Update policies

Author: pedrosousa

src/content/docs/page-shield/policies/create-dashboard.mdx

@@ -7,14 +7,17 @@ sidebar:
 description: Learn how to create a Page Shield policy in the Cloudflare dashboard.
 ---
 
+import { Tabs, TabItem } from "~/components";
+
+<Tabs syncKey="dashNewNav"> <TabItem label="Old dashboard">
+
 1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account and domain.
 
-2. Go to **Page Shield** > **Policies**.
+2. Go to **Security** > **Page Shield** > **Policies**.
 
 3. Select **Create policy**.
 
-4. <a id="rule-form" />
-   Enter a descriptive name for the rule in **Description**.
+4. Enter a descriptive name for the rule in **Description**.
 
 5. Under **If incoming requests match**, define the policy scope. You can use the Expression Builder (specifying one or more values for **Field**, **Operator**, and **Value**) or manually enter an expression using the Expression Editor. For more information, refer to [Edit expressions in the dashboard](/ruleset-engine/rules-language/expressions/edit-expressions/).
 
@@ -33,3 +36,38 @@ description: Learn how to create a Page Shield policy in the Cloudflare dashboar
    - _Log_: Logs any policy violations without blocking any resources not covered by the policy.
 
 8. To save and deploy your rule, select **Deploy**. If you are not ready to deploy your rule, select **Save as Draft**.
+
+</TabItem> <TabItem label="New dashboard" icon="rocket">
+
+:::note
+In the [new security dashboard](/security/), policies are called content security rules.
+:::
+
+1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account and domain.
+
+2. Go to **Security** > **Security rules**.
+
+3. Select **Create** > **Content security rules**.
+
+4. <a id="rule-form" />
+   Enter a descriptive name for the rule in **Description**.
+
+5. Under **If incoming requests match**, define the scope of the content security rule (or policy). You can use the Expression Builder (specifying one or more values for **Field**, **Operator**, and **Value**) or manually enter an expression using the Expression Editor. For more information, refer to [Edit expressions in the dashboard](/ruleset-engine/rules-language/expressions/edit-expressions/).
+
+6. Under **Allow these directives**, select the desired [CSP directives](/page-shield/policies/csp-directives/) for the content security rule by enabling one or more checkboxes.
+
+   - To manually enter an allowed source, select **Add source**.
+   - To refresh the displayed sources based on detected resources, select **Refresh suggestions**.
+
+     :::note
+     Cloudflare provides suggestions for **Default**, **Scripts**, and **Connections** directives. For the **Default** directive, suggestions are based on monitored scripts and connections resources.
+     :::
+
+7. Under **Then take action**, select the desired action:
+
+   - _Allow_: Enforces the CSP directives configured in the content security rule, blocking any other resources from being loaded on your website, and logging any [policy violations](/page-shield/policies/violations/).
+   - _Log_: Logs any rule violations without blocking any resources not covered by the content security rule.
+
+8. To save and deploy your rule, select **Deploy**. If you are not ready to deploy your rule, select **Save as Draft**.
+
+</TabItem> </Tabs>

src/content/docs/page-shield/policies/csp-directives.mdx

@@ -5,26 +5,23 @@ sidebar:
   order: 6
 head: []
 description: CSP directives supported by policies
-
 ---
 
-import { GlossaryTooltip } from "~/components"
+import { GlossaryTooltip } from "~/components";
 
-Page Shield policies support most <GlossaryTooltip term="content security policy (CSP)">Content Security Policy (CSP)</GlossaryTooltip> directives, covering both monitored and unmonitored resources. You can use a policy to control other types of resources besides scripts and their connections, even though Page Shield is not monitoring these resources.
+Page Shield policies support most <GlossaryTooltip term="content security policy (CSP)">Content Security Policy (CSP)</GlossaryTooltip> directives, covering both monitored and unmonitored resources. You can use a policy to control other types of resources besides scripts and their connections, even though Cloudflare is not monitoring these resources.
 
 Each CSP directive can contain multiple values, including:
 
-* Schemes
-* Hostnames
-* URIs
-* Special keywords between single quotes (for example, `'none'`)
-* Hashes between single quotes (for example, `'sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC'`)
+- Schemes
+- Hostnames
+- URIs
+- Special keywords between single quotes (for example, `'none'`)
+- Hashes between single quotes (for example, `'sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC'`)
 
 Hostname and URI values support a `*` wildcard for the leftmost subdomain.
 
-The following table lists the supported CSP directives and special values you can use in Page Shield policies:
-
-
+The following table lists the supported CSP directives and special values you can use in policies:
 
 | Directive                   | Name in the dashboard     | Supported special values                                                       | Monitored                                                  |
 | --------------------------- | ------------------------- | ------------------------------------------------------------------------------ | ---------------------------------------------------------- |
@@ -45,11 +42,9 @@ The following table lists the supported CSP directives and special values you ca
 | `frame-ancestors`           | Frame ancestors           | `'none'`<br/>`'self'`                                                          | No                                                         |
 | `upgrade-insecure-requests` | Upgrade insecure requests | N/A                                                                            | No                                                         |
 
-
-
 ## More resources
 
 For more information on CSP directives and their values, refer to the following resources in the MDN documentation:
 
-* [Content-Security-Policy response header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy)
-* [CSP guide](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP)
+- [Content-Security-Policy response header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy)
+- [CSP guide](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP)

src/content/docs/page-shield/policies/index.mdx

@@ -15,28 +15,30 @@ Only available to Enterprise customers with a paid add-on.
 
 Policies define the resources allowed on your applications through <GlossaryTooltip term="content security policy (CSP)">Content Security Policy (CSP)</GlossaryTooltip> directives. Policies can log violations and also enforce an allowlist of resources, effectively blocking resources not included in the policies.
 
+In the [new security dashboard](/security/), policies are called content security rules, and they are one of the available types of [security rules](/security/rules/). Security rules perform security-related actions on incoming requests that match specified filters.
+
 Create [allow policies](#policy-actions) to define a positive security model, also known as positive blocking. According to this model, you define what is allowed and reject everything else. Such an approach helps you reduce the attack surface for unwanted third-party scripts in your application.
 
-A policy can control both resources monitored by Page Shield, such as scripts and their connections, and other types of resources. Refer to [Supported CSP directives](/page-shield/policies/csp-directives/) for details.
+A policy can control both client-side resources monitored by Cloudflare, such as scripts and their connections, and other types of resources. Refer to [Supported CSP directives](/page-shield/policies/csp-directives/) for details.
+
+### Important remarks
 
-:::note
 Third-party service providers may require specific CSP directives. Refer to your provider's documentation for more information on the CSP directives you need to include in your policy.
-:::
 
 ## Policy actions
 
-A policy can perform one of the following actions:
+A policy — or content security rule — can perform one of the following actions:
 
-- **Log**: Page Shield will log any resources not covered by the policy, without blocking any resources. Use this action to validate a new policy before deploying it. Resources not covered by the policy will be reported as [policy violations](/page-shield/policies/violations/).
-- **Allow**: Page Shield will block any resources not explicitly allowed by the policy. Switch to the _Allow_ action after validating a new policy with the _Log_ action, so that your policy does not block essential application resources, which would affect your application's end users. Policies with the _Allow_ action will log [policy violations](/page-shield/policies/violations/) for any blocked resources.
+- **Log**: Cloudflare will log any resources not covered by the policy, without blocking any resources. Use this action to validate a new policy before deploying it. Resources not covered by the policy will be reported as [policy violations](/page-shield/policies/violations/).
+- **Allow**: Cloudflare will block any resources not explicitly allowed by the policy. Switch to the _Allow_ action after validating a new policy with the _Log_ action, so that your policy does not block essential application resources, which would affect your application's end users. Policies with the _Allow_ action will log [policy violations](/page-shield/policies/violations/) for any blocked resources.
 
-For details on the CSP directives Page Shield creates for each type of policy action, refer to [How Page Shield works](/page-shield/how-it-works/#positive-security-model-using-policies). For more information on the CSP directives supported by Page Shield policies, refer to [Supported CSP directives](/page-shield/policies/csp-directives/).
+For details on the CSP directives Cloudflare creates for each type of policy action, refer to [How Page Shield works](/page-shield/how-it-works/#positive-security-model-using-policies). For more information on the CSP directives supported by policies, refer to [Supported CSP directives](/page-shield/policies/csp-directives/).
 
 ## Next steps
 
-Refer to the following pages for instructions on creating a policy in Page Shield:
+Refer to the following pages for instructions on creating a policy or content security rule:
 
 - [Create a policy in the dashboard](/page-shield/policies/create-dashboard/)
 - [Page Shield API: Create a policy](/page-shield/reference/page-shield-api/#create-a-policy)
 
-Once you have configured one or more allow policies in a zone you can filter alert notifications according to those policies. These alerts are called [scoped alerts](/page-shield/alerts/#scoped-alerts).
+Once you have configured one or more allow policies in a zone, you can filter alert notifications according to those policies. These alerts are called [scoped alerts](/page-shield/alerts/#scoped-alerts).

src/content/docs/page-shield/policies/violations.mdx

@@ -4,7 +4,7 @@ pcx_content_type: concept
 sidebar:
   order: 4
 head: []
-description: Page Shield reports any violations to your custom Page Shield policies.
+description: Cloudflare reports any violations to your content security rules (also known as policies).
 ---
 
 import { Details, GlossaryTooltip } from "~/components";
@@ -13,16 +13,21 @@ import { Details, GlossaryTooltip } from "~/components";
 Only available to Enterprise customers with a paid add-on.
 :::
 
-Shortly after you configure Page Shield policies, the Cloudflare dashboard will start displaying any violations of those policies. This information will be available for policies with any [action](/page-shield/policies/#policy-actions) (_Allow_ and _Log_).
+Shortly after you configure policies (or content security rules), the Cloudflare dashboard will start displaying any violations of those policies. This information will be available for policies with any [action](/page-shield/policies/#policy-actions) (_Allow_ and _Log_).
 
 Information about policy violations is also available via [GraphQL API](/analytics/graphql-api/) and [Logpush](/logs/about/).
 
 ## Review policy violations in the dashboard
 
-The policy violation information is available in **Security** > **Page Shield** > **Policies**. It includes the following:
+To view policy violation information:
 
-- A sparkline next to the policy name, showing policy violations in the past seven days.
-- For policies with associated violations, an expandable details section for each policy, with the top resources present in policy violation events and a sparkline per top resource.
+- Old dashboard: Go to **Security** > **Page Shield** > **Policies**.
+- New dashboard: Go to **Security** > **Security rules**, and filter by **Content security rules**.
+
+The displayed information includes the following:
+
+- A sparkline next to the policy/rule name, showing violations in the past seven days.
+- For policies with associated violations, an expandable details section for each policy, with the top resources present in violation events and a sparkline per top resource.
 
 ## Get policy violations via GraphQL API
 
@@ -125,6 +130,6 @@ https://api.cloudflare.com/client/v4/graphql \
 
 [Cloudflare Logpush](/logs/about/) supports pushing logs to storage services, <GlossaryTooltip term="SIEM">SIEM systems</GlossaryTooltip>, and log management providers.
 
-Information about Page Shield policy violations is available in the [`page_shield_events` dataset](/logs/reference/log-fields/zone/page_shield_events/).
+Information about policy violations is available in the [`page_shield_events` dataset](/logs/reference/log-fields/zone/page_shield_events/).
 
 For more information on configuring Logpush jobs, refer to [Logs: Get started](/logs/get-started/).