diff --git a/pkg/signatures/regosig/aio.go b/pkg/signatures/regosig/aio.go
index 38dea29db2e1..2e95b86c37b6 100644
--- a/pkg/signatures/regosig/aio.go
+++ b/pkg/signatures/regosig/aio.go
@@ -11,6 +11,7 @@ import (
 	"github.com/open-policy-agent/opa/compile"
 	"github.com/open-policy-agent/opa/rego"
 
+	"github.com/aquasecurity/tracee/pkg/events"
 	"github.com/aquasecurity/tracee/types/detect"
 	"github.com/aquasecurity/tracee/types/protocol"
 	"github.com/aquasecurity/tracee/types/trace"
@@ -194,6 +195,12 @@ func (a *aio) OnEvent(event protocol.Event) error {
 	if !ok {
 		return fmt.Errorf("failed to cast event's payload")
 	}
+
+	err := events.ParseArgs(&ee)
+	if err != nil {
+		return fmt.Errorf("rego aio: failed to parse event data: %v", err)
+	}
+
 	input := rego.EvalInput(ee)
 
 	ctx := context.TODO()
diff --git a/pkg/signatures/regosig/traceerego.go b/pkg/signatures/regosig/traceerego.go
index 37aae756bd36..81cea2977915 100644
--- a/pkg/signatures/regosig/traceerego.go
+++ b/pkg/signatures/regosig/traceerego.go
@@ -11,8 +11,10 @@ import (
 	"github.com/open-policy-agent/opa/ast"
 	"github.com/open-policy-agent/opa/rego"
 
+	"github.com/aquasecurity/tracee/pkg/events"
 	"github.com/aquasecurity/tracee/types/detect"
 	"github.com/aquasecurity/tracee/types/protocol"
+	"github.com/aquasecurity/tracee/types/trace"
 )
 
 // RegoSignature is an abstract signature that is implemented in rego
@@ -158,7 +160,18 @@ func (sig *RegoSignature) getSelectedEvents(pkgName string) ([]detect.SignatureE
 // if bool is "returned", a true evaluation will generate a Finding with no data
 // if document is "returned", any non-empty evaluation will generate a Finding with the document as the Finding's "Data"
 func (sig *RegoSignature) OnEvent(event protocol.Event) error {
-	input := rego.EvalInput(event.Payload)
+	ee, ok := event.Payload.(trace.Event)
+
+	if !ok {
+		return fmt.Errorf("failed to cast event's payload")
+	}
+
+	err := events.ParseArgs(&ee)
+	if err != nil {
+		return fmt.Errorf("rego aio: failed to parse event data: %v", err)
+	}
+
+	input := rego.EvalInput(ee)
 	results, err := sig.matchPQ.Eval(context.TODO(), input)
 	if err != nil {
 		return fmt.Errorf("evaluating rego: %w", err)