From e884efe7ecf9361e6a3f9e76523c4d4c12146009 Mon Sep 17 00:00:00 2001
From: Mahir Chavda <mahir.chavda13@gmail.com>
Date: Thu, 29 Jun 2023 19:25:48 +0530
Subject: [PATCH] Redo missed doc changes

---
 docs/troubleshooting/troubleshooting.md | 12 ++++++++++++
 docs/user_guide/alerts_dashboards.md    |  3 +--
 docs/user_guide/user_guide.md           |  2 ++
 3 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/docs/troubleshooting/troubleshooting.md b/docs/troubleshooting/troubleshooting.md
index 70ae90ec..8fc9526c 100644
--- a/docs/troubleshooting/troubleshooting.md
+++ b/docs/troubleshooting/troubleshooting.md
@@ -131,3 +131,15 @@ Refer to the **App Installation and Configuration > Device Inventory > Backfill
 
 ![alt]({{ site.baseurl }}/assets/auditd_authentication_after.png)
 
+
+## Warning -> 'list' command: Limit of '100' for values reached
+
+If you see below warning:
+    ```
+    'list' command: Limit of '100' for values reached. Additional values may have been truncated or ignored.
+    ```
+
+From any of the below alerts, then kindly `ignore` it, as that is expected behavior.
+    * Ransomware - Spike in File Writes
+    * Ransomware - Common Ransomware File Extensions
+    * Network Compromise - DDoS Behavior Detected
\ No newline at end of file
diff --git a/docs/user_guide/alerts_dashboards.md b/docs/user_guide/alerts_dashboards.md
index 0176cacd..c798beac 100644
--- a/docs/user_guide/alerts_dashboards.md
+++ b/docs/user_guide/alerts_dashboards.md
@@ -222,11 +222,10 @@ The Lansweeper dashboard also provides information about whether the IT asset is
     * Windows Devices 
 
 ## Network Devices
-
 * General alerts for all Network Data:
-
     * Network Compromise - Basic Scanning
     * Network Compromise - Inbound Vulnerable Traffic
+    * Network Compromise - DDoS Behavior Detected
 
 * Cisco IOS Alerts:
     * Cisco IOS - Device Failed Login
diff --git a/docs/user_guide/user_guide.md b/docs/user_guide/user_guide.md
index 4e53ef13..e80146ed 100644
--- a/docs/user_guide/user_guide.md
+++ b/docs/user_guide/user_guide.md
@@ -41,6 +41,8 @@ A few of the included alerts and reports are dependent on other reports being en
         * Dynamically Update Blocked IPs with HoneyDB
     * Ransomware - Spike in File Writes
         * Ransomware - Calculate UpperBound for Spike in File Writes
+    * Network Compromise - DDoS Behavior Detected
+        * Network Compromise - Calculate UpperBound for Spike in Network Traffic
     * Windows - Hosts Missing Update
         * Windows - Hosts Lookup Gen (this report is enabled by default)
     * Device Inventory Gen