diff --git a/tools/config/hawk.yml b/tools/config/hawk.yml
index 0fd1fb251..22b09f61d 100644
--- a/tools/config/hawk.yml
+++ b/tools/config/hawk.yml
@@ -423,6 +423,7 @@ fieldmappings:
   ProcessCommandLine: command
   ParentCommandLine: parent_command
   IMPHASH: file_hash_imphash
+  Imphash: file_hash_imphash
   SHA256: file_hash_sha256
   MD5: file_hash_md5
   SHA1: file_hash_sha1
@@ -464,7 +465,6 @@ fieldmappings:
   ObjectValueName: object_name
   ObjectName: object_name
   DeviceClassName: object_name
-  Details: object_target
   CallTrace: calltrace
   IpAddress: ip_src
   WorkstationName: hostname_src
diff --git a/tools/sigma/backends/hawk.py b/tools/sigma/backends/hawk.py
index 7a61fe1e6..10c8b8766 100644
--- a/tools/sigma/backends/hawk.py
+++ b/tools/sigma/backends/hawk.py
@@ -673,7 +673,7 @@ class HAWKBackend(SingleTextQueryBackend):
             record["tags"] = record['tags'] + [ item.replace("attack.", "") for item in sigmaparser.parsedyaml['tags']]
 
         if not 'status' in self.sigmaparser.parsedyaml or 'status' in self.sigmaparser.parsedyaml and self.sigmaparser.parsedyaml['status'] != 'experimental':
-            record['correlation_action'] += 10.0;
+            record['correlation_action'] += 5.0;
         elif 'status' in self.sigmaparser.parsedyaml and self.sigmaparser.parsedyaml['status'] == 'experimental':
             record["tags"].append("qa")
         if 'falsepositives' in self.sigmaparser.parsedyaml and len(self.sigmaparser.parsedyaml['falsepositives']) > 1:
@@ -685,11 +685,15 @@ class HAWKBackend(SingleTextQueryBackend):
             elif self.sigmaparser.parsedyaml['level'].lower() == 'high':
                 record['correlation_action'] += 10.0;
             elif self.sigmaparser.parsedyaml['level'].lower() == 'medium':
-                record['correlation_action'] += 5.0;
+                # record['correlation_action'] += 0.0;
+                pass
             elif self.sigmaparser.parsedyaml['level'].lower() == 'low':
-                record['correlation_action'] -= 5.0;
+                record['correlation_action'] -= 10.0;
             elif self.sigmaparser.parsedyaml['level'].lower() == 'informational':
                 record['correlation_action'] -= 15.0;
+
+        if record['correlation_action'] < 0.0:
+            record['correlation_action'] = 0.0
        
         return json.dumps(record)