diff --git a/README.md b/README.md
index 539ea6b..60a2a6e 100644
--- a/README.md
+++ b/README.md
@@ -34,7 +34,8 @@ The labs consist of a selection of machines:
 - Windows Server 2019
     - Internet Information Servicies (IIS) web server with simple vulnerable app
 - Windows 10 client
-- Debian box with Elastic EDR
+- Debian box with Elastic Endpoint Security
+    - Elastic Agent is deployed to all Windows machines via Fleet
 - Debian attacker box
 
 One public IP is exposed for the whole lab. The IP ranges defined in the `ip-whitelist` are allowed to access the following ports on this IP address, which are bound to the following services using a load balancer:
diff --git a/Terraform/outputs.tf b/Terraform/outputs.tf
index 6760462..85740be 100644
--- a/Terraform/outputs.tf
+++ b/Terraform/outputs.tf
@@ -24,8 +24,8 @@ output "ip-whitelist" {
 }
 
 output "elastic-url" {
-    value = "http://10.13.37.50"
-    description = "The URL used to connect to Elastic from the internal network."
+    value = "http://10.13.37.50/app/security/overview"
+    description = "The URL used to connect to the Elastic security dashboard."
 }
 
 output "elastic-user" {
diff --git a/assets/labs.png b/assets/labs.png
index ee21de2..cb8448a 100644
Binary files a/assets/labs.png and b/assets/labs.png differ