diff --git a/docs/assets/operation_center/integration_catalog/network/varonis_data_security/configure_syslog.jpg b/docs/assets/operation_center/integration_catalog/network/varonis_data_security/configure_syslog.jpg
new file mode 100644
index 0000000000..ee8dea54ab
Binary files /dev/null and b/docs/assets/operation_center/integration_catalog/network/varonis_data_security/configure_syslog.jpg differ
diff --git a/docs/assets/operation_center/integration_catalog/network/varonis_data_security/configure_template.png b/docs/assets/operation_center/integration_catalog/network/varonis_data_security/configure_template.png
new file mode 100644
index 0000000000..8fec90ea0c
Binary files /dev/null and b/docs/assets/operation_center/integration_catalog/network/varonis_data_security/configure_template.png differ
diff --git a/docs/xdr/features/collect/integrations/network/varonis_data_security.md b/docs/xdr/features/collect/integrations/network/varonis_data_security.md
index e40c375c22..fc20bfee6f 100644
--- a/docs/xdr/features/collect/integrations/network/varonis_data_security.md
+++ b/docs/xdr/features/collect/integrations/network/varonis_data_security.md
@@ -24,11 +24,22 @@ to Sekoia.io by means of a syslog transport channel.
 You can configure the Syslog server address in DatAlert so that alerts are sent to SEKOIA. To configure the
 Syslog server address in DatAlert:
 
-1. In DatAdvantage, select Tools > DatAlert. DatAlert is displayed.
-2. From the left menu, select Configuration.
-3. In Syslog Message Forwarding fill the Syslog server IP address and the Port with the ip address and the port of the log concentrator.
+1. In DatAdvantage, select `Tools` > `DatAlert`. DatAlert is displayed.
+2. From the left menu, select `Configuration`.
+3. In the `Syslog Message Forwarding` section, fill the Syslog server IP address and the Port with the ip address and the port of the log concentrator.
 4. Click OK
 
+![Varonis DatAlert configure syslog](/assets/operation_center/integration_catalog/network/varonis_data_security/configure_syslog.jpg){: style="max-width:100%"}
+
+### Create a message forwarding template
+
+1. In DatAlert, select `Alert Templates`
+2. Select `External system default template (CEF)` and click `Edit Alert Template`
+3. In `Apply to alert methods`, select `Syslog message`
+4. Click OK
+
+![Varonis DatAlert configure template](/assets/operation_center/integration_catalog/network/varonis_data_security/configure_template.png){: style="max-width:100%"}
+
 ### Create the intake
 
 Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the format Varonis Data Security
@@ -60,4 +71,4 @@ action(
 ```
 
 !!! Note
-    Don't forget to replace the variables $PROTOCOL (tcp or udp) to choose the protocol by which Varonis logs are received, the $PORT of entry, your $APP-NAME syslog, and your $INTAKE-KEY Sekoia.
\ No newline at end of file
+    Don't forget to replace the variables $PROTOCOL (tcp or udp) to choose the protocol by which Varonis logs are received, the $PORT of entry, your $APP-NAME syslog, and your $INTAKE-KEY Sekoia.