diff --git a/src/content/docs/security-center/cloudforce-one/index.mdx b/src/content/docs/security-center/cloudforce-one/index.mdx
index e3e970901c3fa5f..9d114f916dbedd5 100644
--- a/src/content/docs/security-center/cloudforce-one/index.mdx
+++ b/src/content/docs/security-center/cloudforce-one/index.mdx
@@ -112,6 +112,7 @@ Cloudforce One customers have access to the following existing datasets:
 - Compromised devices
 - Residential Proxies
 - WAF attacks 
+For customers using the [Threat Events API](/api/resources/cloudforce_one/subresources/threat_events/) for accessing each dataset, the [dataset list](/api/resources/cloudforce_one/subresources/threat_events/subresources/datasets/methods/list/)] endpoint will generate all Datasets the account has access to, including the Dataset ID.
 
 You can filter **Threat Events** by:
 
@@ -123,7 +124,7 @@ You can filter **Threat Events** by:
 - Indicator Type
 - [Kill Chain](https://en.wikipedia.org/wiki/Cyber_kill_chain)
 - Tags
-- Event Category
+- [Event Category](https://attack.mitre.org/)
 
 You can also filter by **Date range**.