diff --git a/uncoder-core/app/translator/mappings/platforms/qradar/linux_network_connection.yml b/uncoder-core/app/translator/mappings/platforms/qradar/linux_network_connection.yml
index 273926e7..7b1725ea 100644
--- a/uncoder-core/app/translator/mappings/platforms/qradar/linux_network_connection.yml
+++ b/uncoder-core/app/translator/mappings/platforms/qradar/linux_network_connection.yml
@@ -8,7 +8,7 @@ log_source:
 
 default_log_source:
   devicetype: 11
-  category: [4012]
+  category: 4012
 
 field_mapping:
   CommandLine: Command
diff --git a/uncoder-core/app/translator/mappings/platforms/qradar/macos_network_connection.yml b/uncoder-core/app/translator/mappings/platforms/qradar/macos_network_connection.yml
index 6d92be11..5fb908cd 100644
--- a/uncoder-core/app/translator/mappings/platforms/qradar/macos_network_connection.yml
+++ b/uncoder-core/app/translator/mappings/platforms/qradar/macos_network_connection.yml
@@ -8,7 +8,7 @@ log_source:
 
 default_log_source:
   devicetype: 102
-  category: [4012]
+  category: 4012
 
 field_mapping:
   CommandLine: Command
diff --git a/uncoder-core/app/translator/mappings/platforms/qradar/windows_network_connection.yml b/uncoder-core/app/translator/mappings/platforms/qradar/windows_network_connection.yml
index 3be44b3d..b65b7571 100644
--- a/uncoder-core/app/translator/mappings/platforms/qradar/windows_network_connection.yml
+++ b/uncoder-core/app/translator/mappings/platforms/qradar/windows_network_connection.yml
@@ -9,7 +9,7 @@ log_source:
 
 default_log_source:
   devicetype: 12
-  category: [4012]
+  category: 4012
   qideventcategory: Microsoft-Windows-Sysmon/Operational
 
 field_mapping:
diff --git a/uncoder-core/app/translator/platforms/base/aql/mapping.py b/uncoder-core/app/translator/platforms/base/aql/mapping.py
index 984b85f2..55222a0a 100644
--- a/uncoder-core/app/translator/platforms/base/aql/mapping.py
+++ b/uncoder-core/app/translator/platforms/base/aql/mapping.py
@@ -39,7 +39,12 @@ def __str__(self) -> str:
     @property
     def extra_condition(self) -> str:
         default_source = self._default_source
-        return " AND ".join((f"{key}={value}" for key, value in default_source.items() if key != "table" and value))
+        extra = []
+        for key, value in default_source.items():
+            if key != "table" and value:
+                _condition = f"{key}={value}" if isinstance(value, int) else f"{key}='{value}'"
+                extra.append(_condition)
+        return " AND ".join(extra)
 
 
 class AQLMappings(BasePlatformMappings):
@@ -48,7 +53,7 @@ class AQLMappings(BasePlatformMappings):
 
     def prepare_log_source_signature(self, mapping: dict) -> AQLLogSourceSignature:
         log_source = mapping.get("log_source", {})
-        default_log_source = mapping.get("default_log_source")
+        default_log_source = mapping["default_log_source"]
         return AQLLogSourceSignature(
             device_types=log_source.get("devicetype"),
             categories=log_source.get("category"),
diff --git a/uncoder-core/app/translator/platforms/base/aql/parsers/aql.py b/uncoder-core/app/translator/platforms/base/aql/parsers/aql.py
index 8d6fc601..5b3a7041 100644
--- a/uncoder-core/app/translator/platforms/base/aql/parsers/aql.py
+++ b/uncoder-core/app/translator/platforms/base/aql/parsers/aql.py
@@ -37,13 +37,13 @@ class AQLQueryParser(PlatformQueryParser):
     log_source_functions = ("LOGSOURCENAME", "LOGSOURCEGROUPNAME")
     log_source_function_pattern = r"\(?(?P<key>___func_name___\([a-zA-Z]+\))(?:\s+like\s+|\s+ilike\s+|\s*=\s*)'(?P<value>[%a-zA-Z\s]+)'\s*\)?\s+(?:and|or)?\s"  # noqa: E501
 
-    log_source_key_types = ("devicetype", "category", "qid", "qideventcategory", *LOG_SOURCE_FUNCTIONS_MAP.keys())
+    log_source_key_types = ("devicetype", "qideventcategory", "category", "qid", *LOG_SOURCE_FUNCTIONS_MAP.keys())
     log_source_pattern = rf"___source_type___(?:\s+like\s+|\s+ilike\s+|\s*=\s*)(?:{SINGLE_QUOTES_VALUE_PATTERN}|{NUM_VALUE_PATTERN})(?:\s+(?:and|or)\s+|\s+)?"  # noqa: E501
     num_value_pattern = r"[0-9]+"
     multi_num_log_source_pattern = (
         rf"___source_type___\s+in\s+\((?P<value>(?:{num_value_pattern}(?:\s*,\s*)?)+)\)(?:\s+(?:and|or)\s+|\s+)?"
     )
-    str_value_pattern = r"""(?:')(?P<s_q_value>(?:[:a-zA-Z\*0-9=+%#\-\/\\,_".$&^@!\(\)\{\}\s]|'')+)(?:')"""
+    str_value_pattern = r"""'(?P<s_q_value>(?:[:a-zA-Z\*0-9=+%#\-\/\\,_".$&^@!\(\)\{\}\s]|'')+)'"""
     multi_str_log_source_pattern = (
         rf"""___source_type___\s+in\s+\((?P<value>(?:{str_value_pattern}(?:\s*,\s*)?)+)\)(?:\s+(?:and|or)\s+|\s+)?"""
     )
diff --git a/uncoder-core/app/translator/platforms/sigma/parsers/sigma.py b/uncoder-core/app/translator/platforms/sigma/parsers/sigma.py
index d4a2d83c..384b7a30 100644
--- a/uncoder-core/app/translator/platforms/sigma/parsers/sigma.py
+++ b/uncoder-core/app/translator/platforms/sigma/parsers/sigma.py
@@ -18,7 +18,6 @@
 """
 
 from datetime import timedelta
-from re import I
 from typing import Optional, Union
 
 from app.translator.core.exceptions.core import SigmaRuleValidationException