diff --git a/CHANGELOG.md b/CHANGELOG.md
index f5fe0b581..fc8ce8ec6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,12 @@
-# UTMStack 10.6.2 Release Notes
+# UTMStack 10.6.1 Release Notes
+## Bug Fixes
+- Fixed ISM policy to ensure snapshots include only indices older than 24 hours.
 
 ## Features
-- Added additional compliance reports.
-- Updated the Sophos Central integration guide.
+- Additional Compliance Reports.
+- Updated Sophos Central Integration Guide: The guide was updated due to significant changes in Sophos’s API authentication process.
+
+- Important Notice: Sophos Integration Update
+  Sophos recently implemented a major change in how their APIs handle authentication for log retrieval. As a result, upgrading to UTMStack 10.6.1 will require reconfiguring the Sophos credentials to ensure continued functionality.
+
+
diff --git a/frontend/src/app/app-module/guides/guide-sophos/guide-sophos.component.html b/frontend/src/app/app-module/guides/guide-sophos/guide-sophos.component.html
index ecd35f17a..d185dd29d 100644
--- a/frontend/src/app/app-module/guides/guide-sophos/guide-sophos.component.html
+++ b/frontend/src/app/app-module/guides/guide-sophos/guide-sophos.component.html
@@ -7,11 +7,10 @@ <h4 class="card-title mb-0 text-primary">
 
   <div class="card-body">
     <p class="font-size-base">
-      Sophos Central has secured APIs available for customers. These allow the retrieval of event and alert data from
-      Sophos Central, for use in other systems.<br><br>
+      Sophos Central provides secure APIs to retrieve event and alert data. UTMStack can utilize these APIs to centralize monitoring and enhance your security visibility<br>
 
     <h6 class="font-weight-semibold mt-3 mb-3">
-      How to send alert and event data to UTMStack:
+      Generate API Credentials in Sophos Central:
     </h6>
     <ol class="setup_list">
       <app-utm-list [items]="steps">
@@ -30,13 +29,13 @@ <h6 class="font-weight-semibold mt-3 mb-3">
                   </app-utm-list>
                 </ng-template>
 
-                <ng-template [ngIf]="step.content.id === 'stepContent5'">
+                <ng-template [ngIf]="step.content.id === 'stepContent4'">
                   <app-int-generic-group-config [moduleId]="integrationId"
                                                 (configValidChange)="configValidChange($event)"
                                                 [serverId]="serverId"></app-int-generic-group-config>
                 </ng-template>
 
-                <ng-template [ngIf]="step.content.id === 'stepContent6'">
+                <ng-template [ngIf]="step.content.id === 'stepContent5'">
                   <div  class="mt-3">
                     <app-app-module-activate-button [module]="module.SOPHOS" [type]="'integration'"
                                                     [disabled]="configValidity"
diff --git a/frontend/src/app/app-module/guides/guide-sophos/sophos.steps.ts b/frontend/src/app/app-module/guides/guide-sophos/sophos.steps.ts
index 294cbd325..f463cab7d 100644
--- a/frontend/src/app/app-module/guides/guide-sophos/sophos.steps.ts
+++ b/frontend/src/app/app-module/guides/guide-sophos/sophos.steps.ts
@@ -1,31 +1,50 @@
 import {Step} from '../shared/step';
 
 export const SOPHOS_STEPS: Step[] = [
-  {id: '1', name: 'You require a Client ID and Client Secret to access event data via the API. ' +
-                  'In Sophos Central Admin, go to <strong> Global Settings > API Credentials Management </strong>. <br>',
+  {id: '1', name: 'Navigate to <strong> General Settings -> API Credentials Management </strong> in Sophos Central Admin. <br>',
+    content: {
+      id: 'stepContent1',
+      images: [{
+        alt: 'Api Credentials',
+        src: '../../../../assets/img/guides/sophos/sophos-step-1.png',
+      }]
+    }
   },
-  {id: '2', name: 'To create a new credential, click Add Credential from the top-right corner of the screen'},
-  {id: '3', name: 'Enter a name and description for the credential, then select the role you want to assign and click Add.'},
-  {id: '4', name: 'Click Show Client Secret to view the Client ID and Client Secret, then click Copy to store them securely. <br>' +
-                  '<div class="w-100 alert alert-info alert-styled-right mb-3 alert-dismissible">' +
-                    'The Client Secret is only visible once. Ensure you copy and save it securely</div>',
+  {id: '2', name: 'Create a New Credential:' +
+                  '<ul class="mt-2 ml-4">\n' +
+                  '            <li>Click <strong>Add Credential</strong> (usually found at the top-right).</li>\n' +
+                  '            <li>Provide <strong>Name</strong> and <strong>Description</strong>.</li>\n' +
+                  '            <li>Select the appropriate <strong>Role</strong>.</li>\n' +
+                  '            <li>Click <strong">Add</strong>.</li>\n' +
+                  '        </ul>',
     content: {
-      id: 'stepContent4',
+      id: 'stepContent2',
+      images: [{
+        alt: 'New Credentials',
+        src: '../../../../assets/img/guides/sophos/sophos-step-2.png',
+      }]
+    }
+  },
+  {id: '3', name: 'Copy the Client ID and Client Secret and store them securely. <br>' +
+                  '<div class="w-100 alert alert-info alert-styled-right mt-1 mb-2 alert-dismissible">' +
+                    'The Client Secret is visible only once; ensure you save it somewhere safe.</div>',
+    content: {
+      id: 'stepContent3',
       images: [{
         alt: 'Client Secrets',
-        src: '../../../../assets/img/guides/sophos/sophos-step-4.png',
+        src: '../../../../assets/img/guides/sophos/sophos-step-3.png',
       }]
     }
   },
-  {id: '5', name: 'Insert information in the following inputs.You can add more than one Sophos configuration ' +
-                  'by clicking on Add tenant button.',
+  {id: '4', name: 'Insert information in the following inputs.You can add more than one Sophos configuration ' +
+                  'by clicking on <strong> Add tenant </strong> button.',
     content: {
-      id: 'stepContent5'
+      id: 'stepContent4'
     }
   },
-  {id: '6', name: 'Click on the button shown below, to activate the UTMStack features related to this integration',
+  {id: '5', name: 'Click on the button shown below, to activate the UTMStack features related to this integration',
     content: {
-      id: 'stepContent6'
+      id: 'stepContent5'
     }
   }
 ];
diff --git a/frontend/src/assets/img/guides/sophos/sophos-step-1.png b/frontend/src/assets/img/guides/sophos/sophos-step-1.png
new file mode 100644
index 000000000..77469a2ad
Binary files /dev/null and b/frontend/src/assets/img/guides/sophos/sophos-step-1.png differ
diff --git a/frontend/src/assets/img/guides/sophos/sophos-step-2.png b/frontend/src/assets/img/guides/sophos/sophos-step-2.png
new file mode 100644
index 000000000..5be348e88
Binary files /dev/null and b/frontend/src/assets/img/guides/sophos/sophos-step-2.png differ
diff --git a/frontend/src/assets/img/guides/sophos/sophos-step-3.png b/frontend/src/assets/img/guides/sophos/sophos-step-3.png
new file mode 100644
index 000000000..ef6867e46
Binary files /dev/null and b/frontend/src/assets/img/guides/sophos/sophos-step-3.png differ
diff --git a/frontend/src/assets/img/guides/sophos/sophos-step-4.png b/frontend/src/assets/img/guides/sophos/sophos-step-4.png
deleted file mode 100644
index aaff6d72d..000000000
Binary files a/frontend/src/assets/img/guides/sophos/sophos-step-4.png and /dev/null differ
diff --git a/version.yml b/version.yml
index 23251a8ee..c4fb4fc29 100644
--- a/version.yml
+++ b/version.yml
@@ -1 +1 @@
-version: 10.6.2
\ No newline at end of file
+version: 10.6.1
\ No newline at end of file