff --git a/driver/event_table.c b/driver/event_table.c
index 72aeac7dd5..9705be0925 100644
--- a/driver/event_table.c
+++ b/driver/event_table.c
@@ -421,7 +421,7 @@ const struct ppm_event_info g_event_info[] = {
 	[PPME_SYSCALL_DUP_1_E] = {"dup", EC_IO_OTHER | EC_SYSCALL, EF_CREATES_FD | EF_USES_FD | EF_MODIFIES_STATE, 1, {{"fd", PT_FD, PF_DEC} } },
 	[PPME_SYSCALL_DUP_1_X] = {"dup", EC_IO_OTHER | EC_SYSCALL, EF_CREATES_FD | EF_USES_FD | EF_MODIFIES_STATE, 2, {{"res", PT_FD, PF_DEC}, {"oldfd", PT_FD, PF_DEC} } },
 	[PPME_SYSCALL_BPF_2_E] = {"bpf", EC_OTHER | EC_SYSCALL, EF_CREATES_FD, 1, {{"cmd", PT_INT64, PF_DEC} } },
-	[PPME_SYSCALL_BPF_2_X] = {"bpf", EC_OTHER | EC_SYSCALL, EF_CREATES_FD, 2, { {"fd", PT_FD, PF_DEC}, {"cmd",PT_INT32, PF_DEC} } },
+	[PPME_SYSCALL_BPF_2_X] = {"bpf", EC_OTHER | EC_SYSCALL, EF_CREATES_FD, 2, { {"fd", PT_FD, PF_DEC}, {"cmd", PT_FLAGS32, PF_DEC, bpf_commands} } },
 	[PPME_SYSCALL_MLOCK2_E] = {"mlock2", EC_MEMORY | EC_SYSCALL, EF_NONE, 0},
 	[PPME_SYSCALL_MLOCK2_X] = {"mlock2", EC_MEMORY | EC_SYSCALL, EF_NONE, 4, {{"res", PT_ERRNO, PF_DEC}, {"addr", PT_UINT64, PF_HEX}, {"len", PT_UINT64, PF_DEC}, {"flags", PT_UINT32, PF_HEX, mlock2_flags}}},
 	[PPME_SYSCALL_FSCONFIG_E] = {"fsconfig", EC_SYSTEM | EC_SYSCALL, EF_NONE, 0},
diff --git a/driver/flags_table.c b/driver/flags_table.c
index 7b00743dc3..64536e0e4f 100644
--- a/driver/flags_table.c
+++ b/driver/flags_table.c
@@ -716,3 +716,12 @@ const struct ppm_name_value mknod_mode[] = {
 	{0, 0},
 };
 
+const struct ppm_name_value bpf_commands[] = {
+	{"BPF_MAP_CREATE", PPM_BPF_MAP_CREATE},
+	{"BPF_MAP_LOOKUP_ELEM", PPM_BPF_MAP_LOOKUP_ELEM},
+	{"BPF_MAP_UPDATE_ELEM", PPM_BPF_MAP_UPDATE_ELEM},
+	{"BPF_MAP_DELETE_ELEM", PPM_BPF_MAP_DELETE_ELEM},
+	{"BPF_MAP_GET_NEXT_KEY", PPM_BPF_MAP_GET_NEXT_KEY},
+	{"BPF_PROG_LOAD", PPM_BPF_PROG_LOAD},
+	{0,0},
+};
\ No newline at end of file
diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/bpf.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/bpf.bpf.c
index a481f74fc6..5e0c75cb0e 100644
--- a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/bpf.bpf.c
+++ b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/bpf.bpf.c
@@ -59,8 +59,8 @@ int BPF_PROG(bpf_x,
 	ringbuf__store_s64(&ringbuf, ret);
 
 	/* Parameter 2: cmd (type: PT_INT32) */
-	int32_t cmd = (int32_t)extract__syscall_argument(regs, 0);
-	ringbuf__store_s32(&ringbuf, cmd);
+	unsigned long cmd = extract__syscall_argument(regs, 0);
+	ringbuf__store_s32(&ringbuf,(int32_t)bpf_cmd_to_scap(cmd));
 
 
 	/*=============================== COLLECT PARAMETERS  ===========================*/
diff --git a/driver/ppm_events_public.h b/driver/ppm_events_public.h
index be0c743507..7246d6e153 100644
--- a/driver/ppm_events_public.h
+++ b/driver/ppm_events_public.h
@@ -805,6 +805,16 @@ or GPL2.txt for full copies of the license.
 #define PPM_MODULE_INIT_IGNORE_VERMAGIC     2
 #define PPM_MODULE_INIT_COMPRESSED_FILE     4
 
+/*
+ * bpf_commands 
+*/
+#define PPM_BPF_MAP_CREATE 		 (0<<1)
+#define PPM_BPF_MAP_LOOKUP_ELEM  (1<<1)
+#define PPM_BPF_MAP_UPDATE_ELEM  (1<<2)
+#define PPM_BPF_MAP_DELETE_ELEM  (1<<3)
+#define PPM_BPF_MAP_GET_NEXT_KEY (1<<4)
+#define PPM_BPF_PROG_LOAD 		 (1<<5)
+
 /*
  * Get/set the timerslack as used by poll/select/nanosleep
  * A value of 0 means "use default"
@@ -2171,10 +2181,10 @@ extern const struct ppm_name_value fchownat_flags[];
 extern const struct ppm_name_value prctl_options[];
 extern const struct ppm_name_value memfd_create_flags[];
 extern const struct ppm_name_value pidfd_open_flags[];
+extern const struct ppm_name_value bpf_commands[];
 extern const struct ppm_param_info sockopt_dynamic_param[];
 extern const struct ppm_param_info ptrace_dynamic_param[];
 extern const struct ppm_param_info bpf_dynamic_param[];
-
 /*!
   \brief Process information as returned by the PPM_IOCTL_GET_PROCLIST IOCTL.
 */
diff --git a/driver/ppm_fillers.c b/driver/ppm_fillers.c
index 7298c543a8..6c7dd86c20 100644
--- a/driver/ppm_fillers.c
+++ b/driver/ppm_fillers.c
@@ -6754,7 +6754,7 @@ int f_sys_bpf_x(struct event_filler_arguments *args)
 
 	/* Parameter 2: cmd (type: PT_INT64) */
 	syscall_get_arguments_deprecated(args, 0, 1, &val);
-	cmd = (int32_t)val;
+	cmd = (int32_t)bpf_cmd_to_scap(val);
 	res = val_to_ring(args, cmd, 0, false, 0);
 	CHECK_RES(res);
 	return add_sentinel(args);
diff --git a/driver/ppm_flag_helpers.h b/driver/ppm_flag_helpers.h
index acc3282268..13a62e1deb 100644
--- a/driver/ppm_flag_helpers.h
+++ b/driver/ppm_flag_helpers.h
@@ -2222,4 +2222,34 @@ static __always_inline uint32_t mknod_mode_to_scap(uint32_t modes)
 	return res;
 }
 
-#endif /* PPM_FLAG_HELPERS_H_ */
+static __always_inline uint32_t bpf_cmd_to_scap (unsigned long cmd){
+	switch (cmd)
+	{
+#ifdef BPF_MAP_CREATE
+	case BPF_MAP_CREATE: 
+		return PPM_BPF_MAP_CREATE;
+#endif
+#ifdef BPF_MAP_LOOKUP_ELEM
+	case BPF_MAP_LOOKUP_ELEM: 
+		return PPM_BPF_MAP_LOOKUP_ELEM;
+#endif
+#ifdef BPF_MAP_UPDATE_ELEM
+	case BPF_MAP_UPDATE_ELEM: 
+		return PPM_BPF_MAP_UPDATE_ELEM;
+#endif
+#ifdef BPF_MAP_DELETE_ELEM
+	case BPF_MAP_DELETE_ELEM: 
+		return PPM_BPF_MAP_DELETE_ELEM;
+#endif
+#ifdef BPF_MAP_GET_NEXT_KEY
+	case BPF_MAP_GET_NEXT_KEY: 
+		return PPM_BPF_MAP_GET_NEXT_KEY;
+#endif
+#ifdef BPF_PROG_LOAD
+	case BPF_PROG_LOAD:
+		return PPM_BPF_PROG_LOAD;
+#endif 	
+	}
+	return cmd;
+}
+#endif /* PPM_FLAG_HELPERS_H_ */
\ No newline at end of file
diff --git a/test/drivers/test_suites/syscall_exit_suite/bpf_x.cpp b/test/drivers/test_suites/syscall_exit_suite/bpf_x.cpp
index 5ad078ce7f..17e74cf554 100644
--- a/test/drivers/test_suites/syscall_exit_suite/bpf_x.cpp
+++ b/test/drivers/test_suites/syscall_exit_suite/bpf_x.cpp
@@ -90,9 +90,9 @@ TEST(SyscallExit, bpfX_MAP_CREATE)
 
 	/*=============================== TRIGGER SYSCALL  ===========================*/
 
-	int32_t cmd = 1;
-	union bpf_attr *attr = NULL;
-
+	int32_t cmd = BPF_MAP_CREATE;
+	union bpf_attr *attr = NULL; 
+	
 
 	/* Here we need to call the `bpf` from a child because the main process throws lots of
 	 * `bpf` syscalls to manage the bpf drivers.
@@ -148,7 +148,7 @@ TEST(SyscallExit, bpfX_MAP_CREATE)
 	/* Parameter 1: fd (type: PT_FD) */
 	evt_test->assert_numeric_param(1, errno_value);
 	/* Parameter 2: cmd (type: PT_INT32)*/
-	evt_test->assert_numeric_param(2, cmd);
+	evt_test->assert_numeric_param(2, PPM_BPF_MAP_CREATE);
 
 	/*=============================== ASSERT PARAMETERS  ===========================*/
 
diff --git a/userspace/libsinsp/test/filterchecks/evt.cpp b/userspace/libsinsp/test/filterchecks/evt.cpp
index 716c8b4450..c031d703c8 100644
--- a/userspace/libsinsp/test/filterchecks/evt.cpp
+++ b/userspace/libsinsp/test/filterchecks/evt.cpp
@@ -66,4 +66,17 @@ TEST_F(sinsp_with_test_input, EVT_FILTER_rawarg_str)
 	sinsp_evt* evt = add_event_advance_ts(increasing_ts(), 1, PPME_SYSCALL_OPEN_E, 3, path.c_str(),
 					      (uint32_t)0, (uint32_t)0);
 	ASSERT_EQ(get_field_as_string(evt, "evt.rawarg.name"), path);
+}
+
+TEST_F(sinsp_with_test_input, EVT_FILTER_cmd_str)
+{
+	add_default_init_thread();
+	
+	open_inspector();
+
+	int fd = 1;
+
+	sinsp_evt* evt = add_event_advance_ts(increasing_ts(), 1, PPME_SYSCALL_BPF_2_X, 2, fd, (uint32_t)PPM_BPF_PROG_LOAD);
+
+	ASSERT_EQ(get_field_as_string(evt, "evt.arg.cmd"), "BPF_PROG_LOAD");
 }
\ No newline at end of file