diff --git a/WelsonJS.Toolkit/WelsonJS.Service/FileEventMonitor.cs b/WelsonJS.Toolkit/WelsonJS.Service/FileEventMonitor.cs
index af407c5..881f935 100644
--- a/WelsonJS.Toolkit/WelsonJS.Service/FileEventMonitor.cs
+++ b/WelsonJS.Toolkit/WelsonJS.Service/FileEventMonitor.cs
@@ -160,12 +160,16 @@ namespace WelsonJS.Service
 
                     foreach (var result in results)
                     {
-                        var matches = result.Matches;
-                        foreach (var match in matches)
+                        Dictionary<string, List<Match>> matches = result.Matches;
+                        foreach (KeyValuePair<string, List<Match>> match in matches)
                         {
-                            parent.Log($"YARA matched: {match.ToString()}");
-
-                            parent.DispatchServiceEvent("fileRuleMatched", new string[] { filePath, match.ToString() });
+                            string ruleName = match.Key;
+                            List<Match> ruleMatches = match.Value;
+                            ruleMatches.ForEach((x) =>
+                            {
+                                parent.Log($"YARA rule matched: {ruleName}, {filePath}");
+                                parent.DispatchServiceEvent("fileRuleMatched", new string[] { ruleName, filePath });
+                            });
                         }
                     }
                 }
diff --git a/WelsonJS.Toolkit/WelsonJS.Service/Model/FileRuleMatched.cs b/WelsonJS.Toolkit/WelsonJS.Service/Model/FileRuleMatched.cs
new file mode 100644
index 0000000..23eb9f8
--- /dev/null
+++ b/WelsonJS.Toolkit/WelsonJS.Service/Model/FileRuleMatched.cs
@@ -0,0 +1,12 @@
+using System;
+
+namespace WelsonJS.Service.Model
+{
+    public class FileRuleMatched
+    {
+        public string Id { get; set; }
+        public string FilePath { get; set; }
+        public string RuleName { get; set; }
+        public DateTime LastChecked { get; set; }
+    }
+}
diff --git a/WelsonJS.Toolkit/WelsonJS.Service/WelsonJS.Service.csproj b/WelsonJS.Toolkit/WelsonJS.Service/WelsonJS.Service.csproj
index 10555e1..1498e3b 100644
--- a/WelsonJS.Toolkit/WelsonJS.Service/WelsonJS.Service.csproj
+++ b/WelsonJS.Toolkit/WelsonJS.Service/WelsonJS.Service.csproj
@@ -82,13 +82,50 @@
     <StartupObject />
   </PropertyGroup>
   <ItemGroup>
+    <Reference Include="Elastic.Clients.Elasticsearch, Version=8.0.0.0, Culture=neutral, PublicKeyToken=96c599bbe3e70f5d, processorArchitecture=MSIL">
+      <HintPath>..\packages\Elastic.Clients.Elasticsearch.8.15.0\lib\net462\Elastic.Clients.Elasticsearch.dll</HintPath>
+    </Reference>
+    <Reference Include="Elastic.Transport, Version=0.0.0.0, Culture=neutral, PublicKeyToken=069ca2728db333c1, processorArchitecture=MSIL">
+      <HintPath>..\packages\Elastic.Transport.0.4.22\lib\net462\Elastic.Transport.dll</HintPath>
+    </Reference>
+    <Reference Include="Microsoft.Bcl.AsyncInterfaces, Version=8.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.Bcl.AsyncInterfaces.8.0.0\lib\net462\Microsoft.Bcl.AsyncInterfaces.dll</HintPath>
+    </Reference>
     <Reference Include="Microsoft.CSharp" />
     <Reference Include="System" />
+    <Reference Include="System.Buffers, Version=4.0.3.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.Buffers.4.5.1\lib\net461\System.Buffers.dll</HintPath>
+    </Reference>
     <Reference Include="System.Configuration.Install" />
     <Reference Include="System.Data" />
+    <Reference Include="System.Diagnostics.DiagnosticSource, Version=8.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.Diagnostics.DiagnosticSource.8.0.0\lib\net462\System.Diagnostics.DiagnosticSource.dll</HintPath>
+    </Reference>
     <Reference Include="System.Drawing" />
     <Reference Include="System.Management" />
+    <Reference Include="System.Memory, Version=4.0.1.2, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.Memory.4.5.5\lib\net461\System.Memory.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Numerics" />
+    <Reference Include="System.Numerics.Vectors, Version=4.1.4.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.Numerics.Vectors.4.5.0\lib\net46\System.Numerics.Vectors.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Runtime.CompilerServices.Unsafe, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.Runtime.CompilerServices.Unsafe.6.0.0\lib\net461\System.Runtime.CompilerServices.Unsafe.dll</HintPath>
+    </Reference>
     <Reference Include="System.ServiceProcess" />
+    <Reference Include="System.Text.Encodings.Web, Version=8.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.Text.Encodings.Web.8.0.0\lib\net462\System.Text.Encodings.Web.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Text.Json, Version=8.0.0.4, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.Text.Json.8.0.4\lib\net462\System.Text.Json.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Threading.Tasks.Extensions, Version=4.2.0.1, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.Threading.Tasks.Extensions.4.5.4\lib\net461\System.Threading.Tasks.Extensions.dll</HintPath>
+    </Reference>
+    <Reference Include="System.ValueTuple, Version=4.0.3.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.ValueTuple.4.5.0\lib\net47\System.ValueTuple.dll</HintPath>
+    </Reference>
     <Reference Include="System.Windows.Forms" />
     <Reference Include="System.Xml" />
   </ItemGroup>
diff --git a/WelsonJS.Toolkit/WelsonJS.Service/app.config b/WelsonJS.Toolkit/WelsonJS.Service/app.config
index 3e0e37c..f9833da 100644
--- a/WelsonJS.Toolkit/WelsonJS.Service/app.config
+++ b/WelsonJS.Toolkit/WelsonJS.Service/app.config
@@ -1,3 +1,12 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
-<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8"/></startup></configuration>
+<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8" /></startup>
+  <runtime>
+    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
+      <dependentAssembly>
+        <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />
+      </dependentAssembly>
+    </assemblyBinding>
+  </runtime>
+</configuration>
diff --git a/WelsonJS.Toolkit/WelsonJS.Service/packages.config b/WelsonJS.Toolkit/WelsonJS.Service/packages.config
index 08be739..4fe3021 100644
--- a/WelsonJS.Toolkit/WelsonJS.Service/packages.config
+++ b/WelsonJS.Toolkit/WelsonJS.Service/packages.config
@@ -1,4 +1,17 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
+  <package id="Elastic.Clients.Elasticsearch" version="8.15.0" targetFramework="net48" />
+  <package id="Elastic.Transport" version="0.4.22" targetFramework="net48" />
+  <package id="Microsoft.Bcl.AsyncInterfaces" version="8.0.0" targetFramework="net48" />
+  <package id="Microsoft.CSharp" version="4.7.0" targetFramework="net48" />
   <package id="Microsoft.O365.Security.Native.libyara.NET" version="4.5.1" targetFramework="net48" />
+  <package id="System.Buffers" version="4.5.1" targetFramework="net48" />
+  <package id="System.Diagnostics.DiagnosticSource" version="8.0.0" targetFramework="net48" />
+  <package id="System.Memory" version="4.5.5" targetFramework="net48" />
+  <package id="System.Numerics.Vectors" version="4.5.0" targetFramework="net48" />
+  <package id="System.Runtime.CompilerServices.Unsafe" version="6.0.0" targetFramework="net48" />
+  <package id="System.Text.Encodings.Web" version="8.0.0" targetFramework="net48" />
+  <package id="System.Text.Json" version="8.0.4" targetFramework="net48" />
+  <package id="System.Threading.Tasks.Extensions" version="4.5.4" targetFramework="net48" />
+  <package id="System.ValueTuple" version="4.5.0" targetFramework="net48" />
 </packages>
\ No newline at end of file