diff --git a/Cargo.lock b/Cargo.lock
index 02c6232e..3a53122d 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -8,6 +8,17 @@ version = "1.0.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe"
 
+[[package]]
+name = "ahash"
+version = "0.7.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fcb51a0695d8f838b1ee009b3fbf66bda078cd64590202a864a8f3e8c4315c47"
+dependencies = [
+ "getrandom 0.2.7",
+ "once_cell",
+ "version_check",
+]
+
 [[package]]
 name = "aho-corasick"
 version = "0.7.18"
@@ -631,6 +642,17 @@ dependencies = [
  "wasi 0.9.0+wasi-snapshot-preview1",
 ]
 
+[[package]]
+name = "getrandom"
+version = "0.2.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4eb1a864a501629691edf6c15a593b7a51eebaa1e8468e9ddc623de7c9b58ec6"
+dependencies = [
+ "cfg-if",
+ "libc",
+ "wasi 0.11.0+wasi-snapshot-preview1",
+]
+
 [[package]]
 name = "git2"
 version = "0.14.4"
@@ -657,6 +679,9 @@ name = "hashbrown"
 version = "0.12.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888"
+dependencies = [
+ "ahash",
+]
 
 [[package]]
 name = "hayabusa"
@@ -673,6 +698,7 @@ dependencies = [
  "evtx",
  "flate2",
  "git2",
+ "hashbrown",
  "hex",
  "hhmmss",
  "hyper",
@@ -1363,7 +1389,7 @@ version = "0.3.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "de0737333e7a9502c789a36d7c7fa6092a49895d4faa31ca5df163857ded2e9d"
 dependencies = [
- "getrandom",
+ "getrandom 0.1.16",
  "redox_syscall 0.1.57",
  "rust-argon2",
 ]
diff --git a/Cargo.toml b/Cargo.toml
index d6497790..b32125ce 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -26,6 +26,7 @@ num_cpus = "1.*"
 downcast-rs = "1.*"
 hhmmss = "*"
 pbr = "*"
+hashbrown="0.12.*"
 hex = "0.4.*"
 git2 = "0.*"
 termcolor = "*"
diff --git a/src/afterfact.rs b/src/afterfact.rs
index a021351e..0949c5d4 100644
--- a/src/afterfact.rs
+++ b/src/afterfact.rs
@@ -14,7 +14,7 @@ use lazy_static::lazy_static;
 use linked_hash_map::LinkedHashMap;
 
 use std::cmp::min;
-use std::collections::{HashMap, HashSet};
+use hashbrown::{HashMap, HashSet};
 use std::error::Error;
 
 use std::fs::File;
@@ -475,7 +475,7 @@ fn _print_detection_summary_by_date(
     let mut wtr = buf_wtr.buffer();
     wtr.set_color(ColorSpec::new().set_fg(None)).ok();
 
-    let level_full_map = HashMap::from([
+    let level_full_map = std::collections::HashMap::from([
         ("crit", "critical"),
         ("high", "high"),
         ("med ", "medium"),
@@ -524,7 +524,7 @@ fn _print_detection_summary_by_computer(
     let mut wtr = buf_wtr.buffer();
     wtr.set_color(ColorSpec::new().set_fg(None)).ok();
 
-    let level_full_map = HashMap::from([
+    let level_full_map = std::collections::HashMap::from([
         ("crit", "critical"),
         ("high", "high"),
         ("med ", "medium"),
@@ -590,7 +590,7 @@ mod tests {
     use chrono::{Local, TimeZone, Utc};
     use linked_hash_map::LinkedHashMap;
     use serde_json::Value;
-    use std::collections::HashMap;
+    use hashbrown::HashMap;
     use std::fs::File;
     use std::fs::{read_to_string, remove_file};
     use std::io;
diff --git a/src/detections/configs.rs b/src/detections/configs.rs
index bd358992..4d84102d 100644
--- a/src/detections/configs.rs
+++ b/src/detections/configs.rs
@@ -6,7 +6,7 @@ use chrono::{DateTime, Utc};
 use clap::{App, CommandFactory, Parser};
 use lazy_static::lazy_static;
 use regex::Regex;
-use std::collections::{HashMap, HashSet};
+use hashbrown::{HashMap, HashSet};
 use std::env::current_exe;
 use std::path::PathBuf;
 use std::sync::RwLock;
@@ -568,7 +568,7 @@ fn load_eventcode_info(path: &str) -> EventInfoConfig {
 mod tests {
     use crate::detections::configs;
     use chrono::{DateTime, Utc};
-    use std::collections::HashSet;
+    use hashbrown::HashSet;
 
     //     #[test]
     //     #[ignore]
diff --git a/src/detections/detection.rs b/src/detections/detection.rs
index 808482b0..ce057ffa 100644
--- a/src/detections/detection.rs
+++ b/src/detections/detection.rs
@@ -25,7 +25,7 @@ use crate::detections::utils::{get_serde_number_to_string, make_ascii_titlecase}
 use crate::filter;
 use crate::yaml::ParseYaml;
 use serde_json::Value;
-use std::collections::HashMap;
+use hashbrown::HashMap;
 use std::fmt::Write;
 use std::path::Path;
 
diff --git a/src/detections/message.rs b/src/detections/message.rs
index c3b24b43..3df47032 100644
--- a/src/detections/message.rs
+++ b/src/detections/message.rs
@@ -11,7 +11,7 @@ use lazy_static::lazy_static;
 use linked_hash_map::LinkedHashMap;
 use regex::Regex;
 use serde_json::Value;
-use std::collections::HashMap;
+use hashbrown::HashMap;
 use std::env;
 use std::fs::create_dir;
 use std::fs::File;
@@ -376,7 +376,7 @@ mod tests {
     use crate::detections::message::AlertMessage;
     use crate::detections::message::{parse_message, MESSAGES};
     use serde_json::Value;
-    use std::collections::HashMap;
+    use hashbrown::HashMap;
 
     use super::{create_output_filter_config, get_default_details};
 
diff --git a/src/detections/pivot.rs b/src/detections/pivot.rs
index d49c4772..d25b9871 100644
--- a/src/detections/pivot.rs
+++ b/src/detections/pivot.rs
@@ -1,6 +1,6 @@
 use lazy_static::lazy_static;
 use serde_json::Value;
-use std::collections::{HashMap, HashSet};
+use hashbrown::{HashMap, HashSet};
 use std::sync::RwLock;
 
 use crate::detections::configs;
diff --git a/src/detections/rule/condition_parser.rs b/src/detections/rule/condition_parser.rs
index cf53a9da..c06dc96b 100644
--- a/src/detections/rule/condition_parser.rs
+++ b/src/detections/rule/condition_parser.rs
@@ -5,7 +5,7 @@ use self::selectionnodes::{
     AndSelectionNode, NotSelectionNode, OrSelectionNode, RefSelectionNode, SelectionNode,
 };
 use super::selectionnodes;
-use std::collections::HashMap;
+use hashbrown::HashMap;
 use std::sync::Arc;
 
 lazy_static! {
diff --git a/src/detections/rule/count.rs b/src/detections/rule/count.rs
index bfe588b5..df72dd17 100644
--- a/src/detections/rule/count.rs
+++ b/src/detections/rule/count.rs
@@ -7,7 +7,7 @@ use crate::detections::rule::AggResult;
 use crate::detections::rule::RuleNode;
 use chrono::{DateTime, TimeZone, Utc};
 use serde_json::Value;
-use std::collections::HashMap;
+use hashbrown::HashMap;
 use std::num::ParseIntError;
 use std::path::Path;
 
@@ -311,9 +311,10 @@ impl CountStrategy for FieldStrategy {
         }
 
         let value = &datas[idx as usize].field_record_value;
-        let key_val = self.value_2_cnt.get_mut(value);
+        let key_val = self.value_2_cnt.get_key_value_mut(value);
         if let Some(kv) = key_val {
-            *kv += 1;
+            let (_, val) = kv;
+            *val += 1;
         } else {
             self.value_2_cnt.insert(value.to_string(), 1);
         }
@@ -498,7 +499,7 @@ mod tests {
     use crate::detections::rule::create_rule;
     use crate::detections::rule::AggResult;
     use crate::detections::utils;
-    use std::collections::HashMap;
+    use hashbrown::HashMap;
 
     use chrono::{TimeZone, Utc};
     use yaml_rust::YamlLoader;
diff --git a/src/detections/rule/mod.rs b/src/detections/rule/mod.rs
index cceb4c49..60f55011 100644
--- a/src/detections/rule/mod.rs
+++ b/src/detections/rule/mod.rs
@@ -2,7 +2,7 @@ extern crate regex;
 
 use chrono::{DateTime, Utc};
 
-use std::collections::HashMap;
+use hashbrown::HashMap;
 use std::{fmt::Debug, sync::Arc, vec};
 
 use yaml_rust::Yaml;
diff --git a/src/detections/utils.rs b/src/detections/utils.rs
index 58104616..d678bb07 100644
--- a/src/detections/utils.rs
+++ b/src/detections/utils.rs
@@ -4,7 +4,7 @@ extern crate regex;
 
 use crate::detections::configs;
 use crate::detections::configs::CURRENT_EXE_PATH;
-use std::collections::HashMap;
+use hashbrown::HashMap;
 use std::path::Path;
 use std::path::PathBuf;
 
diff --git a/src/filter.rs b/src/filter.rs
index 31e92fd3..1f88ad3e 100644
--- a/src/filter.rs
+++ b/src/filter.rs
@@ -3,7 +3,7 @@ use crate::detections::message::AlertMessage;
 use crate::detections::message::ERROR_LOG_STACK;
 use crate::detections::message::QUIET_ERRORS_FLAG;
 use regex::Regex;
-use std::collections::HashMap;
+use hashbrown::HashMap;
 use std::fs::File;
 use std::io::{BufRead, BufReader};
 
diff --git a/src/main.rs b/src/main.rs
index 376e5b8b..27d4335a 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -27,7 +27,7 @@ use hayabusa::{detections::utils::write_color_buffer, filter};
 use hhmmss::Hhmmss;
 use pbr::ProgressBar;
 use serde_json::Value;
-use std::collections::{HashMap, HashSet};
+use hashbrown::{HashMap, HashSet};
 use std::ffi::{OsStr, OsString};
 use std::fmt::Display;
 use std::fmt::Write as _;
diff --git a/src/options/level_tuning.rs b/src/options/level_tuning.rs
index 797a0b3b..42f7576c 100644
--- a/src/options/level_tuning.rs
+++ b/src/options/level_tuning.rs
@@ -2,7 +2,7 @@ use crate::detections::utils::write_color_buffer;
 use crate::detections::{configs, utils};
 use crate::filter::RuleExclude;
 use crate::yaml::ParseYaml;
-use std::collections::HashMap;
+use hashbrown::HashMap;
 use std::fs::{self, File};
 use std::io::Write;
 use termcolor::{BufferWriter, ColorChoice};
diff --git a/src/options/profile.rs b/src/options/profile.rs
index 4dbd581e..8f9558a7 100644
--- a/src/options/profile.rs
+++ b/src/options/profile.rs
@@ -5,7 +5,7 @@ use crate::yaml;
 use lazy_static::lazy_static;
 use linked_hash_map::LinkedHashMap;
 use regex::RegexSet;
-use std::collections::HashSet;
+use hashbrown::HashSet;
 use std::fs::OpenOptions;
 use std::io::{BufWriter, Write};
 use std::path::Path;
diff --git a/src/options/update_rules.rs b/src/options/update_rules.rs
index 33fdf1b0..240599eb 100644
--- a/src/options/update_rules.rs
+++ b/src/options/update_rules.rs
@@ -8,7 +8,7 @@ use std::fs::{self};
 use std::path::Path;
 
 use std::cmp::Ordering;
-use std::collections::{HashMap, HashSet};
+use hashbrown::{HashMap, HashSet};
 
 use std::time::SystemTime;
 
diff --git a/src/timeline/statistics.rs b/src/timeline/statistics.rs
index 0a6d9433..f2debc94 100644
--- a/src/timeline/statistics.rs
+++ b/src/timeline/statistics.rs
@@ -1,6 +1,6 @@
 use crate::detections::message::{LOGONSUMMARY_FLAG, STATISTICS_FLAG};
 use crate::detections::{detection::EvtxRecordInfo, utils};
-use std::collections::HashMap;
+use hashbrown::HashMap;
 
 #[derive(Debug)]
 pub struct EventStatistics {
diff --git a/src/timeline/timelines.rs b/src/timeline/timelines.rs
index 41a9e38a..a0cad83a 100644
--- a/src/timeline/timelines.rs
+++ b/src/timeline/timelines.rs
@@ -3,7 +3,7 @@ use crate::detections::{configs::CONFIG, detection::EvtxRecordInfo};
 use prettytable::{Cell, Row, Table};
 
 use super::statistics::EventStatistics;
-use std::collections::HashMap;
+use hashbrown::HashMap;
 
 #[derive(Debug)]
 pub struct Timeline {
diff --git a/src/yaml.rs b/src/yaml.rs
index 0acc27b9..19ce2eef 100644
--- a/src/yaml.rs
+++ b/src/yaml.rs
@@ -6,7 +6,7 @@ use crate::detections::configs::EXCLUDE_STATUS;
 use crate::detections::message::AlertMessage;
 use crate::detections::message::{ERROR_LOG_STACK, QUIET_ERRORS_FLAG};
 use crate::filter::RuleExclude;
-use std::collections::HashMap;
+use hashbrown::HashMap;
 use std::ffi::OsStr;
 use std::fs;
 use std::io;
@@ -321,7 +321,7 @@ mod tests {
     use crate::filter;
     use crate::yaml;
     use crate::yaml::RuleExclude;
-    use std::collections::HashMap;
+    use hashbrown::HashMap;
     use std::path::Path;
     use yaml_rust::YamlLoader;