diff --git a/cloud_resources/Figure4-2.svg b/cloud_resources/attack_saas.svg
similarity index 99%
rename from cloud_resources/Figure4-2.svg
rename to cloud_resources/attack_saas.svg
index 81b614a..20cd38d 100644
--- a/cloud_resources/Figure4-2.svg
+++ b/cloud_resources/attack_saas.svg
@@ -1,2 +1,2 @@
-Drive-by Compromise Phishing Trusted Relationship Valid Accounts Spearphishing Link Spearphishing Voice Cloud Accounts Default Accounts Initial Access Command and Scripting Interpreter Serverless Execution Software Deployment Tools Cloud API Execution Account Manipulation Create Account Event Triggered Execution Modify Authentication Process Office Application Startup Valid Accounts Additional Cloud Credentials Additional Cloud Roles Additional Email Delegate Permissions Device Registration Cloud Account Conditional Access Policies Hybrid Identity Multi-Factor Authentication Add-ins Office Template Macros Office Test Outlook Forms Outlook Home Page Outlook Rules Cloud Accounts Default Accounts Persistence Abuse Elevation Control Mechanism Account Manipulation Domain or Tenant Policy Modification Event Triggered Execution Valid Accounts Temporary Elevated Cloud Access Additional Cloud Credentials Additional Cloud Roles Additional Email Delegate Permissions Device Registration Trust Modification Cloud Accounts Default Accounts Privilege Escalation Abuse Elevation Control Mechanism Domain or Tenant Policy Modification Exploitation for Defense Evasion Hide Artifacts Impair Defenses Impersonation Indicator Removal Modify Authentication Process Use Alternate Authentication Material Valid Accounts Temporary Elevated Cloud Access Trust Modification Email Hiding Rules Disable or Modify Cloud Logs Clear Mailbox Data Conditional Access Policies Hybrid Identity Multi-Factor Authentication Application Access Token Web Session Cookie Cloud Accounts Default Accounts Defense Evasion Brute Force Forge Web Credentials Modify Authentication Process Multi-Factor Authentication Request Generation Steal Application Access Token Steal Web Session Cookie Unsecured Credentials Credential Stuffing Password Cracking Password Guessing Password Spraying SAML Tokens Web Cookies Conditional Access Policies Hybrid Identity Multi-Factor Authentication Chat Messages Credential Access Account Discovery Cloud Service Dashboard Cloud Service Discovery Permission Groups Discovery Cloud Account Email Account Cloud Groups Discovery Internal Spearphishing Software Deployment Tools Taint Shared Content Use Alternate Authentication Material Application Access Token Web Session Cookie Lateral Movement Automated Collection Data from Cloud Storage Data from Information Repositories Email Collection Code Repositories Confluence Sharepoint Email Forwarding Rule Remote Email Collection Collection Exfiltration Over Alternative Protocol Exfiltration Over Web Service Transfer Data to Cloud Account Exfiltration Over Webhook Exfiltration Account Access Removal Endpoint Denial of Service Financial Theft Network Denial of Service Application Exhaustion Flood Application or System Exploitation Service Exhaustion Flood Direct Network Flood Reflection Amplification Impact Drive-by Compromise Phishing Trusted Relationship Valid Accounts Spearphishing Link Spearphishing Voice Cloud Accounts Default Accounts Initial Access Command and Scripting Interpreter Serverless Execution Software Deployment Tools Cloud API Execution Account Manipulation Create Account Event Triggered Execution Modify Authentication Process Office Application Startup Valid Accounts Additional Cloud Credentials Additional Cloud Roles Additional Email Delegate Permissions Device Registration Cloud Account Conditional Access Policies Hybrid Identity Multi-Factor Authentication Add-ins Office Template Macros Office Test Outlook Forms Outlook Home Page Outlook Rules Cloud Accounts Default Accounts Persistence Abuse Elevation Control Mechanism Account Manipulation Domain or Tenant Policy Modification Event Triggered Execution Valid Accounts Temporary Elevated Cloud Access Additional Cloud Credentials Additional Cloud Roles Additional Email Delegate Permissions Device Registration Trust Modification Cloud Accounts Default Accounts Privilege Escalation Abuse Elevation Control Mechanism Domain or Tenant Policy Modification Exploitation for Defense Evasion Hide Artifacts Impair Defenses Impersonation Indicator Removal Modify Authentication Process Use Alternate Authentication Material Valid Accounts Temporary Elevated Cloud Access Trust Modification Email Hiding Rules Disable or Modify Cloud Logs Clear Mailbox Data Conditional Access Policies Hybrid Identity Multi-Factor Authentication Application Access Token Web Session Cookie Cloud Accounts Default Accounts Defense Evasion Brute Force Forge Web Credentials Modify Authentication Process Multi-Factor Authentication Request Generation Steal Application Access Token Steal Web Session Cookie Unsecured Credentials Credential Stuffing Password Cracking Password Guessing Password Spraying SAML Tokens Web Cookies Conditional Access Policies Hybrid Identity Multi-Factor Authentication Chat Messages Credential Access Account Discovery Cloud Service Dashboard Cloud Service Discovery Permission Groups Discovery Cloud Account Email Account Cloud Groups Discovery Internal Spearphishing Software Deployment Tools Taint Shared Content Use Alternate Authentication Material Application Access Token Web Session Cookie Lateral Movement Automated Collection Data from Cloud Storage Data from Information Repositories Email Collection Code Repositories Confluence Sharepoint Email Forwarding Rule Remote Email Collection Collection Exfiltration Over Alternative Protocol Exfiltration Over Web Service Transfer Data to Cloud Account Exfiltration Over Webhook Exfiltration Account Access Removal Endpoint Denial of Service Financial Theft Network Denial of Service Application Exhaustion Flood Application or System Exploitation Service Exhaustion Flood Direct Network Flood Reflection Amplification Impact