diff --git a/src/detections/powershell.rs b/src/detections/powershell.rs
index 05084e62..46b34738 100644
--- a/src/detections/powershell.rs
+++ b/src/detections/powershell.rs
@@ -1,5 +1,9 @@
+use crate::detections::utils;
 use crate::models::event;
 use std::collections::HashMap;
+use std::fs::File;
+use std::io::prelude::*;
+extern crate csv;
 
 pub struct PowerShell {}
 
@@ -28,23 +32,20 @@ impl PowerShell {
     }
 
     fn execute_remote_command(&mut self, event_data: &HashMap<String, String>) {
-        println!(
-            "<Execute Remote Command from Powershell Log>
-    Path: {}
-    MessageTotal: {}
-    ScriptBlockText: {}
-    ScriptBlockId: {}
-    MessageNumber: {}",
-            event_data.get("Path").unwrap_or(&String::from("")),
-            event_data.get("MessageTotal").unwrap_or(&String::from("")),
-            event_data
-                .get("ScriptBlockText")
-                .unwrap_or(&String::from("")),
-            event_data
-                .get("ScriptBlockId")
-                .unwrap_or(&String::from("")),
-            event_data.get("MessageNumber").unwrap_or(&String::from("")),
-        );
+        // リモートコマンドを実行します
+        let default = String::from("");
+        let message_num = event_data.get("MessageNumber");
+        let commandline = event_data.get("ScriptBlockText").unwrap_or(&default);
+
+        let mut f = File::open("whitelist.txt").expect("file not found");
+        let mut contents = String::new();
+        let _ = f.read_to_string(&mut contents);
+
+        let rdr = csv::Reader::from_reader(contents.as_bytes());
+        match message_num {
+            Some(_) => utils::check_command(4104, &commandline, 1000, 0, &default, &default, rdr),
+            _ => {}
+        }
 
         return;
     }