diff --git a/signatures/helpers/arguments_helpers.go b/signatures/helpers/arguments_helpers.go
index 7567782b3226..19f3f9bf952f 100644
--- a/signatures/helpers/arguments_helpers.go
+++ b/signatures/helpers/arguments_helpers.go
@@ -66,12 +66,44 @@ func GetTraceeIntArgumentByName(event trace.Event, argName string) (int, error)
 	if err != nil {
 		return 0, err
 	}
-	argInt, ok := arg.Value.(int32)
+
+	argInt32, ok := arg.Value.(int32)
+	if ok {
+		return int(argInt32), nil
+	}
+	argInt64, ok := arg.Value.(int64)
+	if ok {
+		return int(argInt64), nil
+	}
+	argInt, ok := arg.Value.(int)
+	if ok {
+		return argInt, nil
+	}
+
+	return 0, fmt.Errorf("can't convert argument %v to int (argument is of type %T)", argName, arg.Value)
+}
+
+// GetTraceeUIntArgumentByName gets the argument matching the "argName" given from the event "argv" field, casted as int.
+func GetTraceeUintArgumentByName(event trace.Event, argName string) (uint, error) {
+	arg, err := GetTraceeArgumentByName(event, argName, GetArgOps{DefaultArgs: false})
+	if err != nil {
+		return 0, err
+	}
+
+	argUint32, ok := arg.Value.(uint32)
+	if ok {
+		return uint(argUint32), nil
+	}
+	argUint64, ok := arg.Value.(uint64)
+	if ok {
+		return uint(argUint64), nil
+	}
+	argUint, ok := arg.Value.(uint)
 	if ok {
-		return int(argInt), nil
+		return argUint, nil
 	}
 
-	return 0, fmt.Errorf("can't convert argument %v to int", argName)
+	return 0, fmt.Errorf("can't convert argument %v to int (argument is of type %T)", argName, arg.Value)
 }
 
 // GetTraceeSliceStringArgumentByName retrieves the argument from the event's "Args" field
diff --git a/signatures/helpers/go.mod b/signatures/helpers/go.mod
index 80d479054c46..6eec45116e7b 100644
--- a/signatures/helpers/go.mod
+++ b/signatures/helpers/go.mod
@@ -4,4 +4,9 @@ go 1.22.0
 
 toolchain go1.22.4
 
-require github.com/aquasecurity/tracee/types v0.0.0-20241008181102-d40bc1f81863
+require (
+	github.com/aquasecurity/tracee v0.22.2
+	github.com/aquasecurity/tracee/types v0.0.0-20241008181102-d40bc1f81863
+)
+
+require golang.org/x/sys v0.21.0 // indirect
diff --git a/signatures/helpers/go.sum b/signatures/helpers/go.sum
index c75b3133860a..d17799bdcdea 100644
--- a/signatures/helpers/go.sum
+++ b/signatures/helpers/go.sum
@@ -1,10 +1,14 @@
+github.com/aquasecurity/tracee v0.22.2 h1:YRUQmGZBMHEaIGEVzokAdvQc/r7b0e0102wzzn5tc5c=
+github.com/aquasecurity/tracee v0.22.2/go.mod h1:H5WZzjnNDmgaa4GRJjZUYvQ/QU93iXrMx0RIp+Ol+F0=
 github.com/aquasecurity/tracee/types v0.0.0-20241008181102-d40bc1f81863 h1:domVTTQICTuCvX+ZW5EjvdUBz8EH7FedBj5lRqwpgf4=
 github.com/aquasecurity/tracee/types v0.0.0-20241008181102-d40bc1f81863/go.mod h1:Jwh9OOuiMHXDoGQY12N9ls5YB+j1FlRcXvFMvh1CmIU=
-github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
-github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
+golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/signatures/helpers/helpers.go b/signatures/helpers/helpers.go
index f137ec29bc9e..b8b5ac28625c 100644
--- a/signatures/helpers/helpers.go
+++ b/signatures/helpers/helpers.go
@@ -4,14 +4,15 @@ import (
 	"fmt"
 	"strings"
 
+	"github.com/aquasecurity/tracee/pkg/events/parsers"
 	"github.com/aquasecurity/tracee/types/trace"
 )
 
 // IsFileWrite returns whether the passed file permissions string contains
 // o_wronly or o_rdwr
-func IsFileWrite(flags string) bool {
-	flagsLow := strings.ToLower(flags)
-	if strings.Contains(flagsLow, "o_wronly") || strings.Contains(flagsLow, "o_rdwr") {
+func IsFileWrite(flags int) bool {
+	accessMode := uint64(flags) & parsers.O_ACCMODE.Value()
+	if accessMode == parsers.O_WRONLY.Value() || accessMode == parsers.O_RDWR.Value() {
 		return true
 	}
 	return false
@@ -19,9 +20,9 @@ func IsFileWrite(flags string) bool {
 
 // IsFileRead returns whether the passed file permissions string contains
 // o_rdonly or o_rdwr
-func IsFileRead(flags string) bool {
-	flagsLow := strings.ToLower(flags)
-	if strings.Contains(flagsLow, "o_rdonly") || strings.Contains(flagsLow, "o_rdwr") {
+func IsFileRead(flags int) bool {
+	accessMode := uint64(flags) & parsers.O_ACCMODE.Value()
+	if accessMode == parsers.O_RDONLY.Value() || accessMode == parsers.O_RDWR.Value() {
 		return true
 	}
 	return false