diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-overview-mixed-type.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-overview-mixed-type.png
new file mode 100644
index 0000000000..d2de753251
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-overview-mixed-type.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-overview.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-overview.png
deleted file mode 100644
index ddde7c1db7..0000000000
Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-overview.png and /dev/null differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-software-pages.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-software-pages.png
new file mode 100644
index 0000000000..26b7c166bb
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-software-pages.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-software-page-example.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-software-page-example.png
index d8b73ba265..3b67159481 100644
Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-software-page-example.png and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-software-page-example.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md
index 5160f61fbf..a3388ed0cf 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md
@@ -60,20 +60,17 @@ Select **Custom range** to change the date range to another custom one, or a pre
 
 ## Event timeline overview
 
-On the Event timeline page, you can view the date, event, related software component, number of impacted machines for when the event occurred, and type. You can also customize columns and filter by type or percent of impacted machines.
+On the Event timeline page, you can view the all the necesssary info related to an event. 
+
+Features:
+
+- Customize columns
+- Filter by event type or percent of impacted machines
+- View 30, 50, or 100 items per page
 
 The two large numbers at the top of the page show the number of new vulnerabilities and exploitable vulnerabilities, not events. Some events can have multiple vulnerabilities, and some vulnerabilities can have multiple events.
 
-![Event timeline page](images/tvm-event-timeline-overview.png)
-
-### Icons
-
-The following icons show up next to events:
-
-- ![bug icon](images/tvm_bug_icon.png) New public exploit
-- ![report warning icon](images/report-warning-icon.png) New vulnerability was published
-- ![exploit kit](images/bug-lightning-icon2.png) Exploit found in exploit kit
-- ![bug icon](images/bug-caution-icon2.png) Exploit verified
+![Event timeline page](images/tvm-event-timeline-overview-mixed-type.png)
 
 ### Columns
 
@@ -89,6 +86,15 @@ The following icons show up next to events:
     - New vulnerability
 - **Score trend**: exposure score trend
 
+### Icons
+
+The following icons show up next to events:
+
+- ![bug icon](images/tvm_bug_icon.png) New public exploit
+- ![report warning icon](images/report-warning-icon.png) New vulnerability was published
+- ![exploit kit](images/bug-lightning-icon2.png) Exploit found in exploit kit
+- ![bug icon](images/bug-caution-icon2.png) Exploit verified
+
 ### Drill down to a specific event
 
 Once you select an event, a flyout will appear listing the details and current CVEs that affect your machines. You can show more CVEs or view the related recommendation.
@@ -101,7 +107,11 @@ From there, select **Go to related security recommendation** to go to the [secur
 
 ## View Event timelines in software pages
 
-tvm-software-inventory#software-pages
+To open a software page, select an event > select the hyperlinked software name (like Visual Studio 2017) in the section called "Related component" in the flyout. [Learn more about software pages](tvm-software-inventory.md#software-pages)
+
+A full page will appear with all the details of a specific software, including an event timeline tab. From there you can view all the events related to that software, along with security recommendations, discovered vulnerabilities, installed machines, and version distribution.
+
+![Event timeline page](images/tvm-event-timeline-software-pages.png)
 
 ## Related topics
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md
index 20d09617bb..8438261a73 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md
@@ -54,9 +54,9 @@ You can view software pages a few different ways:
 
 - Software inventory page > Select a software name > Select **Open software page** in the flyout
 - [Security recommendations page](tvm-security-recommendation.md) > Select a recommendation > Select **Open software page** in the flyout
-- 
+- [Event timeline page](threat-and-vuln-mgt-event-timeline) > Select an event > Select the hyperlinked software name (like Visual Studio 2017) in the section called "Related component" in the flyout
 
-Once you are in the Software inventory page and have opened the flyout panel by selecting a software to investigate, select **Open software page** (see image in the previous section). A full page will appear with all the details of a specific software and the following information:
+ A full page will appear with all the details of a specific software and the following information:
 
 - Side panel with vendor information, prevalence of the software in the organization (including number of machines it is installed on, and exposed machines that are not patched), whether and exploit is available, and impact to your exposure score
 - Data visualizations showing the number of, and severity of, vulnerabilities and misconfigurations. Also, graphs of the number of exposed machines