[ZT] Overview audit (#16671)

Author: maxvp

src/content/docs/cloudflare-one/applications/scan-apps/casb-integrations/index.mdx

@@ -9,6 +9,7 @@ You can integrate the following SaaS applications with Cloudflare CASB:
 
 - [Atlassian Confluence](atlassian-confluence/)
 - [Atlassian Jira](atlassian-jira/)
+- [Bitbucket Cloud](bitbucket-cloud/)
 - [Box](box/)
 - [Dropbox](dropbox/)
 - [GitHub](github/)

src/content/docs/cloudflare-one/applications/scan-apps/manage-findings.mdx

@@ -6,15 +6,14 @@ sidebar:
 head:
   - tag: title
     content: Manage security findings
-
 ---
 
 Findings are security issues detected within SaaS applications that involve users, data at rest, and other configuration settings. With Cloudflare CASB, you can review a comprehensive list of findings in Zero Trust and immediately start taking action on the issues found.
 
 ## Prerequisites
 
-* You have [added](/cloudflare-one/applications/scan-apps/#add-an-integration) a CASB integration.
-* Your scan has surfaced at least one security finding.
+- You have [added](/cloudflare-one/applications/scan-apps/#add-an-integration) a CASB integration.
+- Your scan has surfaced at least one security finding.
 
 ## View findings
 
@@ -43,18 +42,18 @@ File findings for some integrations (such as [Microsoft 365](/cloudflare-one/app
 
 Cloudflare CASB labels each finding with one of the following severity levels:
 
-* **Critical**: Suggests the finding is something your team should act on today.
-* **High**: Suggests the finding is something your team should act on this week.
-* **Medium**: Suggests the finding should be reviewed sometime this month.
-* **Low**: Suggests the finding is informational or part of a scheduled review process.
+- **Critical**: Suggests the finding is something your team should act on today.
+- **High**: Suggests the finding is something your team should act on this week.
+- **Medium**: Suggests the finding should be reviewed sometime this month.
+- **Low**: Suggests the finding is informational or part of a scheduled review process.
 
 ### Change the severity level
 
 You can change the severity level for a finding at any time, in case the default assignment does not suit your environment:
 
 1. In [Zero Trust](https://one.dash.cloudflare.com), go to **CASB** > **Findings**.
 2. Locate the finding you want to modify and select **View**.
-3. In the severity level drop-down menu, choose your desired setting (*Critical*, *High*, *Medium*, or *Low*).
+3. In the severity level drop-down menu, choose your desired setting (_Critical_, _High_, _Medium_, or _Low_).
 
 The new severity level will only apply to the finding within this specific integration. If you added multiple integrations of the same SaaS application, the other integrations will not be impacted by this change.
 
@@ -64,19 +63,19 @@ Using the security findings from CASB allows for fine-grained Gateway policies w
 
 :::note[Before you begin]
 
-Ensure that you have [enabled HTTP filtering](/cloudflare-one/policies/gateway/initial-setup/http/) for your organization. 
+Ensure that you have [enabled HTTP filtering](/cloudflare-one/policies/gateway/initial-setup/http/) for your organization.
 :::
 
 To create a Gateway policy directly from a CASB finding:
 
 1. In [Zero Trust](https://one.dash.cloudflare.com), go to **CASB** > **Findings**.
 2. Locate the finding you want to modify and select **View**.
 3. Find the instance you want to block and select its three-dot menu.
-4. Select **Block with Gateway HTTP policy**. A new browser tab will open with a pre-filled HTTP policy. 
+4. Select **Block with Gateway HTTP policy**. A new browser tab will open with a pre-filled HTTP policy.
    :::note
-
-   Not all CASB findings will have the **Block with Gateway HTTP policy** option. Unsupported findings can only be resolved from your SaaS application dashboard or through your domain provider. 
+   Not all CASB findings will have the **Block with Gateway HTTP policy** option. Unsupported findings can only be resolved from your SaaS application dashboard or through your domain provider.
    :::
+
 5. (Optional) [Customize the HTTP policy](/cloudflare-one/policies/gateway/http-policies/). For example, if the policy blocks an unsanctioned third-party app, you can apply the policy to some or all users, or only block uploads or downloads.
 6. Select **Save**.
 

src/content/docs/cloudflare-one/connections/connect-devices/agentless/dns/index.mdx

@@ -3,17 +3,10 @@ pcx_content_type: navigation
 title: DNS
 sidebar:
   order: 1
-
+  group:
+    hideIndex: true
 ---
 
-import { DirectoryListing } from "~/components"
-
-:::caution
-
-
-Deploying Gateway DNS filtering using static IP addresses may prevent users from connecting to public Wi-Fi networks through captive portals.
-
-
-:::
+import { DirectoryListing } from "~/components";
 
 <DirectoryListing />

src/content/docs/cloudflare-one/connections/connect-devices/agentless/dns/locations/index.mdx

@@ -1,12 +1,12 @@
 ---
 pcx_content_type: how-to
-title: Add locations
+title: Locations
 sidebar:
   order: 1
-
+  label: Add locations
 ---
 
-import { GlossaryDefinition, Render } from "~/components"
+import { GlossaryDefinition, Render } from "~/components";
 
 <Render file="gateway/add-locations" />
 
@@ -26,18 +26,16 @@ Cloudflare will prefill the [**Source IPv4 Address**](/cloudflare-one/connection
 
 You do not need to configure the IPv4 DNS endpoint if:
 
-* Your network only uses IPv6.
-* Your users will send all DNS requests from this location using [DNS over HTTPS](#dns-over-https-doh) via a browser.
-* You will deploy the [WARP client](/cloudflare-one/connections/connect-devices/warp/).
+- Your network only uses IPv6.
+- Your users will send all DNS requests from this location using [DNS over HTTPS](#dns-over-https-doh) via a browser.
+- You will deploy the [WARP client](/cloudflare-one/connections/connect-devices/warp/).
 
 :::note[Your IPv4 address is taken]
 
-
 When you try to configure a DNS location over IPv4, Gateway may display a **Your source IPv4 address is taken** error. This may mean someone else in the same network configured Gateway before you did. If your network supports IPv6, you can still use Gateway's DNS filtering by sending DNS queries over IPv6. You can also use the DNS over HTTPS hostname to send queries using a DNS over HTTPS client.
 
 If you think someone else is wrongfully using this IPv4 address, [contact Cloudflare support](/support/contacting-cloudflare-support/#getting-help-with-an-issue).
 
-
 :::
 
 ### DNS over TLS (DoT)

src/content/docs/cloudflare-one/implementation-guides/index.mdx

@@ -3,11 +3,12 @@ pcx_content_type: navigation
 title: Implementation guides
 sidebar:
   order: 3
+  group:
+    hideIndex: true
 head: []
 description: View implementation guides for Cloudflare Zero Trust.
-
 ---
 
-import { DirectoryListing } from "~/components"
+import { DirectoryListing } from "~/components";
 
 <DirectoryListing />

src/content/docs/cloudflare-one/insights/analytics/index.mdx

@@ -3,11 +3,12 @@ pcx_content_type: navigation
 title: Analytics
 sidebar:
   order: 1
-
+  group:
+    hideIndex: true
 ---
 
-import { DirectoryListing } from "~/components"
+import { DirectoryListing } from "~/components";
 
-The Analytics section of [Zero Trust](https://one.dash.cloudflare.com/) provides a summary of your Access application and Gateway DNS traffic.
+[Zero Trust](https://one.dash.cloudflare.com/) analytics provide a summary of your applications and traffic.
 
 <DirectoryListing />

src/content/docs/cloudflare-one/insights/index.mdx

@@ -3,10 +3,11 @@ pcx_content_type: navigation
 title: Insights
 sidebar:
   order: 8
-
+  group:
+    hideIndex: true
 ---
 
-import { DirectoryListing } from "~/components"
+import { DirectoryListing } from "~/components";
 
 Cloudflare Zero Trust gives you comprehensive and in-depth visibility into your network. Whether you need data on network usage, on security threats blocked by Cloudflare Zero Trust, or on how many users have logged in to your applications this month, Zero Trust provides you with the right tools for the job.
 

src/content/docs/cloudflare-one/policies/browser-isolation/index.mdx

@@ -3,17 +3,16 @@ pcx_content_type: concept
 title: Browser Isolation
 sidebar:
   order: 5
-
 ---
 
+:::note
+Available as an add-on to Zero Trust Pay-as-you-go and Enterprise plans.
+:::
+
 Cloudflare Browser Isolation complements the [Secure Web Gateway](/cloudflare-one/policies/gateway/) and [Zero Trust Network Access](/cloudflare-one/connections/connect-networks/) solutions by executing active webpage content in a secure isolated browser. Executing active content remotely from the endpoint protects users from zero-day attacks and malware. In addition to protecting endpoints, Browser Isolation also protects users from phishing attacks by preventing user input on risky websites and controlling data transmission to sensitive web applications. You can further filter isolated traffic with Gateway [HTTP](/cloudflare-one/policies/gateway/http-policies/) and [DNS](/cloudflare-one/policies/gateway/dns-policies/) policies.
 
 Remote browsing is invisible to the user who continues to use their browser normally without changing their preferred browser and habits. Every open tab and window is automatically isolated. When the user closes the isolated browser, their session is automatically deleted.
 
-## Feature availability
-
-Browser Isolation is available as an add-on to Zero Trust Pay-as-you-go and Enterprise plans.
-
 ## Privacy
 
-Cloudflare Browser Isolation is a security product. In order to serve transparent isolated browsing and block web based threats our network decrypts Internet traffic using the [Cloudflare Root CA](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/). Traffic logs are retained as per the [Zero Trust](/cloudflare-one/insights/logs/) documentation.
+Cloudflare Browser Isolation is a security product. In order to serve transparent isolated browsing and block web based threats our network decrypts Internet traffic using the [Cloudflare root CA](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/). Traffic logs are retained as per the [Zero Trust](/cloudflare-one/insights/logs/) documentation.

src/content/docs/cloudflare-one/policies/browser-isolation/setup/index.mdx

@@ -3,7 +3,7 @@ pcx_content_type: how-to
 title: Set up Browser Isolation
 sidebar:
   order: 1
-
+  label: Get started
 ---
 
 Browser Isolation is enabled through Secure Web Gateway HTTP policies. By default, no traffic is isolated until you have added an Isolate policy to your HTTP policies.
@@ -12,8 +12,6 @@ Browser Isolation is enabled through Secure Web Gateway HTTP policies. By defaul
 
 Setup instructions vary depending on how you want to connect your devices to Cloudflare. Refer to the links below to view the setup guide for each deployment option.
 
-
-
 | Connection                                                                                                  | Mode         | Description                                                                                                          |
 | ----------------------------------------------------------------------------------------------------------- | ------------ | -------------------------------------------------------------------------------------------------------------------- |
 | [Gateway with WARP](/cloudflare-one/policies/gateway/initial-setup/http/)                                   | In-line      | Apply identity-based HTTP policies to traffic proxied through the WARP client.                                       |
@@ -22,16 +20,14 @@ Setup instructions vary depending on how you want to connect your devices to Clo
 | [Magic WAN](/cloudflare-one/policies/browser-isolation/setup/non-identity/)                                 | In-line      | Apply non-identity HTTP policies to traffic connected through a GRE or IPsec tunnel.                                 |
 | [Clientless remote browser](/cloudflare-one/policies/browser-isolation/setup/clientless-browser-isolation/) | Prefixed URL | Render web pages in a remote browser when users go to `https://<your-team-name>.cloudflareaccess.com/browser/<URL>`. |
 
-
-
 ## 2. Build an Isolation policy
 
 To configure Browser Isolation policies:
 
 1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Gateway** > **Firewall Policies** > **HTTP**.
 2. Select **Add a policy** and enter a name for the policy.
 3. Use the HTTP policy [selectors](/cloudflare-one/policies/gateway/http-policies/#selectors) and [operators](/cloudflare-one/policies/gateway/http-policies/#comparison-operators) to specify the websites or content you want to isolate.
-4. For **Action**, choose either [*Isolate*](/cloudflare-one/policies/browser-isolation/isolation-policies/#isolate) or [*Do not Isolate*](/cloudflare-one/policies/browser-isolation/isolation-policies/#do-not-isolate).
+4. For **Action**, choose either [_Isolate_](/cloudflare-one/policies/browser-isolation/isolation-policies/#isolate) or [_Do not Isolate_](/cloudflare-one/policies/browser-isolation/isolation-policies/#do-not-isolate).
 5. (Optional) Configure [settings](/cloudflare-one/policies/browser-isolation/isolation-policies/#policy-settings) for an Isolate policy.
 6. Select **Create policy**.
 
@@ -41,26 +37,26 @@ Next, [verify that your policy is working](#3-check-if-a-web-page-is-isolated).
 
 Users can see if a webpage is isolated by using one of the following methods:
 
-* Select the padlock in the address bar and check for the presence of a Cloudflare Root CA.
-* Right-click the web page and view the context menu options.
+- Select the padlock in the address bar and check for the presence of a Cloudflare Root CA.
+- Right-click the web page and view the context menu options.
 
 ### Normal browsing
 
-* A non-Cloudflare root certificate indicates that Cloudflare did not proxy this web page.
+- A non-Cloudflare root certificate indicates that Cloudflare did not proxy this web page.
 
   ![Website does not present a Cloudflare root certificate](~/assets/images/cloudflare-one/rbi/non-cloudflare-root-ca.png)
 
-* The right-click context menu will have all of the normal options.
+- The right-click context menu will have all of the normal options.
 
   ![Normal right-click menu in browser](~/assets/images/cloudflare-one/rbi/non-isolated-browser.png)
 
 ### Isolated browsing
 
-* A Cloudflare root certificate indicates traffic was proxied through Cloudflare Gateway.
+- A Cloudflare root certificate indicates traffic was proxied through Cloudflare Gateway.
 
   ![Website presents a Cloudflare root certificate](~/assets/images/cloudflare-one/rbi/cloudflare-gateway-root-ca.png)
 
-* The right-click context menu will be simplified.
+- The right-click context menu will be simplified.
 
   ![Simplified right-click menu in browser](~/assets/images/cloudflare-one/rbi/isolated-browser.png)
 

src/content/docs/cloudflare-one/policies/data-loss-prevention/dlp-policies/index.mdx

@@ -3,24 +3,24 @@ pcx_content_type: how-to
 title: Scan HTTP traffic
 sidebar:
   order: 1
-
+  label: Create DLP policies
 ---
 
 You can scan HTTP traffic for sensitive data through Secure Web Gateway policies. To perform DLP filtering, first configure a DLP profile with the data patterns you want to detect, and then build a Gateway HTTP policy to allow or block the sensitive data from leaving your organization. Gateway will parse and scan your HTTP traffic for strings matching the keywords or regular expressions (regexes) specified in the DLP profile.
 
 ## Prerequisites
 
-* Set up [Gateway HTTP filtering](/cloudflare-one/policies/gateway/initial-setup/http/).
-  * HTTP filtering requires turning on the [Gateway proxy](/cloudflare-one/policies/gateway/proxy/#enable-the-gateway-proxy) for TCP traffic.
-* Turn on [TLS decryption](/cloudflare-one/policies/gateway/http-policies/tls-decryption/#enable-tls-decryption).
+- Set up [Gateway HTTP filtering](/cloudflare-one/policies/gateway/initial-setup/http/).
+  - HTTP filtering requires turning on the [Gateway proxy](/cloudflare-one/policies/gateway/proxy/#enable-the-gateway-proxy) for TCP traffic.
+- Turn on [TLS decryption](/cloudflare-one/policies/gateway/http-policies/tls-decryption/#enable-tls-decryption).
 
 ## 1. Configure a DLP profile
 
 Refer to [Configure a DLP profile](/cloudflare-one/policies/data-loss-prevention/dlp-profiles/). We recommend getting started with a predefined profile.
 
 :::caution[Important]
 
-DLP scans will not start until you [create a DLP policy](#2-create-a-dlp-policy). 
+DLP scans will not start until you [create a DLP policy](#2-create-a-dlp-policy).
 :::
 
 ## 2. Create a DLP policy
@@ -59,8 +59,8 @@ Different sites will send requests in different ways. For example, some sites wi
 1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Logs** > **Gateway** > **HTTP**.
 2. Select **Filter**.
 3. Choose an item under one of the following filters:
-   * **DLP Profiles** shows the requests which matched a specific DLP profile.
-   * **Policy** shows the requests which matched a specific DLP policy.
+   - **DLP Profiles** shows the requests which matched a specific DLP profile.
+   - **Policy** shows the requests which matched a specific DLP policy.
 
 You can expand an individual row to view details about the request. To see the data that triggered the DLP policy, [configure payload logging](/cloudflare-one/policies/data-loss-prevention/dlp-policies/payload-logging/).