diff --git a/tools/sigma/backends/elasticsearch.py b/tools/sigma/backends/elasticsearch.py
index 35809162b..297de2054 100644
--- a/tools/sigma/backends/elasticsearch.py
+++ b/tools/sigma/backends/elasticsearch.py
@@ -35,7 +35,7 @@ class ElasticsearchWildcardHandlingMixin(object):
             ("keyword_field", "keyword", "Keyword sub-field name", None),
             ("keyword_blacklist", None, "Fields that don't have a keyword subfield (wildcards * and ? allowed)", None)
             )
-    reContainsWildcard = re.compile("(?<!\\\\)[*?]").search
+    reContainsWildcard = re.compile("(?:(?<!\\\\)|\\\\\\\\)[*?]").search
 
     def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)
@@ -48,7 +48,8 @@ class ElasticsearchWildcardHandlingMixin(object):
     def containsWildcard(self, value):
         """Determine if value contains wildcard."""
         if type(value) == str:
-            return self.reContainsWildcard(value)
+            res = self.reContainsWildcard(value)
+            return res
         else:
             return False