diff --git a/crowdsec-docs/docs/appsec/configuration.md b/crowdsec-docs/docs/appsec/configuration.md
index e873f0037..63cb4b60f 100644
--- a/crowdsec-docs/docs/appsec/configuration.md
+++ b/crowdsec-docs/docs/appsec/configuration.md
@@ -22,7 +22,7 @@ The AppSec Component configuration consists of three main parts:
 
 The goals of the acquisition file are:
 - To specify the **address** and **port** where the AppSec-enabled Remediation Component(s) will forward the requests to.
-- And specify one or more [AppSec configuration files](#appsec-configuration) to use as definition of what rules to apply and how. 
+- And specify one or more [AppSec configuration files](#appsec-configuration-files) to use as definition of what rules to apply and how. 
 
 Details can be found in the [AppSec Datasource page](/log_processor/data_sources/appsec.md).
 
diff --git a/crowdsec-docs/docs/appsec/quickstart/general.mdx b/crowdsec-docs/docs/appsec/quickstart/general.mdx
index e348e6dfd..85f0ee920 100644
--- a/crowdsec-docs/docs/appsec/quickstart/general.mdx
+++ b/crowdsec-docs/docs/appsec/quickstart/general.mdx
@@ -203,4 +203,4 @@ If the AppSec Component fails to start:
 3. **Check configuration syntax**: Validate your `appsec.yaml` file
 4. **Review logs**: Check `/var/log/crowdsec.log` for error messages
 
-For detailed troubleshooting, see the [AppSec Troubleshooting Guide](/appsec/troubleshooting).
\ No newline at end of file
+For detailed troubleshooting, see the [AppSec Troubleshooting Guide](/appsec/troubleshooting.md).
\ No newline at end of file
diff --git a/crowdsec-docs/docs/appsec/quickstart/nginxopenresty.mdx b/crowdsec-docs/docs/appsec/quickstart/nginxopenresty.mdx
index 53c75604c..625007af1 100644
--- a/crowdsec-docs/docs/appsec/quickstart/nginxopenresty.mdx
+++ b/crowdsec-docs/docs/appsec/quickstart/nginxopenresty.mdx
@@ -59,7 +59,7 @@ sudo cscli collections install crowdsecurity/appsec-virtual-patching crowdsecuri
 Executing this command will install the following items:
 
 - The [*AppSec Rules*](/appsec/rules_syntax.md) contain the definition of malevolent requests to be matched and stopped
-- The [*AppSec Configuration*](/appsec/configuration.md#appsec-configuration) links together a set of rules to provide a coherent set
+- The [*AppSec Configuration*](/appsec/configuration.md#appsec-configuration-files) links together a set of rules to provide a coherent set
 - The <UnderlineTooltip tooltip="YAML files that extract relevant data from logs, such as IP addresses, timestamps, or request paths.">CrowdSec Parser</UnderlineTooltip> and <UnderlineTooltip tooltip="Behavioral rules written in a domain-specific language that define what malicious activity looks like, such as multiple failed logins in a short time.">CrowdSec Scenario(s)</UnderlineTooltip> bans for a longer duration repeating offenders
 
 ### Setup the Acquisition
@@ -82,7 +82,7 @@ Steps:
 
 The two important directives in this configuration file are:
 
- - `appsec_config` is the name of the [*AppSec Configuration*](appsec/configuration.md#appsec-configuration) that was included in the <UnderlineTooltip tooltip="Collections are bundle of parsers, scenarios, postoverflows that form a coherent package.">Collection</UnderlineTooltip> we just installed.
+ - `appsec_config` is the name of the [*AppSec Configuration*](/appsec/configuration.md#appsec-configuration-files) that was included in the <UnderlineTooltip tooltip="Collections are bundle of parsers, scenarios, postoverflows that form a coherent package.">Collection</UnderlineTooltip> we just installed.
  - the `listen_addr` is the IP and port the AppSec Component will listen to.
 
 :::warning
diff --git a/crowdsec-docs/docs/appsec/quickstart/traefik.mdx b/crowdsec-docs/docs/appsec/quickstart/traefik.mdx
index 926707cac..790904229 100644
--- a/crowdsec-docs/docs/appsec/quickstart/traefik.mdx
+++ b/crowdsec-docs/docs/appsec/quickstart/traefik.mdx
@@ -63,7 +63,7 @@ docker exec -it crowdsec cscli collections install crowdsecurity/appsec-virtual-
 Executing this command or updating the compose will install the following items:
 
 - The [*AppSec Rules*](/appsec/rules_syntax.md) contain the definition of malevolent requests to be matched and stopped.
-- The [*AppSec Configuration*](/appsec/configuration.md#appsec-configuration) links together a set of rules to provide a coherent set.
+- The [*AppSec Configuration*](/appsec/configuration.md#appsec-configuration-files) links together a set of rules to provide a coherent set.
 - The <UnderlineTooltip tooltip="YAML files that extract relevant data from logs, such as IP addresses, timestamps, or request paths.">CrowdSec Parser</UnderlineTooltip> and <UnderlineTooltip tooltip="Behavioral rules written in a domain-specific language that define what malicious activity looks like, such as multiple failed logins in a short time.">CrowdSec Scenario(s)</UnderlineTooltip> are used to detect and remediate persistent attacks.
 
 Once you have updated your compose or installed via the command line, will we need to restart the container. However, before we do that, we need to setup the acquisition for the AppSec Component.
diff --git a/crowdsec-docs/docs/appsec/quickstart/wordpress.mdx b/crowdsec-docs/docs/appsec/quickstart/wordpress.mdx
index cceffcef0..a7713e43c 100644
--- a/crowdsec-docs/docs/appsec/quickstart/wordpress.mdx
+++ b/crowdsec-docs/docs/appsec/quickstart/wordpress.mdx
@@ -53,7 +53,7 @@ sudo cscli collections install crowdsecurity/appsec-virtual-patching crowdsecuri
 Executing this command will install the following items:
 
 - The [*AppSec Rules*](/appsec/rules_syntax.md) contain the definition of malevolent requests to be matched and stopped
-- The [*AppSec Configuration*](/appsec/configuration.md#appsec-configuration) links together a set of rules to provide a coherent set
+- The [*AppSec Configuration*](/appsec/configuration.md#appsec-configuration-files) links together a set of rules to provide a coherent set
 - The <UnderlineTooltip tooltip="YAML files that extract relevant data from logs, such as IP addresses, timestamps, or request paths.">CrowdSec Parser</UnderlineTooltip> and <UnderlineTooltip tooltip="Behavioral rules written in a domain-specific language that define what malicious activity looks like, such as multiple failed logins in a short time.">CrowdSec Scenario(s)</UnderlineTooltip> bans for a longer duration repeating offenders
 
 ### Setup the Acquisition
@@ -76,7 +76,7 @@ Steps:
 
 The two important directives in this configuration file are:
 
- - `appsec_config` is the name of the [*AppSec Configuration*](appsec/configuration.md#appsec-configuration) that was included in the <UnderlineTooltip tooltip="Collections are bundle of parsers, scenarios, postoverflows that form a coherent package.">Collection</UnderlineTooltip> we just installed.
+ - `appsec_config` is the name of the [*AppSec Configuration*](/appsec/configuration.md#appsec-configuration-files) that was included in the <UnderlineTooltip tooltip="Collections are bundle of parsers, scenarios, postoverflows that form a coherent package.">Collection</UnderlineTooltip> we just installed.
  - the `listen_addr` is the IP and port the AppSec Component will listen to.
 
 :::warning
diff --git a/crowdsec-docs/docs/appsec/troubleshooting.md b/crowdsec-docs/docs/appsec/troubleshooting.md
index c98bdc02d..eda4ca3c0 100644
--- a/crowdsec-docs/docs/appsec/troubleshooting.md
+++ b/crowdsec-docs/docs/appsec/troubleshooting.md
@@ -63,7 +63,7 @@ DEBU[2023-12-06 15:40:26] Finish evaluating rule                        band=inb
 ## Authenticating with the AppSec Component
 
 :::note
-We are assuming the AppSec engine is running on `127.0.0.1:7422`. See [installation directives](/docs/next/appsec/installation)
+We are assuming the AppSec engine is running on `127.0.0.1:7422`. See [installation directives](/appsec/quickstart/general.mdx)
 :::
 
 > Create a valid API Key
diff --git a/crowdsec-docs/docs/central_api/intro.md b/crowdsec-docs/docs/central_api/intro.md
index b7a4f22cf..1e723cbab 100644
--- a/crowdsec-docs/docs/central_api/intro.md
+++ b/crowdsec-docs/docs/central_api/intro.md
@@ -15,7 +15,7 @@ The [Central API](https://crowdsecurity.github.io/api_doc/capi/) is the service
 This information is *only* going to be pushed when a scenario is coming from the hub and is unmodified. Custom scenarios, tainted scenarios and manual decisions are *not* pushed unless enrolled into the console.
 :::
 
-When the Security Engine generates an alert, [unless you opt-out of it](/u/troubleshooting/intro#how-to-disable-the-central-api), it will push "signal meta-data". The meta-data are :
+When the Security Engine generates an alert, [unless you opt-out of it](/u/troubleshooting/security_engine#how-to-disable-the-central-api), it will push "signal meta-data". The meta-data are :
  - The name of the scenario that was triggered
  - The hash & version of the scenario that was triggered
  - The timestamp of the decision
diff --git a/crowdsec-docs/docs/concepts.md b/crowdsec-docs/docs/concepts.md
index c2c26af10..1a184add4 100644
--- a/crowdsec-docs/docs/concepts.md
+++ b/crowdsec-docs/docs/concepts.md
@@ -12,7 +12,7 @@ sidebar_position: 1
 > The Security Engine is CrowdSec's IDS/IPS (Intrusion Detection System/Intrusion Prevention System)
 > It is a rules and behavior detection engine comprised of Log Processor and the Local API.
 
-A Security Engine can operate [independently](/intro#architecture) or in a [distributed manner](/intro#deployment-options), adapting to the specific needs and constraints of your infrastructure. For more information on CrowdSec's distributed approach, visit our documentation on collaborative operations and distributed deployments.
+A Security Engine can operate [independently](intro.mdx#architecture) or in a [distributed manner](intro.mdx#deployment-options), adapting to the specific needs and constraints of your infrastructure. For more information on CrowdSec's distributed approach, visit our documentation on collaborative operations and distributed deployments.
 
 
 # Log Processor (LP)
@@ -50,7 +50,7 @@ Remediations components leverage existing components of your infrastructure to b
 
 > The Central API (CAPI) serves as the gateway for network participants to connect and communicate with CrowdSec's network.
 
-The Central API (abreviated as `CAPI`) receives attack signals from all participating Security Engines and signal partners, then re-distribute them curated community decisions ([Community Blocklist](/central_api/community_blocklist/)).   
+The Central API (abreviated as `CAPI`) receives attack signals from all participating Security Engines and signal partners, then re-distribute them curated community decisions ([Community Blocklist](/central_api/blocklist.md)).   
 It's also at the heart of CrowdSec centralized [Blocklist services](/u/blocklists/intro).
 
 # Console
@@ -61,4 +61,4 @@ The [Console](https://app.crowdsec.net) allows you to:
  - [Manage alerts](/u/console/alerts/intro) of your security stack
  - [Manage decisions](/u/console/decisions/decisions_intro) in real-time
  - View and use [blocklists and integrations](/u/blocklists/intro)
- - Manage your API keys ([CTI API](/u/cti_api/intro), [Service API](/u/service_api/getting_started))
\ No newline at end of file
+ - Manage your API keys ([CTI API](/u/cti_api/intro), [Service API](/u/console/service_api/getting_started))
\ No newline at end of file
diff --git a/crowdsec-docs/docs/configuration/network_management.md b/crowdsec-docs/docs/configuration/network_management.md
index 2c289f5f5..6fac4262e 100644
--- a/crowdsec-docs/docs/configuration/network_management.md
+++ b/crowdsec-docs/docs/configuration/network_management.md
@@ -17,7 +17,7 @@ id: network_management
  - Local API connects to `tcp/443` on `papi.api.crowdsec.net` (console management)
  - `cscli` connects to `tcp/443` on `hub-cdn.crowdsec.net` to fetch scenarios, parsers etc. (1)
  - `cscli` connects to `tcp/443` on `version.crowdsec.net` to check latest version available. (1)
- - [`cscli dashboard`](/cscli/cscli_dashboard.md) fetches metabase configuration from a s3 bucket (`https://crowdsec-statics-assets.s3-eu-west-1.amazonaws.com/`)
+ - Dashboard-related functionality may connect to external services for configuration
  - Installation script is hosted on `install.crowdsec.net` over HTTPS.
  - Repositories are hosted on `packagecloud.io` over HTTPS.
 
diff --git a/crowdsec-docs/docs/contributing/bouncers.md b/crowdsec-docs/docs/contributing/bouncers.md
index 3246c8bc2..4f332858c 100644
--- a/crowdsec-docs/docs/contributing/bouncers.md
+++ b/crowdsec-docs/docs/contributing/bouncers.md
@@ -17,8 +17,8 @@ Sharing on the hub allows other users to find and use it. While increasing your
 #### Specs
 
 Remediation components have mandatory and optional features, they are described in the following sub pages:
-- [Specifications for Remediation Component and AppSec Capabilities](/contributing/specs/bouncer_appsec_specs)
-- [Remediation Component Metrics](/contributing/specs/bouncer_metrics_specs)
+- [Specifications for Remediation Component and AppSec Capabilities](/contributing/specs/bouncer_appsec_specs.mdx)
+- [Remediation Component Metrics](/contributing/specs/bouncer_metrics_specs.mdx)
 
 *Don't hesitate to get in touch with us via discord if anything is unclear to you*
 
diff --git a/crowdsec-docs/docs/contributing/hub.md b/crowdsec-docs/docs/contributing/hub.md
index b7f1dfb6e..d54eafea0 100644
--- a/crowdsec-docs/docs/contributing/hub.md
+++ b/crowdsec-docs/docs/contributing/hub.md
@@ -28,12 +28,12 @@ To get involved :
 
 The following explains how to create and test:
 
-- [parsers](/docs/parsers/create/)
-- [scenarios](/docs/scenarios/create/)
+- [parsers](/log_processor/parsers/create.md)
+- [scenarios](/log_processor/scenarios/create.md)
 
 ### Collections
 
-It often makes sense for a new parser or scenario to be added to an existing [collection](/docs/collections/format), or create a new one.
+It often makes sense for a new parser or scenario to be added to an existing [collection](/log_processor/collections/format.md), or create a new one.
 
 If your parsers and/or scenarios cover a new or specific service, having a dedicated collection for this service makes sense.
 In other cases, having a parser for `SpecificWebServer` access logs would justify a collection as it might also include [all the default http related scenarios](https://hub.crowdsec.net/author/crowdsecurity/collections/base-http-scenarios).
@@ -71,7 +71,7 @@ labels:
 
 Before asking for a review of your PR, please ensure you have the following:
 
-- tests: Test creation is covered in [parsers creation](/docs/parsers/create/) and [scenarios creation](/docs/scenarios/create/). Ensure that each of your parser or scenario is properly tested.
+- tests: Test creation is covered in [parsers creation](/log_processor/parsers/create.md) and [scenarios creation](/log_processor/scenarios/create.md). Ensure that each of your parser or scenario is properly tested.
 - documentation: Please provide a `.md` file with the same name as each of your parser, scenario or collection. The markdown is rendered in the [hub](https://hub.crowdsec.net).
 - documentation: If you're creating a collection targeting a specific log file, be sure to provide an acquis example as :
 
diff --git a/crowdsec-docs/docs/contributing/specs/bouncer_appsec_specs.mdx b/crowdsec-docs/docs/contributing/specs/bouncer_appsec_specs.mdx
index 6d8d79109..502ad0124 100644
--- a/crowdsec-docs/docs/contributing/specs/bouncer_appsec_specs.mdx
+++ b/crowdsec-docs/docs/contributing/specs/bouncer_appsec_specs.mdx
@@ -163,7 +163,7 @@ If a remediation is found and for the LAPI timeout fallback here are the remedia
 * Remediation priority  
   * There is a priority in the remediation to take in account if an IP has multiple  
   * Default priority order **Ban** then **Captcha**  
-* Metrics see below and in the [detailed metrics specs](/contributing/specs/bouncer_metrics_specs)
+* Metrics see below and in the [detailed metrics specs](/contributing/specs/bouncer_metrics_specs.mdx)
 
 ### Logging 
 
@@ -484,7 +484,7 @@ You can refer to the AppSec documentation to test request forwarding.
 
 ### Metrics payload
 
-More details about metrics in [Metrics specs](/contributing/specs/bouncer_metrics_specs/)
+More details about metrics in [Metrics specs](/contributing/specs/bouncer_metrics_specs.mdx)
 
 ```json
 { 
diff --git a/crowdsec-docs/docs/getting_started/crowdsec_tour.mdx b/crowdsec-docs/docs/getting_started/crowdsec_tour.mdx
index 1d0c90d11..e62ef567a 100644
--- a/crowdsec-docs/docs/getting_started/crowdsec_tour.mdx
+++ b/crowdsec-docs/docs/getting_started/crowdsec_tour.mdx
@@ -280,7 +280,7 @@ Running [metabase](https://www.metabase.com/) (the dashboard deployed by `cscli
 sudo cscli dashboard setup --listen 0.0.0.0
 ```
 
-A metabase [docker container](/observability/dashboard.md) can be deployed with [`cscli dashboard`](/cscli/cscli_dashboard.md).
+CrowdSec provides various observability tools including Prometheus metrics and command-line interfaces.
 It requires docker, [installation instructions are available here](https://docs.docker.com/engine/install/).
 
 ## Logs
diff --git a/crowdsec-docs/docs/getting_started/install_source.mdx b/crowdsec-docs/docs/getting_started/install_source.mdx
index 3d7177b47..c72e71b37 100644
--- a/crowdsec-docs/docs/getting_started/install_source.mdx
+++ b/crowdsec-docs/docs/getting_started/install_source.mdx
@@ -9,7 +9,7 @@ import TabItem from '@theme/TabItem';
 import CodeBlock from '@theme/CodeBlock';
 
 :::warning
-This is only for advanced users that wish to compile their own software. If you are not comfortable with this, please use the [official packages](/getting_started/getting_started.md)
+This is only for advanced users that wish to compile their own software. If you are not comfortable with this, please use the [official packages](/u/getting_started/intro)
 :::
 
 We define systems by their underlying distribution rather than a fork or modification of a distribution. For example, Ubuntu and Debian are both Debian based distributions, so they will share the same instructions as the term DEB. Centos and Fedora are both Redhat based distributions, so they will share the same instructions as the term RPM. Arch is just Arch, so it will have its own instructions.
diff --git a/crowdsec-docs/docs/intro.mdx b/crowdsec-docs/docs/intro.mdx
index eb256f250..51a617d9a 100644
--- a/crowdsec-docs/docs/intro.mdx
+++ b/crowdsec-docs/docs/intro.mdx
@@ -32,7 +32,7 @@ In addition to the core "detect and react" mechanism, CrowdSec is committed to s
 -   **Easy Installation**: Effortless out-of-the-box installation on all [supported platforms](/u/getting_started/intro).
 -   **Simplified Daily Operations**: You have access to our Web UI administration via [CrowdSec's console](http://app.crowdsec.net) or the powerful [Command line tool cscli](/cscli/cscli.md) for effortless maintenance and keeping your detection mechanisms up-to-date.
 -   **Reproducibility**: The Security Engine can analyze not only live logs but also [cold logs](/u/user_guides/replay_mode), making it easier to detect potential false triggers, conduct forensic analysis, or generate reports.
--   **Versatile**: The Security Engine can analyze [system logs](/docs/data_sources/intro) and [HTTP Requests](/docs/next/appsec/intro) to exhaustively protect your perimeter.
+-   **Versatile**: The Security Engine can analyze [system logs](/log_processor/data_sources/introduction.md) and [HTTP Requests](/appsec/intro.md) to exhaustively protect your perimeter.
 -   **Observability**: Providing valuable insights into the system's activity:
     -   Users can view/manage alerts from the ([Console](https://app.crowdsec.net/signup)).
     -   Operations personnel have access to detailed Prometheus metrics ([Prometheus](/observability/prometheus.md)).
@@ -49,10 +49,10 @@ In addition to the core "detect and react" mechanism, CrowdSec is committed to s
 
 Under the hood, the Security Engine has various components:
 
--   The [Log Processor](log_processor/intro.mdx) is in charge of detection: it analyzes logs from [various data sources](data_sources/intro) or [HTTP requests](appsec/intro) from web servers.
+-   The [Log Processor](/log_processor/intro.mdx) is in charge of detection: it analyzes logs from [various data sources](/log_processor/data_sources/introduction.md) or [HTTP requests](/appsec/intro.md) from web servers.
 -   The [Appsec](appsec/intro) feature is part of the Log Processor and filters HTTP Requests from the compatible web servers.
 -   The [Local API](local_api/intro.md) acts as a middle man:
-    -   Between the [Log Processors](/docs/data_sources/intro) and the [Remediation Components](/u/bouncers/intro) which are in charge of enforcing decisions.
+    -   Between the [Log Processors](/log_processor/intro.mdx) and the [Remediation Components](/u/bouncers/intro) which are in charge of enforcing decisions.
     -   And with the [Central API](/central_api/intro.md) to share alerts and receive blocklists.
 -   The [Remediation Components](/u/bouncers/intro) - also known as bouncers - block malicious IPs at your chosen level—whether via IpTables, firewalls, web servers, or reverse proxies. [See the full list on our CrowdSec Hub.](https://app.crowdsec.net/hub/remediation-components)
 
@@ -64,7 +64,7 @@ This architecture allows for both simple/standalone setups, or more distributed
 -   Multiple machines? Use the [distributed setup guide](/u/user_guides/multiserver_setup)
 -   Already have a log pit (such as rsyslog or loki)? [Run crowdsec next to it](/u/user_guides/log_centralization), not on the production workloads
 -   Running Kubernetes? Have a look at [our helm chart](/u/getting_started/installation/kubernetes)
--   Running containers? The [docker data source](/docs/data_sources/docker) might be what you need
+-   Running containers? The [docker data source](/log_processor/data_sources/docker.md) might be what you need
 -   Just looking for a WAF? Look at [our quickstart](appsec/intro)
 
 Distributed architecture example:
diff --git a/crowdsec-docs/docs/log_processor/scenarios/create.md b/crowdsec-docs/docs/log_processor/scenarios/create.md
index a2fd370b4..721cd730c 100644
--- a/crowdsec-docs/docs/log_processor/scenarios/create.md
+++ b/crowdsec-docs/docs/log_processor/scenarios/create.md
@@ -8,7 +8,7 @@ import AcademyPromo from '@site/src/components/academy-promo';
 
 :::caution
 
-All the examples assume that you have read the [Creating parsers](/docs/next/parsers/create) documentation.
+All the examples assume that you have read the [Creating parsers](/log_processor/parsers/create.md) documentation.
 
 :::
 
@@ -120,7 +120,7 @@ labels:
 
 :::note
 
-We filter on `evt.Meta.log_type == 'myservice_failed_auth'` because in the parser `myservice-logs` (created in the [Creating parsers](/docs/next/parsers/create) part) we set the `log_type` to `myservice_failed_auth` for bad password or bad user attempt.
+We filter on `evt.Meta.log_type == 'myservice_failed_auth'` because in the parser `myservice-logs` (created in the [Creating parsers](/log_processor/parsers/create.md) part) we set the `log_type` to `myservice_failed_auth` for bad password or bad user attempt.
 
 :::
 
diff --git a/crowdsec-docs/docs/log_processor/scenarios/introduction.mdx b/crowdsec-docs/docs/log_processor/scenarios/introduction.mdx
index 56cf888f6..162163ef6 100644
--- a/crowdsec-docs/docs/log_processor/scenarios/introduction.mdx
+++ b/crowdsec-docs/docs/log_processor/scenarios/introduction.mdx
@@ -9,7 +9,7 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 
 Scenarios are YAML files that allow to detect a specific behavior, usually an attack.
 
-Scenarios receive [events](/concepts.md#events) and can produce [alerts](/concepts.md#alerts) using the [leaky bucket](https://en.wikipedia.org/wiki/Leaky_bucket) algorithm.
+Scenarios receive events and can produce alerts using the [leaky bucket](https://en.wikipedia.org/wiki/Leaky_bucket) algorithm.
 
 <div style={{display: 'flex'}}>
     <div style={{textAlign: 'center', flex: '1'}}>
@@ -25,6 +25,6 @@ The event goes via various steps :
  - if the bucket overflows, it can be validated by an optional `overflow_filter`
 
 
-Once an overflow happens, it will go through [postoverflows](/log_processor/parsers/introduction.mdx#postoverflows) to handle last chance whitelists, before being finally turned into a potential [decision](/concepts.md#decisions) by [profiles](/local_api/profiles/intro.md).
+Once an overflow happens, it will go through [postoverflows](/log_processor/parsers/introduction.mdx#postoverflows) to handle last chance whitelists, before being finally turned into a potential decision by [profiles](/local_api/profiles/intro.md).
 
 
diff --git a/crowdsec-docs/docs/observability/dashboard.md b/crowdsec-docs/docs/observability/dashboard.md
deleted file mode 100644
index ddd5dcae1..000000000
--- a/crowdsec-docs/docs/observability/dashboard.md
+++ /dev/null
@@ -1,100 +0,0 @@
----
-id: dashboard
-title: Cscli dashboard
-sidebar_position: 3
----
-
-:::warning "MySQL & PostgreSQL"
-MySQL and PostgreSQL are currently not supported by [`cscli dashboard`](/cscli/cscli_dashboard.md). 
-
-It means that you can run cscli dashboard only if you use `SQLite` (default) as storage database with your local API.
-:::
-
-![Dashboard](/img/metabase.png)
-
-The cscli command `cscli dashboard setup` will use [docker](https://docs.docker.com/get-docker/) to install [metabase docker image](https://hub.docker.com/r/metabase/metabase/) and fetch our metabase template to have a configured and ready dashboard. 
-
-:::tip
-If you use `podman` instead of `docker` and want to install the crowdsec dashboard, you need to run:
-
-	sudo systemctl enable --now podman.socket
-
-Then you can setup the dashboard with `sudo env DOCKER_HOST=unix:///run/podman/podman.sock cscli dashboard setup`.
-:::
-
-## Setup
-> Setup and Start crowdsec metabase dashboard
-
-```bash
-sudo cscli dashboard setup
-```
-
-Optional arguments:
-
- - `-l` |`--listen` : ip address to listen on for docker (default is `127.0.0.1`)
- - `-p` |`--port` : port to listen on for docker (default is `8080`)
- - `--password` : password for metabase user (default is generated randomly)
- - `-f` | `--force` : override existing setup
-
-
-
-<details>
-  <summary>cscli dashboard setup</summary>
-
-```bash
-INFO[0000] Pulling docker image metabase/metabase       
-...........
-INFO[0002] creating container '/crowdsec-metabase'      
-INFO[0002] Waiting for metabase API to be up (can take up to a minute) 
-..............
-INFO[0051] Metabase is ready                            
-
-	URL       : 'http://127.0.0.1:3000'
-	username  : 'crowdsec@crowdsec.net'
-	password  : '<RANDOM_PASSWORD>'
-
-```
-</details>
-
-:::tip
-The `dashboard setup` command will output generated credentials for metabase.
-
-Those are stored in `/etc/crowdsec/metabase/metabase.yaml`
-:::
-
-Now you can connect to your dashboard, sign-in with your saved credentials then click on crowdsec Dashboard to get this:
-
-
-Dashboard docker image can be managed by cscli and docker cli also. Look at the cscli help command using
-
-```bash
-sudo cscli dashboard -h
-```
-
-## Remove the dashboard
-> Remove crowdsec metabase dashboard
-
-```bash
-sudo cscli dashboard remove [-f]
-```
-Optional arguments:
-
-- `-f` | `--force` : will force remove the dashboard
-
-## Stop the dashboard
-> Stop crowdsec metabase dashboard
-
-```bash
-sudo cscli dashboard stop
-```
-
-## Start the dashboard
-> Start crowdsec metabase dashboard
-
-```bash
-sudo cscli dashboard start
-```
-
-**Note:** Please look [at this documentation](/blog/metabase_without_docker) for those of you that would like to deploy metabase without using docker.
-
-
diff --git a/crowdsec-docs/docs/observability/intro.md b/crowdsec-docs/docs/observability/intro.md
index ccd866f0b..2cf1f747c 100644
--- a/crowdsec-docs/docs/observability/intro.md
+++ b/crowdsec-docs/docs/observability/intro.md
@@ -11,7 +11,7 @@ We attempt to provide good observability of CrowdSec's behavior :
  - CrowdSec itself exposes a [prometheus instrumentation](/observability/prometheus.md)
  - `cscli` allows you to view part of prometheus metrics in [cli (`cscli metrics`)](/cscli/cscli_metrics.md)
  - CrowdSec logging is contextualized for easy processing
- - for **humans**, `cscli` allows you to trivially start a service [exposing dashboards](/observability/dashboard.md) (using [metabase](https://www.metabase.com/))
+ - for **humans**, `cscli` provides command-line tools to inspect and manage CrowdSec's behavior
 
 Furthermore, most of CrowdSec configuration should allow you to enable partial debug (ie. per-scenario, per-parser etc.)
 
diff --git a/crowdsec-docs/sidebars.ts b/crowdsec-docs/sidebars.ts
index 0477fcbef..48e59470d 100644
--- a/crowdsec-docs/sidebars.ts
+++ b/crowdsec-docs/sidebars.ts
@@ -254,13 +254,7 @@ const sidebarsConfig: SidebarConfig = {
 				type: "doc",
 				id: "observability/intro",
 			},
-			items: [
-				"observability/cscli",
-				"observability/prometheus",
-				"observability/usage_metrics",
-				"observability/dashboard",
-				"observability/pprof",
-			],
+			items: ["observability/cscli", "observability/prometheus", "observability/usage_metrics", "observability/pprof"],
 		},
 		{
 			type: "category",
diff --git a/crowdsec-docs/unversioned/bouncers/aws-waf.mdx b/crowdsec-docs/unversioned/bouncers/aws-waf.mdx
index 87db77fdf..6e732db3a 100644
--- a/crowdsec-docs/unversioned/bouncers/aws-waf.mdx
+++ b/crowdsec-docs/unversioned/bouncers/aws-waf.mdx
@@ -48,7 +48,7 @@ If you do not have an existing AWS WAF configuration, you can refer to the [offi
 
 ### Using packages
 
-Packages for crowdsec-aws-waf-bouncer [are available on our repositories](/docs/next/getting_started/install_crowdsec#install-our-repositories). You need to pick the package accord to your firewall system :
+Packages for crowdsec-aws-waf-bouncer [are available on our repositories](/u/getting_started/installation/linux#repository-installation). You need to pick the package accord to your firewall system :
 
 <Tabs
   defaultValue="debian"
diff --git a/crowdsec-docs/unversioned/bouncers/blocklist-mirror.mdx b/crowdsec-docs/unversioned/bouncers/blocklist-mirror.mdx
index c8cd291c9..7532abcc7 100644
--- a/crowdsec-docs/unversioned/bouncers/blocklist-mirror.mdx
+++ b/crowdsec-docs/unversioned/bouncers/blocklist-mirror.mdx
@@ -37,7 +37,7 @@ This Remediation Component exposes CrowdSec's active decisions via provided HTTP
 
 ## Installation from repositories
 
-[Setup crowdsec repositories](/docs/next/getting_started/install_crowdsec#install-our-repositories).
+[Setup crowdsec repositories](/u/getting_started/installation/linux#repository-installation).
 
 <Tabs
   defaultValue="debian"
diff --git a/crowdsec-docs/unversioned/bouncers/cloudflare-workers.mdx b/crowdsec-docs/unversioned/bouncers/cloudflare-workers.mdx
index b26bd6c90..e4d3c506d 100644
--- a/crowdsec-docs/unversioned/bouncers/cloudflare-workers.mdx
+++ b/crowdsec-docs/unversioned/bouncers/cloudflare-workers.mdx
@@ -56,7 +56,7 @@ After configuring and starting the Remediation Component, please see the [settin
 
 ### Using packages
 
-Packages for crowdsec-cloudflare-worker-bouncer [are available on our repositories](/docs/next/getting_started/install_crowdsec#install-our-repositories). You need to pick the package accord to your firewall system :
+Packages for crowdsec-cloudflare-worker-bouncer [are available on our repositories](/u/getting_started/installation/linux#repository-installation). You need to pick the package accord to your firewall system :
 
 <Tabs
   defaultValue="debian"
diff --git a/crowdsec-docs/unversioned/bouncers/cloudflare.mdx b/crowdsec-docs/unversioned/bouncers/cloudflare.mdx
index bbfaaa961..1da5d061f 100644
--- a/crowdsec-docs/unversioned/bouncers/cloudflare.mdx
+++ b/crowdsec-docs/unversioned/bouncers/cloudflare.mdx
@@ -45,7 +45,7 @@ A Remediation Component that syncs the decisions made by CrowdSec with CloudFlar
 
 ### Repository
 
-Packages for crowdsec-cloudflare-bouncer [are available on our repositories](/docs/next/getting_started/install_crowdsec#install-our-repositories). You need to pick the package accord to your firewall system :
+Packages for crowdsec-cloudflare-bouncer [are available on our repositories](/u/getting_started/installation/linux#repository-installation). You need to pick the package accord to your firewall system :
 
 <Tabs
   defaultValue="debian"
diff --git a/crowdsec-docs/unversioned/bouncers/custom.mdx b/crowdsec-docs/unversioned/bouncers/custom.mdx
index 9591e6b52..fe4ccbacc 100644
--- a/crowdsec-docs/unversioned/bouncers/custom.mdx
+++ b/crowdsec-docs/unversioned/bouncers/custom.mdx
@@ -35,7 +35,7 @@ The crowdsec-custom-bouncer will periodically fetch new, expired and removed dec
 
 ### Repository
 
-[Setup crowdsec repositories](/docs/next/getting_started/install_crowdsec#install-our-repositories).
+[Setup crowdsec repositories](/u/getting_started/installation/linux#repository-installation).
 
 <Tabs
   defaultValue="debian"
@@ -175,7 +175,7 @@ By default you can find the log file `/var/log/crowdsec-custom-bouncer.log`, how
 
 We recommend using the [scopes](#scopes) configuration to filter the scope your script is interested in. This will ensure you get the expected values in your script.
 
-This is only applicable if you have configured your [profiles](/docs/next/profiles/format#decisions) to make use of scopes but is general best pratice to set it to `["Ip"]` by default if that is the script aim.
+This is only applicable if you have configured your [profiles](/docs/next/local_api/profiles/format#decisions) to make use of scopes but is general best pratice to set it to `["Ip"]` by default if that is the script aim.
 
 The above will ensure you get values from LAPI to the script, however, you should double check the values in your script to ensure they are as expected.
 
diff --git a/crowdsec-docs/unversioned/bouncers/firewall.mdx b/crowdsec-docs/unversioned/bouncers/firewall.mdx
index f210d5a98..fc67b47ea 100644
--- a/crowdsec-docs/unversioned/bouncers/firewall.mdx
+++ b/crowdsec-docs/unversioned/bouncers/firewall.mdx
@@ -41,7 +41,7 @@ Supported firewalls:
 
 ## Installation
 
-Packages for crowdsec-firewall-bouncer [are available on our repositories](/docs/next/getting_started/install_crowdsec#install-our-repositories). You need to pick the package according to your firewall system :  
+Packages for crowdsec-firewall-bouncer [are available on our repositories](/u/getting_started/installation/linux#repository-installation). You need to pick the package according to your firewall system :  
 
 :::info
 To know if your system is using iptables or nftables, you can run the following command:
diff --git a/crowdsec-docs/unversioned/bouncers/haproxy.mdx b/crowdsec-docs/unversioned/bouncers/haproxy.mdx
index b8ba85373..010fce011 100644
--- a/crowdsec-docs/unversioned/bouncers/haproxy.mdx
+++ b/crowdsec-docs/unversioned/bouncers/haproxy.mdx
@@ -58,7 +58,7 @@ Supported features:
 
 ### Using packages
 
-First, [setup crowdsec repositories](/docs/next/getting_started/install_crowdsec#install-our-repositories).
+First, [setup crowdsec repositories](/u/getting_started/installation/linux#repository-installation).
 
 <Tabs
   defaultValue="haproxy_debian"
@@ -295,7 +295,7 @@ API_KEY=<API_KEY>
 
 CrowdSec Local API key.
 
-Generated with [`sudo cscli bouncers add`](/docs/next/getting_started/install_crowdsec) command.
+Generated with [`sudo cscli bouncers add`](/u/getting_started/installation/linux) command.
 
 ### `BOUNCING_ON_TYPE`
 > all | ban | captcha
diff --git a/crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx b/crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx
index b6cf50f4d..3e24670ad 100644
--- a/crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx
+++ b/crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx
@@ -174,7 +174,7 @@ API_KEY=<API_KEY>
 
 CrowdSec Local API key.
 
-Generated with [`sudo cscli bouncers add`](/docs/next/getting_started/install_crowdsec) command.
+Generated with [`sudo cscli bouncers add`](/u/getting_started/installation/linux) command.
 
 ### `API_URL`
 > string
diff --git a/crowdsec-docs/unversioned/bouncers/nginx.mdx b/crowdsec-docs/unversioned/bouncers/nginx.mdx
index 46bcb0121..8de4c0c0a 100644
--- a/crowdsec-docs/unversioned/bouncers/nginx.mdx
+++ b/crowdsec-docs/unversioned/bouncers/nginx.mdx
@@ -69,7 +69,7 @@ Look at [FAQ for more information](#ubuntu-22xx-getting-lua-error).
 
 ### Using packages
 
-First, [setup crowdsec repositories](/docs/next/getting_started/install_crowdsec#install-our-repositories).
+First, [setup crowdsec repositories](/u/getting_started/installation/linux#repository-installation).
 
 <Tabs
   defaultValue="nginx_debian"
@@ -366,7 +366,7 @@ API_KEY=<API_KEY>
 
 CrowdSec Local API key.
 
-Generated with [`sudo cscli bouncers add`](/docs/next/getting_started/install_crowdsec) command.
+Generated with [`sudo cscli bouncers add`](/u/getting_started/installation/linux) command.
 
 ### `API_URL`
 > string
diff --git a/crowdsec-docs/unversioned/bouncers/openresty.mdx b/crowdsec-docs/unversioned/bouncers/openresty.mdx
index b936006aa..3d37a2a81 100644
--- a/crowdsec-docs/unversioned/bouncers/openresty.mdx
+++ b/crowdsec-docs/unversioned/bouncers/openresty.mdx
@@ -65,7 +65,7 @@ sudo apt install openresty openresty-opm gettext-base
 
 ### Using packages
 
-[Setup crowdsec repositories](/docs/next/getting_started/install_crowdsec#install-our-repositories).
+[Setup crowdsec repositories](/u/getting_started/installation/linux#repository-installation).
 
 <Tabs
   defaultValue="openresty_debian"
@@ -355,7 +355,7 @@ API_KEY=<API_KEY>
 
 CrowdSec Local API key.
 
-Generated with [`sudo cscli bouncers add`](/docs/next/getting_started/install_crowdsec) command.
+Generated with [`sudo cscli bouncers add`](/u/getting_started/installation/linux) command.
 
 ### `API_URL`
 > string
diff --git a/crowdsec-docs/unversioned/bouncers/wordpress.mdx b/crowdsec-docs/unversioned/bouncers/wordpress.mdx
index 392ce4bf5..e414a3ba9 100644
--- a/crowdsec-docs/unversioned/bouncers/wordpress.mdx
+++ b/crowdsec-docs/unversioned/bouncers/wordpress.mdx
@@ -328,8 +328,7 @@ With the stream mode, every decision is retrieved in an asynchronous way. Here y
 
 **N.B** : There is also a refresh button if you want to refresh the cache manually.
 
-
-<div id="config-remediation-metrics" />
+## Config Remediation Metrics
 
 ***
 
diff --git a/crowdsec-docs/unversioned/console/allowlists.mdx b/crowdsec-docs/unversioned/console/allowlists.mdx
index 46f64da64..38550b505 100644
--- a/crowdsec-docs/unversioned/console/allowlists.mdx
+++ b/crowdsec-docs/unversioned/console/allowlists.mdx
@@ -9,7 +9,7 @@ import { Badge } from "@site/src/ui/badge";
     <Badge variant="premium">CrowdSec Premium Feature</Badge>
 </div>
 
-Centralized allowlists is a powerful feature that allows you to manage allowlists across all your security engines and integrations from a single location. For free, you can still use [allowlist](next/local_api/centralized_allowlists) locally.
+Centralized allowlists is a powerful feature that allows you to manage allowlists across all your security engines and integrations from a single location. For free, you can still use [allowlist](/docs/next/local_api/centralized_allowlists) locally.
 
 ## How do allowlists work?
 
diff --git a/crowdsec-docs/unversioned/console/security_engines/dashboard.md b/crowdsec-docs/unversioned/console/security_engines/dashboard.md
index ac0b7438b..d8257ea5e 100644
--- a/crowdsec-docs/unversioned/console/security_engines/dashboard.md
+++ b/crowdsec-docs/unversioned/console/security_engines/dashboard.md
@@ -25,7 +25,7 @@ Each Security Engine has a card that displays essential details to facilitate mo
 - **Tags**: Add custom tags to the engines by using the ["doc"](/u/console/security_engines/name_and_tags) tag format.
 - **Alerts / Scenarios / Remediation Components / Blocklists / Log Processors (Distributed Setup only)**: Clicking any items will redirect to a dedicated section with relevant information.
 - **Activity**: This feature helps focus on Security Engines that require your attention. The ["Troubleshoot"](/u/console/security_engines/troubleshooting) feature can identify problems in your stack by analyzing past engine activity.
-- **Distributed Setup**: These are considered Distributed Setup Engines when multiple log processors are attached. [(Get more info here)](/docs/next/getting_started/security_engine_intro/#why-is-my-security-engine-classed-as-a-log-processor-within-the-console)
+- **Distributed Setup**: These are considered Distributed Setup Engines when multiple log processors are attached. [(Get more info here)](/docs/next/intro#deployment-options)
 
 ### Basic Card
 
diff --git a/crowdsec-docs/unversioned/getting_started/post_installation/acquisition.mdx b/crowdsec-docs/unversioned/getting_started/post_installation/acquisition.mdx
index 12edd4875..7dec94834 100644
--- a/crowdsec-docs/unversioned/getting_started/post_installation/acquisition.mdx
+++ b/crowdsec-docs/unversioned/getting_started/post_installation/acquisition.mdx
@@ -61,7 +61,7 @@ Collections are a group of [Parsers](https://docs.crowdsec.net/docs/next/parsers
 
 ## Next steps?
 
-If you already see all services you want covered by the then you can [head back to the post installation steps.](/getting_started/next_steps.mdx#3-acquisitions)
+If you already see all services you want covered by the then you can [head back to the post installation steps.](/u/getting_started/next_steps#3-acquisitions-%EF%B8%8F)
 
 Follow the [how to setup a new acquisition](/getting_started/post_installation/acquisition_new.mdx) section if you see some log sources are not being monitored.
 
diff --git a/crowdsec-docs/unversioned/getting_started/post_installation/acquisition_new.mdx b/crowdsec-docs/unversioned/getting_started/post_installation/acquisition_new.mdx
index 4569f5504..a99411223 100644
--- a/crowdsec-docs/unversioned/getting_started/post_installation/acquisition_new.mdx
+++ b/crowdsec-docs/unversioned/getting_started/post_installation/acquisition_new.mdx
@@ -6,7 +6,7 @@ pagination_next: getting_started/post_installation/profiles
 ---
 
 :::info
-We will be adding a [file based acquisition](/docs/next/data_sources/file). If you need to use a different source then alter the instructions to match your needs.
+We will be adding a [file based acquisition](/docs/next/log_processor/data_sources/file). If you need to use a different source then alter the instructions to match your needs.
 :::
 
 import FormattedTabs from '@site/src/components/formatted-tabs';
@@ -28,10 +28,10 @@ agent:
       value: '<collection_name>'`}
 />
 
-Once the collection has been downloaded we need to add a new [Acquisition](https://docs.crowdsec.net/docs/next/data_sources/intro) to the configuration so CrowdSec knows where to find the log source.
+Once the collection has been downloaded we need to add a new [Acquisition](/docs/next/log_processor/data_sources/intro) to the configuration so CrowdSec knows where to find the log source.
 
 :::info
-An example of an [Acquisition](https://docs.crowdsec.net/docs/next/data_sources/intro) is available in the collection on the [Hub](https://hub.crowdsec.net/), which will assist you in identifying the files to monitor and the labels to assign.
+An example of an [Acquisition](/docs/next/log_processor/data_sources/intro) is available in the collection on the [Hub](https://hub.crowdsec.net/), which will assist you in identifying the files to monitor and the labels to assign.
 :::
 
 :::info
@@ -54,7 +54,7 @@ From version `1.5.0` we have added the ability to add acquisitions via the `acqu
   cmd=".>C:\ProgramData\CrowdSec\Config\acquis.d\<collection_name>.yaml 2>NUL"
   yaml={`# In your values.yml file
 agent:
-# -- To add custom acquisitions using available datasources (https://docs.crowdsec.net/docs/next/data_sources/intro)
+# -- To add custom acquisitions using available datasources (https://docs.crowdsec.net/docs/next/log_processor/data_sources/intro)
   additionalAcquisition:
     - source: file
       filenames:
diff --git a/crowdsec-docs/unversioned/getting_started/post_installation/console.mdx b/crowdsec-docs/unversioned/getting_started/post_installation/console.mdx
index 38f1e1985..5143701d1 100644
--- a/crowdsec-docs/unversioned/getting_started/post_installation/console.mdx
+++ b/crowdsec-docs/unversioned/getting_started/post_installation/console.mdx
@@ -146,4 +146,4 @@ Now that you have enrolled your first engine, you can start exploring the consol
 - [Third-Party Blocklists](/getting_started/post_installation/console_blocklists.mdx)
 - [CrowdSec Hub](/getting_started/post_installation/console_hub.mdx)
 
-If not head back to the [post installation steps](/getting_started/next_steps.mdx#1-crowdsec-console) to follow the rest of the steps.
+If not head back to the [post installation steps](/getting_started/next_steps.mdx#1-crowdsec-console-) to follow the rest of the steps.
diff --git a/crowdsec-docs/unversioned/getting_started/post_installation/console_blocklists.mdx b/crowdsec-docs/unversioned/getting_started/post_installation/console_blocklists.mdx
index 3a846f39e..c5be9904a 100644
--- a/crowdsec-docs/unversioned/getting_started/post_installation/console_blocklists.mdx
+++ b/crowdsec-docs/unversioned/getting_started/post_installation/console_blocklists.mdx
@@ -107,4 +107,4 @@ Now that you have subscribed your engine to a list, you can continue exploring t
 
 - [CrowdSec Hub](/getting_started/post_installation/console_hub.mdx)
 
-If not head back to the [post installation steps](/getting_started/next_steps.mdx#1-crowdsec-console) to follow the rest of the steps.
+If not head back to the [post installation steps](/getting_started/next_steps.mdx#1-crowdsec-console-) to follow the rest of the steps.
diff --git a/crowdsec-docs/unversioned/getting_started/post_installation/console_hub.mdx b/crowdsec-docs/unversioned/getting_started/post_installation/console_hub.mdx
index d557dc2db..fce345e10 100644
--- a/crowdsec-docs/unversioned/getting_started/post_installation/console_hub.mdx
+++ b/crowdsec-docs/unversioned/getting_started/post_installation/console_hub.mdx
@@ -26,7 +26,7 @@ The [Hub](https://hub.crowdsec.net/) is divided into many sections, each of whic
 
 ### Collections Tab
 
-[Collections](/docs/next/collections/intro) refers to a set of configurations intended to operate in unison. For instance, the [crowdsecurity/sshd collection](https://app.crowdsec.net/hub/author/crowdsecurity/collections/sshd) includes settings aimed at overseeing attacks towards a SSH server.
+[Collections](/docs/next/log_processor/collections/intro) refers to a set of configurations intended to operate in unison. For instance, the [crowdsecurity/sshd collection](https://app.crowdsec.net/hub/author/crowdsecurity/collections/sshd) includes settings aimed at overseeing attacks towards a SSH server.
 
 <ThemedImage
     alt="CrowdSec sshd collection"
@@ -36,7 +36,7 @@ The [Hub](https://hub.crowdsec.net/) is divided into many sections, each of whic
     }}
 />
 
-You can see the contents of the [collection](/docs/next/collections/intro) by viewing the `Content` section.
+You can see the contents of the [collection](/docs/next/log_processor/collections/intro) by viewing the `Content` section.
 
 <ThemedImage
     alt="CrowdSec sshd collection content"
@@ -46,7 +46,7 @@ You can see the contents of the [collection](/docs/next/collections/intro) by vi
     }}
 />
 
-As illustrated above, the `sshd` collection encompasses a [parser](/docs/next/parsers/intro) along with [scenarios](/docs/next/scenarios/intro) focused on `brute force` attacks.
+As illustrated above, the `sshd` collection encompasses a [parser](/docs/next/log_processor/parsers/intro) along with [scenarios](/docs/next/log_processor/scenarios/intro) focused on `brute force` attacks.
 
 ### Configurations Tab
 
@@ -92,7 +92,7 @@ The term `Bouncers` has been updated to `Remediation Components` in the [Taxonom
 However, legacy items might still use the term `bouncers` just know that they are the same thing.
 :::
 
-This tab contains [Remediation Components](/bouncers/intro.md) that can be used to enforce decisions made by CrowdSec [Security Engine](/docs/next/getting_started/security_engine_intro).
+This tab contains [Remediation Components](/bouncers/intro.md) that can be used to enforce decisions made by CrowdSec [Security Engine](/docs/next/intro#architecture).
 
 <ThemedImage
     alt="CrowdSec bouncers"
@@ -140,4 +140,4 @@ These rules are defined and loaded by [AppSec Configurations](/docs/next/appsec/
 
 ## Next Steps?
 
-Now that you have viewed the CrowdSec Hub, you can head back to the [post installation steps](/getting_started/next_steps.mdx#1-crowdsec-console) to follow the rest of the steps.
+Now that you have viewed the CrowdSec Hub, you can head back to the [post installation steps](/getting_started/next_steps.mdx#1-crowdsec-console-) to follow the rest of the steps.
diff --git a/crowdsec-docs/unversioned/getting_started/post_installation/profiles.mdx b/crowdsec-docs/unversioned/getting_started/post_installation/profiles.mdx
index c0a286d1c..13e379edd 100644
--- a/crowdsec-docs/unversioned/getting_started/post_installation/profiles.mdx
+++ b/crowdsec-docs/unversioned/getting_started/post_installation/profiles.mdx
@@ -35,7 +35,7 @@ decisions:
 on_success: break
 ```
 
-We won't delve into the file's specifics in this section, but further information is available in the [profiles.yaml reference](/docs/next/profiles/format#profile-directives).
+We won't delve into the file's specifics in this section, but further information is available in the [profiles.yaml reference](/docs/next/local_api/profiles/format#profile-directives).
 
 ## Example Modifications
 
@@ -53,7 +53,7 @@ This adjustment can be made by configuring the plugin files located under:
 - **Freebsd** `/usr/local/etc/crowdsec/notifications/`
 - **Windows** `C:\ProgramData\CrowdSec\config\notifications\`
 
-We wont be covering the configuration as you can find [extensive documentation](/docs/next/notification_plugins/intro) on the files. Once this is done you can start by removing the comment (`#`) from the [`notifications`](/docs/next/profiles/format#notifications) lines. This will enable notifications for the specified components.
+We wont be covering the configuration as you can find [extensive documentation](/docs/next/local_api/notification_plugins/intro) on the files. Once this is done you can start by removing the comment (`#`) from the [`notifications`](/docs/next/local_api/profiles/format#notifications) lines. This will enable notifications for the specified components.
 
 <details>
 
@@ -85,7 +85,7 @@ on_success: break
 duration_expr: Sprintf('%dh', (GetDecisionsCount(Alert.GetValue()) + 1) * 4)
 ```
 
-This adjustment can be made by removing the comment (`#`) from the [`duration_expr`](/docs/next/profiles/format#duration_expr) line. The default formula utilizes [`GetDecisionsCount`](/docs/next/expr/other_helpers#getdecisionscountvalue-string-int) to determine how many times the specific value has been identified. We always add 1 to the count to ensure that the first ban is always 4 hours.
+This adjustment can be made by removing the comment (`#`) from the [`duration_expr`](/docs/next/local_api/profiles/format#duration_expr) line. The default formula utilizes [`GetDecisionsCount`](/docs/next/expr/other_helpers#getdecisionscountvalue-string-int) to determine how many times the specific value has been identified. We always add 1 to the count to ensure that the first ban is always 4 hours.
 
 The resulting duration is calculated by multiplying this count by 4, then the [`Sprintf`](/docs/next/expr/strings_helpers/#sprintfformat-string-a-interface-string) function formats the result into a string with the `h` suffix. The `h` suffix is used to denote hours within [Go's time package](https://pkg.go.dev/time#ParseDuration).
 
diff --git a/crowdsec-docs/unversioned/getting_started/post_installation/troubleshoot.mdx b/crowdsec-docs/unversioned/getting_started/post_installation/troubleshoot.mdx
index 2f1a8acdd..d1c0ec694 100644
--- a/crowdsec-docs/unversioned/getting_started/post_installation/troubleshoot.mdx
+++ b/crowdsec-docs/unversioned/getting_started/post_installation/troubleshoot.mdx
@@ -91,4 +91,4 @@ After you have made the changes you will need to restart the CrowdSec service.
 
 If the above hasn't resolved the issue you are facing, you can find more detailed troubleshooting documentation [here](/troubleshooting/intro.md).
 
-If you have resolved the issue you can continue with the [post installation steps](/getting_started/next_steps.mdx#1-crowdsec-console).
+If you have resolved the issue you can continue with the [post installation steps](/getting_started/next_steps.mdx#1-crowdsec-console-).
diff --git a/crowdsec-docs/unversioned/getting_started/post_installation/whitelists.mdx b/crowdsec-docs/unversioned/getting_started/post_installation/whitelists.mdx
index 7a6d35ae4..c47867fea 100644
--- a/crowdsec-docs/unversioned/getting_started/post_installation/whitelists.mdx
+++ b/crowdsec-docs/unversioned/getting_started/post_installation/whitelists.mdx
@@ -219,7 +219,7 @@ Once you have created the file you will need to restart the CrowdSec service for
 sudo systemctl restart crowdsec
 ```
 
-Expression whitelists are very powerful and can be used to whitelist based on any field in the event. You can find a more detailed version of the [expression guide here](/docs/next/whitelist/create_expr) which will showcase how you can find which fields are available to you based on the log line you are processing.
+Expression whitelists are very powerful and can be used to whitelist based on any field in the event. You can find a more detailed version of the [expression guide here](/docs/next/log_processor/whitelist/create_expr) which will showcase how you can find which fields are available to you based on the log line you are processing.
 
 ### Dynamic IP address
 
@@ -296,6 +296,6 @@ sudo cscli decisions delete --ip 192.168.1.1
 
 ## Next Steps?
 
-If you are still looking for examples on how to create a whitelist, you can find more detailed documentation [here](/docs/next/whitelist/intro).
+If you are still looking for examples on how to create a whitelist, you can find more detailed documentation [here](/docs/next/log_processor/whitelist/intro).
 
-If you have created your first whitelist, tested it and happy to continue then [click here](getting_started/next_steps.mdx#2-whitelists).
+If you have created your first whitelist, tested it and happy to continue then [click here](/getting_started/next_steps.mdx#2-whitelists-).
diff --git a/crowdsec-docs/unversioned/integrations/intro.mdx b/crowdsec-docs/unversioned/integrations/intro.mdx
index 941ecdf2a..9502be18f 100644
--- a/crowdsec-docs/unversioned/integrations/intro.mdx
+++ b/crowdsec-docs/unversioned/integrations/intro.mdx
@@ -47,7 +47,7 @@ Once you are on the Integrations page you can select the integration you would l
 
 ## Current Integrations
 
-- [Raw IP List](integrations/genericvendor.mdx)
+- [Raw IP List](integrations/rawiplist.mdx)
 - [Checkpoint](integrations/checkpoint.mdx)
 - [Cisco](integrations/cisco.mdx)
 - [F5](integrations/f5.mdx)
@@ -61,5 +61,5 @@ Once you are on the Integrations page you can select the integration you would l
 - [Remediation Component](integrations/remediationcomponent.mdx)
 
 :::info
-If you don't see an integration for your specific Firewall, you can use the [Raw IP List](integrations/genericvendor.mdx) integration in most cases.
+If you don't see an integration for your specific Firewall, you can use the [Raw IP List](integrations/rawiplist.mdx) integration in most cases.
 :::
\ No newline at end of file
diff --git a/crowdsec-docs/unversioned/troubleshooting/security_engine.mdx b/crowdsec-docs/unversioned/troubleshooting/security_engine.mdx
index a8ee7ca4d..fdbe2604d 100644
--- a/crowdsec-docs/unversioned/troubleshooting/security_engine.mdx
+++ b/crowdsec-docs/unversioned/troubleshooting/security_engine.mdx
@@ -193,7 +193,7 @@ See [databases configuration](/docs/next/local_api/database) for relevant config
 
 For multi-server setup, please pick one of the follow:
  - [distributed architecture](/u/user_guides/multiserver_setup).
- - [log centralization approach](/u/user_guides/log_centralization.)
+ - [log centralization approach](/u/user_guides/log_centralization)
 
 ## Logs
 
diff --git a/crowdsec-docs/unversioned/troubleshooting/usecases.mdx b/crowdsec-docs/unversioned/troubleshooting/usecases.mdx
index cb8e25866..4e25dd87b 100644
--- a/crowdsec-docs/unversioned/troubleshooting/usecases.mdx
+++ b/crowdsec-docs/unversioned/troubleshooting/usecases.mdx
@@ -59,7 +59,7 @@ Good option if you need to optimize server performance and reduce log storage re
 - [Blocklist Catalog doc](/u/console/blocklists/catalog)
 - [Blocklist Catalog ↗️](https://app.crowdsec.net/blocklists/search)
 - [Security Engine installation](/u/getting_started/intro)
-- [CrowdSec WAF](/appsec/intro)
+- [CrowdSec WAF](/docs/next/appsec/intro)
 - [Remediation Metrics](/u/console/remediation_metrics)
 
 ---
@@ -126,8 +126,8 @@ Good option if you want to prevent illegitimate AI crawlers from visiting your s
 - Block at the edge using your firewall or CDN.  
 
 **References**
-- [⬆️ **Blocking at the edge section**](#blocking-at-the-edge)
-- [Custom scenario creation](/docs/next/scenarios/create)
+- [⬆️ **Blocking at the edge section**](#block-known-bad-ips-at-the-edge)
+- [Custom scenario creation](/docs/next/log_processor/scenarios/create)
 - [AI Crawlers Blocklist ↗️](https://app.crowdsec.net/blocklists/67b3524151bbde7a12b60be0)
 - [Currated Botnet Actors ↗️](https://app.crowdsec.net/blocklists/65a56c160469607d9badb813)
 - [Public Internet Scanners ↗️](https://app.crowdsec.net/blocklists/65f972eb807e06de7a0e3e65)
@@ -153,7 +153,7 @@ Benefit from CrowdSec's Virtual patching catalog while being able to use your ex
 
 **References**
 - [Security Engine installation](/u/getting_started/intro)
-- [CrowdSec WAF presentation](/appsec/intro)
+- [CrowdSec WAF presentation](/docs/next/appsec/intro)
 - [Virtual Patching collection ↗️](https://app.crowdsec.net/hub/author/crowdsecurity/collections/appsec-virtual-patching)
 - [CrowdSec WAF article ↗️](https://www.crowdsec.net/blog/crowdsec-waf-the-collaborative-future-of-web-application-security)
 
@@ -198,7 +198,7 @@ Good option if you need highly specific protection tailored to your application'
 
 **References**
 - [⬆️ **Block Common web attacks fast**](#block-common-web-attacks-fast)
-- [Custom scenario creation](/log_processor/scenarios/create)
+- [Custom scenario creation](/docs/next/log_processor/scenarios/create)
 - [Get help from the community ↗️](https://discord.gg/wGN7ShmEE8)
 - [Example of custom detection: Impossible traveler ↗️](https://www.crowdsec.net/blog/detect-suspicious-ip-behavior-impossible-travel)
 - [Success story: ScaleCommerce vs scalpers ↗️](https://www.crowdsec.net/blog/scalecommerce-plummets-ops-costs-and-skyrockets-efficiency)
diff --git a/crowdsec-docs/unversioned/user_guides/building.md b/crowdsec-docs/unversioned/user_guides/building.md
index 008e66ce3..bfb3e21d6 100644
--- a/crowdsec-docs/unversioned/user_guides/building.md
+++ b/crowdsec-docs/unversioned/user_guides/building.md
@@ -65,7 +65,7 @@ This will only deploy the binaries, and some extra installation steps need to be
  - `sudo cscli machines add -a` : register crowdsec to the local API
  - `sudo cscli capi register` : register to the central API
  - `sudo cscli collections install crowdsecurity/linux` : install essential configs (syslog parser, geoip enrichment, date parsers)
- - configure your [datasources](/docs/next/data_sources/intro)
+ - configure your [datasources](/docs/next/log_processor/data_sources/intro)
 
 You can now start & enable the crowdsec service :
 
diff --git a/crowdsec-docs/unversioned/user_guides/hub_management.md b/crowdsec-docs/unversioned/user_guides/hub_management.md
index 9a980488c..592a1589d 100644
--- a/crowdsec-docs/unversioned/user_guides/hub_management.md
+++ b/crowdsec-docs/unversioned/user_guides/hub_management.md
@@ -161,7 +161,7 @@ Current metrics :
 
 ### Reference
 
-See more about collection [here](/docs/next/collections/intro).
+See more about collection [here](/docs/next/log_processor/collections/intro).
 
 
 ## Parsers
@@ -191,7 +191,7 @@ INFO[0000] Run 'systemctl reload crowdsec' for the new configuration to be effec
 sudo cscli parsers list
 ```
 
-[Parsers](/docs/next/parsers/intro) are yaml files in `/etc/crowdsec/parsers/<STAGE>/parser.yaml`.
+[Parsers](/docs/next/log_processor/parsers/intro) are yaml files in `/etc/crowdsec/parsers/<STAGE>/parser.yaml`.
 
 
 <details>
@@ -293,11 +293,11 @@ Current metrics :
 
 ### Reference
 
-See more details about parsers [here](/docs/next/parsers/intro).
+See more details about parsers [here](/docs/next/log_processor/parsers/intro).
 
 ## Enrichers
 
-Enrichers are basically [parsers](/docs/next/parsers/intro) that can rely on external methods to provide extra contextual information to the event. The enrichers are usually in the `s02-enrich` stage (after most of the parsing happened).
+Enrichers are basically [parsers](/docs/next/log_processor/parsers/intro) that can rely on external methods to provide extra contextual information to the event. The enrichers are usually in the `s02-enrich` stage (after most of the parsing happened).
 
 Enrichers functions should all accept a string as a parameter, and return an associative string array, that will be automatically merged into the `Enriched` map of the [event](/docs/next/expr/event).
 
@@ -323,7 +323,7 @@ Take a tour at the [Hub](https://hub.crowdsec.net/browse/#configurations) to fin
 
 ### Reference
 
-See more about enrichers [here](/docs/next/parsers/enricher).
+See more about enrichers [here](/docs/next/log_processor/parsers/enricher).
 
 
 ## Scenarios
@@ -364,7 +364,7 @@ Use `--all` to list available parsers.
 
 :::
 
-[Scenario](/docs/next/scenarios/intro) are yaml files in `/etc/crowdsec/scenarios/`.
+[Scenario](/docs/next/log_processor/scenarios/intro) are yaml files in `/etc/crowdsec/scenarios/`.
 
 
 <details>
@@ -464,4 +464,4 @@ Current metrics :
 
 ### Reference
 
-See more about scenarios [here](/docs/next/scenarios/intro).
+See more about scenarios [here](/docs/next/log_processor/scenarios/intro).
diff --git a/crowdsec-docs/unversioned/user_guides/multiserver_setup.md b/crowdsec-docs/unversioned/user_guides/multiserver_setup.md
index 8b8988c50..b85d82630 100644
--- a/crowdsec-docs/unversioned/user_guides/multiserver_setup.md
+++ b/crowdsec-docs/unversioned/user_guides/multiserver_setup.md
@@ -11,7 +11,7 @@ import useBaseUrl from "@docusaurus/useBaseUrl"
 Crowdsec's [architecture](/docs/next/intro#architecture) allows distributed setups, as most components communicate via [HTTP API](/docs/next/local_api/intro).
 
 When doing such, a few considerations must be kept in mind to understand the role of each component:
- - The log processor is in charge of [processing the logs](/docs/next/parsers/intro), matching them against [scenarios](/docs/next/scenarios/intro), and sending the resulting alerts to the [local API](/docs/next/local_api/intro)
+ - The log processor is in charge of [processing the logs](/docs/next/log_processor/parsers/intro), matching them against [scenarios](/docs/next/log_processor/scenarios/intro), and sending the resulting alerts to the [local API](/docs/next/local_api/intro)
  - The local API (LAPI from now on) receives the alerts and converts them into decisions based on your profile
  - LAPI also takes care of communication with [CAPI](/docs/next/central_api/intro) to pull blocklists and push alerts to the console.
  - The remediation component query the LAPI to receive the decisions to be applied
@@ -40,7 +40,7 @@ You can also use [TLS Authentication](/docs/next/local_api/tls_auth), which does
 
 ### LAPI
 
-Follow the [getting started guide](/docs/next/getting_started/install_crowdsec) to install Crowdsec.
+Follow the [getting started guide](/u/getting_started/installation/linux) to install Crowdsec.
 
 You will need to edit the `/etc/crowdsec/config.yaml` file to make LAPI listen on all interfaces:
 ```yaml
@@ -79,7 +79,7 @@ Note that LAPI only receives the alerts and turn them into decisions, this means
 
 ### Log processors
 
-Again, follow the [getting started guide](/docs/next/getting_started/install_crowdsec) to install Crowdsec.
+Again, follow the [getting started guide](/u/getting_started/installation/linux) to install Crowdsec.
 
 Once the installation is done, you need to edit the `/etc/crowdsec/config.yaml` to disable the LAPI running by default.
 To do so, you can remove the entire `api.server` section from the file.
diff --git a/crowdsec-docs/versioned_docs/version-v1.3.4/central_api/intro.md b/crowdsec-docs/versioned_docs/version-v1.3.4/central_api/intro.md
index b767d77ec..21cb1392a 100644
--- a/crowdsec-docs/versioned_docs/version-v1.3.4/central_api/intro.md
+++ b/crowdsec-docs/versioned_docs/version-v1.3.4/central_api/intro.md
@@ -15,7 +15,7 @@ The [Central API](https://crowdsecurity.github.io/api_doc/capi/) is the service
 This information is *only* going to be pushed when a scenario is coming from the hub and is unmodified. Custom scenarios, tainted scenarios and manual decisions are *not* pushed
 :::
 
-When CrowdSec blocks an attack, [unless you opt-out of it](/u/troubleshooting/intro#how-to-disable-the-central-api), CrowdSec is going to push "signal meta-data". Those meta-data are :
+When CrowdSec blocks an attack, [unless you opt-out of it](/u/troubleshooting/security_engine#how-to-disable-the-central-api), CrowdSec is going to push "signal meta-data". Those meta-data are :
  - The name of the scenario that was triggered
  - The hash & version of the scenario that was triggered
  - The timestamp of the decision
diff --git a/crowdsec-docs/versioned_docs/version-v1.3.4/contributing/hub.md b/crowdsec-docs/versioned_docs/version-v1.3.4/contributing/hub.md
index 724a48cdf..7e78aceb9 100644
--- a/crowdsec-docs/versioned_docs/version-v1.3.4/contributing/hub.md
+++ b/crowdsec-docs/versioned_docs/version-v1.3.4/contributing/hub.md
@@ -28,12 +28,12 @@ To get involved :
 
 The following explains how to create and test:
 
-- [parsers](/docs/parsers/create/)
-- [scenarios](/docs/scenarios/create/)
+- [parsers](/parsers/create.md)
+- [scenarios](/scenarios/create.md)
 
 ## Collections
 
-It often makes sense for a new parser or scenario to be added to an existing [collection](/docs/collections/format), or create a new one.
+It often makes sense for a new parser or scenario to be added to an existing [collection](/collections/format.md), or create a new one.
 
 If your parsers and/or scenarios cover a new or specific service, having a dedicated collection for this service makes sense.
 In other cases, having a parser for `SpecificWebServer` access logs would justify a collection as it might also include [all the default http related scenarios](https://hub.crowdsec.net/author/crowdsecurity/collections/base-http-scenarios).
@@ -42,7 +42,7 @@ In other cases, having a parser for `SpecificWebServer` access logs would justif
 
 Before asking for a review of your PR, please ensure you have the following:
 
-- tests: Test creation is covered in [parsers creation](/docs/parsers/create/) and [scenarios creation](/docs/scenarios/create/). Ensure that each of your parser or scenario is properly tested.
+- tests: Test creation is covered in [parsers creation](/parsers/create.md) and [scenarios creation](/scenarios/create.md). Ensure that each of your parser or scenario is properly tested.
 - documentation: Please provide a `.md` file with the same name as each of your parser, scenario or collection. The markdown is rendered in the [hub](https://hub.crowdsec.net).
 - documentation: If you're creating a collection targeting a specific log file, be sure to provide an acquis example as :
 
diff --git a/crowdsec-docs/versioned_docs/version-v1.3.4/troubleshooting.md b/crowdsec-docs/versioned_docs/version-v1.3.4/troubleshooting.md
index c7b87cdb2..3ff87cd69 100644
--- a/crowdsec-docs/versioned_docs/version-v1.3.4/troubleshooting.md
+++ b/crowdsec-docs/versioned_docs/version-v1.3.4/troubleshooting.md
@@ -75,7 +75,7 @@ time="19-04-2022 15:43:07" level=error msg="API error: access forbidden"
 
 ## My scenario is triggered with less logs than the scenario capacity
 
-During the installation, the CrowdSec [Wizard](/u/user_guides/building#using-the-wizard) is ran, which detects the basic logs files to add in the [acquisition](/docs/concepts#acquisition) configuration.
+During the installation, the CrowdSec [Wizard](/u/user_guides/building#using-the-wizard) is ran, which detects the basic logs files to add in the [acquisition](/concepts.md#acquisition) configuration.
 If you re-run the `wizard.sh` script after the installation and you have common log files, they might be set up multiple times in your acquisition configuration. This means that CrowdSec will read each logs line as many time as you have the logs file configured in your acquisition configuration.
 
 
diff --git a/crowdsec-docs/versioned_docs/version-v1.4.0/central_api/intro.md b/crowdsec-docs/versioned_docs/version-v1.4.0/central_api/intro.md
index b767d77ec..21cb1392a 100644
--- a/crowdsec-docs/versioned_docs/version-v1.4.0/central_api/intro.md
+++ b/crowdsec-docs/versioned_docs/version-v1.4.0/central_api/intro.md
@@ -15,7 +15,7 @@ The [Central API](https://crowdsecurity.github.io/api_doc/capi/) is the service
 This information is *only* going to be pushed when a scenario is coming from the hub and is unmodified. Custom scenarios, tainted scenarios and manual decisions are *not* pushed
 :::
 
-When CrowdSec blocks an attack, [unless you opt-out of it](/u/troubleshooting/intro#how-to-disable-the-central-api), CrowdSec is going to push "signal meta-data". Those meta-data are :
+When CrowdSec blocks an attack, [unless you opt-out of it](/u/troubleshooting/security_engine#how-to-disable-the-central-api), CrowdSec is going to push "signal meta-data". Those meta-data are :
  - The name of the scenario that was triggered
  - The hash & version of the scenario that was triggered
  - The timestamp of the decision
diff --git a/crowdsec-docs/versioned_docs/version-v1.4.0/contributing/hub.md b/crowdsec-docs/versioned_docs/version-v1.4.0/contributing/hub.md
index 724a48cdf..7e78aceb9 100644
--- a/crowdsec-docs/versioned_docs/version-v1.4.0/contributing/hub.md
+++ b/crowdsec-docs/versioned_docs/version-v1.4.0/contributing/hub.md
@@ -28,12 +28,12 @@ To get involved :
 
 The following explains how to create and test:
 
-- [parsers](/docs/parsers/create/)
-- [scenarios](/docs/scenarios/create/)
+- [parsers](/parsers/create.md)
+- [scenarios](/scenarios/create.md)
 
 ## Collections
 
-It often makes sense for a new parser or scenario to be added to an existing [collection](/docs/collections/format), or create a new one.
+It often makes sense for a new parser or scenario to be added to an existing [collection](/collections/format.md), or create a new one.
 
 If your parsers and/or scenarios cover a new or specific service, having a dedicated collection for this service makes sense.
 In other cases, having a parser for `SpecificWebServer` access logs would justify a collection as it might also include [all the default http related scenarios](https://hub.crowdsec.net/author/crowdsecurity/collections/base-http-scenarios).
@@ -42,7 +42,7 @@ In other cases, having a parser for `SpecificWebServer` access logs would justif
 
 Before asking for a review of your PR, please ensure you have the following:
 
-- tests: Test creation is covered in [parsers creation](/docs/parsers/create/) and [scenarios creation](/docs/scenarios/create/). Ensure that each of your parser or scenario is properly tested.
+- tests: Test creation is covered in [parsers creation](/parsers/create.md) and [scenarios creation](/scenarios/create.md). Ensure that each of your parser or scenario is properly tested.
 - documentation: Please provide a `.md` file with the same name as each of your parser, scenario or collection. The markdown is rendered in the [hub](https://hub.crowdsec.net).
 - documentation: If you're creating a collection targeting a specific log file, be sure to provide an acquis example as :
 
diff --git a/crowdsec-docs/versioned_docs/version-v1.4.0/troubleshooting.md b/crowdsec-docs/versioned_docs/version-v1.4.0/troubleshooting.md
index c7b87cdb2..3ff87cd69 100644
--- a/crowdsec-docs/versioned_docs/version-v1.4.0/troubleshooting.md
+++ b/crowdsec-docs/versioned_docs/version-v1.4.0/troubleshooting.md
@@ -75,7 +75,7 @@ time="19-04-2022 15:43:07" level=error msg="API error: access forbidden"
 
 ## My scenario is triggered with less logs than the scenario capacity
 
-During the installation, the CrowdSec [Wizard](/u/user_guides/building#using-the-wizard) is ran, which detects the basic logs files to add in the [acquisition](/docs/concepts#acquisition) configuration.
+During the installation, the CrowdSec [Wizard](/u/user_guides/building#using-the-wizard) is ran, which detects the basic logs files to add in the [acquisition](/concepts.md#acquisition) configuration.
 If you re-run the `wizard.sh` script after the installation and you have common log files, they might be set up multiple times in your acquisition configuration. This means that CrowdSec will read each logs line as many time as you have the logs file configured in your acquisition configuration.
 
 
diff --git a/crowdsec-docs/versioned_docs/version-v1.5.0/central_api/intro.md b/crowdsec-docs/versioned_docs/version-v1.5.0/central_api/intro.md
index b7a4f22cf..1e723cbab 100644
--- a/crowdsec-docs/versioned_docs/version-v1.5.0/central_api/intro.md
+++ b/crowdsec-docs/versioned_docs/version-v1.5.0/central_api/intro.md
@@ -15,7 +15,7 @@ The [Central API](https://crowdsecurity.github.io/api_doc/capi/) is the service
 This information is *only* going to be pushed when a scenario is coming from the hub and is unmodified. Custom scenarios, tainted scenarios and manual decisions are *not* pushed unless enrolled into the console.
 :::
 
-When the Security Engine generates an alert, [unless you opt-out of it](/u/troubleshooting/intro#how-to-disable-the-central-api), it will push "signal meta-data". The meta-data are :
+When the Security Engine generates an alert, [unless you opt-out of it](/u/troubleshooting/security_engine#how-to-disable-the-central-api), it will push "signal meta-data". The meta-data are :
  - The name of the scenario that was triggered
  - The hash & version of the scenario that was triggered
  - The timestamp of the decision
diff --git a/crowdsec-docs/versioned_docs/version-v1.5.0/contributing/hub.md b/crowdsec-docs/versioned_docs/version-v1.5.0/contributing/hub.md
index 34d55c94b..e1512b2f8 100644
--- a/crowdsec-docs/versioned_docs/version-v1.5.0/contributing/hub.md
+++ b/crowdsec-docs/versioned_docs/version-v1.5.0/contributing/hub.md
@@ -28,12 +28,12 @@ To get involved :
 
 The following explains how to create and test:
 
-- [parsers](/docs/parsers/create/)
-- [scenarios](/docs/scenarios/create/)
+- [parsers](/parsers/create.md)
+- [scenarios](/scenarios/create.md)
 
 ### Collections
 
-It often makes sense for a new parser or scenario to be added to an existing [collection](/docs/collections/format), or create a new one.
+It often makes sense for a new parser or scenario to be added to an existing [collection](/collections/format.md), or create a new one.
 
 If your parsers and/or scenarios cover a new or specific service, having a dedicated collection for this service makes sense.
 In other cases, having a parser for `SpecificWebServer` access logs would justify a collection as it might also include [all the default http related scenarios](https://hub.crowdsec.net/author/crowdsecurity/collections/base-http-scenarios).
@@ -42,7 +42,7 @@ In other cases, having a parser for `SpecificWebServer` access logs would justif
 
 Before asking for a review of your PR, please ensure you have the following:
 
-- tests: Test creation is covered in [parsers creation](/docs/parsers/create/) and [scenarios creation](/docs/scenarios/create/). Ensure that each of your parser or scenario is properly tested.
+- tests: Test creation is covered in [parsers creation](/parsers/create.md) and [scenarios creation](/scenarios/create.md). Ensure that each of your parser or scenario is properly tested.
 - documentation: Please provide a `.md` file with the same name as each of your parser, scenario or collection. The markdown is rendered in the [hub](https://hub.crowdsec.net).
 - documentation: If you're creating a collection targeting a specific log file, be sure to provide an acquis example as :
 
diff --git a/crowdsec-docs/versioned_docs/version-v1.5.0/scenarios/create.md b/crowdsec-docs/versioned_docs/version-v1.5.0/scenarios/create.md
index 6d471368f..c6426bfb0 100644
--- a/crowdsec-docs/versioned_docs/version-v1.5.0/scenarios/create.md
+++ b/crowdsec-docs/versioned_docs/version-v1.5.0/scenarios/create.md
@@ -8,7 +8,7 @@ import AcademyPromo from '@site/src/components/academy-promo';
 
 :::caution
 
-All the examples assume that you have read the [Creating parsers](/docs/next/parsers/create) documentation.
+All the examples assume that you have read the [Creating parsers](/parsers/create.md) documentation.
 
 :::
 
@@ -114,7 +114,7 @@ labels:
 
 :::note
 
-We filter on `evt.Meta.log_type == 'myservice_failed_auth'` because in the parser `myservice-logs` (created in the [Creating parsers](/docs/next/parsers/create) part) we set the `log_type` to `myservice_failed_auth` for bad password or bad user attempt.
+We filter on `evt.Meta.log_type == 'myservice_failed_auth'` because in the parser `myservice-logs` (created in the [Creating parsers](/parsers/create.md) part) we set the `log_type` to `myservice_failed_auth` for bad password or bad user attempt.
 
 :::
 
diff --git a/crowdsec-docs/versioned_docs/version-v1.5.0/troubleshooting.md b/crowdsec-docs/versioned_docs/version-v1.5.0/troubleshooting.md
index ba1dda9f4..64abf8d7b 100644
--- a/crowdsec-docs/versioned_docs/version-v1.5.0/troubleshooting.md
+++ b/crowdsec-docs/versioned_docs/version-v1.5.0/troubleshooting.md
@@ -107,7 +107,7 @@ Bouncers configuration files by default are located in:
 
 ## My scenario is triggered with less logs than the scenario capacity
 
-During the installation, the CrowdSec [Wizard](/u/user_guides/building#using-the-wizard) is ran, which detects the basic logs files to add in the [acquisition](/docs/concepts#acquisition) configuration.
+During the installation, the CrowdSec [Wizard](/u/user_guides/building#using-the-wizard) is ran, which detects the basic logs files to add in the [acquisition](/concepts.md#acquisition) configuration.
 If you re-run the `wizard.sh` script after the installation and you have common log files, they might be set up multiple times in your acquisition configuration. This means that CrowdSec will read each logs line as many time as you have the logs file configured in your acquisition configuration.
 
 
diff --git a/crowdsec-docs/versioned_docs/version-v1.6/appsec/configuration.md b/crowdsec-docs/versioned_docs/version-v1.6/appsec/configuration.md
index e612a6435..5b46e6578 100644
--- a/crowdsec-docs/versioned_docs/version-v1.6/appsec/configuration.md
+++ b/crowdsec-docs/versioned_docs/version-v1.6/appsec/configuration.md
@@ -22,9 +22,9 @@ The AppSec Component configuration consists of three main parts:
 
 The goals of the acquisition file are:
 - To specify the **address** and **port** where the AppSec-enabled Remediation Component(s) will forward the requests to.
-- And specify one or more [AppSec configuration files](#appsec-configuration) to use as definition of what rules to apply and how. 
+- And specify one or more [AppSec configuration files](#appsec-configuration-files) to use as definition of what rules to apply and how. 
 
-Details can be found in the [AppSec Datasource page](/log_processor/data_sources/apps).
+Details can be found in the [AppSec Datasource page](/log_processor/data_sources/appsec.md).
 
 ### Defining Multiple AppSec Configurations
 
diff --git a/crowdsec-docs/versioned_docs/version-v1.6/appsec/quickstart/general.mdx b/crowdsec-docs/versioned_docs/version-v1.6/appsec/quickstart/general.mdx
index e348e6dfd..85f0ee920 100644
--- a/crowdsec-docs/versioned_docs/version-v1.6/appsec/quickstart/general.mdx
+++ b/crowdsec-docs/versioned_docs/version-v1.6/appsec/quickstart/general.mdx
@@ -203,4 +203,4 @@ If the AppSec Component fails to start:
 3. **Check configuration syntax**: Validate your `appsec.yaml` file
 4. **Review logs**: Check `/var/log/crowdsec.log` for error messages
 
-For detailed troubleshooting, see the [AppSec Troubleshooting Guide](/appsec/troubleshooting).
\ No newline at end of file
+For detailed troubleshooting, see the [AppSec Troubleshooting Guide](/appsec/troubleshooting.md).
\ No newline at end of file
diff --git a/crowdsec-docs/versioned_docs/version-v1.6/appsec/quickstart/nginxopenresty.mdx b/crowdsec-docs/versioned_docs/version-v1.6/appsec/quickstart/nginxopenresty.mdx
index 53c75604c..625007af1 100644
--- a/crowdsec-docs/versioned_docs/version-v1.6/appsec/quickstart/nginxopenresty.mdx
+++ b/crowdsec-docs/versioned_docs/version-v1.6/appsec/quickstart/nginxopenresty.mdx
@@ -59,7 +59,7 @@ sudo cscli collections install crowdsecurity/appsec-virtual-patching crowdsecuri
 Executing this command will install the following items:
 
 - The [*AppSec Rules*](/appsec/rules_syntax.md) contain the definition of malevolent requests to be matched and stopped
-- The [*AppSec Configuration*](/appsec/configuration.md#appsec-configuration) links together a set of rules to provide a coherent set
+- The [*AppSec Configuration*](/appsec/configuration.md#appsec-configuration-files) links together a set of rules to provide a coherent set
 - The <UnderlineTooltip tooltip="YAML files that extract relevant data from logs, such as IP addresses, timestamps, or request paths.">CrowdSec Parser</UnderlineTooltip> and <UnderlineTooltip tooltip="Behavioral rules written in a domain-specific language that define what malicious activity looks like, such as multiple failed logins in a short time.">CrowdSec Scenario(s)</UnderlineTooltip> bans for a longer duration repeating offenders
 
 ### Setup the Acquisition
@@ -82,7 +82,7 @@ Steps:
 
 The two important directives in this configuration file are:
 
- - `appsec_config` is the name of the [*AppSec Configuration*](appsec/configuration.md#appsec-configuration) that was included in the <UnderlineTooltip tooltip="Collections are bundle of parsers, scenarios, postoverflows that form a coherent package.">Collection</UnderlineTooltip> we just installed.
+ - `appsec_config` is the name of the [*AppSec Configuration*](/appsec/configuration.md#appsec-configuration-files) that was included in the <UnderlineTooltip tooltip="Collections are bundle of parsers, scenarios, postoverflows that form a coherent package.">Collection</UnderlineTooltip> we just installed.
  - the `listen_addr` is the IP and port the AppSec Component will listen to.
 
 :::warning
diff --git a/crowdsec-docs/versioned_docs/version-v1.6/appsec/quickstart/traefik.mdx b/crowdsec-docs/versioned_docs/version-v1.6/appsec/quickstart/traefik.mdx
index 898dfc500..f6bd50054 100644
--- a/crowdsec-docs/versioned_docs/version-v1.6/appsec/quickstart/traefik.mdx
+++ b/crowdsec-docs/versioned_docs/version-v1.6/appsec/quickstart/traefik.mdx
@@ -63,7 +63,7 @@ docker exec -it crowdsec cscli collections install crowdsecurity/appsec-virtual-
 Executing this command or updating the compose will install the following items:
 
 - The [*AppSec Rules*](/appsec/rules_syntax.md) contain the definition of malevolent requests to be matched and stopped.
-- The [*AppSec Configuration*](/appsec/configuration.md#appsec-configuration) links together a set of rules to provide a coherent set.
+- The [*AppSec Configuration*](/appsec/configuration.md#appsec-configuration-files) links together a set of rules to provide a coherent set.
 - The <UnderlineTooltip tooltip="YAML files that extract relevant data from logs, such as IP addresses, timestamps, or request paths.">CrowdSec Parser</UnderlineTooltip> and <UnderlineTooltip tooltip="Behavioral rules written in a domain-specific language that define what malicious activity looks like, such as multiple failed logins in a short time.">CrowdSec Scenario(s)</UnderlineTooltip> are used to detect and remediate persistent attacks.
 
 Once you have updated your compose or installed via the command line, will we need to restart the container. However, before we do that, we need to setup the acquisition for the AppSec Component.
diff --git a/crowdsec-docs/versioned_docs/version-v1.6/appsec/quickstart/wordpress.mdx b/crowdsec-docs/versioned_docs/version-v1.6/appsec/quickstart/wordpress.mdx
index cceffcef0..a7713e43c 100644
--- a/crowdsec-docs/versioned_docs/version-v1.6/appsec/quickstart/wordpress.mdx
+++ b/crowdsec-docs/versioned_docs/version-v1.6/appsec/quickstart/wordpress.mdx
@@ -53,7 +53,7 @@ sudo cscli collections install crowdsecurity/appsec-virtual-patching crowdsecuri
 Executing this command will install the following items:
 
 - The [*AppSec Rules*](/appsec/rules_syntax.md) contain the definition of malevolent requests to be matched and stopped
-- The [*AppSec Configuration*](/appsec/configuration.md#appsec-configuration) links together a set of rules to provide a coherent set
+- The [*AppSec Configuration*](/appsec/configuration.md#appsec-configuration-files) links together a set of rules to provide a coherent set
 - The <UnderlineTooltip tooltip="YAML files that extract relevant data from logs, such as IP addresses, timestamps, or request paths.">CrowdSec Parser</UnderlineTooltip> and <UnderlineTooltip tooltip="Behavioral rules written in a domain-specific language that define what malicious activity looks like, such as multiple failed logins in a short time.">CrowdSec Scenario(s)</UnderlineTooltip> bans for a longer duration repeating offenders
 
 ### Setup the Acquisition
@@ -76,7 +76,7 @@ Steps:
 
 The two important directives in this configuration file are:
 
- - `appsec_config` is the name of the [*AppSec Configuration*](appsec/configuration.md#appsec-configuration) that was included in the <UnderlineTooltip tooltip="Collections are bundle of parsers, scenarios, postoverflows that form a coherent package.">Collection</UnderlineTooltip> we just installed.
+ - `appsec_config` is the name of the [*AppSec Configuration*](/appsec/configuration.md#appsec-configuration-files) that was included in the <UnderlineTooltip tooltip="Collections are bundle of parsers, scenarios, postoverflows that form a coherent package.">Collection</UnderlineTooltip> we just installed.
  - the `listen_addr` is the IP and port the AppSec Component will listen to.
 
 :::warning
diff --git a/crowdsec-docs/versioned_docs/version-v1.6/appsec/troubleshooting.md b/crowdsec-docs/versioned_docs/version-v1.6/appsec/troubleshooting.md
index c98bdc02d..eda4ca3c0 100644
--- a/crowdsec-docs/versioned_docs/version-v1.6/appsec/troubleshooting.md
+++ b/crowdsec-docs/versioned_docs/version-v1.6/appsec/troubleshooting.md
@@ -63,7 +63,7 @@ DEBU[2023-12-06 15:40:26] Finish evaluating rule                        band=inb
 ## Authenticating with the AppSec Component
 
 :::note
-We are assuming the AppSec engine is running on `127.0.0.1:7422`. See [installation directives](/docs/next/appsec/installation)
+We are assuming the AppSec engine is running on `127.0.0.1:7422`. See [installation directives](/appsec/quickstart/general.mdx)
 :::
 
 > Create a valid API Key
diff --git a/crowdsec-docs/versioned_docs/version-v1.6/central_api/intro.md b/crowdsec-docs/versioned_docs/version-v1.6/central_api/intro.md
index b7a4f22cf..1e723cbab 100644
--- a/crowdsec-docs/versioned_docs/version-v1.6/central_api/intro.md
+++ b/crowdsec-docs/versioned_docs/version-v1.6/central_api/intro.md
@@ -15,7 +15,7 @@ The [Central API](https://crowdsecurity.github.io/api_doc/capi/) is the service
 This information is *only* going to be pushed when a scenario is coming from the hub and is unmodified. Custom scenarios, tainted scenarios and manual decisions are *not* pushed unless enrolled into the console.
 :::
 
-When the Security Engine generates an alert, [unless you opt-out of it](/u/troubleshooting/intro#how-to-disable-the-central-api), it will push "signal meta-data". The meta-data are :
+When the Security Engine generates an alert, [unless you opt-out of it](/u/troubleshooting/security_engine#how-to-disable-the-central-api), it will push "signal meta-data". The meta-data are :
  - The name of the scenario that was triggered
  - The hash & version of the scenario that was triggered
  - The timestamp of the decision
diff --git a/crowdsec-docs/versioned_docs/version-v1.6/concepts.md b/crowdsec-docs/versioned_docs/version-v1.6/concepts.md
index c2c26af10..1a184add4 100644
--- a/crowdsec-docs/versioned_docs/version-v1.6/concepts.md
+++ b/crowdsec-docs/versioned_docs/version-v1.6/concepts.md
@@ -12,7 +12,7 @@ sidebar_position: 1
 > The Security Engine is CrowdSec's IDS/IPS (Intrusion Detection System/Intrusion Prevention System)
 > It is a rules and behavior detection engine comprised of Log Processor and the Local API.
 
-A Security Engine can operate [independently](/intro#architecture) or in a [distributed manner](/intro#deployment-options), adapting to the specific needs and constraints of your infrastructure. For more information on CrowdSec's distributed approach, visit our documentation on collaborative operations and distributed deployments.
+A Security Engine can operate [independently](intro.mdx#architecture) or in a [distributed manner](intro.mdx#deployment-options), adapting to the specific needs and constraints of your infrastructure. For more information on CrowdSec's distributed approach, visit our documentation on collaborative operations and distributed deployments.
 
 
 # Log Processor (LP)
@@ -50,7 +50,7 @@ Remediations components leverage existing components of your infrastructure to b
 
 > The Central API (CAPI) serves as the gateway for network participants to connect and communicate with CrowdSec's network.
 
-The Central API (abreviated as `CAPI`) receives attack signals from all participating Security Engines and signal partners, then re-distribute them curated community decisions ([Community Blocklist](/central_api/community_blocklist/)).   
+The Central API (abreviated as `CAPI`) receives attack signals from all participating Security Engines and signal partners, then re-distribute them curated community decisions ([Community Blocklist](/central_api/blocklist.md)).   
 It's also at the heart of CrowdSec centralized [Blocklist services](/u/blocklists/intro).
 
 # Console
@@ -61,4 +61,4 @@ The [Console](https://app.crowdsec.net) allows you to:
  - [Manage alerts](/u/console/alerts/intro) of your security stack
  - [Manage decisions](/u/console/decisions/decisions_intro) in real-time
  - View and use [blocklists and integrations](/u/blocklists/intro)
- - Manage your API keys ([CTI API](/u/cti_api/intro), [Service API](/u/service_api/getting_started))
\ No newline at end of file
+ - Manage your API keys ([CTI API](/u/cti_api/intro), [Service API](/u/console/service_api/getting_started))
\ No newline at end of file
diff --git a/crowdsec-docs/versioned_docs/version-v1.6/contributing/bouncers.md b/crowdsec-docs/versioned_docs/version-v1.6/contributing/bouncers.md
index 3246c8bc2..4f332858c 100644
--- a/crowdsec-docs/versioned_docs/version-v1.6/contributing/bouncers.md
+++ b/crowdsec-docs/versioned_docs/version-v1.6/contributing/bouncers.md
@@ -17,8 +17,8 @@ Sharing on the hub allows other users to find and use it. While increasing your
 #### Specs
 
 Remediation components have mandatory and optional features, they are described in the following sub pages:
-- [Specifications for Remediation Component and AppSec Capabilities](/contributing/specs/bouncer_appsec_specs)
-- [Remediation Component Metrics](/contributing/specs/bouncer_metrics_specs)
+- [Specifications for Remediation Component and AppSec Capabilities](/contributing/specs/bouncer_appsec_specs.mdx)
+- [Remediation Component Metrics](/contributing/specs/bouncer_metrics_specs.mdx)
 
 *Don't hesitate to get in touch with us via discord if anything is unclear to you*
 
diff --git a/crowdsec-docs/versioned_docs/version-v1.6/contributing/hub.md b/crowdsec-docs/versioned_docs/version-v1.6/contributing/hub.md
index b7f1dfb6e..d54eafea0 100644
--- a/crowdsec-docs/versioned_docs/version-v1.6/contributing/hub.md
+++ b/crowdsec-docs/versioned_docs/version-v1.6/contributing/hub.md
@@ -28,12 +28,12 @@ To get involved :
 
 The following explains how to create and test:
 
-- [parsers](/docs/parsers/create/)
-- [scenarios](/docs/scenarios/create/)
+- [parsers](/log_processor/parsers/create.md)
+- [scenarios](/log_processor/scenarios/create.md)
 
 ### Collections
 
-It often makes sense for a new parser or scenario to be added to an existing [collection](/docs/collections/format), or create a new one.
+It often makes sense for a new parser or scenario to be added to an existing [collection](/log_processor/collections/format.md), or create a new one.
 
 If your parsers and/or scenarios cover a new or specific service, having a dedicated collection for this service makes sense.
 In other cases, having a parser for `SpecificWebServer` access logs would justify a collection as it might also include [all the default http related scenarios](https://hub.crowdsec.net/author/crowdsecurity/collections/base-http-scenarios).
@@ -71,7 +71,7 @@ labels:
 
 Before asking for a review of your PR, please ensure you have the following:
 
-- tests: Test creation is covered in [parsers creation](/docs/parsers/create/) and [scenarios creation](/docs/scenarios/create/). Ensure that each of your parser or scenario is properly tested.
+- tests: Test creation is covered in [parsers creation](/log_processor/parsers/create.md) and [scenarios creation](/log_processor/scenarios/create.md). Ensure that each of your parser or scenario is properly tested.
 - documentation: Please provide a `.md` file with the same name as each of your parser, scenario or collection. The markdown is rendered in the [hub](https://hub.crowdsec.net).
 - documentation: If you're creating a collection targeting a specific log file, be sure to provide an acquis example as :
 
diff --git a/crowdsec-docs/versioned_docs/version-v1.6/contributing/specs/bouncer_appsec_specs.mdx b/crowdsec-docs/versioned_docs/version-v1.6/contributing/specs/bouncer_appsec_specs.mdx
index 6d8d79109..502ad0124 100644
--- a/crowdsec-docs/versioned_docs/version-v1.6/contributing/specs/bouncer_appsec_specs.mdx
+++ b/crowdsec-docs/versioned_docs/version-v1.6/contributing/specs/bouncer_appsec_specs.mdx
@@ -163,7 +163,7 @@ If a remediation is found and for the LAPI timeout fallback here are the remedia
 * Remediation priority  
   * There is a priority in the remediation to take in account if an IP has multiple  
   * Default priority order **Ban** then **Captcha**  
-* Metrics see below and in the [detailed metrics specs](/contributing/specs/bouncer_metrics_specs)
+* Metrics see below and in the [detailed metrics specs](/contributing/specs/bouncer_metrics_specs.mdx)
 
 ### Logging 
 
@@ -484,7 +484,7 @@ You can refer to the AppSec documentation to test request forwarding.
 
 ### Metrics payload
 
-More details about metrics in [Metrics specs](/contributing/specs/bouncer_metrics_specs/)
+More details about metrics in [Metrics specs](/contributing/specs/bouncer_metrics_specs.mdx)
 
 ```json
 { 
diff --git a/crowdsec-docs/versioned_docs/version-v1.6/getting_started/install_source.mdx b/crowdsec-docs/versioned_docs/version-v1.6/getting_started/install_source.mdx
index 3d7177b47..c72e71b37 100644
--- a/crowdsec-docs/versioned_docs/version-v1.6/getting_started/install_source.mdx
+++ b/crowdsec-docs/versioned_docs/version-v1.6/getting_started/install_source.mdx
@@ -9,7 +9,7 @@ import TabItem from '@theme/TabItem';
 import CodeBlock from '@theme/CodeBlock';
 
 :::warning
-This is only for advanced users that wish to compile their own software. If you are not comfortable with this, please use the [official packages](/getting_started/getting_started.md)
+This is only for advanced users that wish to compile their own software. If you are not comfortable with this, please use the [official packages](/u/getting_started/intro)
 :::
 
 We define systems by their underlying distribution rather than a fork or modification of a distribution. For example, Ubuntu and Debian are both Debian based distributions, so they will share the same instructions as the term DEB. Centos and Fedora are both Redhat based distributions, so they will share the same instructions as the term RPM. Arch is just Arch, so it will have its own instructions.
diff --git a/crowdsec-docs/versioned_docs/version-v1.6/intro.mdx b/crowdsec-docs/versioned_docs/version-v1.6/intro.mdx
index eb256f250..51a617d9a 100644
--- a/crowdsec-docs/versioned_docs/version-v1.6/intro.mdx
+++ b/crowdsec-docs/versioned_docs/version-v1.6/intro.mdx
@@ -32,7 +32,7 @@ In addition to the core "detect and react" mechanism, CrowdSec is committed to s
 -   **Easy Installation**: Effortless out-of-the-box installation on all [supported platforms](/u/getting_started/intro).
 -   **Simplified Daily Operations**: You have access to our Web UI administration via [CrowdSec's console](http://app.crowdsec.net) or the powerful [Command line tool cscli](/cscli/cscli.md) for effortless maintenance and keeping your detection mechanisms up-to-date.
 -   **Reproducibility**: The Security Engine can analyze not only live logs but also [cold logs](/u/user_guides/replay_mode), making it easier to detect potential false triggers, conduct forensic analysis, or generate reports.
--   **Versatile**: The Security Engine can analyze [system logs](/docs/data_sources/intro) and [HTTP Requests](/docs/next/appsec/intro) to exhaustively protect your perimeter.
+-   **Versatile**: The Security Engine can analyze [system logs](/log_processor/data_sources/introduction.md) and [HTTP Requests](/appsec/intro.md) to exhaustively protect your perimeter.
 -   **Observability**: Providing valuable insights into the system's activity:
     -   Users can view/manage alerts from the ([Console](https://app.crowdsec.net/signup)).
     -   Operations personnel have access to detailed Prometheus metrics ([Prometheus](/observability/prometheus.md)).
@@ -49,10 +49,10 @@ In addition to the core "detect and react" mechanism, CrowdSec is committed to s
 
 Under the hood, the Security Engine has various components:
 
--   The [Log Processor](log_processor/intro.mdx) is in charge of detection: it analyzes logs from [various data sources](data_sources/intro) or [HTTP requests](appsec/intro) from web servers.
+-   The [Log Processor](/log_processor/intro.mdx) is in charge of detection: it analyzes logs from [various data sources](/log_processor/data_sources/introduction.md) or [HTTP requests](/appsec/intro.md) from web servers.
 -   The [Appsec](appsec/intro) feature is part of the Log Processor and filters HTTP Requests from the compatible web servers.
 -   The [Local API](local_api/intro.md) acts as a middle man:
-    -   Between the [Log Processors](/docs/data_sources/intro) and the [Remediation Components](/u/bouncers/intro) which are in charge of enforcing decisions.
+    -   Between the [Log Processors](/log_processor/intro.mdx) and the [Remediation Components](/u/bouncers/intro) which are in charge of enforcing decisions.
     -   And with the [Central API](/central_api/intro.md) to share alerts and receive blocklists.
 -   The [Remediation Components](/u/bouncers/intro) - also known as bouncers - block malicious IPs at your chosen level—whether via IpTables, firewalls, web servers, or reverse proxies. [See the full list on our CrowdSec Hub.](https://app.crowdsec.net/hub/remediation-components)
 
@@ -64,7 +64,7 @@ This architecture allows for both simple/standalone setups, or more distributed
 -   Multiple machines? Use the [distributed setup guide](/u/user_guides/multiserver_setup)
 -   Already have a log pit (such as rsyslog or loki)? [Run crowdsec next to it](/u/user_guides/log_centralization), not on the production workloads
 -   Running Kubernetes? Have a look at [our helm chart](/u/getting_started/installation/kubernetes)
--   Running containers? The [docker data source](/docs/data_sources/docker) might be what you need
+-   Running containers? The [docker data source](/log_processor/data_sources/docker.md) might be what you need
 -   Just looking for a WAF? Look at [our quickstart](appsec/intro)
 
 Distributed architecture example:
diff --git a/crowdsec-docs/versioned_docs/version-v1.6/log_processor/scenarios/create.md b/crowdsec-docs/versioned_docs/version-v1.6/log_processor/scenarios/create.md
index a2fd370b4..721cd730c 100644
--- a/crowdsec-docs/versioned_docs/version-v1.6/log_processor/scenarios/create.md
+++ b/crowdsec-docs/versioned_docs/version-v1.6/log_processor/scenarios/create.md
@@ -8,7 +8,7 @@ import AcademyPromo from '@site/src/components/academy-promo';
 
 :::caution
 
-All the examples assume that you have read the [Creating parsers](/docs/next/parsers/create) documentation.
+All the examples assume that you have read the [Creating parsers](/log_processor/parsers/create.md) documentation.
 
 :::
 
@@ -120,7 +120,7 @@ labels:
 
 :::note
 
-We filter on `evt.Meta.log_type == 'myservice_failed_auth'` because in the parser `myservice-logs` (created in the [Creating parsers](/docs/next/parsers/create) part) we set the `log_type` to `myservice_failed_auth` for bad password or bad user attempt.
+We filter on `evt.Meta.log_type == 'myservice_failed_auth'` because in the parser `myservice-logs` (created in the [Creating parsers](/log_processor/parsers/create.md) part) we set the `log_type` to `myservice_failed_auth` for bad password or bad user attempt.
 
 :::
 
diff --git a/crowdsec-docs/versioned_docs/version-v1.6/log_processor/scenarios/introduction.mdx b/crowdsec-docs/versioned_docs/version-v1.6/log_processor/scenarios/introduction.mdx
index 56cf888f6..162163ef6 100644
--- a/crowdsec-docs/versioned_docs/version-v1.6/log_processor/scenarios/introduction.mdx
+++ b/crowdsec-docs/versioned_docs/version-v1.6/log_processor/scenarios/introduction.mdx
@@ -9,7 +9,7 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 
 Scenarios are YAML files that allow to detect a specific behavior, usually an attack.
 
-Scenarios receive [events](/concepts.md#events) and can produce [alerts](/concepts.md#alerts) using the [leaky bucket](https://en.wikipedia.org/wiki/Leaky_bucket) algorithm.
+Scenarios receive events and can produce alerts using the [leaky bucket](https://en.wikipedia.org/wiki/Leaky_bucket) algorithm.
 
 <div style={{display: 'flex'}}>
     <div style={{textAlign: 'center', flex: '1'}}>
@@ -25,6 +25,6 @@ The event goes via various steps :
  - if the bucket overflows, it can be validated by an optional `overflow_filter`
 
 
-Once an overflow happens, it will go through [postoverflows](/log_processor/parsers/introduction.mdx#postoverflows) to handle last chance whitelists, before being finally turned into a potential [decision](/concepts.md#decisions) by [profiles](/local_api/profiles/intro.md).
+Once an overflow happens, it will go through [postoverflows](/log_processor/parsers/introduction.mdx#postoverflows) to handle last chance whitelists, before being finally turned into a potential decision by [profiles](/local_api/profiles/intro.md).
 
 
diff --git a/crowdsec-docs/versioned_docs/version-v1.6/observability/intro.md b/crowdsec-docs/versioned_docs/version-v1.6/observability/intro.md
index ccd866f0b..2cf1f747c 100644
--- a/crowdsec-docs/versioned_docs/version-v1.6/observability/intro.md
+++ b/crowdsec-docs/versioned_docs/version-v1.6/observability/intro.md
@@ -11,7 +11,7 @@ We attempt to provide good observability of CrowdSec's behavior :
  - CrowdSec itself exposes a [prometheus instrumentation](/observability/prometheus.md)
  - `cscli` allows you to view part of prometheus metrics in [cli (`cscli metrics`)](/cscli/cscli_metrics.md)
  - CrowdSec logging is contextualized for easy processing
- - for **humans**, `cscli` allows you to trivially start a service [exposing dashboards](/observability/dashboard.md) (using [metabase](https://www.metabase.com/))
+ - for **humans**, `cscli` provides command-line tools to inspect and manage CrowdSec's behavior
 
 Furthermore, most of CrowdSec configuration should allow you to enable partial debug (ie. per-scenario, per-parser etc.)
 
diff --git a/crowdsec-docs/versioned_docs/version-v1.7/appsec/configuration.md b/crowdsec-docs/versioned_docs/version-v1.7/appsec/configuration.md
index e873f0037..63cb4b60f 100644
--- a/crowdsec-docs/versioned_docs/version-v1.7/appsec/configuration.md
+++ b/crowdsec-docs/versioned_docs/version-v1.7/appsec/configuration.md
@@ -22,7 +22,7 @@ The AppSec Component configuration consists of three main parts:
 
 The goals of the acquisition file are:
 - To specify the **address** and **port** where the AppSec-enabled Remediation Component(s) will forward the requests to.
-- And specify one or more [AppSec configuration files](#appsec-configuration) to use as definition of what rules to apply and how. 
+- And specify one or more [AppSec configuration files](#appsec-configuration-files) to use as definition of what rules to apply and how. 
 
 Details can be found in the [AppSec Datasource page](/log_processor/data_sources/appsec.md).
 
diff --git a/crowdsec-docs/versioned_docs/version-v1.7/appsec/quickstart/general.mdx b/crowdsec-docs/versioned_docs/version-v1.7/appsec/quickstart/general.mdx
index e348e6dfd..85f0ee920 100644
--- a/crowdsec-docs/versioned_docs/version-v1.7/appsec/quickstart/general.mdx
+++ b/crowdsec-docs/versioned_docs/version-v1.7/appsec/quickstart/general.mdx
@@ -203,4 +203,4 @@ If the AppSec Component fails to start:
 3. **Check configuration syntax**: Validate your `appsec.yaml` file
 4. **Review logs**: Check `/var/log/crowdsec.log` for error messages
 
-For detailed troubleshooting, see the [AppSec Troubleshooting Guide](/appsec/troubleshooting).
\ No newline at end of file
+For detailed troubleshooting, see the [AppSec Troubleshooting Guide](/appsec/troubleshooting.md).
\ No newline at end of file
diff --git a/crowdsec-docs/versioned_docs/version-v1.7/appsec/quickstart/nginxopenresty.mdx b/crowdsec-docs/versioned_docs/version-v1.7/appsec/quickstart/nginxopenresty.mdx
index 53c75604c..625007af1 100644
--- a/crowdsec-docs/versioned_docs/version-v1.7/appsec/quickstart/nginxopenresty.mdx
+++ b/crowdsec-docs/versioned_docs/version-v1.7/appsec/quickstart/nginxopenresty.mdx
@@ -59,7 +59,7 @@ sudo cscli collections install crowdsecurity/appsec-virtual-patching crowdsecuri
 Executing this command will install the following items:
 
 - The [*AppSec Rules*](/appsec/rules_syntax.md) contain the definition of malevolent requests to be matched and stopped
-- The [*AppSec Configuration*](/appsec/configuration.md#appsec-configuration) links together a set of rules to provide a coherent set
+- The [*AppSec Configuration*](/appsec/configuration.md#appsec-configuration-files) links together a set of rules to provide a coherent set
 - The <UnderlineTooltip tooltip="YAML files that extract relevant data from logs, such as IP addresses, timestamps, or request paths.">CrowdSec Parser</UnderlineTooltip> and <UnderlineTooltip tooltip="Behavioral rules written in a domain-specific language that define what malicious activity looks like, such as multiple failed logins in a short time.">CrowdSec Scenario(s)</UnderlineTooltip> bans for a longer duration repeating offenders
 
 ### Setup the Acquisition
@@ -82,7 +82,7 @@ Steps:
 
 The two important directives in this configuration file are:
 
- - `appsec_config` is the name of the [*AppSec Configuration*](appsec/configuration.md#appsec-configuration) that was included in the <UnderlineTooltip tooltip="Collections are bundle of parsers, scenarios, postoverflows that form a coherent package.">Collection</UnderlineTooltip> we just installed.
+ - `appsec_config` is the name of the [*AppSec Configuration*](/appsec/configuration.md#appsec-configuration-files) that was included in the <UnderlineTooltip tooltip="Collections are bundle of parsers, scenarios, postoverflows that form a coherent package.">Collection</UnderlineTooltip> we just installed.
  - the `listen_addr` is the IP and port the AppSec Component will listen to.
 
 :::warning
diff --git a/crowdsec-docs/versioned_docs/version-v1.7/appsec/quickstart/traefik.mdx b/crowdsec-docs/versioned_docs/version-v1.7/appsec/quickstart/traefik.mdx
index 926707cac..790904229 100644
--- a/crowdsec-docs/versioned_docs/version-v1.7/appsec/quickstart/traefik.mdx
+++ b/crowdsec-docs/versioned_docs/version-v1.7/appsec/quickstart/traefik.mdx
@@ -63,7 +63,7 @@ docker exec -it crowdsec cscli collections install crowdsecurity/appsec-virtual-
 Executing this command or updating the compose will install the following items:
 
 - The [*AppSec Rules*](/appsec/rules_syntax.md) contain the definition of malevolent requests to be matched and stopped.
-- The [*AppSec Configuration*](/appsec/configuration.md#appsec-configuration) links together a set of rules to provide a coherent set.
+- The [*AppSec Configuration*](/appsec/configuration.md#appsec-configuration-files) links together a set of rules to provide a coherent set.
 - The <UnderlineTooltip tooltip="YAML files that extract relevant data from logs, such as IP addresses, timestamps, or request paths.">CrowdSec Parser</UnderlineTooltip> and <UnderlineTooltip tooltip="Behavioral rules written in a domain-specific language that define what malicious activity looks like, such as multiple failed logins in a short time.">CrowdSec Scenario(s)</UnderlineTooltip> are used to detect and remediate persistent attacks.
 
 Once you have updated your compose or installed via the command line, will we need to restart the container. However, before we do that, we need to setup the acquisition for the AppSec Component.
diff --git a/crowdsec-docs/versioned_docs/version-v1.7/appsec/quickstart/wordpress.mdx b/crowdsec-docs/versioned_docs/version-v1.7/appsec/quickstart/wordpress.mdx
index cceffcef0..a7713e43c 100644
--- a/crowdsec-docs/versioned_docs/version-v1.7/appsec/quickstart/wordpress.mdx
+++ b/crowdsec-docs/versioned_docs/version-v1.7/appsec/quickstart/wordpress.mdx
@@ -53,7 +53,7 @@ sudo cscli collections install crowdsecurity/appsec-virtual-patching crowdsecuri
 Executing this command will install the following items:
 
 - The [*AppSec Rules*](/appsec/rules_syntax.md) contain the definition of malevolent requests to be matched and stopped
-- The [*AppSec Configuration*](/appsec/configuration.md#appsec-configuration) links together a set of rules to provide a coherent set
+- The [*AppSec Configuration*](/appsec/configuration.md#appsec-configuration-files) links together a set of rules to provide a coherent set
 - The <UnderlineTooltip tooltip="YAML files that extract relevant data from logs, such as IP addresses, timestamps, or request paths.">CrowdSec Parser</UnderlineTooltip> and <UnderlineTooltip tooltip="Behavioral rules written in a domain-specific language that define what malicious activity looks like, such as multiple failed logins in a short time.">CrowdSec Scenario(s)</UnderlineTooltip> bans for a longer duration repeating offenders
 
 ### Setup the Acquisition
@@ -76,7 +76,7 @@ Steps:
 
 The two important directives in this configuration file are:
 
- - `appsec_config` is the name of the [*AppSec Configuration*](appsec/configuration.md#appsec-configuration) that was included in the <UnderlineTooltip tooltip="Collections are bundle of parsers, scenarios, postoverflows that form a coherent package.">Collection</UnderlineTooltip> we just installed.
+ - `appsec_config` is the name of the [*AppSec Configuration*](/appsec/configuration.md#appsec-configuration-files) that was included in the <UnderlineTooltip tooltip="Collections are bundle of parsers, scenarios, postoverflows that form a coherent package.">Collection</UnderlineTooltip> we just installed.
  - the `listen_addr` is the IP and port the AppSec Component will listen to.
 
 :::warning
diff --git a/crowdsec-docs/versioned_docs/version-v1.7/appsec/troubleshooting.md b/crowdsec-docs/versioned_docs/version-v1.7/appsec/troubleshooting.md
index c98bdc02d..eda4ca3c0 100644
--- a/crowdsec-docs/versioned_docs/version-v1.7/appsec/troubleshooting.md
+++ b/crowdsec-docs/versioned_docs/version-v1.7/appsec/troubleshooting.md
@@ -63,7 +63,7 @@ DEBU[2023-12-06 15:40:26] Finish evaluating rule                        band=inb
 ## Authenticating with the AppSec Component
 
 :::note
-We are assuming the AppSec engine is running on `127.0.0.1:7422`. See [installation directives](/docs/next/appsec/installation)
+We are assuming the AppSec engine is running on `127.0.0.1:7422`. See [installation directives](/appsec/quickstart/general.mdx)
 :::
 
 > Create a valid API Key
diff --git a/crowdsec-docs/versioned_docs/version-v1.7/central_api/intro.md b/crowdsec-docs/versioned_docs/version-v1.7/central_api/intro.md
index b7a4f22cf..1e723cbab 100644
--- a/crowdsec-docs/versioned_docs/version-v1.7/central_api/intro.md
+++ b/crowdsec-docs/versioned_docs/version-v1.7/central_api/intro.md
@@ -15,7 +15,7 @@ The [Central API](https://crowdsecurity.github.io/api_doc/capi/) is the service
 This information is *only* going to be pushed when a scenario is coming from the hub and is unmodified. Custom scenarios, tainted scenarios and manual decisions are *not* pushed unless enrolled into the console.
 :::
 
-When the Security Engine generates an alert, [unless you opt-out of it](/u/troubleshooting/intro#how-to-disable-the-central-api), it will push "signal meta-data". The meta-data are :
+When the Security Engine generates an alert, [unless you opt-out of it](/u/troubleshooting/security_engine#how-to-disable-the-central-api), it will push "signal meta-data". The meta-data are :
  - The name of the scenario that was triggered
  - The hash & version of the scenario that was triggered
  - The timestamp of the decision
diff --git a/crowdsec-docs/versioned_docs/version-v1.7/concepts.md b/crowdsec-docs/versioned_docs/version-v1.7/concepts.md
index c2c26af10..1a184add4 100644
--- a/crowdsec-docs/versioned_docs/version-v1.7/concepts.md
+++ b/crowdsec-docs/versioned_docs/version-v1.7/concepts.md
@@ -12,7 +12,7 @@ sidebar_position: 1
 > The Security Engine is CrowdSec's IDS/IPS (Intrusion Detection System/Intrusion Prevention System)
 > It is a rules and behavior detection engine comprised of Log Processor and the Local API.
 
-A Security Engine can operate [independently](/intro#architecture) or in a [distributed manner](/intro#deployment-options), adapting to the specific needs and constraints of your infrastructure. For more information on CrowdSec's distributed approach, visit our documentation on collaborative operations and distributed deployments.
+A Security Engine can operate [independently](intro.mdx#architecture) or in a [distributed manner](intro.mdx#deployment-options), adapting to the specific needs and constraints of your infrastructure. For more information on CrowdSec's distributed approach, visit our documentation on collaborative operations and distributed deployments.
 
 
 # Log Processor (LP)
@@ -50,7 +50,7 @@ Remediations components leverage existing components of your infrastructure to b
 
 > The Central API (CAPI) serves as the gateway for network participants to connect and communicate with CrowdSec's network.
 
-The Central API (abreviated as `CAPI`) receives attack signals from all participating Security Engines and signal partners, then re-distribute them curated community decisions ([Community Blocklist](/central_api/community_blocklist/)).   
+The Central API (abreviated as `CAPI`) receives attack signals from all participating Security Engines and signal partners, then re-distribute them curated community decisions ([Community Blocklist](/central_api/blocklist.md)).   
 It's also at the heart of CrowdSec centralized [Blocklist services](/u/blocklists/intro).
 
 # Console
@@ -61,4 +61,4 @@ The [Console](https://app.crowdsec.net) allows you to:
  - [Manage alerts](/u/console/alerts/intro) of your security stack
  - [Manage decisions](/u/console/decisions/decisions_intro) in real-time
  - View and use [blocklists and integrations](/u/blocklists/intro)
- - Manage your API keys ([CTI API](/u/cti_api/intro), [Service API](/u/service_api/getting_started))
\ No newline at end of file
+ - Manage your API keys ([CTI API](/u/cti_api/intro), [Service API](/u/console/service_api/getting_started))
\ No newline at end of file
diff --git a/crowdsec-docs/versioned_docs/version-v1.7/configuration/network_management.md b/crowdsec-docs/versioned_docs/version-v1.7/configuration/network_management.md
index 2c289f5f5..6fac4262e 100644
--- a/crowdsec-docs/versioned_docs/version-v1.7/configuration/network_management.md
+++ b/crowdsec-docs/versioned_docs/version-v1.7/configuration/network_management.md
@@ -17,7 +17,7 @@ id: network_management
  - Local API connects to `tcp/443` on `papi.api.crowdsec.net` (console management)
  - `cscli` connects to `tcp/443` on `hub-cdn.crowdsec.net` to fetch scenarios, parsers etc. (1)
  - `cscli` connects to `tcp/443` on `version.crowdsec.net` to check latest version available. (1)
- - [`cscli dashboard`](/cscli/cscli_dashboard.md) fetches metabase configuration from a s3 bucket (`https://crowdsec-statics-assets.s3-eu-west-1.amazonaws.com/`)
+ - Dashboard-related functionality may connect to external services for configuration
  - Installation script is hosted on `install.crowdsec.net` over HTTPS.
  - Repositories are hosted on `packagecloud.io` over HTTPS.
 
diff --git a/crowdsec-docs/versioned_docs/version-v1.7/contributing/bouncers.md b/crowdsec-docs/versioned_docs/version-v1.7/contributing/bouncers.md
index 3246c8bc2..4f332858c 100644
--- a/crowdsec-docs/versioned_docs/version-v1.7/contributing/bouncers.md
+++ b/crowdsec-docs/versioned_docs/version-v1.7/contributing/bouncers.md
@@ -17,8 +17,8 @@ Sharing on the hub allows other users to find and use it. While increasing your
 #### Specs
 
 Remediation components have mandatory and optional features, they are described in the following sub pages:
-- [Specifications for Remediation Component and AppSec Capabilities](/contributing/specs/bouncer_appsec_specs)
-- [Remediation Component Metrics](/contributing/specs/bouncer_metrics_specs)
+- [Specifications for Remediation Component and AppSec Capabilities](/contributing/specs/bouncer_appsec_specs.mdx)
+- [Remediation Component Metrics](/contributing/specs/bouncer_metrics_specs.mdx)
 
 *Don't hesitate to get in touch with us via discord if anything is unclear to you*
 
diff --git a/crowdsec-docs/versioned_docs/version-v1.7/contributing/hub.md b/crowdsec-docs/versioned_docs/version-v1.7/contributing/hub.md
index b7f1dfb6e..d54eafea0 100644
--- a/crowdsec-docs/versioned_docs/version-v1.7/contributing/hub.md
+++ b/crowdsec-docs/versioned_docs/version-v1.7/contributing/hub.md
@@ -28,12 +28,12 @@ To get involved :
 
 The following explains how to create and test:
 
-- [parsers](/docs/parsers/create/)
-- [scenarios](/docs/scenarios/create/)
+- [parsers](/log_processor/parsers/create.md)
+- [scenarios](/log_processor/scenarios/create.md)
 
 ### Collections
 
-It often makes sense for a new parser or scenario to be added to an existing [collection](/docs/collections/format), or create a new one.
+It often makes sense for a new parser or scenario to be added to an existing [collection](/log_processor/collections/format.md), or create a new one.
 
 If your parsers and/or scenarios cover a new or specific service, having a dedicated collection for this service makes sense.
 In other cases, having a parser for `SpecificWebServer` access logs would justify a collection as it might also include [all the default http related scenarios](https://hub.crowdsec.net/author/crowdsecurity/collections/base-http-scenarios).
@@ -71,7 +71,7 @@ labels:
 
 Before asking for a review of your PR, please ensure you have the following:
 
-- tests: Test creation is covered in [parsers creation](/docs/parsers/create/) and [scenarios creation](/docs/scenarios/create/). Ensure that each of your parser or scenario is properly tested.
+- tests: Test creation is covered in [parsers creation](/log_processor/parsers/create.md) and [scenarios creation](/log_processor/scenarios/create.md). Ensure that each of your parser or scenario is properly tested.
 - documentation: Please provide a `.md` file with the same name as each of your parser, scenario or collection. The markdown is rendered in the [hub](https://hub.crowdsec.net).
 - documentation: If you're creating a collection targeting a specific log file, be sure to provide an acquis example as :
 
diff --git a/crowdsec-docs/versioned_docs/version-v1.7/contributing/specs/bouncer_appsec_specs.mdx b/crowdsec-docs/versioned_docs/version-v1.7/contributing/specs/bouncer_appsec_specs.mdx
index 6d8d79109..502ad0124 100644
--- a/crowdsec-docs/versioned_docs/version-v1.7/contributing/specs/bouncer_appsec_specs.mdx
+++ b/crowdsec-docs/versioned_docs/version-v1.7/contributing/specs/bouncer_appsec_specs.mdx
@@ -163,7 +163,7 @@ If a remediation is found and for the LAPI timeout fallback here are the remedia
 * Remediation priority  
   * There is a priority in the remediation to take in account if an IP has multiple  
   * Default priority order **Ban** then **Captcha**  
-* Metrics see below and in the [detailed metrics specs](/contributing/specs/bouncer_metrics_specs)
+* Metrics see below and in the [detailed metrics specs](/contributing/specs/bouncer_metrics_specs.mdx)
 
 ### Logging 
 
@@ -484,7 +484,7 @@ You can refer to the AppSec documentation to test request forwarding.
 
 ### Metrics payload
 
-More details about metrics in [Metrics specs](/contributing/specs/bouncer_metrics_specs/)
+More details about metrics in [Metrics specs](/contributing/specs/bouncer_metrics_specs.mdx)
 
 ```json
 { 
diff --git a/crowdsec-docs/versioned_docs/version-v1.7/getting_started/crowdsec_tour.mdx b/crowdsec-docs/versioned_docs/version-v1.7/getting_started/crowdsec_tour.mdx
index 1d0c90d11..e62ef567a 100644
--- a/crowdsec-docs/versioned_docs/version-v1.7/getting_started/crowdsec_tour.mdx
+++ b/crowdsec-docs/versioned_docs/version-v1.7/getting_started/crowdsec_tour.mdx
@@ -280,7 +280,7 @@ Running [metabase](https://www.metabase.com/) (the dashboard deployed by `cscli
 sudo cscli dashboard setup --listen 0.0.0.0
 ```
 
-A metabase [docker container](/observability/dashboard.md) can be deployed with [`cscli dashboard`](/cscli/cscli_dashboard.md).
+CrowdSec provides various observability tools including Prometheus metrics and command-line interfaces.
 It requires docker, [installation instructions are available here](https://docs.docker.com/engine/install/).
 
 ## Logs
diff --git a/crowdsec-docs/versioned_docs/version-v1.7/getting_started/install_source.mdx b/crowdsec-docs/versioned_docs/version-v1.7/getting_started/install_source.mdx
index 3d7177b47..c72e71b37 100644
--- a/crowdsec-docs/versioned_docs/version-v1.7/getting_started/install_source.mdx
+++ b/crowdsec-docs/versioned_docs/version-v1.7/getting_started/install_source.mdx
@@ -9,7 +9,7 @@ import TabItem from '@theme/TabItem';
 import CodeBlock from '@theme/CodeBlock';
 
 :::warning
-This is only for advanced users that wish to compile their own software. If you are not comfortable with this, please use the [official packages](/getting_started/getting_started.md)
+This is only for advanced users that wish to compile their own software. If you are not comfortable with this, please use the [official packages](/u/getting_started/intro)
 :::
 
 We define systems by their underlying distribution rather than a fork or modification of a distribution. For example, Ubuntu and Debian are both Debian based distributions, so they will share the same instructions as the term DEB. Centos and Fedora are both Redhat based distributions, so they will share the same instructions as the term RPM. Arch is just Arch, so it will have its own instructions.
diff --git a/crowdsec-docs/versioned_docs/version-v1.7/intro.mdx b/crowdsec-docs/versioned_docs/version-v1.7/intro.mdx
index eb256f250..51a617d9a 100644
--- a/crowdsec-docs/versioned_docs/version-v1.7/intro.mdx
+++ b/crowdsec-docs/versioned_docs/version-v1.7/intro.mdx
@@ -32,7 +32,7 @@ In addition to the core "detect and react" mechanism, CrowdSec is committed to s
 -   **Easy Installation**: Effortless out-of-the-box installation on all [supported platforms](/u/getting_started/intro).
 -   **Simplified Daily Operations**: You have access to our Web UI administration via [CrowdSec's console](http://app.crowdsec.net) or the powerful [Command line tool cscli](/cscli/cscli.md) for effortless maintenance and keeping your detection mechanisms up-to-date.
 -   **Reproducibility**: The Security Engine can analyze not only live logs but also [cold logs](/u/user_guides/replay_mode), making it easier to detect potential false triggers, conduct forensic analysis, or generate reports.
--   **Versatile**: The Security Engine can analyze [system logs](/docs/data_sources/intro) and [HTTP Requests](/docs/next/appsec/intro) to exhaustively protect your perimeter.
+-   **Versatile**: The Security Engine can analyze [system logs](/log_processor/data_sources/introduction.md) and [HTTP Requests](/appsec/intro.md) to exhaustively protect your perimeter.
 -   **Observability**: Providing valuable insights into the system's activity:
     -   Users can view/manage alerts from the ([Console](https://app.crowdsec.net/signup)).
     -   Operations personnel have access to detailed Prometheus metrics ([Prometheus](/observability/prometheus.md)).
@@ -49,10 +49,10 @@ In addition to the core "detect and react" mechanism, CrowdSec is committed to s
 
 Under the hood, the Security Engine has various components:
 
--   The [Log Processor](log_processor/intro.mdx) is in charge of detection: it analyzes logs from [various data sources](data_sources/intro) or [HTTP requests](appsec/intro) from web servers.
+-   The [Log Processor](/log_processor/intro.mdx) is in charge of detection: it analyzes logs from [various data sources](/log_processor/data_sources/introduction.md) or [HTTP requests](/appsec/intro.md) from web servers.
 -   The [Appsec](appsec/intro) feature is part of the Log Processor and filters HTTP Requests from the compatible web servers.
 -   The [Local API](local_api/intro.md) acts as a middle man:
-    -   Between the [Log Processors](/docs/data_sources/intro) and the [Remediation Components](/u/bouncers/intro) which are in charge of enforcing decisions.
+    -   Between the [Log Processors](/log_processor/intro.mdx) and the [Remediation Components](/u/bouncers/intro) which are in charge of enforcing decisions.
     -   And with the [Central API](/central_api/intro.md) to share alerts and receive blocklists.
 -   The [Remediation Components](/u/bouncers/intro) - also known as bouncers - block malicious IPs at your chosen level—whether via IpTables, firewalls, web servers, or reverse proxies. [See the full list on our CrowdSec Hub.](https://app.crowdsec.net/hub/remediation-components)
 
@@ -64,7 +64,7 @@ This architecture allows for both simple/standalone setups, or more distributed
 -   Multiple machines? Use the [distributed setup guide](/u/user_guides/multiserver_setup)
 -   Already have a log pit (such as rsyslog or loki)? [Run crowdsec next to it](/u/user_guides/log_centralization), not on the production workloads
 -   Running Kubernetes? Have a look at [our helm chart](/u/getting_started/installation/kubernetes)
--   Running containers? The [docker data source](/docs/data_sources/docker) might be what you need
+-   Running containers? The [docker data source](/log_processor/data_sources/docker.md) might be what you need
 -   Just looking for a WAF? Look at [our quickstart](appsec/intro)
 
 Distributed architecture example:
diff --git a/crowdsec-docs/versioned_docs/version-v1.7/log_processor/scenarios/create.md b/crowdsec-docs/versioned_docs/version-v1.7/log_processor/scenarios/create.md
index a2fd370b4..721cd730c 100644
--- a/crowdsec-docs/versioned_docs/version-v1.7/log_processor/scenarios/create.md
+++ b/crowdsec-docs/versioned_docs/version-v1.7/log_processor/scenarios/create.md
@@ -8,7 +8,7 @@ import AcademyPromo from '@site/src/components/academy-promo';
 
 :::caution
 
-All the examples assume that you have read the [Creating parsers](/docs/next/parsers/create) documentation.
+All the examples assume that you have read the [Creating parsers](/log_processor/parsers/create.md) documentation.
 
 :::
 
@@ -120,7 +120,7 @@ labels:
 
 :::note
 
-We filter on `evt.Meta.log_type == 'myservice_failed_auth'` because in the parser `myservice-logs` (created in the [Creating parsers](/docs/next/parsers/create) part) we set the `log_type` to `myservice_failed_auth` for bad password or bad user attempt.
+We filter on `evt.Meta.log_type == 'myservice_failed_auth'` because in the parser `myservice-logs` (created in the [Creating parsers](/log_processor/parsers/create.md) part) we set the `log_type` to `myservice_failed_auth` for bad password or bad user attempt.
 
 :::
 
diff --git a/crowdsec-docs/versioned_docs/version-v1.7/log_processor/scenarios/introduction.mdx b/crowdsec-docs/versioned_docs/version-v1.7/log_processor/scenarios/introduction.mdx
index 56cf888f6..162163ef6 100644
--- a/crowdsec-docs/versioned_docs/version-v1.7/log_processor/scenarios/introduction.mdx
+++ b/crowdsec-docs/versioned_docs/version-v1.7/log_processor/scenarios/introduction.mdx
@@ -9,7 +9,7 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 
 Scenarios are YAML files that allow to detect a specific behavior, usually an attack.
 
-Scenarios receive [events](/concepts.md#events) and can produce [alerts](/concepts.md#alerts) using the [leaky bucket](https://en.wikipedia.org/wiki/Leaky_bucket) algorithm.
+Scenarios receive events and can produce alerts using the [leaky bucket](https://en.wikipedia.org/wiki/Leaky_bucket) algorithm.
 
 <div style={{display: 'flex'}}>
     <div style={{textAlign: 'center', flex: '1'}}>
@@ -25,6 +25,6 @@ The event goes via various steps :
  - if the bucket overflows, it can be validated by an optional `overflow_filter`
 
 
-Once an overflow happens, it will go through [postoverflows](/log_processor/parsers/introduction.mdx#postoverflows) to handle last chance whitelists, before being finally turned into a potential [decision](/concepts.md#decisions) by [profiles](/local_api/profiles/intro.md).
+Once an overflow happens, it will go through [postoverflows](/log_processor/parsers/introduction.mdx#postoverflows) to handle last chance whitelists, before being finally turned into a potential decision by [profiles](/local_api/profiles/intro.md).
 
 
diff --git a/crowdsec-docs/versioned_docs/version-v1.7/observability/dashboard.md b/crowdsec-docs/versioned_docs/version-v1.7/observability/dashboard.md
deleted file mode 100644
index ddd5dcae1..000000000
--- a/crowdsec-docs/versioned_docs/version-v1.7/observability/dashboard.md
+++ /dev/null
@@ -1,100 +0,0 @@
----
-id: dashboard
-title: Cscli dashboard
-sidebar_position: 3
----
-
-:::warning "MySQL & PostgreSQL"
-MySQL and PostgreSQL are currently not supported by [`cscli dashboard`](/cscli/cscli_dashboard.md). 
-
-It means that you can run cscli dashboard only if you use `SQLite` (default) as storage database with your local API.
-:::
-
-![Dashboard](/img/metabase.png)
-
-The cscli command `cscli dashboard setup` will use [docker](https://docs.docker.com/get-docker/) to install [metabase docker image](https://hub.docker.com/r/metabase/metabase/) and fetch our metabase template to have a configured and ready dashboard. 
-
-:::tip
-If you use `podman` instead of `docker` and want to install the crowdsec dashboard, you need to run:
-
-	sudo systemctl enable --now podman.socket
-
-Then you can setup the dashboard with `sudo env DOCKER_HOST=unix:///run/podman/podman.sock cscli dashboard setup`.
-:::
-
-## Setup
-> Setup and Start crowdsec metabase dashboard
-
-```bash
-sudo cscli dashboard setup
-```
-
-Optional arguments:
-
- - `-l` |`--listen` : ip address to listen on for docker (default is `127.0.0.1`)
- - `-p` |`--port` : port to listen on for docker (default is `8080`)
- - `--password` : password for metabase user (default is generated randomly)
- - `-f` | `--force` : override existing setup
-
-
-
-<details>
-  <summary>cscli dashboard setup</summary>
-
-```bash
-INFO[0000] Pulling docker image metabase/metabase       
-...........
-INFO[0002] creating container '/crowdsec-metabase'      
-INFO[0002] Waiting for metabase API to be up (can take up to a minute) 
-..............
-INFO[0051] Metabase is ready                            
-
-	URL       : 'http://127.0.0.1:3000'
-	username  : 'crowdsec@crowdsec.net'
-	password  : '<RANDOM_PASSWORD>'
-
-```
-</details>
-
-:::tip
-The `dashboard setup` command will output generated credentials for metabase.
-
-Those are stored in `/etc/crowdsec/metabase/metabase.yaml`
-:::
-
-Now you can connect to your dashboard, sign-in with your saved credentials then click on crowdsec Dashboard to get this:
-
-
-Dashboard docker image can be managed by cscli and docker cli also. Look at the cscli help command using
-
-```bash
-sudo cscli dashboard -h
-```
-
-## Remove the dashboard
-> Remove crowdsec metabase dashboard
-
-```bash
-sudo cscli dashboard remove [-f]
-```
-Optional arguments:
-
-- `-f` | `--force` : will force remove the dashboard
-
-## Stop the dashboard
-> Stop crowdsec metabase dashboard
-
-```bash
-sudo cscli dashboard stop
-```
-
-## Start the dashboard
-> Start crowdsec metabase dashboard
-
-```bash
-sudo cscli dashboard start
-```
-
-**Note:** Please look [at this documentation](/blog/metabase_without_docker) for those of you that would like to deploy metabase without using docker.
-
-
diff --git a/crowdsec-docs/versioned_docs/version-v1.7/observability/intro.md b/crowdsec-docs/versioned_docs/version-v1.7/observability/intro.md
index ccd866f0b..2cf1f747c 100644
--- a/crowdsec-docs/versioned_docs/version-v1.7/observability/intro.md
+++ b/crowdsec-docs/versioned_docs/version-v1.7/observability/intro.md
@@ -11,7 +11,7 @@ We attempt to provide good observability of CrowdSec's behavior :
  - CrowdSec itself exposes a [prometheus instrumentation](/observability/prometheus.md)
  - `cscli` allows you to view part of prometheus metrics in [cli (`cscli metrics`)](/cscli/cscli_metrics.md)
  - CrowdSec logging is contextualized for easy processing
- - for **humans**, `cscli` allows you to trivially start a service [exposing dashboards](/observability/dashboard.md) (using [metabase](https://www.metabase.com/))
+ - for **humans**, `cscli` provides command-line tools to inspect and manage CrowdSec's behavior
 
 Furthermore, most of CrowdSec configuration should allow you to enable partial debug (ie. per-scenario, per-parser etc.)
 
diff --git a/crowdsec-docs/versioned_sidebars/version-v1.7-sidebars.json b/crowdsec-docs/versioned_sidebars/version-v1.7-sidebars.json
index 8bc6fe6a5..d11fcbab2 100644
--- a/crowdsec-docs/versioned_sidebars/version-v1.7-sidebars.json
+++ b/crowdsec-docs/versioned_sidebars/version-v1.7-sidebars.json
@@ -260,7 +260,6 @@
         "observability/cscli",
         "observability/prometheus",
         "observability/usage_metrics",
-        "observability/dashboard",
         "observability/pprof"
       ]
     },