diff --git a/flowmon-ads/warden3_flowmon_ads_filer.py b/flowmon-ads/warden3_flowmon_ads_filer.py
index c358547f7a889fd9d9234d947501d07debf09e45..5267fb92fc3923ebacabc3bab13ed6ad2575fdee 100755
--- a/flowmon-ads/warden3_flowmon_ads_filer.py
+++ b/flowmon-ads/warden3_flowmon_ads_filer.py
@@ -107,21 +107,21 @@ def proto_list(pl):
 
 
 ads_fields = (
-    ('ID', str),                # Unique id within ADS db
+    ('ID', str),                    # Unique id within ADS db
     ('Detection time', iso_time),   # Timestamp of event generation
-    ('FirstFlow', iso_time),    # Timestamp of the first Flow on which was based the event detection
-    ('Type', str),              # Type of event, in fact a reference to the detection method, which recognized the event
-    ('TypeDesc', str),          # Event type description
-    ('Perspective', str),       # Perspective name
-    ('Severity', str),          # Priority based on perspective
-    ('Detail', str),            # Detailed information on the event
-    ('Ports', int_list),        # List of ports (if identified)
-    ('Protocol', proto_list),   # IP protocol (if identified)
-    ('Source', ip_list),        # Event originator (IP address)
-    ('CapturedSource', str),    # DNS name assigned to the IP address at the time of event detection
-    ('Targets', ip_list),       # Event targets (a list of IP addresses)
-    ('NetFlowSource', str),     # Flow data source on which the event has been generated
-    ('UserIdentity', str)       # User ID from domain controller
+    ('FirstFlow', iso_time),        # Timestamp of the first Flow on which was based the event detection
+    ('Type', str),                  # Type of event, in fact a reference to the detection method, which recognized the event
+    ('TypeDesc', str),              # Event type description
+    ('Perspective', str),           # Perspective name
+    ('Severity', str),              # Priority based on perspective
+    ('Detail', str),                # Detailed information on the event
+    ('Ports', int_list),            # List of ports (if identified)
+    ('Protocol', proto_list),       # IP protocol (if identified)
+    ('Source', ip_list),            # Event originator (IP address)
+    ('CapturedSource', str),        # DNS name assigned to the IP address at the time of event detection
+    ('Targets', ip_list),           # Event targets (a list of IP addresses)
+    ('NetFlowSource', str),         # Flow data source on which the event has been generated
+    ('UserIdentity', str)           # User ID from domain controller
 )