diff --git a/src/afterfact.rs b/src/afterfact.rs
index 425b5137..3d2d25bc 100644
--- a/src/afterfact.rs
+++ b/src/afterfact.rs
@@ -21,6 +21,7 @@ use std::fs::File;
 use std::io;
 use std::io::BufWriter;
 use std::io::Write;
+use std::path::Path;
 use std::process;
 use termcolor::{BufferWriter, Color, ColorChoice, ColorSpec, WriteColor};
 use terminal_size::Width;
@@ -40,7 +41,7 @@ pub struct CsvFormat<'a> {
     details: &'a str,
     #[serde(skip_serializing_if = "Option::is_none")]
     record_information: Option<&'a str>,
-    rule_path: &'a str,
+    rule_file: &'a str,
     file_path: &'a str,
 }
 
@@ -318,7 +319,7 @@ fn emit_csv<W: std::io::Write>(
                     details: &detect_info.detail,
                     record_information: detect_info.record_information.as_deref(),
                     file_path: &detect_info.filepath,
-                    rule_path: &detect_info.rulepath,
+                    rule_file: Path::new(&detect_info.rulepath).file_name().unwrap().to_str().unwrap(),
                     record_i_d: detect_info.record_id.as_deref(),
                 })?;
             }
@@ -782,7 +783,7 @@ mod tests {
             .unwrap();
         let expect_tz = expect_time.with_timezone(&Local);
         let expect =
-            "Timestamp,Computer,Channel,EventID,Level,MitreAttack,RecordID,RuleTitle,Details,RecordInformation,RulePath,FilePath\n"
+            "Timestamp,Computer,Channel,EventID,Level,MitreAttack,RecordID,RuleTitle,Details,RecordInformation,RuleFile,FilePath\n"
                 .to_string()
                 + &expect_tz
                     .clone()
diff --git a/src/detections/detection.rs b/src/detections/detection.rs
index 43488751..76bf1275 100644
--- a/src/detections/detection.rs
+++ b/src/detections/detection.rs
@@ -256,10 +256,7 @@ impl Detection {
         };
         let detect_info = DetectInfo {
             filepath: record_info.evtx_filepath.to_string(),
-            rulepath: get_output_str_path(
-                &configs::CONFIG.read().unwrap().args.rules,
-                Path::new(&rule.rulepath),
-            ),
+            rulepath: (&rule.rulepath).to_owned(),
             level: rule.yaml["level"].as_str().unwrap_or("-").to_string(),
             computername: record_info.record["Event"]["System"]["Computer"]
                 .to_string()
@@ -302,19 +299,10 @@ impl Detection {
         } else {
             None
         };
-        // canonicalizeを行った際に、windows環境で\\?\が必ず文字列として入ってしまう問題があったため先頭の4文字を除外している
-        let abs_rule_path = &PathBuf::from(&rule.rulepath)
-            .canonicalize()
-            .unwrap()
-            .display()
-            .to_string()[4..];
 
         let detect_info = DetectInfo {
             filepath: "-".to_owned(),
-            rulepath: get_output_str_path(
-                &configs::CONFIG.read().unwrap().args.rules,
-                Path::new(abs_rule_path),
-            ),
+            rulepath: (&rule.rulepath).to_owned(),
             level: rule.yaml["level"].as_str().unwrap_or("").to_owned(),
             computername: "-".to_owned(),
             eventid: "-".to_owned(),