diff --git a/tools/sigma/backends/limacharlie.py b/tools/sigma/backends/limacharlie.py
index a16da3384..a847cb955 100644
--- a/tools/sigma/backends/limacharlie.py
+++ b/tools/sigma/backends/limacharlie.py
@@ -138,6 +138,20 @@ _allFieldMappings = {
             postOpMapper = _mapProcessCreationOperations,
             isCaseSensitive = []
         ),
+        "windows/dns_query/": SigmaLCConfig(
+            topLevelParams = {
+                "event": "DNS_REQUEST",
+            },
+            preConditions = None,
+            fieldMappings = {
+                "QueryName": "event/DOMAIN_NAME",
+                "Image": "event/FILE_PATH",
+            },
+            isAllStringValues = False,
+            keywordField = None,
+            postOpMapper = None,
+            isCaseSensitive = []
+        ),
         "dns//": SigmaLCConfig(
             topLevelParams = {
                 "event": "DNS_REQUEST",
@@ -151,7 +165,7 @@ _allFieldMappings = {
             postOpMapper = None,
             isCaseSensitive = []
         ),
-        "linux//": SigmaLCConfig(
+        "linux/process_creation/": SigmaLCConfig(
             topLevelParams = {
                 "events": [
                     "NEW_PROCESS",
@@ -164,12 +178,39 @@ _allFieldMappings = {
             fieldMappings = {
                 "exe": "event/FILE_PATH",
                 "type": None,
+                "CommandLine": "event/COMMAND_LINE",
+                "Image": "event/FILE_PATH",
+                "ParentImage": "event/PARENT/FILE_PATH",
+                "ParentCommandLine": "event/PARENT/COMMAND_LINE",
+                "User": "event/USER_NAME",
+                "OriginalFileName": "event/ORIGINAL_FILE_NAME",
+                "OriginalFilename": "event/ORIGINAL_FILE_NAME",
             },
             isAllStringValues = False,
             keywordField = 'event/COMMAND_LINE',
             postOpMapper = None,
             isCaseSensitive = ['event/FILE_PATH']
         ),
+        "linux/file_event/": SigmaLCConfig(
+            topLevelParams = {
+                "events": [
+                    "FILE_CREATE",
+                    "FILE_DELETE",
+                    "FILE_MODIFIED",
+                    "NEW_DOCUMENT",
+                ]
+            },
+            preConditions = {
+                "op": "is linux",
+            },
+            fieldMappings = {
+                "TargetFilename": "event/FILE_PATH",
+            },
+            isAllStringValues = False,
+            keywordField = None,
+            postOpMapper = None,
+            isCaseSensitive = ['event/FILE_PATH']
+        ),
         "unix//": SigmaLCConfig(
             topLevelParams = {
                 "events": [
@@ -250,6 +291,26 @@ _allFieldMappings = {
             postOpMapper = _mapProcessCreationOperations,
             isCaseSensitive = ['event/FILE_PATH']
         ),
+        "macos/file_event/": SigmaLCConfig(
+            topLevelParams = {
+                "events": [
+                    "FILE_CREATE",
+                    "FILE_DELETE",
+                    "FILE_MODIFIED",
+                    "NEW_DOCUMENT",
+                ]
+            },
+            preConditions = {
+                "op": "is mac",
+            },
+            fieldMappings = {
+                "TargetFilename": "event/FILE_PATH",
+            },
+            isAllStringValues = False,
+            keywordField = None,
+            postOpMapper = None,
+            isCaseSensitive = ['event/FILE_PATH']
+        ),
     },
     "artifact": {
         "windows//": SigmaLCConfig(
@@ -558,7 +619,7 @@ class LimaCharlieBackend(BaseBackend):
                 result = {
                     "op": "matches",
                     "path": fieldname,
-                    "re": re.compile(value),
+                    "re": str(value),
                 }
                 if self._postOpMapper is not None:
                     result = self._postOpMapper(result)