diff --git a/docs/alerts/webhook-connections/cloud-soar.md b/docs/alerts/webhook-connections/cloud-soar.md
index 1c4fed918a..9b57627ff5 100644
--- a/docs/alerts/webhook-connections/cloud-soar.md
+++ b/docs/alerts/webhook-connections/cloud-soar.md
@@ -16,14 +16,44 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
* You'll need the **Manage connections** [role capability](/docs/manage/users-roles/roles/role-capabilities) to create webhook connections.
:::
-To create a webhook connection from Sumo Logic to Cloud SOAR:
+You can configure a webhook connection to allow you to send an alert from a scheduled search to Sumo Logic Cloud SOAR using an incident template.
1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Monitoring > Connections**.
[**New UI**](/docs/get-started/sumo-logic-ui). In the top menu select **Configuration**, and then under **Monitoring** select **Connections**. You can also click the **Go To...** menu at the top of the screen and select **Connections**.
-1. Click **+ Add** and choose **Cloud SOAR** as the connection type.
})
-1. Enter a **Name** and give an optional **Description** to the connection.
-1. The **URL** and **Authorization Header** are automatically defined by Sumo Logic. You should not edit these.
-1. The **Templates** dropdown shows a list of all incident templates, by name, configured in your Cloud SOAR environment.
-1. The default **Payload** synchronizes with the selected template and the associated `template_id` field is automatically defined in the default payload. A `template_id` is required in the payload in order to configure the connection. For details on variables you can use as parameters within your JSON object, see [Webhook Payload Variables](set-up-webhook-connections.md).
-1. Click **Save**.
+1. Click **+** and choose **Cloud SOAR** as the connection type. The **Create Cloud SOAR Connection** dialog is displayed.
})
+1. Enter a **Name** and give an optional **Description** to the connection.
+1. The **URL** field shows your [Sumo Logic API endpoint](/docs/api/getting-started#sumo-logic-endpoints-by-deployment-and-firewall-security) followed by `/csoar/v3/incidents/`. For example, `https://api.us2.sumologic.com/api/csoar/v3/incidents/`
+1. In **Authorization Header**, enter your basic authentication access information for the header. For example, `Basic :>`. For more information, see [Basic Access (Base64 encoded)](/docs/api/getting-started#basic-access-base64-encoded).
+1. Click **Save**. After save, the **Templates** dropdown shows a list of all incident templates by name configured in your Cloud SOAR environment.
+1. Select a **Template**.
+1. The default payload synchronizes with the selected template, and the **Alert Payload** field shows the associated `template_id` field automatically defined in the default payload. A `template_id` is required in the payload in order to configure the connection:
+
+ ```
+ {
+ "template_id": ,
+ "fields": {
+ "incidentid": "Incident Id"
+ }
+ }
+ ```
-For more detailed instructions, see [Configure a webhook for Cloud SOAR](/docs/cloud-soar/automation/#configure-a-webhook-for-cloud-soar).
\ No newline at end of file
+ You can add additional variables. For example:
+
+ ```
+ {
+ "fields": {
+ "description": "string",
+ "additional_info": "string",
+ "starttime": "ISO-8601 datetime string",
+ "incident_kind": ,
+ "incident_category": ,
+ "status": ,
+ "restriction":
+ }
+ }
+ ```
+ :::note
+ * For details on variables you can use as parameters within your JSON object, see [Configure Webhook Payload Variables](/docs/alerts/webhook-connections/set-up-webhook-connections/#configure-webhook-payload-variables).
+ * For information on additional fields, please refer to the [Cloud SOAR APIs](/docs/api/cloud-soar/) documentation.
+ * The preceding example shows an `ISO-8601 datetime string`. For information about how to configure it, see [parser documentation](https://dateutil.readthedocs.io/en/stable/parser.html#dateutil.parser.isoparse).
+ :::
+1. Click **Save**.