diff --git a/src/detections/detection.rs b/src/detections/detection.rs
index 4d0437eb..93c553b1 100644
--- a/src/detections/detection.rs
+++ b/src/detections/detection.rs
@@ -21,8 +21,10 @@ use crate::yaml::ParseYaml;
 use hashbrown;
 use hashbrown::HashMap;
 use serde_json::Value;
+use std::env;
 use std::fmt::Write;
-use std::path::Path;
+use std::path::{Path, PathBuf};
+use pathdiff::diff_paths;
 use std::sync::Arc;
 use tokio::{runtime::Runtime, spawn, task::JoinHandle};
 
@@ -253,10 +255,17 @@ impl Detection {
         } else {
             None
         };
-
+        let tmp_fmt_path = &PathBuf::from(&rule.rulepath).canonicalize().unwrap().display().to_string()[4..];
+        let abs_rule_path = Path::new(tmp_fmt_path);
+        let fmted_rule_path_str = if configs::CONFIG.read().unwrap().args.rules.is_absolute() {
+            abs_rule_path.to_str().unwrap().to_string()
+        } else {
+            // ``個々の部分をregexとかで回してiterで落としたほうが速度向上につながると思われるため検討する
+            diff_paths(abs_rule_path, &env::current_dir().unwrap()).unwrap().to_str().unwrap().replace("..\\", "").replace(".\\", "")
+        };
         let detect_info = DetectInfo {
             filepath: record_info.evtx_filepath.to_string(),
-            rulepath: rule.rulepath.to_string(),
+            rulepath: fmted_rule_path_str,
             level: rule.yaml["level"].as_str().unwrap_or("-").to_string(),
             computername: record_info.record["Event"]["System"]["Computer"]
                 .to_string()
@@ -299,9 +308,17 @@ impl Detection {
         } else {
             None
         };
+        // canonicalizeを行った際に、windows環境で\\?\が必ず文字列として入ってしまう問題があったため先頭の4文字を除外している
+        let tmp_fmt_path = &PathBuf::from(&rule.rulepath).canonicalize().unwrap().display().to_string()[4..];
+        let abs_rule_path = Path::new(tmp_fmt_path);
+        let fmted_rule_path_str = if configs::CONFIG.read().unwrap().args.rules.is_absolute() {
+            abs_rule_path.to_str().unwrap().to_string()
+        } else {
+            diff_paths(abs_rule_path, &env::current_dir().unwrap()).unwrap().to_str().unwrap().replace("..\\", "").replace(".\\", "")
+        };
         let detect_info = DetectInfo {
             filepath: "-".to_owned(),
-            rulepath: rule.rulepath.to_owned(),
+            rulepath: fmted_rule_path_str,
             level: rule.yaml["level"].as_str().unwrap_or("").to_owned(),
             computername: "-".to_owned(),
             eventid: "-".to_owned(),