[Rules, WAF] Update security level and threat score (#20794)

* [Security Center] Deprecate security level and threat score

* Changing end of life date, updating security level table

* Deleting page and adding redirect

* Remove deprecate pill, update content in other parts of the docs

* Fixing redirect

* Update src/content/docs/rules/configuration-rules/settings.mdx

Co-authored-by: Pedro Sousa <[email protected]>

* Updating api-deprecations file

* Apply suggestions from code review

Co-authored-by: Pedro Sousa <[email protected]>

* Removing security level mentions

* Updating api deprecations yaml file

---------

Co-authored-by: Pedro Sousa <[email protected]>

Author: Maddy-Cloudflare

public/_redirects

@@ -777,7 +777,7 @@
 /learning-paths/secure-o365-email/ /learning-paths/secure-o365-email/concepts/ 301
 /learning-paths/workers/ /learning-paths/workers/concepts/ 301
 /learning-paths/zero-trust-web-access/ /learning-paths/zero-trust-web-access/concepts/ 301
-
+/learning-paths/application-security/default-traffic-security/security-level/ /learning-paths/application-security/default-traffic-security/browser-integrity/ 301
 
 # more redirects in the /dynamic/ section
 

src/content/docs/learning-paths/application-security/default-traffic-security/security-level.mdx

@@ -266,16 +266,12 @@ API configuration property name: `"rocket_loader"` (boolean).
 
 [Security Level](/waf/tools/security-level/) controls Managed Challenges for requests from low reputation IP addresses.
 
-Use this setting to select the security level for matching requests:
+On the Cloudflare dashboard, you can turn Under Attack mode on or off. 
 
 - Off
-- Essentially Off
-- Low
-- Medium
-- High
 - I'm Under Attack
 
-Refer to [Security levels](/waf/tools/security-level/#security-levels) for more information on these values.
+Refer to [Under Attack mode](/fundamentals/reference/under-attack-mode/) for more information.
 
 <Details header="API information">
 

src/content/docs/rules/configuration-rules/settings.mdx

@@ -14,32 +14,4 @@ import { Render } from "~/components";
 
 <Render file="security-level-scores" product="waf" />
 
----
-
-## Customize security level
-
-The default security level is _Medium_.
-
-### Update globally
-
-To update the security level for your entire zone:
-
-1. Log into the [Cloudflare dashboard](https://dash.cloudflare.com), and select your account and zone.
-2. Go to **Security** > **Settings**.
-3. For **Security Level**, select an option.
-
-### Update selectively
-
-To set the security level more selectively, do one of the following:
-
-- Configure it via a [configuration rule](/rules/configuration-rules/).
-- Use the **Threat Score** as a **Field** criteria within [custom rules](/waf/custom-rules/). If you are using the Expression Editor, use the `cf.threat_score` field.
-
----
-
-## Recommendations
-
-To prevent bot IPs from attacking a website:
-
-- A new website owner might set a _Medium_ or _High_ **Security Level** and lower [**Challenge Passage**](/waf/tools/challenge-passage/) to a value below **30 minutes** to ensure that Cloudflare is constantly protecting the site.
-- An experienced website administrator confident in their security settings might set **Security Level** to _Essentially Off_ or _Low_ while setting a higher [**Challenge Passage**](/waf/tools/challenge-passage/) for a week, month, or even year to provide a less obtrusive visitor experience.
+---

src/content/docs/waf/tools/security-level.mdx

@@ -2,24 +2,13 @@
 {}
 ---
 
-## Security levels
+## Security level
 
-Security levels are based on the threat score (except _Off_ and _I'm Under Attack!_). You can adjust the security level to challenge incoming requests based on the threat they pose.
+Cloudflare provides _I'm Under Attack!_ as a security level.
 
-The available security levels are the following:
+Cloudflare's Under Attack mode performs additional security checks to help mitigate layer 7 DDoS attacks.
 
-| Security Level                      | Description                                                                          |
-| ----------------------------------- | ------------------------------------------------------------------------------------ |
-| Off (Enterprise<br/>customers only) | Does not challenge IP addresses.                                                     |
-| Essentially off                     | Only challenges IP addresses with the worst reputation.                              |
-| Low                                 | Challenges only threatening visitors.                                                |
-| Medium                              | Challenges both threatening and moderately threatening visitors.                     |
-| High                                | Challenges all visitors that exhibited threatening behavior within the last 14 days. |
-| I'm Under Attack!                   | Only for use if your website is currently under a DDoS attack.                       |
-
-Selecting a higher **Security Level** value means that even requests with a lower risk (that is, with a low [threat score](#threat-score)) will be challenged. Selecting a lower **Security Level** value means that only requests posing a higher risk (that is, with a high threat score) will be challenged.
-
-Security levels from _Essentially off_ to _High_ will challenge the visitor using a Managed Challenge. When you select _I'm Under Attack!_, which enables [Under Attack mode](/fundamentals/reference/under-attack-mode/), Cloudflare will present a JS challenge page.
+When you select _I'm Under Attack!_, which enables [Under Attack mode](/fundamentals/reference/under-attack-mode/), Cloudflare will present a JS challenge page.
 
 :::caution
 

src/content/partials/waf/security-level-scores.mdx

@@ -5,6 +5,17 @@ productLink: "/fundamentals/"
 productArea: Core platform
 productAreaLink: /fundamentals/reference/changelog/platform/
 entries:
+
+  - publish_date: "2025-03-17"
+    title: "Security Center: Security level and Threat Score are now automated"
+    description: |-
+      
+      Change date: March 17, 2025
+
+      Cloudflare now combines the IP address threat signal with threshold and botnet data, no longer requiring you to set a sensitivity level. Users will no longer be able to set Security level via the  Cloudflare dashboard. However, users can still rely on the existing API or Terraform configuration to set a Security level.
+
+      If you are using threat score in rule expressions, you should review those expressions to make sure the rule still triggers when appropriate. Cloudflare will audit and migrate your configuration in the future to update any references to threat score. If you are using the Rulesets API or Terraform to push your configuration, you should review your scripts and pipelines before the end of Q1 2026 to prevent issues.
+
   - publish_date: "2025-03-11"
     title: "Cloudflare Radar: Layer 7 attack magnitude parameter"
     description: |-