diff --git a/work/fortinet_soar.md b/work/fortinet_soar.md
index 08015f7..c7df015 100644
--- a/work/fortinet_soar.md
+++ b/work/fortinet_soar.md
@@ -3,53 +3,98 @@
 ## 1. System Components
 
 ### FortiGate (FGW)
-- **Function**: Network security appliances used for monitoring and securing network traffic.
+- **Function**: Network security appliances primarily used for monitoring and securing network traffic.
 - **Capabilities**:
-  - Intrusion Prevention System (IPS) for threat identification and mitigation.
-  - VPN services enabling secure remote connectivity.
-  - Comprehensive threat protection with firewall, anti-malware, and web filtering capabilities.
-  - Traffic shaping and bandwidth management for efficient network utilization.
+  - **Intrusion Prevention System (IPS)**: Advanced IPS capabilities for real-time threat identification and mitigation. Includes signature-based detection and proactive blocking of new threats.
+  - **VPN Services**: Robust VPN features supporting secure remote connectivity, including SSL and IPSec VPN options for flexible deployment scenarios.
+  - **Comprehensive Threat Protection**: Integrated suite offering firewall, anti-malware, and web filtering capabilities. Utilizes continuously updated threat intelligence for proactive defense against emerging threats.
+  - **Traffic Shaping and Bandwidth Management**: Advanced traffic shaping tools and bandwidth management capabilities to optimize network performance and resource utilization. Includes prioritization of critical applications and traffic control measures.
 
 ### FortiManager (FMG)
-- **Function**: Centralized management platform for FortiGate appliances, simplifying configuration and policy management.
+- **Function**: Centralized management platform for FortiGate appliances, facilitating streamlined configuration and policy management.
 - **Capabilities**:
-  - Centralized control over multiple FGW devices.
-  - Consistent policy and object management.
-  - Detailed analytics and reporting features.
-  - Streamlined operations with automation workflows.
+  - **Centralized Control Over FGW Devices**: Ability to manage numerous FortiGate appliances from a single FMG console, enhancing operational efficiency and consistency.
+  - **Consistent Policy and Object Management**: Unified policy framework for managing security policies across the network. Simplifies object management with centralized creation and modification.
+  - **Detailed Analytics and Reporting Features**: Comprehensive analytics tools for in-depth network analysis. Features include customizable reports, log management, and real-time data visualization.
+  - **Automation-Driven Workflows**: Automation capabilities for routine tasks, reducing manual efforts and accelerating response times. Includes script-based automation and policy auto-deployment.
 
 ### SOAR Platform
-- **Function**: Platform for orchestrating and automating security responses using data from FMG and FGW.
+- **Function**: Platform for orchestrating and automating security responses, leveraging data insights from FMG and FGW.
 - **Capabilities**:
-  - Automated response to incidents based on predefined criteria.
-  - Seamless integration with various security tools.
-  - Customizable playbooks to address diverse security scenarios.
-  - Real-time alerting and comprehensive incident tracking.
+  - **Automated Incident Response**: Intelligent automation of security responses based on predefined criteria and real-time analysis. Enables quick containment and remediation of threats.
+  - **Seamless Integration with Security Tools**: Capability to integrate with a wide range of security tools and services, forming a cohesive security ecosystem for comprehensive protection.
+  - **Customizable Playbooks**: Flexible playbook design for addressing a variety of security scenarios, from basic alert management to complex multi-stage incident response.
+  - **Real-Time Alerting and Incident Tracking**: Advanced alerting system for timely notification of security incidents. Includes detailed incident tracking and management for effective resolution and analysis.
 
 ## 2. Core Infrastructure and Integration
-- **FMG Setup**: Implement FMG to centrally manage multiple FGW devices across tenants, ensuring uniform policy application.
-- **SOAR-FMG Integration**: Establish robust integration between SOAR and FMG for efficient data exchange and responsive security automation.
+
+### FMG Setup
+- **Objective**: Implement FMG for centralized management of multiple FGW devices across various tenants.
+- **Key Steps**:
+  - Deployment of FMG on-premises or in the cloud, based on network architecture.
+  - Integration of all FGW devices with FMG for centralized control.
+  - Configuration of FMG to handle network-wide policies, ensuring consistency and compliance across all managed devices.
+  - Establishment of administrative roles and access controls within FMG for secure and efficient management.
+
+### SOAR-FMG Integration
+- **Objective**: Establish a robust integration between the SOAR platform and FMG for efficient data exchange and automation.
+- **Key Steps**:
+  - Setting up API-based communication between FMG and the SOAR platform to ensure reliable data transfer.
+  - Configuring SOAR to interpret and respond to data and alerts from FMG, aligning with security policies and procedures.
+  - Implementing automated workflows in SOAR that are triggered by specific data inputs or alert types from FMG.
+  - Regularly updating and maintaining the integration to accommodate system upgrades and changes in network infrastructure.
 
 ## 3. Data Collection and Preliminary Analysis
-- **FGW Configuration**: Configure FGW devices for comprehensive network monitoring, identifying security threats and anomalies.
-- **Data Analysis in FMG**: Develop advanced data processing capabilities within FMG for insightful traffic data aggregation and interpretation.
-- **Data Feeding to SOAR**: Ensure systematic data transfer from FMG to SOAR to facilitate informed and automated decision-making.
+
+### FGW Configuration
+- **Objective**: Configure FGW devices for comprehensive network monitoring and threat detection.
+- **Key Steps**:
+  - Enabling and tuning IPS, anti-malware, and web filtering features on FGW devices for optimal threat detection.
+  - Configuring logging and traffic monitoring rules to capture relevant data.
+  - Establishing baseline network behavior profiles to aid in anomaly detection.
+
+### Data Analysis in FMG
+- **Objective**: Develop advanced data processing and analysis capabilities within FMG.
+- **Key Steps**:
+  - Implementing data aggregation and correlation methods to derive meaningful insights from network traffic data.
+  - Utilizing FMG's built-in analytics tools to identify patterns indicative of security threats or network inefficiencies.
+  - Customizing dashboards and reports in FMG for real-time monitoring and historical analysis.
+
+### Data Feeding to SOAR
+- **Objective**: Ensure systematic and secure data transfer from FMG to SOAR.
+- **Key Steps**:
+  - Configuring data export settings in FMG to periodically send processed data to SOAR.
+  - Securing data transfer channels to protect sensitive information during transit.
+  - Verifying data integrity and accuracy upon receipt in SOAR for reliable automation.
 
 ## 4. Development of Automation Playbooks in SOAR
-- **Create SOAR Playbooks**: Develop initial automation playbooks in SOAR for tasks like configuration deployment and incident response, leveraging insights from FMG.
-- **Standard Configuration Templates**: Design standardized templates within SOAR for consistent network configurations across tenants, maintaining security policy coherence.
 
-## 5. Advanced Orchestration and Dynamic Configuration
-- **Enhanced SOAR Playbooks**: Evolve SOAR playbooks for complex security scenarios, including multi-layered incident response and proactive threat management.
-- **Dynamic Template Integration**: Integrate and adapt SOAR configuration templates dynamically, aligning them with real-time data for responsive network management.
-## 6. Scalable and Customizable Configuration Management
-- **Modular Configuration Templates**: Design SOAR configuration templates to be modular, allowing for scalability and adaptability to different network sizes and tenant requirements.
-- **Customization Options**: Implement customization capabilities within the templates, providing flexibility for tenant-specific adjustments while adhering to overarching security policies.
-
-## 7. Continuous Monitoring and Reporting
-- **Comprehensive Monitoring System**: Develop a robust monitoring framework within SOAR for continuous surveillance of network health, security status, and operational performance.
-- **Feedback and Reporting Mechanisms**: Integrate mechanisms for regular performance reporting, incident logging, and actionable insights within SOAR, facilitating ongoing evaluation and optimization.
+### Create SOAR Playbooks
+- **Objective**: Develop initial automation playbooks in SOAR for efficient network management and security incident handling.
+- **Key Steps**:
+  - Identifying common network management tasks and security incidents that can be automated.
+  - Writing and testing playbooks in SOAR to automate these tasks, such as auto-configuring network settings or responding to standard security alerts.
+  - Integrating playbooks with FMG data inputs for context-aware automation.
 
+### Standard Configuration Templates
+- **Objective**: Design standardized network configuration templates within SOAR for uniformity across tenants.
+- **Key Steps**:
+  - Creating templates for common network and security configurations that adhere to organizational policies and best practices.
+  - Ensuring templates are flexible enough to accommodate necessary variations or exceptions for different tenants.
+  - Regularly reviewing and updating templates to align with evolving security standards and network requirements.
+// [
+// ## 5. Advanced Orchestration and Dynamic Configuration
+// - **Enhanced SOAR Playbooks**: Evolve SOAR playbooks for complex security scenarios, including multi-layered incident response and proactive threat management.
+// - **Dynamic Template Integration**: Integrate and adapt SOAR configuration templates dynamically, aligning them with real-time data for responsive network management.
+// 
+// ## 6. Scalable and Customizable Configuration Management
+// - **Modular Configuration Templates**: Design SOAR configuration templates to be modular, allowing for scalability and adaptability to different network sizes and tenant requirements.
+// - **Customization Options**: Implement customization capabilities within the templates, providing flexibility for tenant-specific adjustments while adhering to overarching security policies.
+// 
+// ## 7. Continuous Monitoring and Reporting
+// - **Comprehensive Monitoring System**: Develop a robust monitoring framework within SOAR for continuous surveillance of network health, security status, and operational performance.
+// - **Feedback and Reporting Mechanisms**: Integrate mechanisms for regular performance reporting, incident logging, and actionable insights within SOAR, facilitating ongoing evaluation and optimization.
+// ]
 ## 8. Compliance Enforcement and Governance
 - **Automated Compliance Checks**: Embed automated compliance verification within SOAR playbooks, ensuring consistent adherence to industry regulations and internal policies.
 - **Governance Policies Implementation**: Formulate and enforce a comprehensive governance framework within the SOAR platform to guide configuration management and maintain compliance with established standards and best practices.