diff --git a/src/detections/detection.rs b/src/detections/detection.rs
index f5036ae0..381a7cf1 100644
--- a/src/detections/detection.rs
+++ b/src/detections/detection.rs
@@ -424,7 +424,7 @@ impl Detection {
 
         let detect_info = DetectInfo {
             rulepath: (&rule.rulepath).to_owned(),
-            level: rule.yaml["level"].as_str().unwrap_or("").to_owned(),
+            level: LEVEL_ABBR.get(&level).unwrap_or(&level).to_string(),
             computername: "-".to_owned(),
             eventid: "-".to_owned(),
             detail: output,
diff --git a/src/detections/message.rs b/src/detections/message.rs
index 1aef2ce7..286a3401 100644
--- a/src/detections/message.rs
+++ b/src/detections/message.rs
@@ -165,7 +165,7 @@ pub fn insert(
     for (k, v) in &detect_info.ext_field {
         let converted_reserve_info = convert_profile_reserved_info(v, profile_converter);
         if v == "%RecordInformation%" {
-            tmp_converted_info.insert(k.to_owned(), converted_reserve_info);
+            tmp_converted_info.insert(k.to_owned(), v.to_owned());
         } else {
             tmp_converted_info.insert(
                 k.to_owned(),