diff --git a/package/etc/conf.d/context/microfocus_arcsight_source.csv b/package/etc/conf.d/context/microfocus_arcsight_source.csv
index 6d4b160..d668350 100644
--- a/package/etc/conf.d/context/microfocus_arcsight_source.csv
+++ b/package/etc/conf.d/context/microfocus_arcsight_source.csv
@@ -1,4 +1,8 @@
 ArcSight_ArcSight,source,ArcSight:ArcSight
+Cyber-Ark_Vault,sourcetype,cyberark:epv:cef
+Cyber-Ark_Vault,index,netauth
+CyberArk_PTA,sourcetype,cyberark:pta:cef
+CyberArk_PTA,index,main
 Microsoft_System or Application Event,source,CEFEventLog:System or Application Event
 Microsoft_System or Application Event,index,oswin
 Microsoft_Microsoft Windows,source,CEFEventLog:Microsoft Windows
@@ -6,7 +10,3 @@ Microsoft_Microsoft Windows,index,oswinsec
 Incapsula_SIEMintegration,source,Imperva:Incapsula
 Incapsula_SIEMintegration,index,netwaf
 unknown,source,ArcSight:unknown
-Cyber-Ark_Vault,sourcetype,cyberark:epv:cef
-Cyber-Ark_Vault,index,netauth
-CyberArk_PTA,sourcetype,cyberark:pta:cef
-CyberArk_PTA,index,main