ready for reaview

Author: jdv

crowdsec-docs/unversioned/troubleshooting/usecases.mdx

@@ -94,7 +94,7 @@ Quickly choose among qualified malicious actors regrouped by industry, behaviors
 **How it works:**
 - Stream CrowdSec IP Lists into your security tools.
 - Integrate directly in your security tools thanks to our integrations or easy to use CTI API.
-- 🏅 Get custom IOC streams made for your needs.([contact us ↗️](https://www.crowdsec.net/business-requests?interest=CTI%20subscription))
+- 🏅 Get custom IOC streams made for your needs.
 - Next step: Enrich IPs via CrowdSec CTI API.
 
 
@@ -104,6 +104,7 @@ Quickly choose among qualified malicious actors regrouped by industry, behaviors
 - [Retrieving Blocklists via API](/u/console/service_api/quickstart/blocklists#download-blocklist-content)
 - [MISP Feed from Security Engine's alerts](https://doc.crowdsec.net/u/bouncers/misp-feed-generator)
 - [Upcoming CrowdSec MISP Feeds ↗️](https://roadmap.crowdsec.net/c/48-misp-feed)
+- [Contact Us for custom requests ↗️](https://www.crowdsec.net/business-requests?interest=CTI%20subscription))
 
 ---
 
@@ -202,20 +203,20 @@ Accelerate incident response with contextual threat intelligence and automated r
 
 **Is it for me?**
 Ideal if your SOC team is overwhelmed with security alerts and needs better context for prioritization.
-Good option if you want to automate alert enrichment and reduce time-to-response for security incidents.
+Add exclusive context to your alerts and automate incident response with up to 30+ IP reputation enrichment dimensions.
 
 **How it works:**
-- Configure notification plugins to automatically enrich alerts with global threat intelligence context.
-- Set up CTI helpers in templates to add reputation data, attack patterns, and geographic context.
-- Deploy operational dashboards for SOC teams to visualize threats and track security metrics.
-- Integrate with existing SIEM/SOAR tools to enhance existing alert workflows.
+- Consult CrowdSec CTI: per IP queries, advanced search on behavior, classifications or performed CVEs- Configure notification plugins to automatically enrich alerts with global threat intelligence context.
+- Obtain your CTI API key from your CrowdSec Console account or a contact with CrowdSec team for higher quotas.
+- Integrate it in your tools with out existing integrations or via simple calls to the API.
+- 🏅 Advanced usages: API search, Offline replication, ...
 
 **References**
-- [Notification plugins configuration](/docs/next/notification_plugins/intro)
-- [CTI helpers in templates](/docs/next/notification_plugins/template_helpers)
-- [Monitoring dashboards setup](/docs/next/cscli/cscli_dashboard)
-- [Metrics tracking with cscli](/docs/next/cscli/cscli_metrics)
-- [Console enrollment for CTI access](/docs/next/cscli/cscli_console_enroll)
+- [Explore CrowdSec CTI within the console](/u/cti_api/getting_started)
+- [Create a test API key](/u/cti_api/api_getting_started)
+- [IP reputation enrichment glossary](/u/cti_api/taxonomy/cti_object)
+- [Evaluate your IPs using our **IPDEX** tool](/u/cti_api/api_integration/integration_ipdex/)
+- [Contact Us for 🏅 advanced usage ↗️](https://www.crowdsec.net/business-requests?interest=CTI%20subscription)
 
 ---
 
@@ -228,32 +229,18 @@ Ideal if you have a threat hunting team that needs fresh, contextual intelligenc
 Good option if you want to correlate local events with global attack patterns and emerging threats.
 
 **How it works:**
-- Enroll your Security Engine in CrowdSec Console to access global CTI and CVE correlation data.
-- Use the web interface to investigate threat patterns and analyze attack trends.
-- Correlate your local security events with global crowd-sourced intelligence.
-- Export enriched threat data for integration with your existing threat hunting tools and workflows.
+- Explore our CTI and CVE explorer
+- Leverage advanced search capabilities to identify relevant threats and vulnerabilities.
+- Go further using our CTI API to integrate threat intelligence into your existing workflows.
 
 **References**
-- [Console enrollment guide](/docs/next/cscli/cscli_console_enroll)
-- [CTI integration documentation](/u/console/blocklists/subscription/)
-- [Global threat intelligence access](/u/integrations/intro)
-- [VulnTracking Reports](https://www.crowdsec.net/blog) (Monthly CVE analysis)
-- [Threat investigation workflows](/docs/next/cscli/cscli_decisions)
+- [CTI related refs from **Alert Enhancement and Triage**](#alert-enhancement-and-triage)
+- [CVE explorer](/u/cti_api/cve_explorer/)
+- [IPDEX presentation article ↗️](https://www.crowdsec.net/blog/introducing-crowdsec-ipdex)
+- [Follow our weekly vuln report on LinkedIn  ↗️](https://www.linkedin.com/company/crowdsec/posts/?feedView=all)
 
 ---
 
-## Getting Started Resources
-
-If you're new to CrowdSec, start with these foundational guides:
-
-* [Install CrowdSec Security Engine](/u/getting_started/installation/linux)
-* [Configure log data sources](/docs/next/data_sources/file)
-* [Understand bouncers and remediation](/docs/next/cscli/cscli_bouncers)
-* [Set up Local API](/docs/next/local_api/intro)
-* [Complete health check guide](/u/getting_started/health_check)
-
-## Related Documentation
-
-* [Security Engine Troubleshooting](./security_engine)
-* [Remediation Components Troubleshooting](./remediation_components)
-* [CTI Integration Guide](./cti)
+## Useful Links
+- [CrowdSec Public Roadmap ↗️](https://roadmap.crowdsec.net/tabs/3-planned)
+- [CrowdSec GitHub Repository ↗️](https://github.com/crowdsecurity/)