diff --git a/README.md b/README.md
index 741d7bf..66c8814 100644
--- a/README.md
+++ b/README.md
@@ -2,6 +2,14 @@
 
 Security visibility and analytics for **Aviatrix Distributed Cloud Firewall** in Splunk. Provides CIM-compliant field extractions and pre-built dashboards for SIEM/SOC teams.
 
+## Screenshots
+
+![Security Overview](screenshots/01_overview.png)
+
+![Traffic Analysis](screenshots/02_traffic_analysis.png)
+
+![Threat Detection](screenshots/03_threat_detection.png)
+
 ## Apps
 
 This repository contains two Splunk apps, designed to be installed together:
@@ -37,10 +45,14 @@ Pre-built dashboards for monitoring Aviatrix Cloud Firewall activity.
 - **Gateway Health** -- CPU, memory, disk, network throughput per gateway
 - **Audit Trail** -- Controller API changes, user activity, success/failure tracking
 
+## Log Ingestion
+
+These apps are designed to work with the [Aviatrix SIEM Connector](https://github.com/AviatrixSystems/aviatrix-siem-connector), which parses Aviatrix Syslog messages and posts them to Splunk via HEC (HTTP Event Collector).
+
 ## Requirements
 
 - Splunk Enterprise 8.0+ or Splunk Cloud
-- Aviatrix Controller with logging configured to send via HEC
+- [Aviatrix SIEM Connector](https://github.com/AviatrixSystems/aviatrix-siem-connector) for log ingestion
 - CIM Add-on 4.0+ (for data model acceleration)
 
 ## Installation