diff --git a/src/detections/print.rs b/src/detections/print.rs
index 51e65acb..22a15d8d 100644
--- a/src/detections/print.rs
+++ b/src/detections/print.rs
@@ -9,6 +9,7 @@ use std::collections::BTreeMap;
 use std::collections::HashMap;
 use std::io::{self, Write};
 use std::sync::Mutex;
+use crate::detections::utils;
 
 #[derive(Debug)]
 pub struct Message {
@@ -174,23 +175,7 @@ impl Message {
 
     pub fn get_event_time(event_record: &Value) -> Option<DateTime<Utc>> {
         let system_time = &event_record["Event"]["System"]["TimeCreated_attributes"]["SystemTime"];
-        let system_time_str = system_time.as_str().unwrap_or("");
-        if system_time_str.is_empty() {
-            return Option::None;
-        }
-
-        let rfc3339_time = DateTime::parse_from_rfc3339(system_time_str);
-        if rfc3339_time.is_err() {
-            return Option::None;
-        }
-        let datetime = Utc
-            .from_local_datetime(&rfc3339_time.unwrap().naive_utc())
-            .single();
-        if datetime.is_none() {
-            return Option::None;
-        } else {
-            return Option::Some(datetime.unwrap());
-        }
+        return utils::str_time_to_datetime(system_time.as_str().unwrap_or(""));
     }
 
     /// message内のマップをクリアする。テストする際の冪等性の担保のため作成。
diff --git a/src/detections/utils.rs b/src/detections/utils.rs
index 9df91ff7..bde46871 100644
--- a/src/detections/utils.rs
+++ b/src/detections/utils.rs
@@ -14,6 +14,7 @@ use std::io::prelude::*;
 use std::io::{BufRead, BufReader};
 use std::str;
 use std::string::String;
+use chrono::{DateTime, TimeZone, Utc};
 
 pub fn concat_selection_key(key_list: &Vec<String>) -> String {
     return key_list
@@ -93,6 +94,29 @@ pub fn get_event_id_key() -> String {
     return "Event.System.EventID".to_string();
 }
 
+pub fn get_event_time() -> String {
+    return "Event.System.TimeCreated_attributes.SystemTime".to_string();
+}
+
+pub fn str_time_to_datetime(system_time_str: &str) -> Option<DateTime<Utc>> {
+    if system_time_str.is_empty() {
+        return Option::None;
+    }
+
+    let rfc3339_time = DateTime::parse_from_rfc3339(system_time_str);
+    if rfc3339_time.is_err() {
+        return Option::None;
+    }
+    let datetime = Utc
+        .from_local_datetime(&rfc3339_time.unwrap().naive_utc())
+        .single();
+    if datetime.is_none() {
+        return Option::None;
+    } else {
+        return Option::Some(datetime.unwrap());
+    }
+}
+
 /// serde:Valueの型を確認し、文字列を返します。
 pub fn get_serde_number_to_string(value: &serde_json::Value) -> Option<String> {
     if value.is_string() {