diff --git a/tools/config/hawk.yml b/tools/config/hawk.yml
index 2930e0f25..f93f31ff0 100644
--- a/tools/config/hawk.yml
+++ b/tools/config/hawk.yml
@@ -787,7 +787,7 @@ fieldmappings:
   AccountName: target_username
   TargetDomainName: target_domain
   DnsServerIpAddress: dns_address
-  QueryName: hostname_dst
+  QueryName: dns_query
   AuthenticationPackageName: package_name
   HostProcess: image
   Application: image
@@ -846,10 +846,10 @@ fieldmappings:
   DeviceClassName: object_name
   CallTrace: calltrace
   IpAddress: ip_src
-  WorkstationName: hostname_src
-  Workstation: hostname_src
+  WorkstationName: ip_src_host
+  Workstation: ip_src_host
   DestinationIp: ip_dst
-  DestinationHostname: hostname_dst
+  DestinationHostname: ip_dst_host
   DestinationPort: ip_dport
   GrantedAccess: access_mask
   StartModule: target_process_name