diff --git a/solutions/images/security-turn-on-risk-engine.png b/solutions/images/security-turn-on-risk-engine.png
index 20053dad6a..1659e2c955 100644
Binary files a/solutions/images/security-turn-on-risk-engine.png and b/solutions/images/security-turn-on-risk-engine.png differ
diff --git a/solutions/security/advanced-entity-analytics/turn-on-risk-scoring-engine.md b/solutions/security/advanced-entity-analytics/turn-on-risk-scoring-engine.md
index 58fad3a45a..7b6c721bbc 100644
--- a/solutions/security/advanced-entity-analytics/turn-on-risk-scoring-engine.md
+++ b/solutions/security/advanced-entity-analytics/turn-on-risk-scoring-engine.md
@@ -45,8 +45,9 @@ If you’re installing the risk scoring engine for the first time:
 1. Find **Entity risk score** in the navigation menu or using the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md).
 2. On the **Entity risk score** page, turn the toggle on.
 3. {applies_to}`stack: ga 9.2` {applies_to}`serverless: ga` Choose whether to retain [residual risk scores](/solutions/security/advanced-entity-analytics/entity-risk-scoring.md#residual-risk-score).
-4. Choose whether to include `Closed` alerts in risk scoring calculations.
-5. Optionally, specify a date and time range for the calculation.
+4. Optionally, specify a date and time range for the calculation.
+5. Choose whether to include `Closed` alerts in risk scoring calculations.
+6. {applies_to}`stack: ga 9.3` {applies_to}`serverless: ga` Optionally, filter out alerts by defining conditions for the entity types or attributes that you want to exclude from the calculation. For example, if you don't want to calculate risk scores for users with a **Low impact** asset criticality level, enter `not user.asset.criticality: "low_impact"`.
 
 :::{image} /solutions/images/security-turn-on-risk-engine.png
 :alt: Turn on entity risk scoring