diff --git a/src/detections/sysmon.rs b/src/detections/sysmon.rs
index f0f81c72..37f01874 100644
--- a/src/detections/sysmon.rs
+++ b/src/detections/sysmon.rs
@@ -3,17 +3,12 @@ use crate::models::event;
 use std::collections::HashMap;
 
 pub struct Sysmon {
-    empty_str: String,
-    checkunsigned: u64,
+    checkunsigned: u16,
 }
 
 impl Sysmon {
     pub fn new() -> Sysmon {
-        Sysmon {
-            empty_str: String::default(),
-            //checkunsigned: 0, //  DeepBlueでは0固定
-            checkunsigned: 1, //  開発用に1 (configから設定可能になる予定)
-        }
+        Sysmon { checkunsigned: 0 }
     }
 
     pub fn detection(
@@ -22,8 +17,8 @@ impl Sysmon {
         _system: &event::System,
         event_data: HashMap<String, String>,
     ) {
-        &self.check_command_lines(&event_id, &event_data);
-        &self.check_for_unsigned_files(&event_id, &event_data);
+        self.check_command_lines(&event_id, &event_data);
+        self.check_for_unsigned_files(&event_id, &event_data);
     }
 
     fn check_command_lines(&mut self, event_id: &String, event_data: &HashMap<String, String>) {
@@ -31,15 +26,11 @@ impl Sysmon {
             return;
         }
 
-        // Check command lines
         if let Some(_command_line) = event_data.get("CommandLine") {
-            if let Some(_date) = event_data.get("UtcTime") {
-                println!("Date    : {} (UTC)", _date);
-            }
-            println!("Log     : Sysmon");
-            let minlength = 1000;
-            let _creater = event_data.get("ParentImage").unwrap_or(&self.empty_str);
-            check_command(1, _command_line, minlength, 0, "", _creater);
+            let default = "".to_string();
+            let _creater = event_data.get("ParentImage").unwrap_or(&default);
+
+            check_command(1, _command_line, 1000, 0, "", _creater);
         }
     }
 
@@ -52,34 +43,17 @@ impl Sysmon {
             return;
         }
 
-        // Check for unsigned EXEs/DLLs:
-        // This can be very chatty, so it's disabled.
-        // Set $checkunsigned to 1 (global variable section) to enable:
         if self.checkunsigned == 1 {
-            let _signed = event_data.get("Signed").unwrap_or(&self.empty_str);
+            let default = "".to_string();
+            let _signed = event_data.get("Signed").unwrap_or(&default);
             if _signed == "false" {
-                let _date = event_data.get("UtcTime").unwrap_or(&self.empty_str);
-                println!("Date    : {} (UTC)", _date);
-                println!("Log     : Sysmon");
-                println!("EventID : 7");
+                let _image = event_data.get("Image").unwrap_or(&default);
+                let _command_line = event_data.get("ImageLoaded").unwrap_or(&default);
+
                 println!("Message : Unsigned Image (DLL)");
-                let _image = event_data.get("Image").unwrap_or(&self.empty_str);
                 println!("Result  : Loaded by: {}", _image);
-                let _command_line = event_data.get("ImageLoaded").unwrap_or(&self.empty_str);
                 println!("Command : {}", _command_line);
             }
-        }
-    }
-}
-
-#[cfg(test)]
-mod tests {
-    extern crate quick_xml;
-    use crate::detections::sysmon;
-    use crate::models::event;
-
-    #[test]
-    fn test_skelton_hit() {
-        assert_eq!(1, 1);
+        };
     }
 }