From 2be7611ba0e73195a83a463e2461027125fe2623 Mon Sep 17 00:00:00 2001
From: lcawl <lcawley@elastic.co>
Date: Wed, 17 Sep 2025 16:50:34 -0700
Subject: [PATCH 01/11] Reset changed files

---
 get-started/introduction.md            | 176 ++++++++++++++++++++++++-
 get-started/the-stack.md               |   2 +
 get-started/versioning-availability.md |  65 +++++----
 3 files changed, 206 insertions(+), 37 deletions(-)

diff --git a/get-started/introduction.md b/get-started/introduction.md
index 32f8f19024..c46ed53388 100644
--- a/get-started/introduction.md
+++ b/get-started/introduction.md
@@ -3,11 +3,178 @@ mapped_pages:
   - https://www.elastic.co/guide/en/elasticsearch/reference/current/elasticsearch-intro-what-is-es.html
 products:
   - id: elasticsearch
+applies_to:
+  stack:
+  serverless:
 ---
+# Solutions and use cases [introduction]
 
+Elastic offers three major search-powered solutions: {{es}}, {{observability}}, and {{elastic-sec}}— all built on an open source, extensible platform.
+Whether you're building a search experience, monitoring your infrastructure, or securing your environment, this topic helps you understand what each Elastic solution offers—and how to choose the right one for your business needs.
+
+| Your need | Recommended solution | Best for |
+|-----------|-------------------|----------|
+| Build powerful, scalable searches to quickly search, analyze, and visualize large amounts of data for real-time insights  | [{{es}}](#search-overview) | Developers, architects, data engineers |
+| Observe and monitor system health and performance or send telemetry data | [Elastic {{observability}}](#observability-overview) | DevOps, SREs, IT operations |
+| Monitor data for anomalous activity, detect, prevent, and respond to security incidents | [{{elastic-sec}}](#security-overview) | SOC teams, security analysts, IT security admins |
+
+:::{tip}
+Check out our [customer success stories](https://www.elastic.co/customers/success-stories) to learn how various organizations utilize our products for their specific business needs.
+:::
+
+Each of our solutions is available as a fully managed {{serverless-short}} project or a self-managed deployment. Refer to [deployment options](../get-started/deployment-options.md) to learn about these options. 
+
+## {{es}} [search-overview]
+
+{{es-serverless}} projects and the {{es}} solution combine the core {{es}} data store, search engine, and vector database technologies with specialized user interfaces and tools, giving you the building blocks to create, deploy, and run your own search applications.
+
+<!--
+### {{es}} use cases [search-use-cases]
+-->
+For an overview of search use cases, including full-text, geospatial, semantic, and vector search, and retrieval augmented generation (RAG), go to [](/solutions/search.md).
+To try out some simple search use cases, go to [](/solutions/search/get-started/quickstarts.md).
+<!--
+### {{es}} core concepts [search-concepts]
+-->
+For an introduction to core {{es}} concepts such as indices, documents, and mappings, refer to [](/manage-data/data-store.md).
+To dive more deeply into the building blocks of an {{es}} cluster, including nodes, shards, primaries, and replicas, refer to [](/deploy-manage/distributed-architecture.md).
+
+<!--
+The following concepts are not unique to this solution.
+ ::::{dropdown} Concepts
+
+The following concepts relate to core {{es}} features and thus apply to all solutions:
+
+* **Index:** A collection of documents with similar characteristics that are uniquely identified by a name or an alias. The name is used to target the index in search queries and other operations.
+* **Document:** Any structured data encoded in JSON. {{es}} organizes and stores data into documents.
+* **Field:** The smallest individual unit of data within a document. It represents a specific property or attribute of the data you're indexing (for example, title, author, date, or summary). Fields are critical for indexing, as they determine how data is analyzed and stored to enable efficient searching.
+* **Mapping:** The process that defines how a document and its fields are stored and indexed.
+* **Client:** Software or an application that facilitates communication and interaction with an {{es}} cluster. It enables applications written in various programming languages to send requests to {{es}}, process the response, and then push that data into the cluster.
+* **Primary shard:** A self-contained Lucene index that contains some or all data for an index. Shards allow {{es}} to scale horizontally by splitting an index's data into smaller, manageable partitions, improving performance. Each document in an index belongs to one primary shard.
+* **Replica:** A copy of a primary shard. Replicas maintain redundant copies of your data across the nodes in your cluster. This protects against hardware failure and increases capacity to serve read requests like searching or retrieving a document.
+* **Node:** A single running instance of the {{es}} server. 
+* **Cluster:** A collection of one or more nodes that holds all your data and provides indexing and search capabilities across all nodes. {{es}} clusters feature primary and replica shards to provide failover in the case of a node going down. When a primary shard goes down, the replica takes its place.
+  :::{note}
+  If you're using an {{es-serverless}} project, you don't have to worry about shards, nodes, or clusters. Elastic manages these for you.
+  :::
+ ::::
+-->
+
+## Elastic {{observability}} 
+
+### {{observability}} overview [observability-overview]
+
+Elastic {{observability}} provides unified observability across applications and infrastructure. It combines logs, metrics, application traces, user experience data, and more into a single, integrated platform. This consolidation allows for powerful, cross-referenced analysis, enabling teams to move from detecting issues to understanding their root causes with speed and efficiency. By leveraging the search and analytics capabilities of {{es}}, it offers a holistic view of system behavior.
+
+Elastic {{observability}} embraces open standards like OpenTelemetry for flexible data collection, and offers scalable, cost-efficient data retention with tiered storage.
+
+### {{observability}} use cases [observability-use-cases]
+
+Apply {{observability}} to various scenarios to improve operational awareness and system reliability. 
+:::{dropdown} Use cases
+* **Log Monitoring and Analytics:** Centralize and analyze petabytes of log data from any source. This enables quick searching, ad-hoc queries with ES|QL, and visualization with prebuilt dashboards to diagnose issues.
+* **Application Performance Monitoring (APM):** Gain code-level visibility into application performance. By collecting and analyzing traces with native OTel support, teams can identify bottlenecks, track errors, and optimize the end-user experience.
+* **Infrastructure Monitoring:** Monitor metrics from servers, virtual machines, containers, and serverless environments with over 400 out-of-the-box integrations, including OpenTelemetry. This provides deep insights into resource utilization and overall system health.
+* **Digital Experience Monitoring:**
+  * **Real User Monitoring (RUM):** Capture and analyze data on how real users interact with web applications to improve perceived performance.
+  * **Synthetic Monitoring:** Proactively simulate user journeys and API calls to test application availability and functionality.
+  * **Uptime Monitoring:** Continuously check the status of services and applications to ensure they are available.
+* **Universal Profiling:** Gain visibility into system performance and identify expensive lines of code without application instrumentation, helping to increase CPU efficiency and reduce cloud spend.
+* **LLM Observability:** Gain deep insights into the performance, usage, and costs of Large Language Model (LLM) prompts and responses.
+* **Incident Response and Management:** Facilitate the investigation of operational incidents by correlating data from multiple sources, which accelerates root cause analysis and resolution.
+:::
+
+### {{observability}} core concepts [observability-concepts]
+At the heart of Elastic {{observability}} are several key concepts that enable its capabilities. 
+
+:::{dropdown} Concepts
+* The three pillars of {{observability}} are: 
+  * **Logs:** Timestamped records of events that provide detailed, contextual information.
+  * **Metrics:** Numerical measurements of system performance and health over time.
+  * **Traces:** A representation of the end-to-end journey of a request as it travels through a distributed system.
+* **OpenTelemetry:** {{Observability}} offers first-class, production-grade support for OpenTelemetry. This allows organizations to use vendor-neutral instrumentation and stream native OTel data without proprietary agents, leveraging the Elastic Distribution of OpenTelemetry (EDOT).
+* **AIOps and AI Assistant:** Leverages predictive analytics and an LLM-powered AI Assistant to reduce the time required to detect, investigate, and resolve incidents. This includes zero-config anomaly detection, pattern analysis, and the ability to surface correlations and root causes.
+* **Alerting and Cases:** A built-in feature for creating rules to detect complex conditions and trigger actions. It allows teams to stay aware of potential issues and use Cases to track investigation details, assign tasks, and collaborate on resolutions.
+* **Service Level Objectives (SLOs):** A framework for defining and monitoring the reliability of a service. Elastic Observability allows for creating and tracking SLOs to ensure that performance targets are being met.
+:::
+
+## {{elastic-sec}}
+
+### Security overview [security-overview]
+
+{{elastic-sec}} is a unified security solution that integrates SIEM (Security Information and Event Management), endpoint security, and cloud security into a single platform so you can detect, prevent, and respond to cyber threats across your entire environment in near real time. Elastic Security leverages {{es}}'s powerful platform for its searching and analytic capabilities, and {{kib}} for its visualization features. By combining prevention, detection, and response capabilities, {{elastic-sec}} helps your organization reduce the risk of successful attacks. 
+
+Install {{elastic-sec}} on one of our Elastic-managed Cloud deployments or your own self-managed infrastructure.  
+
+### Security use cases [security-use-cases]
+
+Use {{elastic-sec}} for numerous security needs to ensure your systems are protected from the latest threats.
+
+:::{dropdown} Use cases
+* **SIEM:** {{elastic-sec}} is a modern SIEM that provides a centralized platform for ingesting, analyzing, and managing security data from various sources. 
+* **Third-party integration support:** Ingest data from a variety of tools and data sources so you can centralize your security data.
+* **Threat detection and analytics:** Identify unknown threats by enabling prebuilt or custom detection rules, automatically detect anomalous activity with built-in machine learning jobs, or proactively search for threats using our powerful threat hunting and interactive visualization tools. 
+* **Automatic migration:** Migrate SIEM rules from other platforms to {{elastic-sec}}. 
+* **Endpoint protection and threat prevention:** Automatically stop cybersecurity attacks—such as malware and ransomware—before damage and loss can occur.
+* **AI-powered features:** Elastic Security leverages generative AI to help enhance threat detection, assist with incident response, and day-to-day security operations. For example, the AI Assistant can summarize alerts, identify relevant information, suggest investigation steps, and generate complex queries from natural language input.
+* **Custom dashboards and visualizations:** Create custom dashboards and visualizations to gain insights into security events.
+* **Cloud Security:** {{elastic-sec}} provides the following cloud features:
+  * **Cloud Security Posture Management (CSPM) and Kubernetes Security Posture Management (KSPM):** Check cloud service configurations against security benchmarks to identify and resolve misconfigurations that can be exploited.
+  * **Cloud Workload Protection:** Get visibility and runtime protection for cloud workloads.
+  * **Vulnerability Management:** Uncover vulnerabilities within your cloud infrastructure.
+:::
+
+### Security core concepts [security-concepts]
+
+Before diving into setup and configuration, familiarize yourself with the foundational terms and core concepts that power {{elastic-sec}}. 
+
+:::{dropdown} Concepts 
+
+* **{{agent}}:** A single, unified way to add monitoring for logs, metrics, and other types of data to a host. Elastic Agent can also protect hosts from security threats, query data from operating systems, and forward data from remote services or hardware. 
+* **{{elastic-defend}}:** {{elastic-sec}}'s Endpoint Detection and Response (EDR) tool that protects endpoints from malicious activity. {{elastic-defend}} uses a combination of techniques like machine learning, behavioral analysis, and prebuilt rules to detect, prevent, and respond to threats in real-time.
+* **{{elastic-endpoint}}:** The installed component that performs {{elastic-defend}}'s threat monitoring and prevention capabilities. 
+* **Detection engine:** The framework that detects threats by using rules to search for suspicious events in data sources and generating alerts when those rules meet the defined criteria.  
+* **Detection rules:** Sets of conditions that identify potential threats and malicious activities. Rules analyze various data sources, including logs and network traffic, to detect anomalies, suspicious behaviors, or known attack patterns. {{elastic-sec}} ships out-of-the-box prebuilt rules, or you can create your own custom rules. 
+* **Alerts:** A notification that's generated when a rule’s criteria are met. You can then investigate an alert to dive into deeper details.  
+* **Machine learning and anomaly detection:** Anomaly detection jobs identify anomalous events or patterns in your data. Use these with machine learning detection rules to generate alerts when behavior deviates from normal activity.
+* **Entity analytics:** A threat detection feature that combines the power of Elastic’s detection engine and machine learning capabilities to identify unusual user behaviors across hosts, users, and services. Entity analytics uses a risk scoring engine to calculate a risk score, which is evaluated at a recurring interval. 
+* **Cases:** A tool that allows you to collect and share information about security issues. Opening a case lets you track key investigation details and collect alerts in a central location. You can also send cases to external systems.
+* **Timeline:** A threat hunting tool that allows you to investigate security events so you can gather and analyze data related to alerts or suspicious activity. You can add events to Timeline from various sources, build custom queries, and import/export a Timeline to collaborate and share. 
+* **Security posture management:** Includes two Cloud Security features–Cloud Security Posture Management (CSPM) and Kubernetes Security Posture Management (KSPM)–that help you evaluate the services and resources in your cloud environment, such as storage, compute, IAM, and more—against security guidelines defined by the Center for Internet Security (CIS). These features help you identify and remediate configuration risks in your environment. 
+* **AI Assistant:** A generative AI-powered tool that helps with tasks like alert investigation, incident response, and query generation. It utilizes natural language processing and knowledge retrieval to provide context-aware assistance, summarize threats, suggest next steps, and automate workflows. Use AI Assistant to better understand and respond to security incidents.
+:::
+
+<!--TBD: Call out how solutions map to Serverless project types? -->
+<!-- Content moved from the-stack.md
+## Get data into Elasticsearch
+
+When building custom search experiences or indexing general data, you have several direct and flexible ingestion options:
+
+* **Native APIs and language clients:** Index any JSON document directly using the {{es}} REST API or the official clients for languages like Python, Java, Go, and more.  
+* **Web crawler:** Ingest content from public or private websites to make them searchable.  
+* **Enterprise connectors:** Use pre-built connectors to sync data from external content sources like SharePoint, Confluence, Jira, and databases like MongoDB or PostgreSQL into {{es}}.
+
+## Get data into Elastic Observability
+
+For full-stack observability, ingest logs, metrics, traces, and profiles using these OpenTelemetry-native methods:
+
+* **{{edot}}:** Use Elastic's supported OpenTelemetry SDKs for custom application instrumentation and the Collector for vendor-neutral infrastructure telemetry.  
+* **{{agent}}:** A single agent to collect infrastructure logs and metrics from hosts, containers, and cloud services using pre-built integrations.  
+* **APM Agents:** Provide streamlined, out-of-the-box auto-instrumentation of your applications to capture detailed traces and performance metrics.  
+* **{{ls}} and {{beats}}:** Leverage these battle-tested tools for advanced log processing pipelines (Logstash) and lightweight data shipping (Beats).
+
+## Get data into Elastic Security
+
+**{{agent}}** is the core ingestion method for security data. As a single, unified agent, it's purpose-built to collect the rich data needed for modern threat detection and response, including:
+
+* **Endpoint Security:** Collects detailed event data for threat prevention, detection (EDR), and response directly from your endpoints.  
+* **System & Audit Logs:** Gathers security-relevant logs and audit trails from hosts across your environment.  
+* **Network Activity:** Captures network data to help detect intrusions and suspicious behavior.
+
+Fleets of Elastic Agents are managed centrally, simplifying deployment and policy enforcement across thousands of hosts.
+-->
+<!-- Existing content from introduction.md
 # Use cases [introduction]
-$$$what-is-kib$$$
-$$$what-is-es$$$
 
 The {{stack}} is used for a wide and growing range of use cases. Here are a few examples:
 
@@ -41,9 +208,10 @@ The {{stack}} is used for a wide and growing range of use cases. Here are a few
 [**Get started with {{elastic-sec}} →**](../solutions/security/get-started.md)
 
 This is just a sample of search, observability, and security use cases enabled by {{ecloud}}. Refer to Elastic [customer success stories](https://www.elastic.co/customers/success-stories) for concrete examples across a range of industries.
-
+-->
 % TODO: cleanup these links, consolidate with Explore and analyze
-
+$$$what-is-kib$$$
+$$$what-is-es$$$
 $$$visualize-and-analyze$$$
 $$$extend-your-use-case$$$
 $$$_manage_your_data$$$
diff --git a/get-started/the-stack.md b/get-started/the-stack.md
index 842dfc7402..77b9ae93d1 100644
--- a/get-started/the-stack.md
+++ b/get-started/the-stack.md
@@ -8,6 +8,8 @@ mapped_pages:
 products:
   - id: elastic-stack
   - id: kibana
+applies_to:
+  stack:
 ---
 
 # The {{stack}}
diff --git a/get-started/versioning-availability.md b/get-started/versioning-availability.md
index 6afc51de38..bb4724a3c9 100644
--- a/get-started/versioning-availability.md
+++ b/get-started/versioning-availability.md
@@ -2,20 +2,24 @@
 navigation_title: Versioning and availability
 mapped_pages:
   - https://www.elastic.co/guide/en/starting-with-the-elasticsearch-platform-and-its-solutions/current/introducing-elastic-documentation.html
+applies_to:
+  serverless:
+  stack:
 products:
   - id: elastic-stack
 description: Learn how Elastic handles versioning and feature availability in the docs. Find the product versions that are supported, how to read availability badges, and...
 ---
 
-# Versioning and availability in Elastic Docs
+# Versioning and availability
 
-Learn how Elastic Docs handles versioning, feature availability, and how to find the right documentation for your deployment type and product version. Find answers to common questions about the Elastic Stack versioning and confidently navigate our continuously updated documentation.
+Learn how Elastic products are versioned, the lifecycle of features, and how to find the right documentation for your deployment type and product version. Find answers to common questions about the versioning and confidently navigate our continuously updated documentation.
 
-## Frequently asked questions
+## Understanding versioning
 
-### Where can I find documentation for the latest version of the {{stack}}?
+Many components of the [{{stack}}](/get-started/the-stack.md) (such as {{es}} and {{kib}}) share the same versioning pattern.
+In the documentation, this group of components is typically referred to as the {{stack}}.
 
-You’re in the right place! All documentation for Elastic Stack 9.0.0 and later is available at [elastic.co/docs](https://www.elastic.co/docs), including the latest {{version.stack| M.M}} version and any future versions in the 9.x series.
+Orchestrators such as {{ece}} and {{eck}}, and other tools such as code clients and SDKs, are versioned independently of the {{stack}}. The {{ecloud}} console and {{serverless-short}} projects are always automatically updated with the latest changes.
 
 Need docs for an earlier version? Go to [elastic.co/guide](https://www.elastic.co/guide).
 
@@ -91,45 +95,47 @@ To make sure you're always viewing the most up-to-date and relevant documentatio
 
 ## Understanding {{stack}} versioning
 
-{{stack}} uses semantic versioning in the `X.Y.Z` format, such as `9.0.0`.
+The components of the {{stack}} typically use semantic versioning in the `X.Y.Z` format, such as `9.0.0`.
 
 | Version | Description |
-|-------|-------------|
-| **Major (X)** | Indicates significant changes, such as new features, breaking changes, and major enhancements. Upgrading to a new major version may require changes to your existing setup and configurations. |
-| **Minor (Y)** | Introduces new features and improvements, while maintaining backward compatibility with the previous minor versions within the same major version. Upgrading to a new minor version should not require any changes to your existing setup. |
-| **Patch (Z)** | Contains bug fixes and security updates, without introducing new features or breaking changes. Upgrading to a new patch version should be seamless and not require any changes to your existing setup. |
+| ----- | ----- |
+| Major (X) | Indicates significant changes, such as new features, breaking changes, and major enhancements. Upgrading to a new major version may require changes to your existing setup and configurations. |
+| Minor (Y) | Introduces new features and improvements, while maintaining backward compatibility with the previous minor versions within the same major version. Upgrading to a new minor version should not require any changes to your existing setup. |
+| Patch (Z) | Contains bug fixes and security updates, without introducing new features or breaking changes. Upgrading to a new patch version should be seamless and not require any changes to your existing setup. |
 
-Understanding {{stack}} versioning is essential for [upgrade planning](/deploy-manage/upgrade.md) and ensuring compatibility.
+Understanding versioning is essential for [upgrade planning](/deploy-manage/upgrade.md) and ensuring compatibility, particularly in the self-managed [deployment option](/get-started/deployment-options.md).
 
 ## Availability of features
 
-The features available to you can differ based on deployment type, product lifecycle stage, and specific version.
+Available features can differ based on deployment type, product lifecycle stage, and specific version.
 
 ### Feature availability factors
 
 | Factor | Description |
-|-------|-------------|
-| **Deployment type** | The environment where the feature is available, for example, {{stack}}, {{serverless-full}}, {{ece}} (ECE), {{eck}} (ECK) |
-| **Lifecycle state** | The development or support status of the feature, for example, GA and Beta |
-| **Version** | The specific version the lifecycle state applies to |
+| ----- | ----- |
+| Deployment type | The environment where the feature is available, for example, self-managed, {{serverless-full}}, {{ece}}, {{eck}} |
+| Lifecycle state | The development or support status of the feature, for example, GA, Technical preview, Beta |
+| Version | The specific version the lifecycle state applies to |
 
 ### Lifecycle states
 
 | Lifecycle state | Description |
-|-------|-------------|
-| **Generally Available (GA)** | Production-ready feature. When unspecified, GA is the default |
-| **Beta** | Feature is nearing general availability but not yet production-ready |
-| **Technical preview** | Feature is in early development stage |
-| **Unavailable** | Feature is not supported in this deployment type or version |
+| ----- | ----- |
+| Technical preview | Feature is in early development stage |
+| Beta | Feature is nearing general availability, but not yet production ready |
+| Generally Available (GA) | Production-ready feature. When unspecified, GA is the default |
+| Deprecated | Feature is still usable, but is planned to be removed or replaced in a future update |
+| Removed | Feature can no longer be used |
+| Unavailable | Feature is unsupported in this deployment type or version |
 
 ### Examples of where availability can vary
 
 | Category | Example |
-|-------|-------------|
-| **Elastic Stack versions** | [Elastic Stack](the-stack.md) version 9.0.0 and later, including 9.1.0 |
-| **Deployment types** | [Elastic Cloud Serverless](/deploy-manage/deploy/elastic-cloud/serverless.md), [Elastic Cloud Hosted](/deploy-manage/deploy/elastic-cloud/cloud-hosted.md), [Elastic Cloud Enterprise (ECE)](/deploy-manage/deploy/cloud-enterprise.md), [Elastic Cloud on Kubernetes (ECK)](/deploy-manage/deploy/cloud-on-k8s.md), and [Self-managed deployments](/deploy-manage/deploy/self-managed.md) |
-| **Deployment versions** | [Elastic Cloud Enterprise (ECE)](/deploy-manage/deploy/cloud-enterprise.md) 4.0.0 and later, [Elastic Cloud on Kubernetes (ECK)](/deploy-manage/deploy/cloud-on-k8s.md) 3.0.0 and later |
-| **Serverless project types** | {{es}}, {{observability}}, and {{elastic-sec}}
+| ----- | ----- |
+| {{stack}} versions | [{{stack}}](/get-started/the-stack.md) version 9.0.0 and later, including 9.1.0 |
+| Deployment types | [{{serverless-full}}](/deploy-manage/deploy/elastic-cloud/serverless.md), [{{ech}}](/deploy-manage/deploy/elastic-cloud/cloud-hosted.md), [{{ece}}](/deploy-manage/deploy/cloud-enterprise.md), [{{eck}}](/deploy-manage/deploy/cloud-on-k8s.md), and [Self-managed deployments](/deploy-manage/deploy/self-managed.md) |
+| Orchestrator versions | [{{ece}}](/deploy-manage/deploy/cloud-enterprise.md) 4.0.0 and later, [{{eck}}](/deploy-manage/deploy/cloud-on-k8s.md) 3.0.0 and later |
+| Serverless project types | {{es}}, Elastic {{observability}}, and {{elastic-sec}} |
 
 ## Find docs for your product version
 
@@ -207,10 +213,3 @@ Find the documentation for your Elastic product versions or releases.
 | [Elastic APM AWS Lambda extension](apm-aws-lambda://release-notes/release-notes.md) | 1.0.0 and later |
 | [Elastic APM Attacher for Kubernetes](apm-k8s-attacher://reference/index.md) | 1.1.3 |
 
-
-
-
-
-
-
-

From 0cdb85119b5bf3cb84f7f84fb830e15efb1db4d4 Mon Sep 17 00:00:00 2001
From: lcawl <lcawley@elastic.co>
Date: Wed, 17 Sep 2025 16:53:15 -0700
Subject: [PATCH 02/11] Reset more files

---
 get-started/the-stack.md               |  2 -
 get-started/versioning-availability.md | 65 +++++++++++++-------------
 2 files changed, 33 insertions(+), 34 deletions(-)

diff --git a/get-started/the-stack.md b/get-started/the-stack.md
index 77b9ae93d1..842dfc7402 100644
--- a/get-started/the-stack.md
+++ b/get-started/the-stack.md
@@ -8,8 +8,6 @@ mapped_pages:
 products:
   - id: elastic-stack
   - id: kibana
-applies_to:
-  stack:
 ---
 
 # The {{stack}}
diff --git a/get-started/versioning-availability.md b/get-started/versioning-availability.md
index bb4724a3c9..6afc51de38 100644
--- a/get-started/versioning-availability.md
+++ b/get-started/versioning-availability.md
@@ -2,24 +2,20 @@
 navigation_title: Versioning and availability
 mapped_pages:
   - https://www.elastic.co/guide/en/starting-with-the-elasticsearch-platform-and-its-solutions/current/introducing-elastic-documentation.html
-applies_to:
-  serverless:
-  stack:
 products:
   - id: elastic-stack
 description: Learn how Elastic handles versioning and feature availability in the docs. Find the product versions that are supported, how to read availability badges, and...
 ---
 
-# Versioning and availability
+# Versioning and availability in Elastic Docs
 
-Learn how Elastic products are versioned, the lifecycle of features, and how to find the right documentation for your deployment type and product version. Find answers to common questions about the versioning and confidently navigate our continuously updated documentation.
+Learn how Elastic Docs handles versioning, feature availability, and how to find the right documentation for your deployment type and product version. Find answers to common questions about the Elastic Stack versioning and confidently navigate our continuously updated documentation.
 
-## Understanding versioning
+## Frequently asked questions
 
-Many components of the [{{stack}}](/get-started/the-stack.md) (such as {{es}} and {{kib}}) share the same versioning pattern.
-In the documentation, this group of components is typically referred to as the {{stack}}.
+### Where can I find documentation for the latest version of the {{stack}}?
 
-Orchestrators such as {{ece}} and {{eck}}, and other tools such as code clients and SDKs, are versioned independently of the {{stack}}. The {{ecloud}} console and {{serverless-short}} projects are always automatically updated with the latest changes.
+You’re in the right place! All documentation for Elastic Stack 9.0.0 and later is available at [elastic.co/docs](https://www.elastic.co/docs), including the latest {{version.stack| M.M}} version and any future versions in the 9.x series.
 
 Need docs for an earlier version? Go to [elastic.co/guide](https://www.elastic.co/guide).
 
@@ -95,47 +91,45 @@ To make sure you're always viewing the most up-to-date and relevant documentatio
 
 ## Understanding {{stack}} versioning
 
-The components of the {{stack}} typically use semantic versioning in the `X.Y.Z` format, such as `9.0.0`.
+{{stack}} uses semantic versioning in the `X.Y.Z` format, such as `9.0.0`.
 
 | Version | Description |
-| ----- | ----- |
-| Major (X) | Indicates significant changes, such as new features, breaking changes, and major enhancements. Upgrading to a new major version may require changes to your existing setup and configurations. |
-| Minor (Y) | Introduces new features and improvements, while maintaining backward compatibility with the previous minor versions within the same major version. Upgrading to a new minor version should not require any changes to your existing setup. |
-| Patch (Z) | Contains bug fixes and security updates, without introducing new features or breaking changes. Upgrading to a new patch version should be seamless and not require any changes to your existing setup. |
+|-------|-------------|
+| **Major (X)** | Indicates significant changes, such as new features, breaking changes, and major enhancements. Upgrading to a new major version may require changes to your existing setup and configurations. |
+| **Minor (Y)** | Introduces new features and improvements, while maintaining backward compatibility with the previous minor versions within the same major version. Upgrading to a new minor version should not require any changes to your existing setup. |
+| **Patch (Z)** | Contains bug fixes and security updates, without introducing new features or breaking changes. Upgrading to a new patch version should be seamless and not require any changes to your existing setup. |
 
-Understanding versioning is essential for [upgrade planning](/deploy-manage/upgrade.md) and ensuring compatibility, particularly in the self-managed [deployment option](/get-started/deployment-options.md).
+Understanding {{stack}} versioning is essential for [upgrade planning](/deploy-manage/upgrade.md) and ensuring compatibility.
 
 ## Availability of features
 
-Available features can differ based on deployment type, product lifecycle stage, and specific version.
+The features available to you can differ based on deployment type, product lifecycle stage, and specific version.
 
 ### Feature availability factors
 
 | Factor | Description |
-| ----- | ----- |
-| Deployment type | The environment where the feature is available, for example, self-managed, {{serverless-full}}, {{ece}}, {{eck}} |
-| Lifecycle state | The development or support status of the feature, for example, GA, Technical preview, Beta |
-| Version | The specific version the lifecycle state applies to |
+|-------|-------------|
+| **Deployment type** | The environment where the feature is available, for example, {{stack}}, {{serverless-full}}, {{ece}} (ECE), {{eck}} (ECK) |
+| **Lifecycle state** | The development or support status of the feature, for example, GA and Beta |
+| **Version** | The specific version the lifecycle state applies to |
 
 ### Lifecycle states
 
 | Lifecycle state | Description |
-| ----- | ----- |
-| Technical preview | Feature is in early development stage |
-| Beta | Feature is nearing general availability, but not yet production ready |
-| Generally Available (GA) | Production-ready feature. When unspecified, GA is the default |
-| Deprecated | Feature is still usable, but is planned to be removed or replaced in a future update |
-| Removed | Feature can no longer be used |
-| Unavailable | Feature is unsupported in this deployment type or version |
+|-------|-------------|
+| **Generally Available (GA)** | Production-ready feature. When unspecified, GA is the default |
+| **Beta** | Feature is nearing general availability but not yet production-ready |
+| **Technical preview** | Feature is in early development stage |
+| **Unavailable** | Feature is not supported in this deployment type or version |
 
 ### Examples of where availability can vary
 
 | Category | Example |
-| ----- | ----- |
-| {{stack}} versions | [{{stack}}](/get-started/the-stack.md) version 9.0.0 and later, including 9.1.0 |
-| Deployment types | [{{serverless-full}}](/deploy-manage/deploy/elastic-cloud/serverless.md), [{{ech}}](/deploy-manage/deploy/elastic-cloud/cloud-hosted.md), [{{ece}}](/deploy-manage/deploy/cloud-enterprise.md), [{{eck}}](/deploy-manage/deploy/cloud-on-k8s.md), and [Self-managed deployments](/deploy-manage/deploy/self-managed.md) |
-| Orchestrator versions | [{{ece}}](/deploy-manage/deploy/cloud-enterprise.md) 4.0.0 and later, [{{eck}}](/deploy-manage/deploy/cloud-on-k8s.md) 3.0.0 and later |
-| Serverless project types | {{es}}, Elastic {{observability}}, and {{elastic-sec}} |
+|-------|-------------|
+| **Elastic Stack versions** | [Elastic Stack](the-stack.md) version 9.0.0 and later, including 9.1.0 |
+| **Deployment types** | [Elastic Cloud Serverless](/deploy-manage/deploy/elastic-cloud/serverless.md), [Elastic Cloud Hosted](/deploy-manage/deploy/elastic-cloud/cloud-hosted.md), [Elastic Cloud Enterprise (ECE)](/deploy-manage/deploy/cloud-enterprise.md), [Elastic Cloud on Kubernetes (ECK)](/deploy-manage/deploy/cloud-on-k8s.md), and [Self-managed deployments](/deploy-manage/deploy/self-managed.md) |
+| **Deployment versions** | [Elastic Cloud Enterprise (ECE)](/deploy-manage/deploy/cloud-enterprise.md) 4.0.0 and later, [Elastic Cloud on Kubernetes (ECK)](/deploy-manage/deploy/cloud-on-k8s.md) 3.0.0 and later |
+| **Serverless project types** | {{es}}, {{observability}}, and {{elastic-sec}}
 
 ## Find docs for your product version
 
@@ -213,3 +207,10 @@ Find the documentation for your Elastic product versions or releases.
 | [Elastic APM AWS Lambda extension](apm-aws-lambda://release-notes/release-notes.md) | 1.0.0 and later |
 | [Elastic APM Attacher for Kubernetes](apm-k8s-attacher://reference/index.md) | 1.1.3 |
 
+
+
+
+
+
+
+

From 5fdb60e8dfb08af8aee6838c0ea1081c062722db Mon Sep 17 00:00:00 2001
From: Janeen Roberts <janeen.roberts@elastic.co>
Date: Wed, 24 Sep 2025 10:44:02 -0400
Subject: [PATCH 03/11] Update introduction.md

---
 get-started/introduction.md | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/get-started/introduction.md b/get-started/introduction.md
index c46ed53388..5d29dc309e 100644
--- a/get-started/introduction.md
+++ b/get-started/introduction.md
@@ -9,13 +9,13 @@ applies_to:
 ---
 # Solutions and use cases [introduction]
 
-Elastic offers three major search-powered solutions: {{es}}, {{observability}}, and {{elastic-sec}}— all built on an open source, extensible platform.
+Elastic offers three major search-powered solutions: {{es}}, {{observability}}, and {{elastic-sec}}—all built on an open source, extensible platform.
 Whether you're building a search experience, monitoring your infrastructure, or securing your environment, this topic helps you understand what each Elastic solution offers—and how to choose the right one for your business needs.
 
 | Your need | Recommended solution | Best for |
 |-----------|-------------------|----------|
 | Build powerful, scalable searches to quickly search, analyze, and visualize large amounts of data for real-time insights  | [{{es}}](#search-overview) | Developers, architects, data engineers |
-| Observe and monitor system health and performance or send telemetry data | [Elastic {{observability}}](#observability-overview) | DevOps, SREs, IT operations |
+| Observe and monitor system health and performance, or send telemetry data | [Elastic {{observability}}](#observability-overview) | DevOps, SREs, IT operations |
 | Monitor data for anomalous activity, detect, prevent, and respond to security incidents | [{{elastic-sec}}](#security-overview) | SOC teams, security analysts, IT security admins |
 
 :::{tip}
@@ -31,7 +31,7 @@ Each of our solutions is available as a fully managed {{serverless-short}} proje
 <!--
 ### {{es}} use cases [search-use-cases]
 -->
-For an overview of search use cases, including full-text, geospatial, semantic, and vector search, and retrieval augmented generation (RAG), go to [](/solutions/search.md).
+For an overview of search use cases, including full-text, geospatial, semantic, and vector search, as well as retrieval augmented generation (RAG), go to [](/solutions/search.md).
 To try out some simple search use cases, go to [](/solutions/search/get-started/quickstarts.md).
 <!--
 ### {{es}} core concepts [search-concepts]
@@ -89,13 +89,13 @@ At the heart of Elastic {{observability}} are several key concepts that enable i
 
 :::{dropdown} Concepts
 * The three pillars of {{observability}} are: 
-  * **Logs:** Timestamped records of events that provide detailed, contextual information.
+  * [**Logs:**](/solutions/observability/logs) Timestamped records of events that provide detailed, contextual information.
   * **Metrics:** Numerical measurements of system performance and health over time.
   * **Traces:** A representation of the end-to-end journey of a request as it travels through a distributed system.
 * **OpenTelemetry:** {{Observability}} offers first-class, production-grade support for OpenTelemetry. This allows organizations to use vendor-neutral instrumentation and stream native OTel data without proprietary agents, leveraging the Elastic Distribution of OpenTelemetry (EDOT).
-* **AIOps and AI Assistant:** Leverages predictive analytics and an LLM-powered AI Assistant to reduce the time required to detect, investigate, and resolve incidents. This includes zero-config anomaly detection, pattern analysis, and the ability to surface correlations and root causes.
-* **Alerting and Cases:** A built-in feature for creating rules to detect complex conditions and trigger actions. It allows teams to stay aware of potential issues and use Cases to track investigation details, assign tasks, and collaborate on resolutions.
-* **Service Level Objectives (SLOs):** A framework for defining and monitoring the reliability of a service. Elastic Observability allows for creating and tracking SLOs to ensure that performance targets are being met.
+* [**AIOps and AI Assistant:**](/solutions/observability/observability-ai-assistant) Leverages predictive analytics and an LLM-powered AI Assistant to reduce the time required to detect, investigate, and resolve incidents. This includes zero-config anomaly detection, pattern analysis, and the ability to surface correlations and root causes.
+* **[Alerting](/solutions/observability/incident-management/alerting) and [Cases](/solutions/observability/incident-management/cases):** A built-in feature for creating rules to detect complex conditions and trigger actions. It allows teams to stay aware of potential issues and use cases to track investigation details, assign tasks, and collaborate on resolutions.
+* [**Service Level Objectives (SLOs):**](/solutions/observability/incident-management/service-level-objectives-slos) A framework for defining and monitoring the reliability of a service. Elastic {{observability}} allows for creating and tracking SLOs to ensure that performance targets are being met.
 :::
 
 ## {{elastic-sec}}
@@ -108,11 +108,11 @@ Install {{elastic-sec}} on one of our Elastic-managed Cloud deployments or your
 
 ### Security use cases [security-use-cases]
 
-Use {{elastic-sec}} for numerous security needs to ensure your systems are protected from the latest threats.
+Use {{elastic-sec}} to protect your systems from the latest threats.
 
 :::{dropdown} Use cases
 * **SIEM:** {{elastic-sec}} is a modern SIEM that provides a centralized platform for ingesting, analyzing, and managing security data from various sources. 
-* **Third-party integration support:** Ingest data from a variety of tools and data sources so you can centralize your security data.
+* **Third-party integration support:** Ingest data from a various tools and data sources so you can centralize your security data.
 * **Threat detection and analytics:** Identify unknown threats by enabling prebuilt or custom detection rules, automatically detect anomalous activity with built-in machine learning jobs, or proactively search for threats using our powerful threat hunting and interactive visualization tools. 
 * **Automatic migration:** Migrate SIEM rules from other platforms to {{elastic-sec}}. 
 * **Endpoint protection and threat prevention:** Automatically stop cybersecurity attacks—such as malware and ransomware—before damage and loss can occur.

From c8d2068ae3ac6c43eeecbb4fc6ace57b8c2532d6 Mon Sep 17 00:00:00 2001
From: Fabrizio Ferri-Benedetti <fabri.ferribenedetti@elastic.co>
Date: Thu, 25 Sep 2025 19:17:15 +0200
Subject: [PATCH 04/11] Add links for Obs

Add links for Obs
---
 get-started/introduction.md | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/get-started/introduction.md b/get-started/introduction.md
index 5d29dc309e..eec1c2e54d 100644
--- a/get-started/introduction.md
+++ b/get-started/introduction.md
@@ -89,13 +89,13 @@ At the heart of Elastic {{observability}} are several key concepts that enable i
 
 :::{dropdown} Concepts
 * The three pillars of {{observability}} are: 
-  * [**Logs:**](/solutions/observability/logs) Timestamped records of events that provide detailed, contextual information.
-  * **Metrics:** Numerical measurements of system performance and health over time.
-  * **Traces:** A representation of the end-to-end journey of a request as it travels through a distributed system.
-* **OpenTelemetry:** {{Observability}} offers first-class, production-grade support for OpenTelemetry. This allows organizations to use vendor-neutral instrumentation and stream native OTel data without proprietary agents, leveraging the Elastic Distribution of OpenTelemetry (EDOT).
-* [**AIOps and AI Assistant:**](/solutions/observability/observability-ai-assistant) Leverages predictive analytics and an LLM-powered AI Assistant to reduce the time required to detect, investigate, and resolve incidents. This includes zero-config anomaly detection, pattern analysis, and the ability to surface correlations and root causes.
-* **[Alerting](/solutions/observability/incident-management/alerting) and [Cases](/solutions/observability/incident-management/cases):** A built-in feature for creating rules to detect complex conditions and trigger actions. It allows teams to stay aware of potential issues and use cases to track investigation details, assign tasks, and collaborate on resolutions.
-* [**Service Level Objectives (SLOs):**](/solutions/observability/incident-management/service-level-objectives-slos) A framework for defining and monitoring the reliability of a service. Elastic {{observability}} allows for creating and tracking SLOs to ensure that performance targets are being met.
+  * [**Logs:**](/solutions/observability/logs.md) Timestamped records of events that provide detailed, contextual information.
+  * [**Metrics:**](/solutions/observability/infra-and-hosts/analyze-infrastructure-host-metrics.md) Numerical measurements of system performance and health over time.
+  * [**Traces:**](/solutions/observability/apm/traces.md) A representation of the end-to-end journey of a request as it travels through a distributed system.
+* [**OpenTelemetry:**](/solutions/observability/apm/opentelemetry.md) {{Observability}} offers first-class, production-grade support for OpenTelemetry. This allows organizations to use vendor-neutral instrumentation and stream native OTel data without proprietary agents, leveraging the Elastic Distribution of OpenTelemetry (EDOT).
+* [**AIOps and AI Assistant:**](/solutions/observability/observability-ai-assistant.md) Leverages predictive analytics and an LLM-powered AI Assistant to reduce the time required to detect, investigate, and resolve incidents. This includes zero-config anomaly detection, pattern analysis, and the ability to surface correlations and root causes.
+* **[Alerting](/solutions/observability/incident-management/alerting.md) and [Cases](/solutions/observability/incident-management/cases.md):** A built-in feature for creating rules to detect complex conditions and trigger actions. It allows teams to stay aware of potential issues and use cases to track investigation details, assign tasks, and collaborate on resolutions.
+* [**Service Level Objectives (SLOs):**](/solutions/observability/incident-management/service-level-objectives-slos.md) A framework for defining and monitoring the reliability of a service. Elastic {{observability}} allows for creating and tracking SLOs to ensure that performance targets are being met.
 :::
 
 ## {{elastic-sec}}

From 929a6eda202449109f31d3e8c779b9be38b63e99 Mon Sep 17 00:00:00 2001
From: Janeen Roberts <janeen.roberts@elastic.co>
Date: Fri, 26 Sep 2025 10:44:56 -0400
Subject: [PATCH 05/11] Fixes link error

---
 get-started/introduction.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/get-started/introduction.md b/get-started/introduction.md
index eec1c2e54d..eedcacc9c0 100644
--- a/get-started/introduction.md
+++ b/get-started/introduction.md
@@ -92,7 +92,7 @@ At the heart of Elastic {{observability}} are several key concepts that enable i
   * [**Logs:**](/solutions/observability/logs.md) Timestamped records of events that provide detailed, contextual information.
   * [**Metrics:**](/solutions/observability/infra-and-hosts/analyze-infrastructure-host-metrics.md) Numerical measurements of system performance and health over time.
   * [**Traces:**](/solutions/observability/apm/traces.md) A representation of the end-to-end journey of a request as it travels through a distributed system.
-* [**OpenTelemetry:**](/solutions/observability/apm/opentelemetry.md) {{Observability}} offers first-class, production-grade support for OpenTelemetry. This allows organizations to use vendor-neutral instrumentation and stream native OTel data without proprietary agents, leveraging the Elastic Distribution of OpenTelemetry (EDOT).
+* [**OpenTelemetry:**](/solutions/observability/apm/use-opentelemetry-with-apm.md) {{Observability}} offers first-class, production-grade support for OpenTelemetry. This allows organizations to use vendor-neutral instrumentation and stream native OTel data without proprietary agents, leveraging the Elastic Distribution of OpenTelemetry (EDOT).
 * [**AIOps and AI Assistant:**](/solutions/observability/observability-ai-assistant.md) Leverages predictive analytics and an LLM-powered AI Assistant to reduce the time required to detect, investigate, and resolve incidents. This includes zero-config anomaly detection, pattern analysis, and the ability to surface correlations and root causes.
 * **[Alerting](/solutions/observability/incident-management/alerting.md) and [Cases](/solutions/observability/incident-management/cases.md):** A built-in feature for creating rules to detect complex conditions and trigger actions. It allows teams to stay aware of potential issues and use cases to track investigation details, assign tasks, and collaborate on resolutions.
 * [**Service Level Objectives (SLOs):**](/solutions/observability/incident-management/service-level-objectives-slos.md) A framework for defining and monitoring the reliability of a service. Elastic {{observability}} allows for creating and tracking SLOs to ensure that performance targets are being met.

From aa8fc6ad924f72c85d2845d2b40a948500271008 Mon Sep 17 00:00:00 2001
From: Fabrizio Ferri-Benedetti <fabri.ferribenedetti@elastic.co>
Date: Tue, 30 Sep 2025 16:07:24 +0200
Subject: [PATCH 06/11] Update introduction.md

---
 get-started/introduction.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/get-started/introduction.md b/get-started/introduction.md
index eedcacc9c0..c603c482a2 100644
--- a/get-started/introduction.md
+++ b/get-started/introduction.md
@@ -75,6 +75,7 @@ Apply {{observability}} to various scenarios to improve operational awareness an
 * **Log Monitoring and Analytics:** Centralize and analyze petabytes of log data from any source. This enables quick searching, ad-hoc queries with ES|QL, and visualization with prebuilt dashboards to diagnose issues.
 * **Application Performance Monitoring (APM):** Gain code-level visibility into application performance. By collecting and analyzing traces with native OTel support, teams can identify bottlenecks, track errors, and optimize the end-user experience.
 * **Infrastructure Monitoring:** Monitor metrics from servers, virtual machines, containers, and serverless environments with over 400 out-of-the-box integrations, including OpenTelemetry. This provides deep insights into resource utilization and overall system health.
+* **AI-Powered Log Analysis**: Use [Streams](/solutions/observability/streams/streams.md) to ingest raw logs in any format directly to a single endpoint without the need for complex agent management or manual parsing pipelines. Streams uses AI to automatically parse, structure, and analyze log data on the fly.
 * **Digital Experience Monitoring:**
   * **Real User Monitoring (RUM):** Capture and analyze data on how real users interact with web applications to improve perceived performance.
   * **Synthetic Monitoring:** Proactively simulate user journeys and API calls to test application availability and functionality.

From 09a912bc72b6370792c9abdb0ed64d6606bf80e0 Mon Sep 17 00:00:00 2001
From: Fabrizio Ferri-Benedetti <fabri.ferribenedetti@elastic.co>
Date: Tue, 30 Sep 2025 16:22:33 +0200
Subject: [PATCH 07/11] Fix link

---
 get-started/introduction.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/get-started/introduction.md b/get-started/introduction.md
index c603c482a2..8033e56e60 100644
--- a/get-started/introduction.md
+++ b/get-started/introduction.md
@@ -7,6 +7,7 @@ applies_to:
   stack:
   serverless:
 ---
+
 # Solutions and use cases [introduction]
 
 Elastic offers three major search-powered solutions: {{es}}, {{observability}}, and {{elastic-sec}}—all built on an open source, extensible platform.

From 1c982c6b0a8307cec0a68c63d37668ed679c5d16 Mon Sep 17 00:00:00 2001
From: Fabrizio Ferri-Benedetti <fabri.ferribenedetti@elastic.co>
Date: Tue, 30 Sep 2025 16:26:13 +0200
Subject: [PATCH 08/11] Remove link

---
 get-started/introduction.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/get-started/introduction.md b/get-started/introduction.md
index 8033e56e60..51167914f2 100644
--- a/get-started/introduction.md
+++ b/get-started/introduction.md
@@ -76,7 +76,7 @@ Apply {{observability}} to various scenarios to improve operational awareness an
 * **Log Monitoring and Analytics:** Centralize and analyze petabytes of log data from any source. This enables quick searching, ad-hoc queries with ES|QL, and visualization with prebuilt dashboards to diagnose issues.
 * **Application Performance Monitoring (APM):** Gain code-level visibility into application performance. By collecting and analyzing traces with native OTel support, teams can identify bottlenecks, track errors, and optimize the end-user experience.
 * **Infrastructure Monitoring:** Monitor metrics from servers, virtual machines, containers, and serverless environments with over 400 out-of-the-box integrations, including OpenTelemetry. This provides deep insights into resource utilization and overall system health.
-* **AI-Powered Log Analysis**: Use [Streams](/solutions/observability/streams/streams.md) to ingest raw logs in any format directly to a single endpoint without the need for complex agent management or manual parsing pipelines. Streams uses AI to automatically parse, structure, and analyze log data on the fly.
+* **AI-Powered Log Analysis**: Use Streams to ingest raw logs in any format directly to a single endpoint without the need for complex agent management or manual parsing pipelines. Streams uses AI to automatically parse, structure, and analyze log data on the fly.
 * **Digital Experience Monitoring:**
   * **Real User Monitoring (RUM):** Capture and analyze data on how real users interact with web applications to improve perceived performance.
   * **Synthetic Monitoring:** Proactively simulate user journeys and API calls to test application availability and functionality.

From c0d00459aafe38254f289e0bf2136fbbc6d6ea21 Mon Sep 17 00:00:00 2001
From: Janeen Roberts <janeen.roberts@elastic.co>
Date: Sat, 4 Oct 2025 07:07:58 -0400
Subject: [PATCH 09/11] Update introduction.md

---
 get-started/introduction.md | 72 ++++++++++++++++++-------------------
 1 file changed, 36 insertions(+), 36 deletions(-)

diff --git a/get-started/introduction.md b/get-started/introduction.md
index 51167914f2..8e15e46420 100644
--- a/get-started/introduction.md
+++ b/get-started/introduction.md
@@ -10,7 +10,7 @@ applies_to:
 
 # Solutions and use cases [introduction]
 
-Elastic offers three major search-powered solutions: {{es}}, {{observability}}, and {{elastic-sec}}—all built on an open source, extensible platform.
+Elastic offers three major search-powered solutions: {{es}}, Elastic {{observability}}, and {{elastic-sec}}—all built on an open source, extensible platform.
 Whether you're building a search experience, monitoring your infrastructure, or securing your environment, this topic helps you understand what each Elastic solution offers—and how to choose the right one for your business needs.
 
 | Your need | Recommended solution | Best for |
@@ -27,7 +27,7 @@ Each of our solutions is available as a fully managed {{serverless-short}} proje
 
 ## {{es}} [search-overview]
 
-{{es-serverless}} projects and the {{es}} solution combine the core {{es}} data store, search engine, and vector database technologies with specialized user interfaces and tools, giving you the building blocks to create, deploy, and run your own search applications.
+{{es}} combines the core {{es}} data store, search engine, and vector database technologies with specialized user interfaces and tools, giving you the building blocks to create, deploy, and run your own search applications.
 
 <!--
 ### {{es}} use cases [search-use-cases]
@@ -38,7 +38,7 @@ To try out some simple search use cases, go to [](/solutions/search/get-started/
 ### {{es}} core concepts [search-concepts]
 -->
 For an introduction to core {{es}} concepts such as indices, documents, and mappings, refer to [](/manage-data/data-store.md).
-To dive more deeply into the building blocks of an {{es}} cluster, including nodes, shards, primaries, and replicas, refer to [](/deploy-manage/distributed-architecture.md).
+To dive more deeply into the building blocks of {{es}} clusters, including nodes, shards, primaries, and replicas, refer to [](/deploy-manage/distributed-architecture.md).
 
 <!--
 The following concepts are not unique to this solution.
@@ -46,12 +46,12 @@ The following concepts are not unique to this solution.
 
 The following concepts relate to core {{es}} features and thus apply to all solutions:
 
-* **Index:** A collection of documents with similar characteristics that are uniquely identified by a name or an alias. The name is used to target the index in search queries and other operations.
+* **Index:** A collection of related documents that are uniquely identified by a name or an alias. The name is used to target the index in search queries and other operations.
 * **Document:** Any structured data encoded in JSON. {{es}} organizes and stores data into documents.
 * **Field:** The smallest individual unit of data within a document. It represents a specific property or attribute of the data you're indexing (for example, title, author, date, or summary). Fields are critical for indexing, as they determine how data is analyzed and stored to enable efficient searching.
 * **Mapping:** The process that defines how a document and its fields are stored and indexed.
-* **Client:** Software or an application that facilitates communication and interaction with an {{es}} cluster. It enables applications written in various programming languages to send requests to {{es}}, process the response, and then push that data into the cluster.
-* **Primary shard:** A self-contained Lucene index that contains some or all data for an index. Shards allow {{es}} to scale horizontally by splitting an index's data into smaller, manageable partitions, improving performance. Each document in an index belongs to one primary shard.
+* **Client:** Software or an application that facilitates communication and interaction with an {{es}} cluster. It enables applications written in various programming languages to send requests to {{es}}, process its response, and push data into the cluster.
+* **Primary shard:** A self-contained Lucene index that contains some or all of an index's data. Shards allow {{es}} to scale horizontally by splitting an index's data into smaller, manageable partitions, improving performance. Each document in an index belongs to one primary shard.
 * **Replica:** A copy of a primary shard. Replicas maintain redundant copies of your data across the nodes in your cluster. This protects against hardware failure and increases capacity to serve read requests like searching or retrieving a document.
 * **Node:** A single running instance of the {{es}} server. 
 * **Cluster:** A collection of one or more nodes that holds all your data and provides indexing and search capabilities across all nodes. {{es}} clusters feature primary and replica shards to provide failover in the case of a node going down. When a primary shard goes down, the replica takes its place.
@@ -73,30 +73,30 @@ Elastic {{observability}} embraces open standards like OpenTelemetry for flexibl
 
 Apply {{observability}} to various scenarios to improve operational awareness and system reliability. 
 :::{dropdown} Use cases
-* **Log Monitoring and Analytics:** Centralize and analyze petabytes of log data from any source. This enables quick searching, ad-hoc queries with ES|QL, and visualization with prebuilt dashboards to diagnose issues.
+* **Log monitoring and analytics:** Centralize and analyze petabytes of log data from any source. This enables quick searching, ad-hoc queries with ES|QL, and visualization with prebuilt dashboards to diagnose issues.
 * **Application Performance Monitoring (APM):** Gain code-level visibility into application performance. By collecting and analyzing traces with native OTel support, teams can identify bottlenecks, track errors, and optimize the end-user experience.
-* **Infrastructure Monitoring:** Monitor metrics from servers, virtual machines, containers, and serverless environments with over 400 out-of-the-box integrations, including OpenTelemetry. This provides deep insights into resource utilization and overall system health.
-* **AI-Powered Log Analysis**: Use Streams to ingest raw logs in any format directly to a single endpoint without the need for complex agent management or manual parsing pipelines. Streams uses AI to automatically parse, structure, and analyze log data on the fly.
-* **Digital Experience Monitoring:**
+* **Infrastructure monitoring:** Monitor metrics from servers, virtual machines, containers, and serverless environments with over 400 out-of-the-box integrations, including OpenTelemetry. This provides deep insights into resource utilization and overall system health.
+* **AI-powered log analysis with Streams**: Ingest raw logs in any format directly to a single endpoint without the need for complex agent management or manual parsing pipelines. Streams leverages AI to automatically parse, structure, and analyze log data on the fly.
+* **Digital experience monitoring:**
   * **Real User Monitoring (RUM):** Capture and analyze data on how real users interact with web applications to improve perceived performance.
-  * **Synthetic Monitoring:** Proactively simulate user journeys and API calls to test application availability and functionality.
-  * **Uptime Monitoring:** Continuously check the status of services and applications to ensure they are available.
+  * **Synthetic monitoring:** Proactively simulate user journeys and API calls to test application availability and functionality.
+  * **Uptime monitoring:** Continuously check the status of services and applications to ensure they are available.
 * **Universal Profiling:** Gain visibility into system performance and identify expensive lines of code without application instrumentation, helping to increase CPU efficiency and reduce cloud spend.
 * **LLM Observability:** Gain deep insights into the performance, usage, and costs of Large Language Model (LLM) prompts and responses.
-* **Incident Response and Management:** Facilitate the investigation of operational incidents by correlating data from multiple sources, which accelerates root cause analysis and resolution.
+* **Incident response and management:** Investigate operational incidents by correlating data from multiple sources, which accelerates root cause analysis and resolution.
 :::
 
 ### {{observability}} core concepts [observability-concepts]
-At the heart of Elastic {{observability}} are several key concepts that enable its capabilities. 
+At the heart of Elastic {{observability}} are several key components that enable its capabilities. 
 
 :::{dropdown} Concepts
 * The three pillars of {{observability}} are: 
   * [**Logs:**](/solutions/observability/logs.md) Timestamped records of events that provide detailed, contextual information.
   * [**Metrics:**](/solutions/observability/infra-and-hosts/analyze-infrastructure-host-metrics.md) Numerical measurements of system performance and health over time.
-  * [**Traces:**](/solutions/observability/apm/traces.md) A representation of the end-to-end journey of a request as it travels through a distributed system.
+  * [**Traces:**](/solutions/observability/apm/traces.md) Representations of end-to-end journeys of requests as they travel through distributed systems.
 * [**OpenTelemetry:**](/solutions/observability/apm/use-opentelemetry-with-apm.md) {{Observability}} offers first-class, production-grade support for OpenTelemetry. This allows organizations to use vendor-neutral instrumentation and stream native OTel data without proprietary agents, leveraging the Elastic Distribution of OpenTelemetry (EDOT).
 * [**AIOps and AI Assistant:**](/solutions/observability/observability-ai-assistant.md) Leverages predictive analytics and an LLM-powered AI Assistant to reduce the time required to detect, investigate, and resolve incidents. This includes zero-config anomaly detection, pattern analysis, and the ability to surface correlations and root causes.
-* **[Alerting](/solutions/observability/incident-management/alerting.md) and [Cases](/solutions/observability/incident-management/cases.md):** A built-in feature for creating rules to detect complex conditions and trigger actions. It allows teams to stay aware of potential issues and use cases to track investigation details, assign tasks, and collaborate on resolutions.
+* **[Alerting](/solutions/observability/incident-management/alerting.md) and [Cases](/solutions/observability/incident-management/cases.md):** Allows you to create  rules to detect complex conditions and perform actions. Cases allows teams to stay aware of potential issues and track investigation details, assign tasks, and collaborate on resolutions.
 * [**Service Level Objectives (SLOs):**](/solutions/observability/incident-management/service-level-objectives-slos.md) A framework for defining and monitoring the reliability of a service. Elastic {{observability}} allows for creating and tracking SLOs to ensure that performance targets are being met.
 :::
 
@@ -104,21 +104,21 @@ At the heart of Elastic {{observability}} are several key concepts that enable i
 
 ### Security overview [security-overview]
 
-{{elastic-sec}} is a unified security solution that integrates SIEM (Security Information and Event Management), endpoint security, and cloud security into a single platform so you can detect, prevent, and respond to cyber threats across your entire environment in near real time. Elastic Security leverages {{es}}'s powerful platform for its searching and analytic capabilities, and {{kib}} for its visualization features. By combining prevention, detection, and response capabilities, {{elastic-sec}} helps your organization reduce the risk of successful attacks. 
+{{elastic-sec}} is a unified security solution that unifies SIEM (Security Information and Event Management), XDR, (Extended Detection and Response), endpoint security, and cloud security into a single platform so you can detect, prevent, and respond to cyber threats across your entire environment in near real time. {{elastic-sec}} leverages {{es}}'s powerful search and analytics capabilities, and {{kib}}'s visualization and collaboration features. By combining prevention, detection, and response capabilities, {{elastic-sec}} helps your organization reduce its security risk. 
 
-Install {{elastic-sec}} on one of our Elastic-managed Cloud deployments or your own self-managed infrastructure.  
+Install {{elastic-sec}} on one of our {{ecloud}} deployments or your own self-managed infrastructure.  
 
 ### Security use cases [security-use-cases]
 
-Use {{elastic-sec}} to protect your systems from the latest threats.
+Use {{elastic-sec}} to protect your systems from security threats.
 
 :::{dropdown} Use cases
-* **SIEM:** {{elastic-sec}} is a modern SIEM that provides a centralized platform for ingesting, analyzing, and managing security data from various sources. 
+* **SIEM:** {{elastic-sec}}'s modern SIEM provides a centralized platform for ingesting, analyzing, and managing security data from various sources. 
 * **Third-party integration support:** Ingest data from a various tools and data sources so you can centralize your security data.
 * **Threat detection and analytics:** Identify unknown threats by enabling prebuilt or custom detection rules, automatically detect anomalous activity with built-in machine learning jobs, or proactively search for threats using our powerful threat hunting and interactive visualization tools. 
 * **Automatic migration:** Migrate SIEM rules from other platforms to {{elastic-sec}}. 
 * **Endpoint protection and threat prevention:** Automatically stop cybersecurity attacks—such as malware and ransomware—before damage and loss can occur.
-* **AI-powered features:** Elastic Security leverages generative AI to help enhance threat detection, assist with incident response, and day-to-day security operations. For example, the AI Assistant can summarize alerts, identify relevant information, suggest investigation steps, and generate complex queries from natural language input.
+* **AI-powered features:** Leverage generative AI to help enhance threat detection, assist with incident response, and improve day-to-day security operations. For example, use AI Assistant to summarize alerts, identify relevant information, suggest investigation steps, and generate complex queries from natural language input.
 * **Custom dashboards and visualizations:** Create custom dashboards and visualizations to gain insights into security events.
 * **Cloud Security:** {{elastic-sec}} provides the following cloud features:
   * **Cloud Security Posture Management (CSPM) and Kubernetes Security Posture Management (KSPM):** Check cloud service configurations against security benchmarks to identify and resolve misconfigurations that can be exploited.
@@ -132,18 +132,18 @@ Before diving into setup and configuration, familiarize yourself with the founda
 
 :::{dropdown} Concepts 
 
-* **{{agent}}:** A single, unified way to add monitoring for logs, metrics, and other types of data to a host. Elastic Agent can also protect hosts from security threats, query data from operating systems, and forward data from remote services or hardware. 
-* **{{elastic-defend}}:** {{elastic-sec}}'s Endpoint Detection and Response (EDR) tool that protects endpoints from malicious activity. {{elastic-defend}} uses a combination of techniques like machine learning, behavioral analysis, and prebuilt rules to detect, prevent, and respond to threats in real-time.
-* **{{elastic-endpoint}}:** The installed component that performs {{elastic-defend}}'s threat monitoring and prevention capabilities. 
-* **Detection engine:** The framework that detects threats by using rules to search for suspicious events in data sources and generating alerts when those rules meet the defined criteria.  
-* **Detection rules:** Sets of conditions that identify potential threats and malicious activities. Rules analyze various data sources, including logs and network traffic, to detect anomalies, suspicious behaviors, or known attack patterns. {{elastic-sec}} ships out-of-the-box prebuilt rules, or you can create your own custom rules. 
-* **Alerts:** A notification that's generated when a rule’s criteria are met. You can then investigate an alert to dive into deeper details.  
-* **Machine learning and anomaly detection:** Anomaly detection jobs identify anomalous events or patterns in your data. Use these with machine learning detection rules to generate alerts when behavior deviates from normal activity.
-* **Entity analytics:** A threat detection feature that combines the power of Elastic’s detection engine and machine learning capabilities to identify unusual user behaviors across hosts, users, and services. Entity analytics uses a risk scoring engine to calculate a risk score, which is evaluated at a recurring interval. 
-* **Cases:** A tool that allows you to collect and share information about security issues. Opening a case lets you track key investigation details and collect alerts in a central location. You can also send cases to external systems.
-* **Timeline:** A threat hunting tool that allows you to investigate security events so you can gather and analyze data related to alerts or suspicious activity. You can add events to Timeline from various sources, build custom queries, and import/export a Timeline to collaborate and share. 
-* **Security posture management:** Includes two Cloud Security features–Cloud Security Posture Management (CSPM) and Kubernetes Security Posture Management (KSPM)–that help you evaluate the services and resources in your cloud environment, such as storage, compute, IAM, and more—against security guidelines defined by the Center for Internet Security (CIS). These features help you identify and remediate configuration risks in your environment. 
-* **AI Assistant:** A generative AI-powered tool that helps with tasks like alert investigation, incident response, and query generation. It utilizes natural language processing and knowledge retrieval to provide context-aware assistance, summarize threats, suggest next steps, and automate workflows. Use AI Assistant to better understand and respond to security incidents.
+* [**{{agent}}:**](/reference/fleet/index.md#elastic-agent) A single, unified way to collect logs, metrics, and other types of data from a host. {{agent}} can also protect hosts from security threats, query data from operating systems, and forward data from remote services or hardware. 
+* [**{{elastic-defend}}:**](/solutions/security/configure-elastic-defend/install-elastic-defend.md) {{elastic-sec}}'s Endpoint Detection and Response (EDR) tool that protects endpoints from malicious activity. {{elastic-defend}} uses a combination of techniques like machine learning, behavioral analysis, and prebuilt rules to detect, prevent, and respond to threats in real-time.
+* [**{{elastic-endpoint}}:**](/solutions/security/manage-elastic-defend/elastic-endpoint-self-protection-features.md) The security component, enabled by {{agent}}, that performs {{elastic-defend}}'s threat monitoring and prevention capabilities. 
+* [**Detection engine:**](/solutions/security/detect-and-alert.md) The framework that detects threats by using rules to search for suspicious events in your data, and generates alerts when events meet a rule's criteria.
+* [**Detection rules:**](/solutions/security/detect-and-alert/about-detection-rules.md) Sets of conditions that identify potential threats and malicious activities. Rules analyze various data sources, including logs and network traffic, to detect anomalies, suspicious behaviors, or known attack patterns. {{elastic-sec}} ships out-of-the-box prebuilt rules, and you can create your own custom rules. 
+* [**Alerts:**](/solutions/security/detect-and-alert/manage-detection-alerts.md) Notifications that are generated when rule conditions are met. Alerts include a wide range of information about potential threats, including host, user, network, and other contextual data to assist your investigation.  
+* [**Machine learning and anomaly detection:**](/solutions/security/advanced-entity-analytics/anomaly-detection.md) Anomaly detection jobs identify anomalous events or patterns in your data. Use these with machine learning detection rules to generate alerts when behavior deviates from normal activity.
+* [**Entity analytics:**](/solutions/security/advanced-entity-analytics/overview.md) A threat detection feature that combines the power of Elastic’s detection engine and machine learning capabilities to identify unusual behavior for hosts, users, and services. 
+* [**Cases:**](/solutions/security/investigate/cases.md) A tool that allows you to collect and share information about security issues. Opening a case lets you track key investigation details and collect alerts in a central location. You can also send cases to external systems.
+* [**Timeline:**](/solutions/security/investigate/timeline.md) A threat hunting tool that allows you to investigate security events so you can gather and analyze data related to alerts or suspicious activity. You can add events to Timeline from various sources, build custom queries, and import/export a Timeline to collaborate and share. 
+* [**Security posture management:**](/solutions/security/cloud.md) Includes native cloud security features, such as Cloud Security Posture Management (CSPM) and Cloud Native Vulnerability Management (CNVM), that help you evaluate your cloud infrastructure's configuration against security best practices and identify vulnerabilities. You can use Elastic's native tools or ingest third-party cloud security data and incorporate it into {{elastic-sec}}'s workflows.
+* [**AI Assistant:**](/solutions/security/ai/ai-assistant.md) A generative AI-powered tool that helps with tasks like alert investigation, incident response, and query generation. It utilizes natural language processing and knowledge retrieval to provide context-aware assistance, summarize threats, suggest next steps, and automate workflows. Use AI Assistant to better understand and respond to security incidents.
 :::
 
 <!--TBD: Call out how solutions map to Serverless project types? -->
@@ -153,15 +153,15 @@ Before diving into setup and configuration, familiarize yourself with the founda
 When building custom search experiences or indexing general data, you have several direct and flexible ingestion options:
 
 * **Native APIs and language clients:** Index any JSON document directly using the {{es}} REST API or the official clients for languages like Python, Java, Go, and more.  
-* **Web crawler:** Ingest content from public or private websites to make them searchable.  
+* **Web crawler:** Ingest content from public or private websites to make it searchable.  
 * **Enterprise connectors:** Use pre-built connectors to sync data from external content sources like SharePoint, Confluence, Jira, and databases like MongoDB or PostgreSQL into {{es}}.
 
 ## Get data into Elastic Observability
 
 For full-stack observability, ingest logs, metrics, traces, and profiles using these OpenTelemetry-native methods:
 
-* **{{edot}}:** Use Elastic's supported OpenTelemetry SDKs for custom application instrumentation and the Collector for vendor-neutral infrastructure telemetry.  
-* **{{agent}}:** A single agent to collect infrastructure logs and metrics from hosts, containers, and cloud services using pre-built integrations.  
+* **{{edot}}:** Use Elastic's OpenTelemetry SDKs for custom application instrumentation and the Collector for vendor-neutral infrastructure telemetry.  
+* **{{agent}}:** Collects infrastructure logs and metrics from hosts, containers, and cloud services using pre-built integrations.  
 * **APM Agents:** Provide streamlined, out-of-the-box auto-instrumentation of your applications to capture detailed traces and performance metrics.  
 * **{{ls}} and {{beats}}:** Leverage these battle-tested tools for advanced log processing pipelines (Logstash) and lightweight data shipping (Beats).
 

From f315c1840fde8258cce97dbb2c66f5867f94394b Mon Sep 17 00:00:00 2001
From: Janeen Roberts <janeen.roberts@elastic.co>
Date: Sat, 4 Oct 2025 22:17:21 -0400
Subject: [PATCH 10/11] Fixing ref link

---
 get-started/introduction.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/get-started/introduction.md b/get-started/introduction.md
index 8e15e46420..e8648e8441 100644
--- a/get-started/introduction.md
+++ b/get-started/introduction.md
@@ -94,7 +94,7 @@ At the heart of Elastic {{observability}} are several key components that enable
   * [**Logs:**](/solutions/observability/logs.md) Timestamped records of events that provide detailed, contextual information.
   * [**Metrics:**](/solutions/observability/infra-and-hosts/analyze-infrastructure-host-metrics.md) Numerical measurements of system performance and health over time.
   * [**Traces:**](/solutions/observability/apm/traces.md) Representations of end-to-end journeys of requests as they travel through distributed systems.
-* [**OpenTelemetry:**](/solutions/observability/apm/use-opentelemetry-with-apm.md) {{Observability}} offers first-class, production-grade support for OpenTelemetry. This allows organizations to use vendor-neutral instrumentation and stream native OTel data without proprietary agents, leveraging the Elastic Distribution of OpenTelemetry (EDOT).
+* [**OpenTelemetry:**](/solutions/observability/apm/opentelemetry/index.md) {{Observability}} offers first-class, production-grade support for OpenTelemetry. This allows organizations to use vendor-neutral instrumentation and stream native OTel data without proprietary agents, leveraging the Elastic Distribution of OpenTelemetry (EDOT).
 * [**AIOps and AI Assistant:**](/solutions/observability/observability-ai-assistant.md) Leverages predictive analytics and an LLM-powered AI Assistant to reduce the time required to detect, investigate, and resolve incidents. This includes zero-config anomaly detection, pattern analysis, and the ability to surface correlations and root causes.
 * **[Alerting](/solutions/observability/incident-management/alerting.md) and [Cases](/solutions/observability/incident-management/cases.md):** Allows you to create  rules to detect complex conditions and perform actions. Cases allows teams to stay aware of potential issues and track investigation details, assign tasks, and collaborate on resolutions.
 * [**Service Level Objectives (SLOs):**](/solutions/observability/incident-management/service-level-objectives-slos.md) A framework for defining and monitoring the reliability of a service. Elastic {{observability}} allows for creating and tracking SLOs to ensure that performance targets are being met.

From 43a4935299ce711451d5ff0daf195b26d1c102dd Mon Sep 17 00:00:00 2001
From: Janeen Roberts <janeen.roberts@elastic.co>
Date: Fri, 10 Oct 2025 11:14:14 -0400
Subject: [PATCH 11/11] Update introduction.md

---
 get-started/introduction.md | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/get-started/introduction.md b/get-started/introduction.md
index e8648e8441..4909e777a8 100644
--- a/get-started/introduction.md
+++ b/get-started/introduction.md
@@ -65,7 +65,7 @@ The following concepts relate to core {{es}} features and thus apply to all solu
 
 ### {{observability}} overview [observability-overview]
 
-Elastic {{observability}} provides unified observability across applications and infrastructure. It combines logs, metrics, application traces, user experience data, and more into a single, integrated platform. This consolidation allows for powerful, cross-referenced analysis, enabling teams to move from detecting issues to understanding their root causes with speed and efficiency. By leveraging the search and analytics capabilities of {{es}}, it offers a holistic view of system behavior.
+Elastic {{observability}} provides unified observability across applications and infrastructure. It combines logs, metrics, application traces, user experience data, and more into a single, integrated platform. This consolidation allows for powerful, cross-referenced analysis, enabling teams to move from detecting issues to understanding their root causes quickly and efficiently. By leveraging the search and analytics capabilities of {{es}}, it offers a holistic view of system behavior.
 
 Elastic {{observability}} embraces open standards like OpenTelemetry for flexible data collection, and offers scalable, cost-efficient data retention with tiered storage.
 
@@ -83,7 +83,7 @@ Apply {{observability}} to various scenarios to improve operational awareness an
   * **Uptime monitoring:** Continuously check the status of services and applications to ensure they are available.
 * **Universal Profiling:** Gain visibility into system performance and identify expensive lines of code without application instrumentation, helping to increase CPU efficiency and reduce cloud spend.
 * **LLM Observability:** Gain deep insights into the performance, usage, and costs of Large Language Model (LLM) prompts and responses.
-* **Incident response and management:** Investigate operational incidents by correlating data from multiple sources, which accelerates root cause analysis and resolution.
+* **Incident response and management:** Investigate operational incidents by correlating data from multiple sources, accelerating root cause analysis and resolution.
 :::
 
 ### {{observability}} core concepts [observability-concepts]
@@ -115,10 +115,10 @@ Use {{elastic-sec}} to protect your systems from security threats.
 :::{dropdown} Use cases
 * **SIEM:** {{elastic-sec}}'s modern SIEM provides a centralized platform for ingesting, analyzing, and managing security data from various sources. 
 * **Third-party integration support:** Ingest data from a various tools and data sources so you can centralize your security data.
-* **Threat detection and analytics:** Identify unknown threats by enabling prebuilt or custom detection rules, automatically detect anomalous activity with built-in machine learning jobs, or proactively search for threats using our powerful threat hunting and interactive visualization tools. 
+* **Threat detection and analytics:** Identify threats by using prebuilt rules with the ability to customize or create custom detection rules, automatically detect anomalous activity with built-in machine learning jobs, or proactively search for threats using our powerful threat hunting and interactive visualization tools. 
 * **Automatic migration:** Migrate SIEM rules from other platforms to {{elastic-sec}}. 
 * **Endpoint protection and threat prevention:** Automatically stop cybersecurity attacks—such as malware and ransomware—before damage and loss can occur.
-* **AI-powered features:** Leverage generative AI to help enhance threat detection, assist with incident response, and improve day-to-day security operations. For example, use AI Assistant to summarize alerts, identify relevant information, suggest investigation steps, and generate complex queries from natural language input.
+* **AI-powered features:** Leverage generative AI to help enhance threat detection, assist with incident response, and improve day-to-day security operations.
 * **Custom dashboards and visualizations:** Create custom dashboards and visualizations to gain insights into security events.
 * **Cloud Security:** {{elastic-sec}} provides the following cloud features:
   * **Cloud Security Posture Management (CSPM) and Kubernetes Security Posture Management (KSPM):** Check cloud service configurations against security benchmarks to identify and resolve misconfigurations that can be exploited.
@@ -140,10 +140,12 @@ Before diving into setup and configuration, familiarize yourself with the founda
 * [**Alerts:**](/solutions/security/detect-and-alert/manage-detection-alerts.md) Notifications that are generated when rule conditions are met. Alerts include a wide range of information about potential threats, including host, user, network, and other contextual data to assist your investigation.  
 * [**Machine learning and anomaly detection:**](/solutions/security/advanced-entity-analytics/anomaly-detection.md) Anomaly detection jobs identify anomalous events or patterns in your data. Use these with machine learning detection rules to generate alerts when behavior deviates from normal activity.
 * [**Entity analytics:**](/solutions/security/advanced-entity-analytics/overview.md) A threat detection feature that combines the power of Elastic’s detection engine and machine learning capabilities to identify unusual behavior for hosts, users, and services. 
-* [**Cases:**](/solutions/security/investigate/cases.md) A tool that allows you to collect and share information about security issues. Opening a case lets you track key investigation details and collect alerts in a central location. You can also send cases to external systems.
-* [**Timeline:**](/solutions/security/investigate/timeline.md) A threat hunting tool that allows you to investigate security events so you can gather and analyze data related to alerts or suspicious activity. You can add events to Timeline from various sources, build custom queries, and import/export a Timeline to collaborate and share. 
+* [**Cases:**](/solutions/security/investigate/cases.md) Allows you to collect and share information about security issues. Opening a case lets you track key investigation details and collect alerts in a central location. You can also send cases to external systems.
+* [**Timeline:**](/solutions/security/investigate/timeline.md) Investigate security events so you can gather and analyze data related to alerts or suspicious activity. You can add events to Timeline from various sources, build custom queries, and import/export a Timeline to collaborate and share. 
 * [**Security posture management:**](/solutions/security/cloud.md) Includes native cloud security features, such as Cloud Security Posture Management (CSPM) and Cloud Native Vulnerability Management (CNVM), that help you evaluate your cloud infrastructure's configuration against security best practices and identify vulnerabilities. You can use Elastic's native tools or ingest third-party cloud security data and incorporate it into {{elastic-sec}}'s workflows.
-* [**AI Assistant:**](/solutions/security/ai/ai-assistant.md) A generative AI-powered tool that helps with tasks like alert investigation, incident response, and query generation. It utilizes natural language processing and knowledge retrieval to provide context-aware assistance, summarize threats, suggest next steps, and automate workflows. Use AI Assistant to better understand and respond to security incidents.
+* [**AI Assistant:**](/solutions/security/ai/ai-assistant.md) Helps with tasks like alert investigation, incident response, and query generation. It utilizes natural language processing and knowledge retrieval to provide context-aware assistance, summarize threats, suggest next steps, and automate workflows. Use AI Assistant to better understand and respond to security incidents.
+* [**Attack Discovery:**](/solutions/security/ai/attack-discovery.md) Uses large language models (LLMs) to analyze security alerts, identify coordinated attack patterns, and provide actionable intelligence to security operations teams. It improves alert triage efficiency by automatically correlating related alerts into comprehensive, simplified threat summaries, allowing you to quickly understand and respond to the most impactful attacks.
+* [**Elastic AI SOC Engine (EASE):**](/solutions/security/ai/ease/ease-intro.md) Integrates Elastic's AI-powered security tools into existing SIEM and EDR/XDR platforms to help mitigate alert fatigue, accelerate threat investigations, and improve response efficiency ({{serverless-short}} only).
 :::
 
 <!--TBD: Call out how solutions map to Serverless project types? -->