diff --git a/cyber_narrator/upgrade/2024/CN-24.08/clickhouse/cn_clickhouse_ddl_24.08.sql b/cyber_narrator/upgrade/2024/CN-24.08/clickhouse/cn_clickhouse_ddl_24.08.sql
index 3d384df..ae5c9aa 100644
--- a/cyber_narrator/upgrade/2024/CN-24.08/clickhouse/cn_clickhouse_ddl_24.08.sql
+++ b/cyber_narrator/upgrade/2024/CN-24.08/clickhouse/cn_clickhouse_ddl_24.08.sql
@@ -1673,6 +1673,7 @@ CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.cn_event_local ON CLUSTER ck_cl
     is_builtin SimpleAggregateFunction(anyLast, Int8),
     event_type SimpleAggregateFunction(anyLast, String),
     event_name SimpleAggregateFunction(anyLast, String),
+    reset SimpleAggregateFunction(anyLast, Int64),
     start_time SimpleAggregateFunction(min, Int64),
     end_time SimpleAggregateFunction(max, Int64),
     duration_s SimpleAggregateFunction(max, Int64),
@@ -1691,6 +1692,7 @@ CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.cn_event ON CLUSTER ck_cluster(
     is_builtin SimpleAggregateFunction(anyLast, Int8),
     event_type SimpleAggregateFunction(anyLast, String),
     event_name SimpleAggregateFunction(anyLast, String),
+    reset SimpleAggregateFunction(anyLast, Int64),
     start_time SimpleAggregateFunction(min, Int64),
     end_time SimpleAggregateFunction(max, Int64),
     duration_s SimpleAggregateFunction(max, Int64),
diff --git a/cyber_narrator/upgrade/2024/CN-24.08/clickhouse/cn_clickhouse_ddl_check_24.08.sql b/cyber_narrator/upgrade/2024/CN-24.08/clickhouse/cn_clickhouse_ddl_check_24.08.sql
index 662216a..5ed9e32 100644
--- a/cyber_narrator/upgrade/2024/CN-24.08/clickhouse/cn_clickhouse_ddl_check_24.08.sql
+++ b/cyber_narrator/upgrade/2024/CN-24.08/clickhouse/cn_clickhouse_ddl_check_24.08.sql
@@ -64,5 +64,5 @@ SELECT key_fields, key_values, event_info, start_time, end_time, match_id, rule_
 FROM cyber_narrator_galaxy.match_sequence where start_time >= toUnixTimestamp('2030-01-01 00:00:00') AND start_time <toUnixTimestamp('2030-01-01 00:00:01');
 SELECT key_fields, key_values, event_info, start_time, end_time, match_id, rule_id, rule_version, rule_type, is_builtin, event_type, event_name, severity
 FROM cyber_narrator_galaxy.match_unordered_sequence where start_time >= toUnixTimestamp('2030-01-01 00:00:00') AND start_time <toUnixTimestamp('2030-01-01 00:00:01');
-SELECT event_id, match_ids, key_fields, key_values, rule_id, rule_version, rule_type, is_builtin, event_type, event_name, start_time, end_time, duration_s, status
+SELECT event_id, match_ids, key_fields, key_values, rule_id, rule_version, rule_type, is_builtin, event_type, event_name, reset,start_time, end_time, duration_s, status
 FROM cyber_narrator_galaxy.cn_event where start_time >= toUnixTimestamp('2030-01-01 00:00:00') AND start_time <toUnixTimestamp('2030-01-01 00:00:01');
\ No newline at end of file
diff --git a/cyber_narrator/upgrade/2024/CN-24.08/clickhouse/cn_clickhouse_ddl_upgrade_24.08.sql b/cyber_narrator/upgrade/2024/CN-24.08/clickhouse/cn_clickhouse_ddl_upgrade_24.08.sql
index 0fa1139..5fea5b0 100644
--- a/cyber_narrator/upgrade/2024/CN-24.08/clickhouse/cn_clickhouse_ddl_upgrade_24.08.sql
+++ b/cyber_narrator/upgrade/2024/CN-24.08/clickhouse/cn_clickhouse_ddl_upgrade_24.08.sql
@@ -184,6 +184,7 @@ CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.cn_event_local ON CLUSTER ck_cl
     is_builtin SimpleAggregateFunction(anyLast, Int8),
     event_type SimpleAggregateFunction(anyLast, String),
     event_name SimpleAggregateFunction(anyLast, String),
+    reset SimpleAggregateFunction(anyLast, Int64),
     start_time SimpleAggregateFunction(min, Int64),
     end_time SimpleAggregateFunction(max, Int64),
     duration_s SimpleAggregateFunction(max, Int64),
@@ -202,6 +203,7 @@ CREATE TABLE IF NOT EXISTS cyber_narrator_galaxy.cn_event ON CLUSTER ck_cluster(
     is_builtin SimpleAggregateFunction(anyLast, Int8),
     event_type SimpleAggregateFunction(anyLast, String),
     event_name SimpleAggregateFunction(anyLast, String),
+    reset SimpleAggregateFunction(anyLast, Int64),
     start_time SimpleAggregateFunction(min, Int64),
     end_time SimpleAggregateFunction(max, Int64),
     duration_s SimpleAggregateFunction(max, Int64),