diff --git a/notebooks/network-intrusion-detection-part-3/notebook.ipynb b/notebooks/network-intrusion-detection-part-3/notebook.ipynb
index be2b88a..4bc37d9 100644
--- a/notebooks/network-intrusion-detection-part-3/notebook.ipynb
+++ b/notebooks/network-intrusion-detection-part-3/notebook.ipynb
@@ -39,10 +39,18 @@
     },
     {
       "cell_type": "markdown",
-      "id": "f6100d05-d796-452b-893c-8e9240d9a3f9",
+      "id": "b4cd5073",
       "metadata": {},
       "source": [
-        "We start creating a simple table to load the logs into a JSON column"
+        "### We recommend for that step to use a S1+ size workspace"
+      ]
+    },
+    {
+      "cell_type": "markdown",
+      "id": "ee260ca9",
+      "metadata": {},
+      "source": [
+        "<div class=\"alert alert-block alert-warning\">    <b class=\"fa fa-solid fa-exclamation-circle\"></b>    <div>        <p><b>Action Required</b></p>        <p>Make sure to select the <tt>siem_log_kafka_demo</tt> database from the drop-down menu at the top of this notebook.        It updates the <tt>connection_url</tt> which is used by the <tt>%%sql</tt> magic command and SQLAlchemy to make connections to the selected database.</p>    </div></div>"
       ]
     },
     {
@@ -53,8 +61,16 @@
       "outputs": [],
       "source": [
         "%%sql\n",
-        "drop PIPELINE `siem_log_real`;\n",
-        "drop table `siem_log_real`;"
+        "DROP PIPELINE IF EXISTS `siem_log_real`;\n",
+        "DROP TABLE IF EXISTS `siem_log_real`;"
+      ]
+    },
+    {
+      "cell_type": "markdown",
+      "id": "f6100d05-d796-452b-893c-8e9240d9a3f9",
+      "metadata": {},
+      "source": [
+        "We start creating a simple table to load the logs into a JSON column"
       ]
     },
     {
@@ -65,7 +81,7 @@
       "outputs": [],
       "source": [
         "%%sql\n",
-        "CREATE TABLE `siem_log_real` (\n",
+        "CREATE TABLE IF NOT EXISTS `siem_log_real` (\n",
         "  `logs` JSON COLLATE utf8_bin\n",
         "  , SHARD KEY ()\n",
         ") AUTOSTATS_CARDINALITY_MODE=PERIODIC AUTOSTATS_HISTOGRAM_MODE=CREATE SQL_MODE='STRICT_ALL_TABLES';"
@@ -88,9 +104,9 @@
       "source": [
         "%%sql\n",
         "CREATE PIPELINE `siem_log_real`\n",
-        "AS LOAD DATA KAFKA 'pkc-XXX.us-east-1.aws.confluent.cloud:9092/connections_siem_logs'\n",
-        "CONFIG '{\\\"sasl.username\\\": \\\"YOURKEY\\\",\\n         \\\"sasl.mechanism\\\": \\\"PLAIN\\\",\\n         \\\"security.protocol\\\": \\\"SASL_SSL\\\",\\n         \\\"ssl.ca.location\\\": \\\"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem\\\"}'\n",
-        "CREDENTIALS '{\"sasl.password\": \"YOURPASSWORD\"}'\n",
+        "AS LOAD DATA KAFKA 'pkc-p11xm.us-east-1.aws.confluent.cloud:9092/singlestore_topic'\n",
+        "CONFIG '{\\\"sasl.username\\\": \\\"WTIVCYPLUAIMIAYQ\\\",\\n         \\\"sasl.mechanism\\\": \\\"PLAIN\\\",\\n         \\\"security.protocol\\\": \\\"SASL_SSL\\\",\\n         \\\"ssl.ca.location\\\": \\\"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem\\\"}'\n",
+        "CREDENTIALS '{\"sasl.password\": \"/qIOhlTFEK8RNNCc1qSOnpNj4mqhXfudBlQQFgRfc0qBEjfm99VcyvEuwPILBcnv\"}'\n",
         "BATCH_INTERVAL 20\n",
         "DISABLE OFFSETS METADATA GC\n",
         "INTO TABLE `siem_log_real`\n",