From 9fb2a40eb228b6e80ddfe359f28a48d52b6fa312 Mon Sep 17 00:00:00 2001
From: maxhotta <nobuto.hotta@broadcom.com>
Date: Sat, 17 Feb 2024 00:39:56 +0000
Subject: [PATCH 1/6] Refactoring based on pr feedback (see issue 958).

---
 dictionary.json                               | 37 +++++++++++++++++++
 events/discovery/discovery_result.json        | 33 ++++++++---------
 .../{file_info.json => file_query.json}       |  6 +--
 .../{folder_info.json => folder_query.json}   |  6 +--
 .../{group_info.json => group_query.json}     |  6 +--
 .../{job_info.json => job_query.json}         |  6 +--
 ...ect_info.json => kernel_object_query.json} |  6 +--
 .../{module_info.json => module_query.json}   |  6 +--
 ...nfo.json => network_connection_query.json} |  6 +--
 ...networks_info.json => networks_query.json} |  6 +--
 events/discovery/peripheral_device_info.json  | 13 -------
 events/discovery/peripheral_device_query.json | 13 +++++++
 .../{process_info.json => process_query.json} |  6 +--
 .../{service_info.json => service_query.json} |  0
 events/discovery/session_info.json            | 13 -------
 events/discovery/session_query.json           | 13 +++++++
 events/discovery/user_info.json               | 13 -------
 events/discovery/user_query.json              | 13 +++++++
 extensions/macos/events/startup_app_info.json | 13 -------
 .../macos/events/startup_app_query.json       | 13 +++++++
 ...prefetch_info.json => prefetch_query.json} |  6 +--
 ..._key_info.json => registry_key_query.json} |  6 +--
 ...ue_info.json => registry_value_query.json} |  6 +--
 23 files changed, 140 insertions(+), 106 deletions(-)
 rename events/discovery/{file_info.json => file_query.json} (58%)
 rename events/discovery/{folder_info.json => folder_query.json} (57%)
 rename events/discovery/{group_info.json => group_query.json} (69%)
 rename events/discovery/{job_info.json => job_query.json} (53%)
 rename events/discovery/{kernel_object_info.json => kernel_object_query.json} (56%)
 rename events/discovery/{module_info.json => module_query.json} (68%)
 rename events/discovery/{network_connection_info.json => network_connection_query.json} (94%)
 rename events/discovery/{networks_info.json => networks_query.json} (53%)
 delete mode 100644 events/discovery/peripheral_device_info.json
 create mode 100644 events/discovery/peripheral_device_query.json
 rename events/discovery/{process_info.json => process_query.json} (51%)
 rename events/discovery/{service_info.json => service_query.json} (100%)
 delete mode 100644 events/discovery/session_info.json
 create mode 100644 events/discovery/session_query.json
 delete mode 100644 events/discovery/user_info.json
 create mode 100644 events/discovery/user_query.json
 delete mode 100644 extensions/macos/events/startup_app_info.json
 create mode 100644 extensions/macos/events/startup_app_query.json
 rename extensions/windows/events/{prefetch_info.json => prefetch_query.json} (75%)
 rename extensions/windows/events/{registry_key_info.json => registry_key_query.json} (56%)
 rename extensions/windows/events/{registry_value_info.json => registry_value_query.json} (55%)

diff --git a/dictionary.json b/dictionary.json
index f3d3da359..3e4506cb5 100644
--- a/dictionary.json
+++ b/dictionary.json
@@ -2664,6 +2664,43 @@
       "description": "The query info object holds information related to data access within a datastore. To access, manipulate, delete, or retrieve data from a datastore, a database query must be written using a specific syntax.",
       "type": "query_info"
     },
+    "query_result": {
+      "caption": "Query Result",
+      "description": "The result of the query.",
+      "type": "string_t"
+    },
+    "query_result_id": {
+      "caption": "The normalized id of the query result.",
+      "description": "The result of the query.",
+      "enum": {
+        "1": {
+          "caption": "Exists",
+          "description": "The target was found."
+        },
+        "2": {
+          "caption": "Partial",
+          "description": "The target was partially found."
+        },
+        "3": {
+          "caption": "Does not exist",
+          "description": "The target was not found."
+        },
+        "4": {
+          "caption": "Error",
+          "description": "The discovery attempt failed."
+        },
+        "5": {
+          "caption": "Unsupported",
+          "description": "Discovery of the target was not supported."
+        },
+        "99": {
+          "caption": "Other",
+          "description": "The query result is not mapped. See the <code>query_result</code> attribute, which contains a data source specific value."
+        }
+      },
+      "type": "integer_t",
+      "sibling": "query_result"
+    },
     "query_string": {
       "caption": "HTTP Query String",
       "description": "The query portion of the URL. For example: the query portion of the URL <code>http://www.example.com/search?q=bad&sort=date</code> is <code>q=bad&sort=date</code>.",
diff --git a/events/discovery/discovery_result.json b/events/discovery/discovery_result.json
index 03df83d6a..0d77db6e9 100644
--- a/events/discovery/discovery_result.json
+++ b/events/discovery/discovery_result.json
@@ -14,26 +14,23 @@
     "activity_id": {
       "enum": {
         "1": {
-          "caption": "Exists",
-          "description": "The target was found."
-        },
-        "2": {
-          "caption": "Partial",
-          "description": "The target was partially found."
-        },
-        "3": {
-          "caption": "Does not exist",
-          "description": "The target was not found."
-        },
-        "4": {
-          "caption": "Error",
-          "description": "The discovery attempt failed."
-        },
-        "5": {
-          "caption": "Unsupported",
-          "description": "Discovery of the target was not supported."
+          "caption": "Query",
+          "description": "The discovered results are via a query request."
         }
       }
+    },
+    "query_info": {
+      "description": "The search details associated with the query request.",
+      "group": "primary",
+      "requirement": "optional"
+    },
+    "query_result": {
+      "group": "primary",
+      "requirement": "optional"
+    },
+    "query_result_id": {
+      "group": "primary",
+      "requirement": "required"
     }
   }
 }
\ No newline at end of file
diff --git a/events/discovery/file_info.json b/events/discovery/file_query.json
similarity index 58%
rename from events/discovery/file_info.json
rename to events/discovery/file_query.json
index 3bcb0953a..84bdbd84b 100644
--- a/events/discovery/file_info.json
+++ b/events/discovery/file_query.json
@@ -1,8 +1,8 @@
 {
-  "caption": "File Info",
-  "description": "File Info events report information about files that are present on the system.",
+  "caption": "File Query",
+  "description": "File Query events report information about files that are present on the system.",
   "extends": "discovery_result",
-  "name": "file_info",
+  "name": "file_query",
   "uid": 7,
   "attributes": {
     "file": {
diff --git a/events/discovery/folder_info.json b/events/discovery/folder_query.json
similarity index 57%
rename from events/discovery/folder_info.json
rename to events/discovery/folder_query.json
index f609b007e..686465711 100644
--- a/events/discovery/folder_info.json
+++ b/events/discovery/folder_query.json
@@ -1,8 +1,8 @@
 {
-  "caption": "Folder Info",
-  "description": "Folder Info events report information about folders that are present on the system.",
+  "caption": "Folder Query",
+  "description": "Folder Query events report information about folders that are present on the system.",
   "extends": "discovery_result",
-  "name": "folder_info",
+  "name": "folder_query",
   "uid": 8,
   "attributes": {
     "folder": {
diff --git a/events/discovery/group_info.json b/events/discovery/group_query.json
similarity index 69%
rename from events/discovery/group_info.json
rename to events/discovery/group_query.json
index 845db252d..ee4f750ae 100644
--- a/events/discovery/group_info.json
+++ b/events/discovery/group_query.json
@@ -1,8 +1,8 @@
 {
-  "caption": "Admin Group Info",
-  "description": "Group Info events report information about administrative groups.",
+  "caption": "Admin Group Query",
+  "description": "Admin Group Query events report information about administrative groups.",
   "extends": "discovery_result",
-  "name": "admin_group_info",
+  "name": "admin_group_query",
   "uid": 9,
   "attributes": {
     "group": {
diff --git a/events/discovery/job_info.json b/events/discovery/job_query.json
similarity index 53%
rename from events/discovery/job_info.json
rename to events/discovery/job_query.json
index 20dd0910b..f036e3759 100644
--- a/events/discovery/job_info.json
+++ b/events/discovery/job_query.json
@@ -1,8 +1,8 @@
 {
-  "caption": "Job Info",
-  "description": "Job Info events report information about scheduled jobs.",
+  "caption": "Job Query",
+  "description": "Job Query events report information about scheduled jobs.",
   "extends": "discovery_result",
-  "name": "job_info",
+  "name": "job_query",
   "uid": 10,
   "attributes": {
     "job": {
diff --git a/events/discovery/kernel_object_info.json b/events/discovery/kernel_object_query.json
similarity index 56%
rename from events/discovery/kernel_object_info.json
rename to events/discovery/kernel_object_query.json
index 8e0b68ab5..504f28e09 100644
--- a/events/discovery/kernel_object_info.json
+++ b/events/discovery/kernel_object_query.json
@@ -1,8 +1,8 @@
 {
-  "description": "Kernel Object Info events report information about discovered kernel resources.",
+  "description": "Kernel Object Query events report information about discovered kernel resources.",
   "extends": "discovery_result",
-  "caption": "Kernel Object Info",
-  "name": "kernel_object_info",
+  "caption": "Kernel Object Query",
+  "name": "kernel_object_query",
   "uid": 6,
   "attributes": {
     "kernel": {
diff --git a/events/discovery/module_info.json b/events/discovery/module_query.json
similarity index 68%
rename from events/discovery/module_info.json
rename to events/discovery/module_query.json
index ae3ab401a..a8832bd80 100644
--- a/events/discovery/module_info.json
+++ b/events/discovery/module_query.json
@@ -1,8 +1,8 @@
 {
-  "caption": "Module Info",
-  "description": "Module Info events report information about loaded modules.",
+  "caption": "Module Query",
+  "description": "Module Query events report information about loaded modules.",
   "extends": "discovery_result",
-  "name": "module_info",
+  "name": "module_query",
   "uid": 11,
   "attributes": {
     "module": {
diff --git a/events/discovery/network_connection_info.json b/events/discovery/network_connection_query.json
similarity index 94%
rename from events/discovery/network_connection_info.json
rename to events/discovery/network_connection_query.json
index 7c8d16aea..da1295276 100644
--- a/events/discovery/network_connection_info.json
+++ b/events/discovery/network_connection_query.json
@@ -1,8 +1,8 @@
 {
-  "caption": "Network Connection Info",
-  "description": "Network Connection Info events report information about active network connections.",
+  "caption": "Network Connection Query",
+  "description": "Network Connection Query events report information about active network connections.",
   "extends": "discovery_result",
-  "name": "network_connection_info",
+  "name": "network_connection_query",
   "uid": 12,
   "attributes": {
     "connection_info": {
diff --git a/events/discovery/networks_info.json b/events/discovery/networks_query.json
similarity index 53%
rename from events/discovery/networks_info.json
rename to events/discovery/networks_query.json
index 36edd998c..11e81b3ea 100644
--- a/events/discovery/networks_info.json
+++ b/events/discovery/networks_query.json
@@ -1,8 +1,8 @@
 {
-  "caption": "Networks Info",
-  "description": "Networks Info events report information about network adapters.",
+  "caption": "Networks Query",
+  "description": "Networks Query events report information about network adapters.",
   "extends": "discovery_result",
-  "name": "networks_info",
+  "name": "networks_query",
   "uid": 13,
   "attributes": {
     "network_interfaces": {
diff --git a/events/discovery/peripheral_device_info.json b/events/discovery/peripheral_device_info.json
deleted file mode 100644
index e715c38de..000000000
--- a/events/discovery/peripheral_device_info.json
+++ /dev/null
@@ -1,13 +0,0 @@
-{
-  "caption": "Peripheral Device Info",
-  "description": "Peripheral Device Info events report information about peripheral devices.",
-  "extends": "discovery_result",
-  "name": "peripheral_device_info",
-  "uid": 14,
-  "attributes": {
-    "peripheral_device": {
-      "group": "primary",
-      "requirement": "required"
-    }
-  }
-}
\ No newline at end of file
diff --git a/events/discovery/peripheral_device_query.json b/events/discovery/peripheral_device_query.json
new file mode 100644
index 000000000..1ed901fa8
--- /dev/null
+++ b/events/discovery/peripheral_device_query.json
@@ -0,0 +1,13 @@
+{
+  "caption": "Peripheral Device Query",
+  "description": "Peripheral Device Query events report information about peripheral devices.",
+  "extends": "discovery_result",
+  "name": "peripheral_device_query",
+  "uid": 14,
+  "attributes": {
+    "peripheral_device": {
+      "group": "primary",
+      "requirement": "required"
+    }
+  }
+}
\ No newline at end of file
diff --git a/events/discovery/process_info.json b/events/discovery/process_query.json
similarity index 51%
rename from events/discovery/process_info.json
rename to events/discovery/process_query.json
index aadd6884f..cfae5c88d 100644
--- a/events/discovery/process_info.json
+++ b/events/discovery/process_query.json
@@ -1,8 +1,8 @@
 {
-  "caption": "Process Info",
-  "description": "Process Info events report information about running processes.",
+  "caption": "Process Query",
+  "description": "Process Query events report information about running processes.",
   "extends": "discovery_result",
-  "name": "process_info",
+  "name": "process_query",
   "uid": 15,
   "attributes": {
     "process": {
diff --git a/events/discovery/service_info.json b/events/discovery/service_query.json
similarity index 100%
rename from events/discovery/service_info.json
rename to events/discovery/service_query.json
diff --git a/events/discovery/session_info.json b/events/discovery/session_info.json
deleted file mode 100644
index 985212663..000000000
--- a/events/discovery/session_info.json
+++ /dev/null
@@ -1,13 +0,0 @@
-{
-  "caption": "User Session Info",
-  "description": "User Session Info events report information about existing user sessions.",
-  "extends": "discovery_result",
-  "name": "session_info",
-  "uid": 17,
-  "attributes": {
-    "session": {
-      "requirement": "required",
-      "group": "primary"
-    }
-  }
-}
\ No newline at end of file
diff --git a/events/discovery/session_query.json b/events/discovery/session_query.json
new file mode 100644
index 000000000..0eb3d330d
--- /dev/null
+++ b/events/discovery/session_query.json
@@ -0,0 +1,13 @@
+{
+  "caption": "User Session Query",
+  "description": "User Session Query events report information about existing user sessions.",
+  "extends": "discovery_result",
+  "name": "session_query",
+  "uid": 17,
+  "attributes": {
+    "session": {
+      "requirement": "required",
+      "group": "primary"
+    }
+  }
+}
\ No newline at end of file
diff --git a/events/discovery/user_info.json b/events/discovery/user_info.json
deleted file mode 100644
index b4a5ced4a..000000000
--- a/events/discovery/user_info.json
+++ /dev/null
@@ -1,13 +0,0 @@
-{
-  "caption": "User Info",
-  "description": "User Info events report user data that have been discovered, queried, polled or searched. This event differs from User Inventory as it describes the result of a targeted search by filtering a subset of user attributes.",
-  "extends": "discovery_result",
-  "name": "user_info",
-  "uid": 18,
-  "attributes": {
-    "user": {
-      "group": "primary",
-      "requirement": "required"
-    }
-  }
-}
\ No newline at end of file
diff --git a/events/discovery/user_query.json b/events/discovery/user_query.json
new file mode 100644
index 000000000..9f3f3cce8
--- /dev/null
+++ b/events/discovery/user_query.json
@@ -0,0 +1,13 @@
+{
+  "caption": "User Query",
+  "description": "User Query events report user data that have been discovered, queried, polled or searched. This event differs from User Inventory as it describes the result of a targeted search by filtering a subset of user attributes.",
+  "extends": "discovery_result",
+  "name": "user_query",
+  "uid": 18,
+  "attributes": {
+    "user": {
+      "group": "primary",
+      "requirement": "required"
+    }
+  }
+}
\ No newline at end of file
diff --git a/extensions/macos/events/startup_app_info.json b/extensions/macos/events/startup_app_info.json
deleted file mode 100644
index 5ac6ef8ee..000000000
--- a/extensions/macos/events/startup_app_info.json
+++ /dev/null
@@ -1,13 +0,0 @@
-{
-  "caption": "Startup Application Info",
-  "description": "Startup Application Info events report information about startup applications.",
-  "extends": "discovery_result",
-  "name": "startup_app_info",
-  "uid": 19,
-  "attributes": {
-    "startup_app": {
-      "group": "primary",
-      "requirement": "required"
-    }
-  }
-}
\ No newline at end of file
diff --git a/extensions/macos/events/startup_app_query.json b/extensions/macos/events/startup_app_query.json
new file mode 100644
index 000000000..14d4f8229
--- /dev/null
+++ b/extensions/macos/events/startup_app_query.json
@@ -0,0 +1,13 @@
+{
+  "caption": "Startup Application Query",
+  "description": "Startup Application Query events report information about startup applications.",
+  "extends": "discovery_result",
+  "name": "startup_app_query",
+  "uid": 19,
+  "attributes": {
+    "startup_app": {
+      "group": "primary",
+      "requirement": "required"
+    }
+  }
+}
\ No newline at end of file
diff --git a/extensions/windows/events/prefetch_info.json b/extensions/windows/events/prefetch_query.json
similarity index 75%
rename from extensions/windows/events/prefetch_info.json
rename to extensions/windows/events/prefetch_query.json
index b38b8235d..28995e779 100644
--- a/extensions/windows/events/prefetch_info.json
+++ b/extensions/windows/events/prefetch_query.json
@@ -1,8 +1,8 @@
 {
-  "caption": "Prefetch Info",
-  "description": "Prefetch Info events report information about Windows prefetch files.",
+  "caption": "Prefetch Query",
+  "description": "Prefetch Query events report information about Windows prefetch files.",
   "extends": "discovery_result",
-  "name": "prefetch_info",
+  "name": "prefetch_query",
   "uid": 19,
   "attributes": {
     "last_run_time": {
diff --git a/extensions/windows/events/registry_key_info.json b/extensions/windows/events/registry_key_query.json
similarity index 56%
rename from extensions/windows/events/registry_key_info.json
rename to extensions/windows/events/registry_key_query.json
index 38c383970..b73bcc1cc 100644
--- a/extensions/windows/events/registry_key_info.json
+++ b/extensions/windows/events/registry_key_query.json
@@ -1,8 +1,8 @@
 {
-  "caption": "Registry Key Info",
-  "description": "Registry Key Info events report information about discovered Windows registry keys.",
+  "caption": "Registry Key Query",
+  "description": "Registry Key Query events report information about discovered Windows registry keys.",
   "extends": "discovery_result",
-  "name": "registry_key_info",
+  "name": "registry_key_query",
   "uid": 4,
   "attributes": {
     "reg_key": {
diff --git a/extensions/windows/events/registry_value_info.json b/extensions/windows/events/registry_value_query.json
similarity index 55%
rename from extensions/windows/events/registry_value_info.json
rename to extensions/windows/events/registry_value_query.json
index 7459dbdd4..f194ed92b 100644
--- a/extensions/windows/events/registry_value_info.json
+++ b/extensions/windows/events/registry_value_query.json
@@ -1,8 +1,8 @@
 {
-  "caption": "Registry Value Info",
-  "description": "Registry Value Info events report information about discovered Windows registry values.",
+  "caption": "Registry Value Query",
+  "description": "Registry Value Query events report information about discovered Windows registry values.",
   "extends": "discovery_result",
-  "name": "registry_value_info",
+  "name": "registry_value_query",
   "uid": 5,
   "attributes": {
     "reg_value": {

From c290dc1b00f6be81b697f0b3a6240d7060e05281 Mon Sep 17 00:00:00 2001
From: maxhotta <nobuto.hotta@broadcom.com>
Date: Sat, 17 Feb 2024 00:52:18 +0000
Subject: [PATCH 2/6] Updated descriptions for the service query class.

---
 events/discovery/service_query.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/events/discovery/service_query.json b/events/discovery/service_query.json
index aec0d9269..825d95906 100644
--- a/events/discovery/service_query.json
+++ b/events/discovery/service_query.json
@@ -1,8 +1,8 @@
 {
-  "caption": "Service Info",
-  "description": "Service Info events report information about running services.",
+  "caption": "Service Query",
+  "description": "Service Query events report information about running services.",
   "extends": "discovery_result",
-  "name": "service_info",
+  "name": "service_query",
   "uid": 16,
   "attributes": {
     "service": {

From a34a96e21fcaa117960ff44cb5d9b3802403a115 Mon Sep 17 00:00:00 2001
From: maxhotta <nobuto.hotta@broadcom.com>
Date: Tue, 20 Feb 2024 23:40:48 +0000
Subject: [PATCH 3/6] Added CHANGELOG descriptions

---
 CHANGELOG.md | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 664666c6a..d74e79bba 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -59,6 +59,23 @@ Thankyou! -->
     7. Added `Device Config Sate Change` event class. #914
     8. Added `Scan Activity` event class. #915
     9. Added `File Hosting Activity` event class. #917
+    10. Added `File Query` event class. #967
+    11. Added `Folder Query` event class. #967
+    12. Added `Group Query` event class. #967
+    13. Added `Job Query` event class. #967
+    14. Added `Kernel Object Query` event class. #967
+    15. Added `Module Query` event class. #967
+    16. Added `Network Connection Query` event class. #967
+    17. Added `Networks Query` event class. #967
+    18. Added `Peripheral Device Query` event class. #967
+    19. Added `Prefetch Query` event class. #967
+    20. Added `Process Query` event class. #967
+    21. Added `Registry Key Query` event class. #967
+    22. Added `Registry Value Query` event class. #967
+    23. Added `Service Query` event class. #967
+    24. Added `Session Query` event class. #967
+    25. Added `Startup Application Query` event class. #967
+    26. Added `User Query` event class. #967
 
 * #### Profiles
 	1. Added `Network Proxy` Profile for the `Network Activity` and `Application Activity` classes. #705 

From a2693d3104e53d2dbcd41dc02c9bbb8ce523712d Mon Sep 17 00:00:00 2001
From: maxhotta <nobuto.hotta@broadcom.com>
Date: Tue, 27 Feb 2024 20:22:47 +0000
Subject: [PATCH 4/6] Updated primary fields in the pr to be at least
 'recommended' per recent change.  Also fixed typo.

---
 dictionary.json                                | 4 ++--
 events/discovery/discovery_result.json         | 4 ++--
 events/discovery/network_connection_query.json | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/dictionary.json b/dictionary.json
index 4d3e06c84..b42fd1fcc 100644
--- a/dictionary.json
+++ b/dictionary.json
@@ -2891,8 +2891,8 @@
       "type": "string_t"
     },
     "query_result_id": {
-      "caption": "The normalized id of the query result.",
-      "description": "The result of the query.",
+      "caption": "Query Result ID",
+      "description": "The normalized identifier of the query result.",
       "enum": {
         "1": {
           "caption": "Exists",
diff --git a/events/discovery/discovery_result.json b/events/discovery/discovery_result.json
index 0d77db6e9..98290c382 100644
--- a/events/discovery/discovery_result.json
+++ b/events/discovery/discovery_result.json
@@ -22,11 +22,11 @@
     "query_info": {
       "description": "The search details associated with the query request.",
       "group": "primary",
-      "requirement": "optional"
+      "requirement": "recommended"
     },
     "query_result": {
       "group": "primary",
-      "requirement": "optional"
+      "requirement": "recommended"
     },
     "query_result_id": {
       "group": "primary",
diff --git a/events/discovery/network_connection_query.json b/events/discovery/network_connection_query.json
index d20722304..429e33d6f 100644
--- a/events/discovery/network_connection_query.json
+++ b/events/discovery/network_connection_query.json
@@ -16,7 +16,7 @@
     },
     "state": {
       "description": "The state of the socket, normalized to the caption of the state_id value. In the case of 'Other', it is defined by the event source.",
-      "requirement": "optional",
+      "requirement": "recommended",
       "group":"primary"
     },
     "state_id": {

From a333d4fbbb2a434f5d5a902c20c0da389bd9e992 Mon Sep 17 00:00:00 2001
From: maxhotta <nobuto.hotta@broadcom.com>
Date: Wed, 28 Feb 2024 19:25:43 +0000
Subject: [PATCH 5/6] Minor formatting update

---
 events/discovery/network_connection_query.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/events/discovery/network_connection_query.json b/events/discovery/network_connection_query.json
index 429e33d6f..e923c0fa2 100644
--- a/events/discovery/network_connection_query.json
+++ b/events/discovery/network_connection_query.json
@@ -22,6 +22,7 @@
     "state_id": {
       "description": "The state of the socket.",
       "requirement": "required",
+      "group": "primary",
       "enum": {
         "0": {
           "caption": "Unknown",
@@ -71,8 +72,7 @@
           "caption": "CLOSING",
           "description": "The socket connection has been closed by the local application and the remote peer simultaneously, and the remote peer has not yet acknowledged the close attempt of the local application."
         }
-      },
-      "group": "primary"
+      }
     }
   }
 }
\ No newline at end of file

From f2f8fe01e41f93e76151665272b2c807de4e6b2e Mon Sep 17 00:00:00 2001
From: maxhotta <nobuto.hotta@broadcom.com>
Date: Thu, 29 Feb 2024 04:13:22 +0000
Subject: [PATCH 6/6] Minor formatting change

---
 events/discovery/kernel_object_query.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/events/discovery/kernel_object_query.json b/events/discovery/kernel_object_query.json
index 504f28e09..ea38f6ac9 100644
--- a/events/discovery/kernel_object_query.json
+++ b/events/discovery/kernel_object_query.json
@@ -1,7 +1,7 @@
 {
+  "caption": "Kernel Object Query",
   "description": "Kernel Object Query events report information about discovered kernel resources.",
   "extends": "discovery_result",
-  "caption": "Kernel Object Query",
   "name": "kernel_object_query",
   "uid": 6,
   "attributes": {