[Page Shield] Update alerts (#22679)

---------

Co-authored-by: Rebecca Tamachiro <[email protected]>

Author: pedrosousa

public/__redirects

@@ -1003,6 +1003,8 @@
 /page-shield/use-dashboard/monitor-connections/ /page-shield/detection/monitor-connections-scripts/ 301
 /page-shield/use-dashboard/monitor-scripts/ /page-shield/detection/monitor-connections-scripts/ 301
 /support/firewall/tools/troubleshooting-page-shield/ /page-shield/troubleshooting/ 301
+/page-shield/reference/alerts/ /page-shield/alerts/alert-types/ 301
+/page-shield/detection/configure-alerts/ /page-shield/alerts/configure/ 301
 
 # queues
 /queues/configuration/ /queues/reference/configuration/ 301

src/content/docs/page-shield/reference/alerts.mdx renamed to src/content/docs/page-shield/alerts/alert-types.mdx

@@ -1,44 +1,60 @@
 ---
-title: Page Shield alerts
+title: Alert types
 pcx_content_type: reference
 sidebar:
   order: 3
-  label: Alerts
+  label: Alert types
 ---
 
 import { AvailableNotifications } from "~/components";
 
-You can configure alerts for resources detected in your domain. Refer to [Configure Page Shield alerts](/page-shield/detection/configure-alerts/) for instructions.
+You can configure alerts for resources detected in your domain. Refer to [Page Shield alerts](/page-shield/alerts/) for more information.
 
 ## New resource alerts
 
+:::note
+Requires a Business plan or higher.
+:::
+
 <AvailableNotifications
 	product="Page Shield"
 	notificationFilter="Page Shield New Resources Alert"
-/> <AvailableNotifications
+/>
+<AvailableNotifications
 	product="Page Shield"
 	notificationFilter="Page Shield New Domain Alert"
-/> <AvailableNotifications
+/>
+<AvailableNotifications
 	product="Page Shield"
 	notificationFilter="Page Shield New Resource Exceeds Max URL Length Alert"
 />
 
 ## Code change alert
 
+:::note
+Requires an Enterprise plan with a paid add-on.
+:::
+
 <AvailableNotifications
 	product="Page Shield"
 	notificationFilter="Page Shield New Code Change Detection Alert"
 />
 
 ## Malicious resource alerts
 
+:::note
+Requires an Enterprise plan with a paid add-on.
+:::
+
 <AvailableNotifications
 	product="Page Shield"
 	notificationFilter="Page Shield New Malicious Domain Alert"
-/> <AvailableNotifications
+/>
+<AvailableNotifications
 	product="Page Shield"
 	notificationFilter="Page Shield New Malicious URL Alert"
-/> <AvailableNotifications
+/>
+<AvailableNotifications
 	product="Page Shield"
 	notificationFilter="Page Shield New Malicious Script Alert"
 />

src/content/docs/page-shield/alerts/configure.mdx

@@ -0,0 +1,12 @@
+---
+title: Configure a Page Shield alert
+pcx_content_type: how-to
+sidebar:
+  order: 2
+  label: Configure an alert
+description: Configure scoped or unscoped Page Shield alerts to get notified about relevant client-side changes on your zones.
+---
+
+import { Render } from "~/components";
+
+<Render file="alerts-configure" />

src/content/docs/page-shield/alerts/index.mdx

@@ -0,0 +1,64 @@
+---
+title: Page Shield alerts
+pcx_content_type: concept
+sidebar:
+  order: 5
+  group:
+    label: Alerting
+description: Page Shield alerts notify you when new scripts are detected
+  on your domain or when Page Shield detects resources that are likely
+  malicious.
+---
+
+import { Render } from "~/components";
+
+:::note
+New resource alerts require a Business plan or higher. Code change and malicious resource alerts require an Enterprise plan with a paid add-on. For details, refer to [Alert types](/page-shield/alerts/alert-types/).
+:::
+
+<Render file="alerts-intro" />
+
+You can configure unscoped or scoped alerts:
+
+- **Unscoped alert**: An alert configured for all zones in your Cloudflare account. Unscoped alerts are trigged either daily, hourly, or immediately, depending on the [alert type](/page-shield/alerts/alert-types/).
+
+- **Scoped alert**: An alert scoped to one or more zones. You must configure [policies](/page-shield/policies/) for the zones you select to receive any notifications. Scoped alerts are triggered immediately. Policy violations will not trigger an alert. For more information, refer to [Scoped alerts](#scoped-alerts).
+
+  :::note
+  Cloudflare only takes into account [policies in allow mode](/page-shield/policies/#policy-actions) for scoped alerts.
+  :::
+
+For alerts sent at regular intervals, you might experience a delay between adding a new script and receiving an alert.
+
+For instructions on configuring alerts, refer to [Configure a Page Shield alert](/page-shield/alerts/configure/).
+
+## Scoped alerts
+
+:::note
+Applies to Enterprise customers with a paid add-on.
+:::
+
+If you have configured [allow policies](/page-shield/policies/#policy-actions) in a zone — policies which allow specific scripts and connections and block everything else — you can filter alert notifications according to those policies. These alerts are called scoped alerts.
+
+When you create a scoped alert using the **Policies of these zones** alert filter, you will only receive the most relevant notifications based on the values of the allow policies you configured.
+
+For each scoped alert, Page Shield does the following:
+
+1. Check which allow policies in a zone are enabled.
+2. For every enabled policy, compare the URL of the new or changed resource against the allowed sources in the policy.
+3. If the resource is allowed by the policy, check if the new or modified resource should trigger the current Page Shield alert.
+4. If the alert should trigger, send an alert notification to the configured destinations.
+
+When you create a scoped alert you will not receive notifications for resources blocked by an allow policy. These are [policy violations](/page-shield/policies/violations/) that you can review in the dashboard, through GraphQL, or via Logpush.
+
+:::note
+
+You will not receive notifications for a scoped alert in the following cases:
+
+- No configured policies in the zone
+- Policy configured in log mode
+- Policy is not enabled
+
+:::
+
+For unscoped alerts, you will receive alerts for resources detected in all your zones, and you may receive alerts about resources that are blocked by one of your configured allow policies.

src/content/docs/page-shield/detection/configure-alerts.mdx

@@ -1,12 +1,12 @@
 ---
-title: Detection and alerting
+title: Detection
 pcx_content_type: navigation
 sidebar:
   order: 4
   group:
     hideIndex: true
 head: []
-description: Learn more about Page Shield's detection and alerting features.
+description: Learn more about Page Shield's detection features.
 ---
 
 import { DirectoryListing } from "~/components";

src/content/docs/page-shield/detection/index.mdx

@@ -5,17 +5,15 @@ sidebar:
   order: 4
 head: []
 description: Learn how to review scripts on your domain after receiving a code change alert.
-
 ---
 
 :::note
-
 Available as a paid add-on for customers on an Enterprise plan.
 :::
 
 Page Shield analyzes the JavaScript dependencies in the pages of your domain over time.
 
-You can configure a notification for [code change alerts](/page-shield/reference/alerts/#code-change-alert) to receive a daily notification about changed scripts in your domain.
+You can configure a notification for [code change alerts](/page-shield/alerts/alert-types/#code-change-alert) to receive a daily notification about changed scripts in your domain.
 
 When you receive such a notification:
 

src/content/docs/page-shield/detection/review-changed-scripts.mdx

@@ -38,7 +38,7 @@ To review the scripts considered malicious:
 
 4. Based on the displayed information, and with the help of the [last seen/first seen fields in the script details](/page-shield/detection/monitor-connections-scripts/#view-details), review and update the pages where the malicious script was detected.
 
-You can configure alerts for detected malicious scripts. Refer to [Page Shield alerts](/page-shield/reference/alerts/) for more information on the available alert types.
+You can configure alerts for detected malicious scripts. Refer to [Page Shield alerts](/page-shield/alerts/) for more information.
 
 ## Review malicious connections
 

src/content/docs/page-shield/detection/review-malicious-scripts.mdx

@@ -31,11 +31,13 @@ Depending on your plan, you may be able to also review the connections made by s
 
 ## Configure alerts
 
-:::note
-Only available to customers on a Business or Enterprise plan.
-:::
-
-<Render file="alerts-intro" />
+<Render
+	file="alerts-intro"
+	params={{
+		availabilityDetails:
+			"The available alert types depend on your Cloudflare plan.",
+	}}
+/>
 
 <Render file="alerts-configure" />
 

src/content/docs/page-shield/get-started.mdx

@@ -34,15 +34,15 @@ In addition to the integrity score, Page Shield will also provide individual sco
 - **Crypto mining**
 - **Malware**
 
-You can configure [Malicious Script Alerts](/page-shield/reference/alerts/). You will receive an alert notification as soon as Cloudflare detects JavaScript code classified as malicious in your domain.
+You can [configure Malicious Script Alerts](/page-shield/alerts/configure/). You will receive an alert notification as soon as Cloudflare detects JavaScript code classified as malicious in your domain.
 
 ## Malicious URL checks
 
 Page Shield will search for the URLs of your JavaScript dependencies in threat intelligence feeds to determine if any of those scripts should be categorized as malicious.
 
 The Page Shield dashboards display the scripts that were considered malicious at the top of the scripts list.
 
-You can [configure Malicious URL Alerts](/page-shield/reference/alerts/) to receive an alert notification as soon as Cloudflare detects a script from a malicious URL in your domain.
+You can [configure Malicious URL Alerts](/page-shield/alerts/configure/) to receive an alert notification as soon as Cloudflare detects a script from a malicious URL in your domain.
 
 Depending on your current configuration, Page Shield can also search for malicious URLs in the URLs of outgoing connections made by scripts in your domain. To enable this check, you must [allow Page Shield to use the full URLs of outgoing connections](/page-shield/reference/settings/#connection-target-details) instead of only the hostname in Page Shield settings.
 
@@ -54,7 +54,7 @@ A domain previously reported as malicious can later be reported as non-malicious
 
 Page Shield will also check the target domains of connections made by scripts in your domain's pages, following the same approach described for scripts.
 
-You can configure [Malicious Domain Alerts](/page-shield/reference/alerts/) to receive an alert notification as soon as Cloudflare detects a malicious script loaded from a known malicious domain in your domain.
+You can [configure Malicious Domain Alerts](/page-shield/alerts/configure/) to receive an alert notification as soon as Cloudflare detects a malicious script loaded from a known malicious domain in your domain.
 
 ---