[Rules, WAF] Update security level and threat score

public/_redirects

@@ -777,7 +777,7 @@
 /learning-paths/secure-o365-email/ /learning-paths/secure-o365-email/concepts/ 301
 /learning-paths/workers/ /learning-paths/workers/concepts/ 301
 /learning-paths/zero-trust-web-access/ /learning-paths/zero-trust-web-access/concepts/ 301
-
+/learning-paths/application-security/default-traffic-security/security-level/ /learning-paths/application-security/default-traffic-security/browser-integrity/ 301
 
 # more redirects in the /dynamic/ section
 

src/content/docs/rules/configuration-rules/settings.mdx

@@ -266,16 +266,14 @@ API configuration property name: `"rocket_loader"` (boolean).
 
 [Security Level](/waf/tools/security-level/) controls Managed Challenges for requests from low reputation IP addresses.
 
-Use this setting to select the security level for matching requests:
+On the Cloudflare dashboard, you can turn Under Attack mode on or off. 
 
 - Off
 - Essentially Off
-- Low
-- Medium
-- High
 - I'm Under Attack
 
-Refer to [Security levels](/waf/tools/security-level/#security-levels) for more information on these values.
+
+Refer to [Under Attack mode](/fundamentals/reference/under-attack-mode/) for more information.
 
 <Details header="API information">
 

src/content/docs/waf/tools/security-level.mdx

@@ -18,22 +18,7 @@ import { Render } from "~/components";
 
 ## Customize security level
 
-The default security level is _Medium_.
-
-### Update globally
-
-To update the security level for your entire zone:
-
-1. Log into the [Cloudflare dashboard](https://dash.cloudflare.com), and select your account and zone.
-2. Go to **Security** > **Settings**.
-3. For **Security Level**, select an option.
-
-### Update selectively
-
-To set the security level more selectively, do one of the following:
-
-- Configure it via a [configuration rule](/rules/configuration-rules/).
-- Use the **Threat Score** as a **Field** criteria within [custom rules](/waf/custom-rules/). If you are using the Expression Editor, use the `cf.threat_score` field.
+You can customize security level by enabling or disabling [Under Attack mode](/fundamentals/reference/under-attack-mode/) on the Cloudflare dashboard.
 
 ---
 
@@ -42,4 +27,4 @@ To set the security level more selectively, do one of the following:
 To prevent bot IPs from attacking a website:
 
 - A new website owner might set a _Medium_ or _High_ **Security Level** and lower [**Challenge Passage**](/waf/tools/challenge-passage/) to a value below **30 minutes** to ensure that Cloudflare is constantly protecting the site.
-- An experienced website administrator confident in their security settings might set **Security Level** to _Essentially Off_ or _Low_ while setting a higher [**Challenge Passage**](/waf/tools/challenge-passage/) for a week, month, or even year to provide a less obtrusive visitor experience.
+- An experienced website administrator confident in their security settings might set **Security Level** to _Essentially Off_ or _Low_ while setting a higher [**Challenge Passage**](/waf/tools/challenge-passage/) for a week, month, or even year to provide a less obtrusive visitor experience.

src/content/partials/waf/security-level-scores.mdx

@@ -2,24 +2,13 @@
 {}
 ---
 
-## Security levels
+## Security level
 
-Security levels are based on the threat score (except _Off_ and _I'm Under Attack!_). You can adjust the security level to challenge incoming requests based on the threat they pose.
+Cloudflare provides _I'm Under Attack!_ as a security level.
 
-The available security levels are the following:
+Cloudflare's Under Attack mode performs additional security checks to help mitigate layer 7 DDoS attacks.
 
-| Security Level                      | Description                                                                          |
-| ----------------------------------- | ------------------------------------------------------------------------------------ |
-| Off (Enterprise<br/>customers only) | Does not challenge IP addresses.                                                     |
-| Essentially off                     | Only challenges IP addresses with the worst reputation.                              |
-| Low                                 | Challenges only threatening visitors.                                                |
-| Medium                              | Challenges both threatening and moderately threatening visitors.                     |
-| High                                | Challenges all visitors that exhibited threatening behavior within the last 14 days. |
-| I'm Under Attack!                   | Only for use if your website is currently under a DDoS attack.                       |
-
-Selecting a higher **Security Level** value means that even requests with a lower risk (that is, with a low [threat score](#threat-score)) will be challenged. Selecting a lower **Security Level** value means that only requests posing a higher risk (that is, with a high threat score) will be challenged.
-
-Security levels from _Essentially off_ to _High_ will challenge the visitor using a Managed Challenge. When you select _I'm Under Attack!_, which enables [Under Attack mode](/fundamentals/reference/under-attack-mode/), Cloudflare will present a JS challenge page.
+When you select _I'm Under Attack!_, which enables [Under Attack mode](/fundamentals/reference/under-attack-mode/), Cloudflare will present a JS challenge page.
 
 :::caution
 

src/content/release-notes/api-deprecations.yaml

@@ -5,6 +5,17 @@ productLink: "/fundamentals/"
 productArea: Core platform
 productAreaLink: /fundamentals/reference/changelog/platform/
 entries:
+
+  - publish_date: "2025-03-17"
+    title: "Security Level and Threat Score changes"
+    description: |-
+
+      Change date: March 17, 2025
+
+      Cloudflare now combines the IP address threat signal with threshold and botnet data, no longer requiring you to set a sensitivity level. Setting Security Level via API or Terraform to `low`, `medium`, or `high` will have no effect. Values `off`, `essentially_off`, and `under_attack` will still work as before.
+
+      Additionally, threat score values will no longer be populated. If you are using threat score in rule expressions, you will not need to make any changes; Cloudflare will audit and migrate your configuration in the future to update any references to threat score. However, if you are using the Rulesets API or Terraform to push your configuration, you should review your scripts and pipelines before the end of Q1 2026 to prevent issues.
+
   - publish_date: "2025-03-11"
     title: "Cloudflare Radar: Layer 7 attack magnitude parameter"
     description: |-