Was playing around a bit with using packs and json output. It seems a bit hard to track the outputs to the query that created it. Is there a way to have the output include the name of the query that ran and also the query logic by chance? It also looks like it alphabetizes the queries in a pack before executing

osqueryi --config_path /var/osquery/osquery.conf --pack incident-response --json

Eighth query in the incident-response pack:

"alf": {
      "query" : "select * from alf;",
...
      "description" : "Retrieves the configuration values for the Application Layer Firewall for OSX.",
      "value" : "Verify firewall settings are as restrictive as you need. Identify unwanted firewall holes made by malware or humans"
    },

First output:

[ {"allow_signed_enabled":"1","firewall_unload":"0","global_state":"0","logging_enabled":"1","logging_option":"0","stealth_enabled":"0","version":"1.6"}
]

I know the TLS logger plugin provides the name of the pack & query in the result