diff --git a/KubeArmor/feeder/feeder.go b/KubeArmor/feeder/feeder.go
index 8917b3d0d..4cb9e1efb 100644
--- a/KubeArmor/feeder/feeder.go
+++ b/KubeArmor/feeder/feeder.go
@@ -579,6 +579,20 @@ func (fd *Feeder) PushLog(log tp.Log) {
 
 	// gRPC output
 	if log.Type == "MatchedPolicy" || log.Type == "MatchedHostPolicy" || log.Type == "SystemEvent" {
+
+		// checking throttling condition for "Audit" alerts when enforcer is 'eBPF Monitor'
+		if cfg.GlobalCfg.AlertThrottling && strings.Contains(log.Action, "Audit") && log.Enforcer == "eBPF Monitor" {
+			nsKey := fd.ContainerNsKey[log.ContainerID]
+			alert, throttle := fd.ShouldDropAlertsPerContainer(nsKey.PidNs, nsKey.MntNs)
+			if alert && throttle {
+				return
+			} else if alert && !throttle {
+				log.Operation = "AlertThreshold"
+				log.Type = "SystemEvent"
+				log.MaxAlertsPerSec = int32(cfg.GlobalCfg.MaxAlertPerSec)
+				log.DroppingAlertsInterval = int32(cfg.GlobalCfg.ThrottleSec)
+			}
+		}
 		pbAlert := pb.Alert{}
 
 		pbAlert.Timestamp = log.Timestamp
diff --git a/KubeArmor/feeder/policyMatcher.go b/KubeArmor/feeder/policyMatcher.go
index 9970c228b..c1063d466 100644
--- a/KubeArmor/feeder/policyMatcher.go
+++ b/KubeArmor/feeder/policyMatcher.go
@@ -1741,20 +1741,6 @@ func (fd *Feeder) UpdateMatchedPolicy(log tp.Log) tp.Log {
 				return tp.Log{}
 			}
 
-			// check for throttling for "Audit" alerts
-			if cfg.GlobalCfg.AlertThrottling && strings.Contains(log.Action, "Audit") {
-				nsKey := fd.ContainerNsKey[log.ContainerID]
-				alert, throttle := fd.ShouldDropAlertsPerContainer(nsKey.PidNs, nsKey.MntNs)
-				if alert && throttle {
-					return tp.Log{}
-				} else if alert && !throttle {
-					log.Operation = "AlertThreshold"
-					log.Type = "SystemEvent"
-					log.MaxAlertsPerSec = int32(cfg.GlobalCfg.MaxAlertPerSec)
-					log.DroppingAlertsInterval = int32(cfg.GlobalCfg.ThrottleSec)
-				}
-			}
-
 			return log
 		}
 	} else { // host
@@ -1784,20 +1770,6 @@ func (fd *Feeder) UpdateMatchedPolicy(log tp.Log) tp.Log {
 				return tp.Log{}
 			}
 
-			// check for throttling for "Audit" alerts
-			if cfg.GlobalCfg.AlertThrottling && strings.Contains(log.Action, "Audit") {
-				nsKey := fd.ContainerNsKey[log.ContainerID]
-				alert, throttle := fd.ShouldDropAlertsPerContainer(nsKey.PidNs, nsKey.MntNs)
-				if alert && throttle {
-					return tp.Log{}
-				} else if alert && !throttle {
-					log.Operation = "AlertThreshold"
-					log.Type = "SystemEvent"
-					log.MaxAlertsPerSec = int32(cfg.GlobalCfg.MaxAlertPerSec)
-					log.DroppingAlertsInterval = int32(cfg.GlobalCfg.ThrottleSec)
-				}
-			}
-
 			return log
 		}
 	}