diff --git a/markdown/Trailblazer-unusual-db-activity/Trailblazer-unusual-db-activity.md b/markdown/Trailblazer-unusual-db-activity/Trailblazer-unusual-db-activity.md
index 058f186e..b3755878 100644
--- a/markdown/Trailblazer-unusual-db-activity/Trailblazer-unusual-db-activity.md
+++ b/markdown/Trailblazer-unusual-db-activity/Trailblazer-unusual-db-activity.md
@@ -169,13 +169,13 @@ Duration: 0:15:00
 Navigate to the ICS UI and refresh the page and perform the needed advanced filtering:
 * Events Source=Rapid7
 
-Verify you see in threat findings UI detections of finding type
+Verify you see in threat findings UI detections of finding types
 ``` txt
-API Activity: unusual change in count of unique actions
-API Activity: unusual DB activity
+API Activity: unusual change in count of unique actions -> related to dynamodb.amazonaws.com
+API Activity: Unusual Actions                           -> related to lambda.amazonaws.com
 ```
 
-![threat findings](img/threatFindings.png)
+![threat findings](img/ThreatFindings1.png)
 
 ## Remediation and recommendations
 #### Social Engineering:
diff --git a/markdown/Trailblazer-unusual-db-activity/img/ThreatFindings.png b/markdown/Trailblazer-unusual-db-activity/img/ThreatFindings.png
deleted file mode 100644
index 55798975..00000000
Binary files a/markdown/Trailblazer-unusual-db-activity/img/ThreatFindings.png and /dev/null differ
diff --git a/markdown/Trailblazer-unusual-db-activity/img/ThreatFindings1.png b/markdown/Trailblazer-unusual-db-activity/img/ThreatFindings1.png
new file mode 100644
index 00000000..f8b2f2a5
Binary files /dev/null and b/markdown/Trailblazer-unusual-db-activity/img/ThreatFindings1.png differ