elastic · benironside · Oct 22, 2024 · Oct 17, 2024 · Oct 17, 2024 · Oct 17, 2024
@@ -45,10 +45,10 @@ When you access Attack discovery for the first time, you'll need to select an LL
 .Recommended models
 [sidebar]
 --
-While Attack discovery is compatible with many different models, our testing found increased performance with Claude 3 Sonnet and Claude 3 Opus. In general, models with larger context windows are more effective for Attack discovery.
+While Attack discovery is compatible with many different models, our testing found increased performance with Claude 3.5 Sonnet. In general, models with larger context windows are more effective for Attack discovery.
 --
 +
-image::images/select-model-empty-state.png[]
+image::images/attck-disc-select-model-empty-state.png[]
 +
 . Once you've selected a connector, click **Generate** to start the analysis.
 

@@ -34,20 +34,20 @@ When you access Attack discovery for the first time, you'll need to select an LL
 2. Select an existing connector from the dropdown menu, or add a new one. 
 
 <DocCallOut title="Recommended models">
-While Attack discovery is compatible with many different models, our testing found increased performance with Claude 3 Sonnet and Claude 3 Opus. In general, models with larger context windows are more effective for Attack discovery.
+While Attack discovery is compatible with many different models, our testing found increased performance with Claude 3.5 Sonnet. In general, models with larger context windows are more effective for Attack discovery.
 </DocCallOut>
 
-![Attack discovery empty state](../images/attack-discovery/select-model-empty-state.png)
+![Attack discovery empty state](../images/attack-discovery/attck-disc-select-model-empty-state.png) 
 
 3. Once you've selected a connector, click **Generate** to start the analysis. 
 
 It may take from a few seconds up to several minutes to generate discoveries, depending on the number of alerts and the model you selected. 
 
 <DocCallOut title="Important">
-Attack discovery is in technical preview and will only analyze opened and acknowleged alerts from the past 24 hours. By default it only analyzes up to 20 alerts within this timeframe, but you can expand this up to 100 by going to **AI Assistant → Settings (<DocIcon type="gear" title="settings icon"/>) → Knowledge Base** and updating the **Alerts** setting.
+Attack discovery is in technical preview and will only analyze opened and acknowleged alerts from the past 24 hours. By default it analyzes up to 100 alerts within this timeframe, but you can expand this up to 500 by clicking the settings icon <DocIcon type="gear" title="Settings icon"/> next to the model selection menu and adjusting the **Alerts** slider. Note that sending more alerts than your chosen LLM can handle may result in an error.
 </DocCallOut>
 
-![AI Assistant knowledge base menu](../images/ai-assistant/assistant-kb-menu.png)
+![AI Assistant knowledge base menu](../images/attack-discovery/attck-disc-alerts-number-menu.png)
 
 
 <DocCallOut title="Important">