[Content Collections] attack path updates (#240)

updated screenshots and incorporated field comments

docs/en/enterprise-edition/content-collections/governance/attack-path-policies.adoc

@@ -4,22 +4,24 @@ To understand the true security risk of an application or infrastructure require
 
 The *Attack Path* policies are out-of-the-box policies that are enabled by default. These policies identify the confluence of issues that increase the likelihood of a security breach and are based on relationships such as, overly permissive identities, permissions, network exposure, infrastructure misconfiguration, and vulnerabilities that would enable an attacker to target your application. Prisma Cloud helps you identify attack paths and presents them in a graph view, offering valuable security context to protect against high-risk threats, which often requires you to take immediate action. 
 
-image::governance/attack-path-1.png[]
-
 NOTE: Some of the Attack Path policies require you to subscribe to xref:../administration/configure-iam-security/enable-iam-security.adoc[IAM Security] (CIEM).
 
-Before you create an xref:../alerts/create-an-alert-rule-cloud-infrastructure.adoc[Alert Rule] for Attack Path policies, select *Settings > Enterprise Settings > Auto-Enable Default Policies* and verify that you have selected *Critical* and *High* severity. 
+Before you create an xref:../alerts/create-an-alert-rule-cloud-infrastructure.adoc[Alert Rule] for Attack Path policies, select *Settings > Enterprise Settings > Auto-Enable Default Policies* and verify that you have selected *Critical* and *High* severity. You can then select *Governance* and filter by Policy Type *Attack Path* to confirm that Attack Path policies are enabled. If a System Administrator has disabled these policies, toggle the *Status* to enable each policy.
 
 image::governance/attack-path-2.png[]
 
-Next, select *Governance* and filter by Policy Type *Attack Path* to confirm that Attack Path policies are enabled. If a System Administrator has disabled these policies, toggle the *Status* to enable each policy.
+There is a set of *Attack Path Rules* for each *Attack Path* policy. Prisma Cloud evaluates those rules and when it finds a match on all of the rules, it generates an alert. On *Governance*, filter by *Policy Label > Attack Path Rule*. If the *Status* of the policies is disabled, toggle the button to enable each policy. Prisma Cloud uses these Attack Path Rules to find the exposed Attack Paths in your cloud environments.
+
+image::governance/attack-path-6.png[]
+
+NOTE: The policies with Attack Path Rule labels do not require alert-rule match. However, make sure they are enabled.
 
-image::governance/attack-path-3.png[]
+image::governance/attack-path-7.png[]
 
 When a policy violation occurs, you can view the evidence details in Graph (default) view. Select *Alerts > Overview*, filter alerts by Policy Type *Attack Path*, click *Alert Count*, and then click *Alert ID*. 
 
 image::governance/attack-path-4.png[]
 
 The xref:../cloud-and-software-inventory/asset-inventory.adoc[Prisma Cloud Asset Inventory] allows you to deep dive into asset details to explore the security context uncovered by Prisma Cloud.
 
-image::governance/attack-path-5.png[]
+image::governance/attack-path-5.png[]