elastic · natasha-moore-elastic · Feb 5, 2025 · Feb 5, 2025 · Feb 5, 2025 · Feb 5, 2025
@@ -48,27 +48,9 @@
 4. Return to the Indicators page in {{elastic-sec}}. Refresh the page if indicator data isn’t displaying.
 
 
-### Troubleshooting [troubleshoot-indicators-page]
-
-If indicator data is not appearing in the Indicators table after you installed a threat intelligence integration:
-
-* Verify that the index storing indicator documents is included in the [default {{elastic-sec}} indices](../../../solutions/security/get-started/configure-advanced-settings.md#update-sec-indices) (`securitySolution:defaultIndex`). The index storing indicator documents will differ based on the way you’re collecting indicator data:
-
-    * **{{agent}} integrations** - `logs_ti*`
-    * **{{filebeat}} integrations** - `filebeat-*`
-
-* Ensure the indicator data you’re ingesting is mapped to [Elastic Common Schema (ECS)](https://www.elastic.co/guide/en/ecs/{{ecs_version}}).
-
-::::{note}
-These troubleshooting steps also apply to the [Threat Intelligence view](../../../solutions/security/get-started/enable-threat-intelligence-integrations.md).
-
-::::
-
-
-
 ## Indicators page UI [intelligence-page-ui]
 
 After you add indicators to the Indicators page, you can [examine](../../../troubleshoot/security/indicators-of-compromise.md#examine-indicator-details), search, filter, and take action on indicator data. Indicators also appear in the Trend view, which shows the total values in the legend.

 :::{image} ../../../images/serverless--cases-interact-with-indicators-table.gif
 :alt: Shows how to interact with the Intelligence page

@@ -41,26 +41,9 @@
 4. Return to the Indicators page in {{elastic-sec}}. Refresh the page if indicator data isn’t displaying.
 
 
-### Troubleshooting [troubleshoot-indicators-page]
-
-If indicator data is not appearing in the Indicators table after you installed a threat intelligence integration:
-
-* Verify that the index storing indicator documents is included in the [default {{elastic-sec}} indices](../../../solutions/security/get-started/configure-advanced-settings.md#update-sec-indices) (`securitySolution:defaultIndex`). The index storing indicator documents will differ based on the way you’re collecting indicator data:
-
-    * **{{agent}} integrations** - `logs_ti*`
-    * **{{filebeat}} integrations** - `filebeat-*`
-
-* Ensure the indicator data you’re ingesting is mapped to [Elastic Common Schema (ECS)](https://www.elastic.co/guide/en/ecs/{{ecs_version}}).
-
-::::{note}
-These troubleshooting steps also apply to the [Threat Intelligence view](../../../solutions/security/get-started/enable-threat-intelligence-integrations.md).
-::::
-
-
-
 ## Indicators page UI [intelligence-page-ui]
 
 After you add indicators to the Indicators page, you can [examine](../../../troubleshoot/security/indicators-of-compromise.md#examine-indicator-details), search, filter, and take action on indicator data. Indicators also appear in the Trend view, which shows the total values in the legend.

 :::{image} ../../../images/security-interact-with-indicators-table.gif
 :alt: interact with indicators table

@@ -1,26 +1,22 @@
 ---
+navigation_title: "Indicators of compromise"
 mapped_pages:
   - https://www.elastic.co/guide/en/security/current/indicators-of-compromise.html
   - https://www.elastic.co/guide/en/serverless/current/security-indicators-of-compromise.html
 ---
 
-# Indicators of compromise
+# Troubleshoot indicators of compromise [troubleshoot-indicators-page]
 
-% What needs to be done: Refine
+If indicator data is not appearing in the Indicators table after you installed a threat intelligence integration:
 
-% Scope notes: Pull out the troubleshooting section into its own topic, and leave the rest of the content in its current place
+* Verify that the index storing indicator documents is included in the [default {{elastic-sec}} indices](../../solutions/security/get-started/configure-advanced-settings.md#update-sec-indices) (`securitySolution:defaultIndex`). The index storing indicator documents will differ based on the way you’re collecting indicator data:
 
-% Use migrated content from existing pages that map to this page:
+    * **{{agent}} integrations** - `logs_ti*`
+    * **{{filebeat}} integrations** - `filebeat-*`
 
-% - [ ] ./raw-migrated-files/security-docs/security/indicators-of-compromise.md
-% - [ ] ./raw-migrated-files/docs-content/serverless/security-indicators-of-compromise.md
+* Ensure the indicator data you’re ingesting is mapped to [Elastic Common Schema (ECS)](https://www.elastic.co/guide/en/ecs/{{ecs_version}}).
 
-% Internal links rely on the following IDs being on this page (e.g. as a heading ID, paragraph ID, etc):
+::::{note}
+These troubleshooting steps also apply to the [Threat Intelligence view](../../solutions/security/get-started/enable-threat-intelligence-integrations.md).
+::::
 
-$$$review-indicator-in-case$$$
-
-$$$ti-indicators$$$
-
-$$$troubleshoot-indicators-page$$$
-
-$$$examine-indicator-details$$$