diff --git a/tools/config/hawk.yml b/tools/config/hawk.yml
index 583e4421c..cf045ef46 100644
--- a/tools/config/hawk.yml
+++ b/tools/config/hawk.yml
@@ -150,7 +150,7 @@ logsources:
      vendor_id: "11"
  windows-file-event:
    product: windows
-   category: file_create
+   category: file_event
    conditions:
      product_name: "Sysmon"
      vendor_id: "11"
diff --git a/tools/sigma/backends/hawk.py b/tools/sigma/backends/hawk.py
index 0afa8fae3..ae5f8143d 100644
--- a/tools/sigma/backends/hawk.py
+++ b/tools/sigma/backends/hawk.py
@@ -328,7 +328,8 @@ class HAWKBackend(SingleTextQueryBackend):
         if type(value) == SigmaRegularExpressionModifier:
             value = str(value)
             value = value.replace("*", "EEEESTAREEE")
-            value = re.escape(self.generateValueNode(value, True))
+            # IS REGEX, NEVER NEED TO ESCAPE!
+            value = self.generateValueNode(value, True)
             value = value.replace("EEEESTAREEE", ".*")
             endsWith = False
             startsWith = False