diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/techniques-cmd.png b/windows/security/threat-protection/microsoft-defender-atp/images/techniques-cmd.png
new file mode 100644
index 0000000000..881b6aac22
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/techniques-cmd.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/techniques-hunting.png b/windows/security/threat-protection/microsoft-defender-atp/images/techniques-hunting.png
new file mode 100644
index 0000000000..2969a418ef
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/techniques-hunting.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/techniques-sha1.png b/windows/security/threat-protection/microsoft-defender-atp/images/techniques-sha1.png
new file mode 100644
index 0000000000..bc18a8fed6
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/techniques-sha1.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/timeline-columns.png b/windows/security/threat-protection/microsoft-defender-atp/images/timeline-columns.png
new file mode 100644
index 0000000000..8c6a1403e4
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/timeline-columns.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/techniques-device-timeline.md b/windows/security/threat-protection/microsoft-defender-atp/techniques-device-timeline.md
index 354403163d..baa3deac5f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/techniques-device-timeline.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/techniques-device-timeline.md
@@ -52,18 +52,18 @@ Select the specific *Attack technique* to open the related ATT&CK technique page
 
 You can copy an entity's details when you see a blue icon on the right. For instance, to copy a related file's SHA1, select the blue page icon.
 
-![Copy entity details](images/techniques-side-pane-clickable.png)
+![Copy entity details](images/techniques-sha1.png)
 
 You can do the same for command lines.
 
-![Copy command line](images/techniques-side-pane-command.png)
+![Copy command line](images/techniques-cmd.png)
 
 
 ## Investigate related events
 
 To use [advanced hunting](advanced-hunting-overview.md) to find events related to the selected Technique, select **Hunt for related events**. This leads to the advanced hunting page with a query to find events related to the Technique.
 
-![Hunt for related events](images/techniques-hunt-for-related-events.png)
+![Hunt for related events](images/techniques-hunting.png)
 
 >[!NOTE]
 >Querying using the **Hunt for related events** button from a Technique side pane displays all the events related to the identified technique but does not include the Technique itself in the query results.
@@ -78,7 +78,7 @@ You can customize which columns to expose. You can also filter for flagged event
 ### Choose columns to expose
 You can choose which columns to expose in the timeline by selecting the **Choose columns** button.
 
-![Customize columns](images/filter-customize-columns.png)
+![Customize columns](images/timeline-columns.png)
 
 From there you can select which information set to include.