diff --git a/deploy-manage/autoscaling/ece-autoscaling.md b/deploy-manage/autoscaling/ece-autoscaling.md
index 7bfca24476..043007e254 100644
--- a/deploy-manage/autoscaling/ece-autoscaling.md
+++ b/deploy-manage/autoscaling/ece-autoscaling.md
@@ -71,7 +71,7 @@ On a highly available deployment, autoscaling events are always applied to insta
 
 In the event that a data tier or machine learning node scales up to its maximum possible size, a notice appears on the deployment overview page prompting you to adjust your autoscaling settings in order to ensure optimal performance.
 
-A warning is also issued in the ECE `service-constructor` logs with the field `labels.autoscaling_notification_type` and a value of `data-tier-at-limit` (for a fully scaled data tier) or `ml-tier-at-limit` (for a fully scaled machine learning node). The warning is indexed in the `logging-and-metrics` deployment, so you can use that event to [configure an email notification](../../explore-analyze/alerts/watcher/actions-email.md).
+A warning is also issued in the ECE `service-constructor` logs with the field `labels.autoscaling_notification_type` and a value of `data-tier-at-limit` (for a fully scaled data tier) or `ml-tier-at-limit` (for a fully scaled machine learning node). The warning is indexed in the `logging-and-metrics` deployment, so you can use that event to [configure an email notification](../../explore-analyze/alerts-cases/watcher/actions-email.md).
 
 
 ## Restrictions and limitations [ece-autoscaling-restrictions]
diff --git a/deploy-manage/deploy/elastic-cloud/differences-from-other-elasticsearch-offerings.md b/deploy-manage/deploy/elastic-cloud/differences-from-other-elasticsearch-offerings.md
index 64b2121ac3..5df9c9aac3 100644
--- a/deploy-manage/deploy/elastic-cloud/differences-from-other-elasticsearch-offerings.md
+++ b/deploy-manage/deploy/elastic-cloud/differences-from-other-elasticsearch-offerings.md
@@ -128,7 +128,7 @@ These features have been replaced by a new feature and are therefore not availab
 
     Data stream lifecycle is an optimized lifecycle tool that lets you focus on the most common lifecycle management needs, without unnecessary hardware-centric concepts like data tiers.
 
-* **Watcher** is not available, in favor of [**Alerts**](../../../explore-analyze/alerts/kibana.md#rules-alerts).
+* **Watcher** is not available, in favor of [**Alerts**](../../../explore-analyze/alerts-cases/alerts.md#rules-alerts).
 
     Kibana Alerts allows rich integrations across use cases like APM, metrics, security, and uptime. Prepackaged rule types simplify setup and hide the details of complex, domain-specific detections, while providing a consistent interface across Kibana.
 
diff --git a/deploy-manage/deploy/elastic-cloud/ech-restrictions.md b/deploy-manage/deploy/elastic-cloud/ech-restrictions.md
index 6c14ecf9b2..efcfe8f145 100644
--- a/deploy-manage/deploy/elastic-cloud/ech-restrictions.md
+++ b/deploy-manage/deploy/elastic-cloud/ech-restrictions.md
@@ -70,7 +70,7 @@ Currently you can’t use SSO to login directly from {{ecloud}} into Kibana endp
 ## Kibana [ech-restrictions-kibana]
 
 * The maximum size of a single {{kib}} instance is 8GB. This means, {{kib}} instances can be scaled up to 8GB before they are scaled out. For example, when creating a deployment with a {{kib}} instance of size 16GB, then 2x8GB instances are created. If you face performance issues with {{kib}} PNG or PDF reports, the recommendations are to create multiple, smaller dashboards to export the data, or to use a third party browser extension for exporting the dashboard in the format you need.
-* Running an external Kibana in parallel to Elasticsearch Add-On for Heroku’s Kibana instances may cause errors, for example [`Unable to decrypt attribute`](../../../explore-analyze/alerts/kibana/alerting-common-issues.md#rule-cannot-decrypt-api-key), due to a mismatched [`xpack.encryptedSavedObjects.encryptionKey`](https://www.elastic.co/guide/en/kibana/current/security-settings-kb.html#security-encrypted-saved-objects-settings) as Elasticsearch Add-On for Heroku does not [allow users to set](edit-stack-settings.md) nor expose this value. While workarounds are possible, this is not officially supported nor generally recommended.
+* Running an external Kibana in parallel to Elasticsearch Add-On for Heroku’s Kibana instances may cause errors, for example [`Unable to decrypt attribute`](../../../explore-analyze/alerts-cases/alerts/alerting-common-issues.md#rule-cannot-decrypt-api-key), due to a mismatched [`xpack.encryptedSavedObjects.encryptionKey`](https://www.elastic.co/guide/en/kibana/current/security-settings-kb.html#security-encrypted-saved-objects-settings) as Elasticsearch Add-On for Heroku does not [allow users to set](edit-stack-settings.md) nor expose this value. While workarounds are possible, this is not officially supported nor generally recommended.
 
 
 ## APM Agent central configuration with PrivateLink or traffic filters [ech-restrictions-apm-traffic-filters]
diff --git a/deploy-manage/deploy/elastic-cloud/manage-deployments.md b/deploy-manage/deploy/elastic-cloud/manage-deployments.md
index 735a8e32db..4ef831c4cc 100644
--- a/deploy-manage/deploy/elastic-cloud/manage-deployments.md
+++ b/deploy-manage/deploy/elastic-cloud/manage-deployments.md
@@ -7,7 +7,7 @@ mapped_pages:
 
 Sometimes you might need to make changes to the entire deployment, a specific component, or just a single data tier.
 
-* Make adjustments to specific deployment components, such as an [Integrations Server](manage-integrations-server.md), [APM & Fleet Server](switch-from-apm-to-integrations-server-payload.md#ec-manage-apm-and-fleet), [Enterprise Search](https://www.elastic.co/guide/en/cloud/current/ec-enable-enterprise-search.html), [Watcher](../../../explore-analyze/alerts/watcher.md), or [Kibana](access-kibana.md#ec-enable-kibana2).
+* Make adjustments to specific deployment components, such as an [Integrations Server](manage-integrations-server.md), [APM & Fleet Server](switch-from-apm-to-integrations-server-payload.md#ec-manage-apm-and-fleet), [Enterprise Search](https://www.elastic.co/guide/en/cloud/current/ec-enable-enterprise-search.html), [Watcher](../../../explore-analyze/alerts-cases/watcher.md), or [Kibana](access-kibana.md#ec-enable-kibana2).
 * [Enable logging and monitoring](../../monitor/stack-monitoring/elastic-cloud-stack-monitoring.md) of the deployment performance.
 * [Disable a data tier](../../../manage-data/lifecycle/index-lifecycle-management.md).
 * [Restart](../../maintenance/start-stop-services/restart-cloud-hosted-deployment.md), [stop routing](../../maintenance/ece/start-stop-routing-requests.md), or [delete your deployment](../../uninstall/delete-a-cloud-deployment.md).
diff --git a/deploy-manage/deploy/elastic-cloud/restrictions-known-problems.md b/deploy-manage/deploy/elastic-cloud/restrictions-known-problems.md
index c238c7b68f..5471567b31 100644
--- a/deploy-manage/deploy/elastic-cloud/restrictions-known-problems.md
+++ b/deploy-manage/deploy/elastic-cloud/restrictions-known-problems.md
@@ -75,9 +75,9 @@ Watcher encryption Key Setup is not supported.
 
 Changing the default throttle period is not possible. You can specify a throttle period per watch, however.
 
-Watcher comes preconfigured with a directly usable email account provided by Elastic. However, this account can’t be reconfigured and is subject to some limitations. For more information on the limits of the Elastic mail server, check the [cloud email service limits](../../../explore-analyze/alerts/watcher.md#ec-cloud-email-service-limits)
+Watcher comes preconfigured with a directly usable email account provided by Elastic. However, this account can’t be reconfigured and is subject to some limitations. For more information on the limits of the Elastic mail server, check the [cloud email service limits](../../../explore-analyze/alerts-cases/watcher.md#ec-cloud-email-service-limits)
 
-Alternatively, a custom mail server can be configured as described in [Configuring a custom mail server](../../../explore-analyze/alerts/watcher.md#ec-watcher-custom-mail-server)
+Alternatively, a custom mail server can be configured as described in [Configuring a custom mail server](../../../explore-analyze/alerts-cases/watcher.md#ec-watcher-custom-mail-server)
 
 
 ## Private Link and SSO to Kibana URLs [ec-restrictions-traffic-filters-kibana-sso]
@@ -94,7 +94,7 @@ Currently you can’t use SSO to login directly from {{ecloud}} into Kibana endp
 ## Kibana [ec-restrictions-kibana]
 
 * The maximum size of a single {{kib}} instance is 8GB. This means, {{kib}} instances can be scaled up to 8GB before they are scaled out. For example, when creating a deployment with a {{kib}} instance of size 16GB, then 2x8GB instances are created. If you face performance issues with {{kib}} PNG or PDF reports, the recommendations are to create multiple, smaller dashboards to export the data, or to use a third party browser extension for exporting the dashboard in the format you need.
-* Running an external Kibana in parallel to Elasticsearch Service’s Kibana instances may cause errors, for example [`Unable to decrypt attribute`](../../../explore-analyze/alerts/kibana/alerting-common-issues.md#rule-cannot-decrypt-api-key), due to a mismatched [`xpack.encryptedSavedObjects.encryptionKey`](https://www.elastic.co/guide/en/kibana/current/security-settings-kb.html#security-encrypted-saved-objects-settings) as Elasticsearch Service does not [allow users to set](edit-stack-settings.md) nor expose this value. While workarounds are possible, this is not officially supported nor generally recommended.
+* Running an external Kibana in parallel to Elasticsearch Service’s Kibana instances may cause errors, for example [`Unable to decrypt attribute`](../../../explore-analyze/alerts-cases/alerts/alerting-common-issues.md#rule-cannot-decrypt-api-key), due to a mismatched [`xpack.encryptedSavedObjects.encryptionKey`](https://www.elastic.co/guide/en/kibana/current/security-settings-kb.html#security-encrypted-saved-objects-settings) as Elasticsearch Service does not [allow users to set](edit-stack-settings.md) nor expose this value. While workarounds are possible, this is not officially supported nor generally recommended.
 
 
 ## APM Agent central configuration with PrivateLink or traffic filters [ec-restrictions-apm-traffic-filters]
diff --git a/deploy-manage/monitor/kibana-task-manager-health-monitoring.md b/deploy-manage/monitor/kibana-task-manager-health-monitoring.md
index 0e15d38491..808af0d840 100644
--- a/deploy-manage/monitor/kibana-task-manager-health-monitoring.md
+++ b/deploy-manage/monitor/kibana-task-manager-health-monitoring.md
@@ -108,7 +108,7 @@ The Runtime `status` indicates whether task executions have exceeded any of the
 ::::{important}
 Some tasks (such as [connectors](../manage-connectors.md)) will incorrectly report their status as successful even if the task failed. The runtime and workload block will return data about success and failures and will not take this into consideration.
 
-To get a better sense of action failures, please refer to the [Event log index](../../explore-analyze/alerts/kibana/event-log-index.md) for more accurate context into failures and successes.
+To get a better sense of action failures, please refer to the [Event log index](../../explore-analyze/alerts-cases/alerts/event-log-index.md) for more accurate context into failures and successes.
 
 ::::
 
diff --git a/deploy-manage/monitor/monitoring-data/elasticsearch-metrics.md b/deploy-manage/monitor/monitoring-data/elasticsearch-metrics.md
index bb53190d60..44580320f4 100644
--- a/deploy-manage/monitor/monitoring-data/elasticsearch-metrics.md
+++ b/deploy-manage/monitor/monitoring-data/elasticsearch-metrics.md
@@ -29,7 +29,7 @@ For more information, refer to [Monitor a cluster](../../monitor.md).
 To view the key metrics that indicate the overall health of an {{es}} cluster, click **Overview** in the {{es}} section. Anything that needs your attention is highlighted in yellow or red.
 
 ::::{tip}
-Conditions that require your attention are listed at the top of the Clusters page. You can also set up watches to alert you when the status of your cluster changes. To learn how, see [Watching the status of an {{es}} cluster](../../../explore-analyze/alerts/watcher/watch-cluster-status.md).
+Conditions that require your attention are listed at the top of the Clusters page. You can also set up watches to alert you when the status of your cluster changes. To learn how, see [Watching the status of an {{es}} cluster](../../../explore-analyze/alerts-cases/watcher/watch-cluster-status.md).
 ::::
 
 
diff --git a/deploy-manage/monitor/monitoring-data/kibana-alerts.md b/deploy-manage/monitor/monitoring-data/kibana-alerts.md
index 5aa523890a..5c22ce1d39 100644
--- a/deploy-manage/monitor/monitoring-data/kibana-alerts.md
+++ b/deploy-manage/monitor/monitoring-data/kibana-alerts.md
@@ -12,7 +12,7 @@ applies:
 
 # Kibana alerts [kibana-alerts]
 
-The {{stack}} {monitor-features} provide [Alerting rules](../../../explore-analyze/alerts/kibana.md) out-of-the box to notify you of potential issues in the {{stack}}. These rules are preconfigured based on the best practices recommended by Elastic. However, you can tailor them to meet your specific needs.
+The {{stack}} {monitor-features} provide [Alerting rules](../../../explore-analyze/alerts-cases/alerts.md) out-of-the box to notify you of potential issues in the {{stack}}. These rules are preconfigured based on the best practices recommended by Elastic. However, you can tailor them to meet your specific needs.
 
 :::{image} ../../../images/kibana-monitoring-kibana-alerting-notification.png
 :alt: {{kib}} alerting notifications in {stack-monitor-app}
diff --git a/deploy-manage/production-guidance/kibana-alerting-production-considerations.md b/deploy-manage/production-guidance/kibana-alerting-production-considerations.md
index b10ef4d339..e79aa5f82d 100644
--- a/deploy-manage/production-guidance/kibana-alerting-production-considerations.md
+++ b/deploy-manage/production-guidance/kibana-alerting-production-considerations.md
@@ -29,7 +29,7 @@ Rule and action tasks can run late or at an inconsistent schedule. This is typic
 
 You can address such issues by tweaking the [Task Manager settings](https://www.elastic.co/guide/en/kibana/current/task-manager-settings-kb.html#task-manager-settings) or scaling the deployment to better suit your use case.
 
-For detailed guidance, see [Alerting Troubleshooting](../../explore-analyze/alerts/kibana/alerting-troubleshooting.md).
+For detailed guidance, see [Alerting Troubleshooting](../../explore-analyze/alerts-cases/alerts/alerting-troubleshooting.md).
 
 ::::
 
diff --git a/deploy-manage/users-roles/cluster-or-deployment-auth/quickstart.md b/deploy-manage/users-roles/cluster-or-deployment-auth/quickstart.md
index aab11649cb..d271737da3 100644
--- a/deploy-manage/users-roles/cluster-or-deployment-auth/quickstart.md
+++ b/deploy-manage/users-roles/cluster-or-deployment-auth/quickstart.md
@@ -16,7 +16,7 @@ This guide introduces you to three of {{kib}}'s security features: spaces, roles
 
 Do you have multiple teams using {{kib}}? Do you want a “playground” to experiment with new visualizations or rules? If so, then [{{kib}} Spaces](../../manage-spaces.md) can help.
 
-Think of a space as another instance of {{kib}}. A space allows you to organize your [dashboards](../../../explore-analyze/dashboards.md), [rules](../../../explore-analyze/alerts/kibana.md), [machine learning jobs](../../../explore-analyze/machine-learning/machine-learning-in-kibana.md), and much more into their own categories. For example, you might have a Marketing space for your marketeers to track the results of their campaigns, and an Engineering space for your developers to [monitor application performance](https://www.elastic.co/guide/en/apm/guide/current/apm-overview.html).
+Think of a space as another instance of {{kib}}. A space allows you to organize your [dashboards](../../../explore-analyze/dashboards.md), [rules](../../../explore-analyze/alerts-cases/alerts.md), [machine learning jobs](../../../explore-analyze/machine-learning/machine-learning-in-kibana.md), and much more into their own categories. For example, you might have a Marketing space for your marketeers to track the results of their campaigns, and an Engineering space for your developers to [monitor application performance](https://www.elastic.co/guide/en/apm/guide/current/apm-overview.html).
 
 The assets you create in one space are isolated from other spaces, so when you enter a space, you only see the assets that belong to that space.
 
diff --git a/explore-analyze/alerts.md b/explore-analyze/alerts-cases.md
similarity index 99%
rename from explore-analyze/alerts.md
rename to explore-analyze/alerts-cases.md
index 2cb23e5390..1ef9cd2367 100644
--- a/explore-analyze/alerts.md
+++ b/explore-analyze/alerts-cases.md
@@ -20,12 +20,15 @@ $$$alerting-concepts-conditions$$$
 Alerting tools in Elasticsearch and Kibana provide functionality to monitor data and notify you about significant changes or events in real time. This page provides an overview of how the key components work.
 
 ## Alerts
+
 Alerts are notifications generated when specific conditions are met. These notifications are sent to you through channels that you previously set such as email, Slack, webhooks, PagerDuty, and so on. Alerts are created based on rules, which define the criteria for triggering them. Rules monitor the data indexed in Elasticsearch and evaluate conditions on a defined schedule to identify matches. For example, a threshold rule can generate an alert when a value crosses a specific threshold, while a machine learning rule activates an alert when an anomaly detection job identifies an anomaly.
 
 ## Cases
+
 Cases are a collaboration and tracking tool, which is particularly useful for incidents or issues that arise from alerts. You can group related alerts into a case for easier management, add notes and comments to provide context, track investigation progress, and assign cases to team members or link them to external systems. Cases ensure that teams have a central place to track and resolve alerts efficiently.
 
 ## Maintenance windows
+
 If you have a planned outage, maintenance windows prevent rules from generating notifications in that period. Alerts still occur but their notifications are suppressed.
 
 ### Workflow Example
@@ -38,4 +41,5 @@ If you have a planned outage, maintenance windows prevent rules from generating
 By combining these tools, Elasticsearch and Kibana enable incident response workflows, helping teams to detect, investigate, and resolve issues efficiently.
 
 ## Watcher
+
 You can use Watcher for alerting and monitoring specific conditions in your data. It enables you to define rules and take automated actions when certain criteria are met. Watcher is a powerful alerting tool for custom use cases and more complex alerting logic. It allows advanced scripting using Painless to define complex conditions and transformations.
diff --git a/explore-analyze/alerts/kibana.md b/explore-analyze/alerts-cases/alerts.md
similarity index 98%
rename from explore-analyze/alerts/kibana.md
rename to explore-analyze/alerts-cases/alerts.md
index 4f9691b294..9177c1274d 100644
--- a/explore-analyze/alerts/kibana.md
+++ b/explore-analyze/alerts-cases/alerts.md
@@ -5,7 +5,7 @@ mapped_urls:
   - https://www.elastic.co/guide/en/cloud/current/ec-organizations-notifications-domain-allowlist.html
 ---
 
-# Kibana alerts
+# Alerts
 
 % What needs to be done: Align serverless/stateful
 
diff --git a/explore-analyze/alerts/kibana/alerting-common-issues.md b/explore-analyze/alerts-cases/alerts/alerting-common-issues.md
similarity index 100%
rename from explore-analyze/alerts/kibana/alerting-common-issues.md
rename to explore-analyze/alerts-cases/alerts/alerting-common-issues.md
diff --git a/raw-migrated-files/kibana/kibana/alerting-getting-started.md b/explore-analyze/alerts-cases/alerts/alerting-getting-started.md
similarity index 84%
rename from raw-migrated-files/kibana/kibana/alerting-getting-started.md
rename to explore-analyze/alerts-cases/alerts/alerting-getting-started.md
index bbb46f13ed..73ba9728c8 100644
--- a/raw-migrated-files/kibana/kibana/alerting-getting-started.md
+++ b/explore-analyze/alerts-cases/alerts/alerting-getting-started.md
@@ -1,23 +1,25 @@
-# Alerting [alerting-getting-started]
+---
+navigation_title: Getting started with alerts
+---
 
-Alerting enables you to define *rules*, which detect complex conditions within different {{kib}} apps and trigger actions when those conditions are met. Alerting is integrated with [**{{observability}}**](../../../solutions/observability/incident-management/alerting.md), [**Security**](https://www.elastic.co/guide/en/security/current/prebuilt-rules.html), [**Maps**](../../../explore-analyze/alerts/kibana/geo-alerting.md) and [**{{ml-app}}**](../../../explore-analyze/machine-learning/anomaly-detection/ml-configuring-alerts.md). It can be centrally managed from **{{stack-manage-app}}** and provides a set of built-in [connectors](../../../deploy-manage/manage-connectors.md) and [rules](../../../explore-analyze/alerts/kibana/rule-types.md#stack-rules) for you to use.
+# Getting started with alerting [alerting-getting-started]
+
+Alerting enables you to define *rules*, which detect complex conditions within different {{kib}} apps and trigger actions when those conditions are met. Alerting is integrated with [**{{observability}}**](../../../solutions/observability/incident-management/alerting.md), [**Security**](https://www.elastic.co/guide/en/security/current/prebuilt-rules.html), [**Maps**](../../../explore-analyze/alerts-cases/alerts/geo-alerting.md) and [**{{ml-app}}**](../../../explore-analyze/machine-learning/anomaly-detection/ml-configuring-alerts.md). It can be centrally managed from **{{stack-manage-app}}** and provides a set of built-in [connectors](../../../deploy-manage/manage-connectors.md) and [rules](../../../explore-analyze/alerts-cases/alerts/rule-types.md#stack-rules) for you to use.
 
 :::{image} ../../../images/kibana-alerting-overview.png
 :alt: {{rules-ui}} UI
 :::
 
 ::::{important}
-To make sure you can access alerting and actions, see the [setup and prerequisites](../../../explore-analyze/alerts/kibana/alerting-setup.md#alerting-prerequisites) section.
+To make sure you can access alerting and actions, see the [setup and prerequisites](../../../explore-analyze/alerts-cases/alerts/alerting-setup.md#alerting-prerequisites) section.
 
 ::::
 
-
 Alerting works by running checks on a schedule to detect conditions defined by a rule. When a condition is met, the rule tracks it as an *alert* and responds by triggering one or more *actions*. Actions typically involve interaction with {{kib}} services or third party integrations. *Connectors* enable actions to talk to these services and integrations. This section describes all of these elements and how they operate together.
 
-
 ## Rules [_rules]
 
-A rule specifies a background task that runs on the {{kib}} server to check for specific conditions. {{kib}} provides two types of rules: stack rules that are built into {{kib}} and the rules that are registered by {{kib}} apps. For more information, refer to [*Rule types*](../../../explore-analyze/alerts/kibana/rule-types.md).
+A rule specifies a background task that runs on the {{kib}} server to check for specific conditions. {{kib}} provides two types of rules: stack rules that are built into {{kib}} and the rules that are registered by {{kib}} apps. For more information, refer to [*Rule types*](../../../explore-analyze/alerts-cases/alerts/rule-types.md).
 
 A rule consists of three main parts:
 
@@ -37,17 +39,15 @@ For example, when monitoring a set of servers, a rule might:
 
 The following sections describe each part of the rule in more detail.
 
-
 ### Conditions [alerting-concepts-conditions]
 
 Under the hood, {{kib}} rules detect conditions by running a JavaScript function on the {{kib}} server, which gives it the flexibility to support a wide range of conditions, anything from the results of a simple {{es}} query to heavy computations involving data from multiple sources or external systems.
 
 These conditions are packaged and exposed as *rule types*. A rule type hides the underlying details of the condition, and exposes a set of parameters to control the details of the conditions to detect.
 
-For example, an [index threshold rule type](../../../explore-analyze/alerts/kibana/rule-type-index-threshold.md) lets you specify the index to query, an aggregation field, and a time window, but the details of the underlying {{es}} query are hidden.
-
-See [*Rule types*](../../../explore-analyze/alerts/kibana/rule-types.md) for the rules provided by {{kib}} and how they express their conditions.
+For example, an [index threshold rule type](../../../explore-analyze/alerts-cases/alerts/rule-type-index-threshold.md) lets you specify the index to query, an aggregation field, and a time window, but the details of the underlying {{es}} query are hidden.
 
+See [*Rule types*](../../../explore-analyze/alerts-cases/alerts/rule-types.md) for the rules provided by {{kib}} and how they express their conditions.
 
 ### Schedule [alerting-concepts-scheduling]
 
@@ -58,8 +58,6 @@ The intervals of rule checks in {{kib}} are approximate. Their timing is affecte
 
 ::::
 
-
-
 ### Actions [alerting-concepts-actions]
 
 Actions run as background tasks on the {{kib}} server when rule conditions are met. Recovery actions likewise run when rule conditions are no longer met. They send notifications by connecting with services inside {{kib}} or integrating with third-party systems.
@@ -82,7 +80,6 @@ In the server monitoring example, the `email` connector type is used, and `serve
 
 When the rule detects the condition, it creates an alert containing the details of the condition.
 
-
 ## Alerts [alerting-concepts-alerts]
 
 When checking for a condition, a rule might identify multiple occurrences of the condition. {{kib}} tracks each of these alerts separately. Depending on the action frequency, an action occurs per alert or at the specified alert summary interval.
@@ -93,7 +90,6 @@ Using the server monitoring example, each server with average CPU > 0.9 is track
 :alt: {{kib}} tracks each detected condition as an alert and takes action on each alert
 :::
 
-
 ## Putting it all together [_putting_it_all_together]
 
 A rule consists of conditions, actions, and a schedule. When conditions are met, alerts are created that render actions and invoke them. To make action setup and update easier, actions use connectors that centralize the information used to connect with {{kib}} services and third-party integrations. The following example ties these concepts together:
@@ -107,19 +103,17 @@ A rule consists of conditions, actions, and a schedule. When conditions are met,
 3. {{kib}} runs the actions, sending notifications by using a third party integration like an email service.
 4. If the third party integration has connection parameters or credentials, {{kib}} fetches these from the appropriate connector.
 
-
 ## Differences from {{watcher}} [alerting-concepts-differences]
 
-[{{watcher}}](../../../explore-analyze/alerts/watcher.md) and the {{kib}} {alert-features} are both used to detect conditions and can trigger actions in response, but they are completely independent alerting systems.
+[{{watcher}}](../../../explore-analyze/alerts-cases/watcher.md) and the {{kib}} {alert-features} are both used to detect conditions and can trigger actions in response, but they are completely independent alerting systems.
 
 This section will clarify some of the important differences in the function and intent of the two systems.
 
 Functionally, the {{alert-features}} differ in that:
 
 * Scheduled checks are run on {{kib}} instead of {es}
-* {{kib}} [rules hide the details of detecting conditions](../../../explore-analyze/alerts.md#alerting-concepts-conditions) through rule types, whereas watches provide low-level control over inputs, conditions, and transformations.
+* {{kib}} [rules hide the details of detecting conditions](../../../explore-analyze/alerts-cases.md#alerting-concepts-conditions) through rule types, whereas watches provide low-level control over inputs, conditions, and transformations.
 * {{kib}} rules track and persist the state of each detected condition through alerts. This makes it possible to mute and throttle individual alerts, and detect changes in state such as resolution.
 * Actions are linked to alerts. Actions are fired for each occurrence of a detected condition, rather than for the entire rule.
 
 At a higher level, the {{alert-features}} allow rich integrations across use cases like [**APM**](https://www.elastic.co/guide/en/kibana/current/observability.html#apm-app), [**Metrics**](https://www.elastic.co/guide/en/kibana/current/observability.html#metrics-app), [**Security**](https://www.elastic.co/guide/en/kibana/current/xpack-siem.html), and [**Uptime**](https://www.elastic.co/guide/en/kibana/current/observability.html#uptime-app). Prepackaged rule types simplify setup and hide the details of complex, domain-specific detections, while providing a consistent interface across {{kib}}.
-
diff --git a/explore-analyze/alerts/kibana/alerting-setup.md b/explore-analyze/alerts-cases/alerts/alerting-setup.md
similarity index 100%
rename from explore-analyze/alerts/kibana/alerting-setup.md
rename to explore-analyze/alerts-cases/alerts/alerting-setup.md
diff --git a/explore-analyze/alerts/kibana/alerting-troubleshooting.md b/explore-analyze/alerts-cases/alerts/alerting-troubleshooting.md
similarity index 100%
rename from explore-analyze/alerts/kibana/alerting-troubleshooting.md
rename to explore-analyze/alerts-cases/alerts/alerting-troubleshooting.md
diff --git a/explore-analyze/alerts/kibana/create-manage-rules.md b/explore-analyze/alerts-cases/alerts/create-manage-rules.md
similarity index 99%
rename from explore-analyze/alerts/kibana/create-manage-rules.md
rename to explore-analyze/alerts-cases/alerts/create-manage-rules.md
index ede39ff491..239a9972e2 100644
--- a/explore-analyze/alerts/kibana/create-manage-rules.md
+++ b/explore-analyze/alerts-cases/alerts/create-manage-rules.md
@@ -18,7 +18,7 @@ You can find **Rules** in **Stack Management** > **Alerts and insights** > **Rul
 * Drill down to [rule details](#rule-details)
 * Configure rule settings
 
-For more information on alerting concepts and the types of rules and connectors available, go to [Alerting](../kibana.md).
+For more information on alerting concepts and the types of rules and connectors available, go to [Alerting](../alerts.md).
 
 
 ## Required permissions [_required_permissions]
diff --git a/explore-analyze/alerts/kibana/event-log-index.md b/explore-analyze/alerts-cases/alerts/event-log-index.md
similarity index 100%
rename from explore-analyze/alerts/kibana/event-log-index.md
rename to explore-analyze/alerts-cases/alerts/event-log-index.md
diff --git a/explore-analyze/alerts/kibana/geo-alerting.md b/explore-analyze/alerts-cases/alerts/geo-alerting.md
similarity index 100%
rename from explore-analyze/alerts/kibana/geo-alerting.md
rename to explore-analyze/alerts-cases/alerts/geo-alerting.md
diff --git a/explore-analyze/alerts/kibana/maintenance-windows.md b/explore-analyze/alerts-cases/alerts/maintenance-windows.md
similarity index 100%
rename from explore-analyze/alerts/kibana/maintenance-windows.md
rename to explore-analyze/alerts-cases/alerts/maintenance-windows.md
diff --git a/explore-analyze/alerts/kibana/rule-action-variables.md b/explore-analyze/alerts-cases/alerts/rule-action-variables.md
similarity index 100%
rename from explore-analyze/alerts/kibana/rule-action-variables.md
rename to explore-analyze/alerts-cases/alerts/rule-action-variables.md
diff --git a/explore-analyze/alerts/kibana/rule-type-es-query.md b/explore-analyze/alerts-cases/alerts/rule-type-es-query.md
similarity index 100%
rename from explore-analyze/alerts/kibana/rule-type-es-query.md
rename to explore-analyze/alerts-cases/alerts/rule-type-es-query.md
diff --git a/explore-analyze/alerts/kibana/rule-type-index-threshold.md b/explore-analyze/alerts-cases/alerts/rule-type-index-threshold.md
similarity index 100%
rename from explore-analyze/alerts/kibana/rule-type-index-threshold.md
rename to explore-analyze/alerts-cases/alerts/rule-type-index-threshold.md
diff --git a/explore-analyze/alerts/kibana/rule-types.md b/explore-analyze/alerts-cases/alerts/rule-types.md
similarity index 94%
rename from explore-analyze/alerts/kibana/rule-types.md
rename to explore-analyze/alerts-cases/alerts/rule-types.md
index 5dd73dc4a8..08f4799ee9 100644
--- a/explore-analyze/alerts/kibana/rule-types.md
+++ b/explore-analyze/alerts-cases/alerts/rule-types.md
@@ -5,7 +5,7 @@ mapped_pages:
 
 # Rule types [rule-types]
 
-A rule is a set of [conditions](../kibana.md#alerting-concepts-conditions), [schedules](../kibana.md#alerting-concepts-scheduling), and [actions](../kibana.md#alerting-concepts-actions) that enable notifications. {{kib}} provides rules built into the {{stack}} and rules registered by one of the {{kib}} apps. You can create most rules types in [{{stack-manage-app}} > {{rules-ui}}](create-manage-rules.md). Security rules must be defined in the Security app. For more information, refer to the documentation about [creating a detection rule](../../../solutions/security/detect-and-alert/create-detection-rule.md).
+A rule is a set of [conditions](../alerts.md#alerting-concepts-conditions), [schedules](../alerts.md#alerting-concepts-scheduling), and [actions](../alerts.md#alerting-concepts-actions) that enable notifications. {{kib}} provides rules built into the {{stack}} and rules registered by one of the {{kib}} apps. You can create most rules types in [{{stack-manage-app}} > {{rules-ui}}](create-manage-rules.md). Security rules must be defined in the Security app. For more information, refer to the documentation about [creating a detection rule](../../../solutions/security/detect-and-alert/create-detection-rule.md).
 
 ::::{note} 
 Some rule types are subscription features, while others are free features. For a comparison of the Elastic subscription levels, see [the subscription page](https://www.elastic.co/subscriptions).
diff --git a/explore-analyze/alerts/kibana/testing-connectors.md b/explore-analyze/alerts-cases/alerts/testing-connectors.md
similarity index 100%
rename from explore-analyze/alerts/kibana/testing-connectors.md
rename to explore-analyze/alerts-cases/alerts/testing-connectors.md
diff --git a/explore-analyze/alerts/kibana/view-alerts.md b/explore-analyze/alerts-cases/alerts/view-alerts.md
similarity index 98%
rename from explore-analyze/alerts/kibana/view-alerts.md
rename to explore-analyze/alerts-cases/alerts/view-alerts.md
index 871f0be4ec..8e309c5bc0 100644
--- a/explore-analyze/alerts/kibana/view-alerts.md
+++ b/explore-analyze/alerts-cases/alerts/view-alerts.md
@@ -5,7 +5,7 @@ mapped_pages:
 
 # View alerts [view-alerts]
 
-When the conditions of a rule are met, it creates an alert. If the rule has actions, they run at the defined frequency. For example, the rule can send email notifications for each alert at a custom interval. For an introduction to the concepts of rules, alerts, and actions, refer to [Alerting](../kibana.md).
+When the conditions of a rule are met, it creates an alert. If the rule has actions, they run at the defined frequency. For example, the rule can send email notifications for each alert at a custom interval. For an introduction to the concepts of rules, alerts, and actions, refer to [Alerting](../alerts.md).
 
 You can manage the alerts for each rule in **{{stack-manage-app}}** > **{{rules-ui}}**. Alternatively, manage all your alerts in **{{stack-manage-app}}** > **Alerts**. [preview]
 
diff --git a/explore-analyze/alerts/cases.md b/explore-analyze/alerts-cases/cases.md
similarity index 100%
rename from explore-analyze/alerts/cases.md
rename to explore-analyze/alerts-cases/cases.md
diff --git a/explore-analyze/alerts/cases/manage-cases-settings.md b/explore-analyze/alerts-cases/cases/manage-cases-settings.md
similarity index 100%
rename from explore-analyze/alerts/cases/manage-cases-settings.md
rename to explore-analyze/alerts-cases/cases/manage-cases-settings.md
diff --git a/explore-analyze/alerts/cases/manage-cases.md b/explore-analyze/alerts-cases/cases/manage-cases.md
similarity index 99%
rename from explore-analyze/alerts/cases/manage-cases.md
rename to explore-analyze/alerts-cases/cases/manage-cases.md
index 9e0aa46554..bc77ef5589 100644
--- a/explore-analyze/alerts/cases/manage-cases.md
+++ b/explore-analyze/alerts-cases/cases/manage-cases.md
@@ -39,7 +39,7 @@ You can configure email notifications that occur when users are assigned to case
 
 For hosted {{kib}} on {{ess}}:
 
-1. Add the email domains to the [notifications domain allowlist](../kibana.md).
+1. Add the email domains to the [notifications domain allowlist](../alerts.md).
 
     You do not need to take any more steps to configure an email connector or update {{kib}} user settings, since the preconfigured Elastic-Cloud-SMTP connector is used by default.
 
diff --git a/explore-analyze/alerts/cases/setup-cases.md b/explore-analyze/alerts-cases/cases/setup-cases.md
similarity index 100%
rename from explore-analyze/alerts/cases/setup-cases.md
rename to explore-analyze/alerts-cases/cases/setup-cases.md
diff --git a/explore-analyze/alerts/watcher.md b/explore-analyze/alerts-cases/watcher.md
similarity index 100%
rename from explore-analyze/alerts/watcher.md
rename to explore-analyze/alerts-cases/watcher.md
diff --git a/explore-analyze/alerts/watcher/action-conditions.md b/explore-analyze/alerts-cases/watcher/action-conditions.md
similarity index 100%
rename from explore-analyze/alerts/watcher/action-conditions.md
rename to explore-analyze/alerts-cases/watcher/action-conditions.md
diff --git a/explore-analyze/alerts/watcher/action-foreach.md b/explore-analyze/alerts-cases/watcher/action-foreach.md
similarity index 100%
rename from explore-analyze/alerts/watcher/action-foreach.md
rename to explore-analyze/alerts-cases/watcher/action-foreach.md
diff --git a/explore-analyze/alerts/watcher/actions-email.md b/explore-analyze/alerts-cases/watcher/actions-email.md
similarity index 100%
rename from explore-analyze/alerts/watcher/actions-email.md
rename to explore-analyze/alerts-cases/watcher/actions-email.md
diff --git a/explore-analyze/alerts/watcher/actions-index.md b/explore-analyze/alerts-cases/watcher/actions-index.md
similarity index 100%
rename from explore-analyze/alerts/watcher/actions-index.md
rename to explore-analyze/alerts-cases/watcher/actions-index.md
diff --git a/explore-analyze/alerts/watcher/actions-jira.md b/explore-analyze/alerts-cases/watcher/actions-jira.md
similarity index 100%
rename from explore-analyze/alerts/watcher/actions-jira.md
rename to explore-analyze/alerts-cases/watcher/actions-jira.md
diff --git a/explore-analyze/alerts/watcher/actions-logging.md b/explore-analyze/alerts-cases/watcher/actions-logging.md
similarity index 100%
rename from explore-analyze/alerts/watcher/actions-logging.md
rename to explore-analyze/alerts-cases/watcher/actions-logging.md
diff --git a/explore-analyze/alerts/watcher/actions-pagerduty.md b/explore-analyze/alerts-cases/watcher/actions-pagerduty.md
similarity index 100%
rename from explore-analyze/alerts/watcher/actions-pagerduty.md
rename to explore-analyze/alerts-cases/watcher/actions-pagerduty.md
diff --git a/explore-analyze/alerts/watcher/actions-slack.md b/explore-analyze/alerts-cases/watcher/actions-slack.md
similarity index 100%
rename from explore-analyze/alerts/watcher/actions-slack.md
rename to explore-analyze/alerts-cases/watcher/actions-slack.md
diff --git a/explore-analyze/alerts/watcher/actions-webhook.md b/explore-analyze/alerts-cases/watcher/actions-webhook.md
similarity index 100%
rename from explore-analyze/alerts/watcher/actions-webhook.md
rename to explore-analyze/alerts-cases/watcher/actions-webhook.md
diff --git a/explore-analyze/alerts/watcher/actions.md b/explore-analyze/alerts-cases/watcher/actions.md
similarity index 100%
rename from explore-analyze/alerts/watcher/actions.md
rename to explore-analyze/alerts-cases/watcher/actions.md
diff --git a/explore-analyze/alerts/watcher/condition-always.md b/explore-analyze/alerts-cases/watcher/condition-always.md
similarity index 100%
rename from explore-analyze/alerts/watcher/condition-always.md
rename to explore-analyze/alerts-cases/watcher/condition-always.md
diff --git a/explore-analyze/alerts/watcher/condition-array-compare.md b/explore-analyze/alerts-cases/watcher/condition-array-compare.md
similarity index 100%
rename from explore-analyze/alerts/watcher/condition-array-compare.md
rename to explore-analyze/alerts-cases/watcher/condition-array-compare.md
diff --git a/explore-analyze/alerts/watcher/condition-compare.md b/explore-analyze/alerts-cases/watcher/condition-compare.md
similarity index 100%
rename from explore-analyze/alerts/watcher/condition-compare.md
rename to explore-analyze/alerts-cases/watcher/condition-compare.md
diff --git a/explore-analyze/alerts/watcher/condition-never.md b/explore-analyze/alerts-cases/watcher/condition-never.md
similarity index 100%
rename from explore-analyze/alerts/watcher/condition-never.md
rename to explore-analyze/alerts-cases/watcher/condition-never.md
diff --git a/explore-analyze/alerts/watcher/condition-script.md b/explore-analyze/alerts-cases/watcher/condition-script.md
similarity index 100%
rename from explore-analyze/alerts/watcher/condition-script.md
rename to explore-analyze/alerts-cases/watcher/condition-script.md
diff --git a/explore-analyze/alerts/watcher/condition.md b/explore-analyze/alerts-cases/watcher/condition.md
similarity index 100%
rename from explore-analyze/alerts/watcher/condition.md
rename to explore-analyze/alerts-cases/watcher/condition.md
diff --git a/explore-analyze/alerts/watcher/encrypting-data.md b/explore-analyze/alerts-cases/watcher/encrypting-data.md
similarity index 100%
rename from explore-analyze/alerts/watcher/encrypting-data.md
rename to explore-analyze/alerts-cases/watcher/encrypting-data.md
diff --git a/explore-analyze/alerts/watcher/example-watches.md b/explore-analyze/alerts-cases/watcher/example-watches.md
similarity index 100%
rename from explore-analyze/alerts/watcher/example-watches.md
rename to explore-analyze/alerts-cases/watcher/example-watches.md
diff --git a/explore-analyze/alerts/watcher/how-watcher-works.md b/explore-analyze/alerts-cases/watcher/how-watcher-works.md
similarity index 100%
rename from explore-analyze/alerts/watcher/how-watcher-works.md
rename to explore-analyze/alerts-cases/watcher/how-watcher-works.md
diff --git a/explore-analyze/alerts/watcher/input-chain.md b/explore-analyze/alerts-cases/watcher/input-chain.md
similarity index 100%
rename from explore-analyze/alerts/watcher/input-chain.md
rename to explore-analyze/alerts-cases/watcher/input-chain.md
diff --git a/explore-analyze/alerts/watcher/input-http.md b/explore-analyze/alerts-cases/watcher/input-http.md
similarity index 100%
rename from explore-analyze/alerts/watcher/input-http.md
rename to explore-analyze/alerts-cases/watcher/input-http.md
diff --git a/explore-analyze/alerts/watcher/input-search.md b/explore-analyze/alerts-cases/watcher/input-search.md
similarity index 100%
rename from explore-analyze/alerts/watcher/input-search.md
rename to explore-analyze/alerts-cases/watcher/input-search.md
diff --git a/explore-analyze/alerts/watcher/input-simple.md b/explore-analyze/alerts-cases/watcher/input-simple.md
similarity index 100%
rename from explore-analyze/alerts/watcher/input-simple.md
rename to explore-analyze/alerts-cases/watcher/input-simple.md
diff --git a/explore-analyze/alerts/watcher/input.md b/explore-analyze/alerts-cases/watcher/input.md
similarity index 100%
rename from explore-analyze/alerts/watcher/input.md
rename to explore-analyze/alerts-cases/watcher/input.md
diff --git a/explore-analyze/alerts/watcher/managing-watches.md b/explore-analyze/alerts-cases/watcher/managing-watches.md
similarity index 100%
rename from explore-analyze/alerts/watcher/managing-watches.md
rename to explore-analyze/alerts-cases/watcher/managing-watches.md
diff --git a/explore-analyze/alerts/watcher/transform-chain.md b/explore-analyze/alerts-cases/watcher/transform-chain.md
similarity index 100%
rename from explore-analyze/alerts/watcher/transform-chain.md
rename to explore-analyze/alerts-cases/watcher/transform-chain.md
diff --git a/explore-analyze/alerts/watcher/transform-script.md b/explore-analyze/alerts-cases/watcher/transform-script.md
similarity index 100%
rename from explore-analyze/alerts/watcher/transform-script.md
rename to explore-analyze/alerts-cases/watcher/transform-script.md
diff --git a/explore-analyze/alerts/watcher/transform-search.md b/explore-analyze/alerts-cases/watcher/transform-search.md
similarity index 100%
rename from explore-analyze/alerts/watcher/transform-search.md
rename to explore-analyze/alerts-cases/watcher/transform-search.md
diff --git a/explore-analyze/alerts/watcher/transform.md b/explore-analyze/alerts-cases/watcher/transform.md
similarity index 100%
rename from explore-analyze/alerts/watcher/transform.md
rename to explore-analyze/alerts-cases/watcher/transform.md
diff --git a/explore-analyze/alerts/watcher/trigger-schedule.md b/explore-analyze/alerts-cases/watcher/trigger-schedule.md
similarity index 100%
rename from explore-analyze/alerts/watcher/trigger-schedule.md
rename to explore-analyze/alerts-cases/watcher/trigger-schedule.md
diff --git a/explore-analyze/alerts/watcher/trigger.md b/explore-analyze/alerts-cases/watcher/trigger.md
similarity index 100%
rename from explore-analyze/alerts/watcher/trigger.md
rename to explore-analyze/alerts-cases/watcher/trigger.md
diff --git a/explore-analyze/alerts/watcher/watch-cluster-status.md b/explore-analyze/alerts-cases/watcher/watch-cluster-status.md
similarity index 100%
rename from explore-analyze/alerts/watcher/watch-cluster-status.md
rename to explore-analyze/alerts-cases/watcher/watch-cluster-status.md
diff --git a/explore-analyze/alerts/watcher/watcher-getting-started.md b/explore-analyze/alerts-cases/watcher/watcher-getting-started.md
similarity index 100%
rename from explore-analyze/alerts/watcher/watcher-getting-started.md
rename to explore-analyze/alerts-cases/watcher/watcher-getting-started.md
diff --git a/explore-analyze/alerts/watcher/watcher-limitations.md b/explore-analyze/alerts-cases/watcher/watcher-limitations.md
similarity index 100%
rename from explore-analyze/alerts/watcher/watcher-limitations.md
rename to explore-analyze/alerts-cases/watcher/watcher-limitations.md
diff --git a/explore-analyze/discover/discover-get-started.md b/explore-analyze/discover/discover-get-started.md
index 92d604e3bf..0027e11f05 100644
--- a/explore-analyze/discover/discover-get-started.md
+++ b/explore-analyze/discover/discover-get-started.md
@@ -260,10 +260,10 @@ From **Discover**, you can create a rule to periodically check when data goes ab
 
     The **Create rule** form is pre-filled with the latest query sent to {{es}}.
 
-3. [Configure your query](../alerts/kibana/rule-type-es-query.md) and [select a connector type](../../deploy-manage/manage-connectors.md).
+3. [Configure your query](../alerts-cases/alerts/rule-type-es-query.md) and [select a connector type](../../deploy-manage/manage-connectors.md).
 4. Click **Save**.
 
-For more about this and other rules provided in {{alert-features}}, go to [Alerting](../alerts/kibana.md).
+For more about this and other rules provided in {{alert-features}}, go to [Alerting](../alerts-cases/alerts.md).
 
 
 ## What’s next? [_whats_next_4]
diff --git a/explore-analyze/find-and-organize/find-apps-and-objects.md b/explore-analyze/find-and-organize/find-apps-and-objects.md
index a5d0c604ae..f4e4f2f82b 100644
--- a/explore-analyze/find-and-organize/find-apps-and-objects.md
+++ b/explore-analyze/find-and-organize/find-apps-and-objects.md
@@ -77,7 +77,7 @@ For a full list of data management UIs, refer to [**Stack Management**](../../de
 
 Detecting and acting on significant shifts and signals in your data is a need that exists in almost every use case. Alerting allows you to detect conditions in different {{kib}} apps and trigger actions when those conditions are met. For example, you might trigger an alert when a shift occurs in your business critical KPIs or when memory, CPU, or disk space take a dip. When the alert triggers, you can send a notification to a system that is part of your daily workflow: email, Slack, PagerDuty, ServiceNow, and other third party integrations.
 
-A dedicated view for creating, searching, and editing rules is in [**{{rules-ui}}**](../alerts/kibana/create-manage-rules.md).
+A dedicated view for creating, searching, and editing rules is in [**{{rules-ui}}**](../alerts-cases/alerts/create-manage-rules.md).
 
 
 ## Organize content [organize-and-secure]
diff --git a/explore-analyze/geospatial-analysis.md b/explore-analyze/geospatial-analysis.md
index 7100bc159e..b946d174b5 100644
--- a/explore-analyze/geospatial-analysis.md
+++ b/explore-analyze/geospatial-analysis.md
@@ -84,7 +84,7 @@ Put machine learning to work for you and find the data that should stand out wit
 
 ## Alerting [geospatial-alerting]
 
-Let your location data drive insights and action with [geographic alerts](alerts/kibana/geo-alerting.md). Commonly referred to as geo-fencing, track moving objects as they enter or exit a boundary to receive notifications through common business systems (email, Slack, Teams, PagerDuty, and more).
+Let your location data drive insights and action with [geographic alerts](alerts-cases/alerts/geo-alerting.md). Commonly referred to as geo-fencing, track moving objects as they enter or exit a boundary to receive notifications through common business systems (email, Slack, Teams, PagerDuty, and more).
 
 Interested in learning more? Follow [step-by-step instructions](visualize/maps/asset-tracking-tutorial.md) for setting up tracking containment alerts to monitor moving vehicles.
 
diff --git a/explore-analyze/machine-learning/anomaly-detection/ml-configuring-alerts.md b/explore-analyze/machine-learning/anomaly-detection/ml-configuring-alerts.md
index 593a859260..701652a180 100644
--- a/explore-analyze/machine-learning/anomaly-detection/ml-configuring-alerts.md
+++ b/explore-analyze/machine-learning/anomaly-detection/ml-configuring-alerts.md
@@ -5,7 +5,7 @@ mapped_pages:
 
 # Generating alerts for anomaly detection jobs [ml-configuring-alerts]
 
-{{kib}} {{alert-features}} include support for {{ml}} rules, which run scheduled checks for anomalies in one or more {{anomaly-jobs}} or check the health of the job with certain conditions. If the conditions of the rule are met, an alert is created and the associated action is triggered. For example, you can create a rule to check an {{anomaly-job}} every fifteen minutes for critical anomalies and to notify you in an email. To learn more about {{kib}} {{alert-features}}, refer to [Alerting](../../alerts/kibana.md#alerting-getting-started).
+{{kib}} {{alert-features}} include support for {{ml}} rules, which run scheduled checks for anomalies in one or more {{anomaly-jobs}} or check the health of the job with certain conditions. If the conditions of the rule are met, an alert is created and the associated action is triggered. For example, you can create a rule to check an {{anomaly-job}} every fifteen minutes for critical anomalies and to notify you in an email. To learn more about {{kib}} {{alert-features}}, refer to [Alerting](../../alerts-cases/alerts.md#alerting-getting-started).
 
 The following {{ml}} rules are available:
 
diff --git a/explore-analyze/report-and-share/automating-report-generation.md b/explore-analyze/report-and-share/automating-report-generation.md
index 2cb21e89ae..988443ddd9 100644
--- a/explore-analyze/report-and-share/automating-report-generation.md
+++ b/explore-analyze/report-and-share/automating-report-generation.md
@@ -30,7 +30,7 @@ To create the POST URL for CSV reports:
 
 ## Use Watcher [use-watcher]
 
-To configure a watch to email reports, use the `reporting` attachment type in an `email` action. For more information, refer to [Configuring email accounts](../alerts/watcher/actions-email.md#configuring-email).
+To configure a watch to email reports, use the `reporting` attachment type in an `email` action. For more information, refer to [Configuring email accounts](../alerts-cases/watcher/actions-email.md#configuring-email).
 
 For example, the following watch generates a PDF report and emails the report every hour:
 
@@ -68,7 +68,7 @@ PUT _watcher/watch/error_report
 }
 ```
 
-1. Configure at least one email account to enable Watcher to send email. For more information, refer to [Configuring email accounts](../alerts/watcher/actions-email.md#configuring-email).
+1. Configure at least one email account to enable Watcher to send email. For more information, refer to [Configuring email accounts](../alerts-cases/watcher/actions-email.md#configuring-email).
 2. An example POST URL. You can copy and paste the URL for any report.
 3. Optional, default is `40`.
 4. Optional, default is `15s`.
@@ -80,7 +80,7 @@ PUT _watcher/watch/error_report
 
 The report generation URL might contain date-math expressions that cause the watch to fail with a `parse_exception`. To avoid a failed watch, remove curly braces `{`  `}` from date-math expressions and URL-encode characters. For example, `...(range:(%27@timestamp%27:(gte:now-15m%2Fd,lte:now%2Fd))))...`
 
-For more information about configuring watches, refer to [How Watcher works](../alerts/watcher/how-watcher-works.md).
+For more information about configuring watches, refer to [How Watcher works](../alerts-cases/watcher/how-watcher-works.md).
 
 ::::
 
diff --git a/explore-analyze/scripting/painless-lab.md b/explore-analyze/scripting/painless-lab.md
index a771836fe9..210347a9a3 100644
--- a/explore-analyze/scripting/painless-lab.md
+++ b/explore-analyze/scripting/painless-lab.md
@@ -10,7 +10,7 @@ This functionality is in beta and is subject to change. The design and code is l
 ::::
 
 
-The **Painless Lab** is an interactive code editor that lets you test and debug [Painless scripts](modules-scripting-painless.md) in real-time. You can use the Painless scripting language to create [{{kib}} runtime fields](../find-and-organize/data-views.md#runtime-fields), process [reindexed data](https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-reindex.html), define complex [Watcher conditions](../alerts/watcher.md#watcher-create-advanced-watch), and work with data in other contexts.
+The **Painless Lab** is an interactive code editor that lets you test and debug [Painless scripts](modules-scripting-painless.md) in real-time. You can use the Painless scripting language to create [{{kib}} runtime fields](../find-and-organize/data-views.md#runtime-fields), process [reindexed data](https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-reindex.html), define complex [Watcher conditions](../alerts-cases/watcher.md#watcher-create-advanced-watch), and work with data in other contexts.
 
 Find **Painless Lab** by navigating to the **Developer tools** page using the navigation menu or the [global search field](../../get-started/the-stack.md#kibana-navigation-search).
 
diff --git a/explore-analyze/toc.yml b/explore-analyze/toc.yml
index 65ac32c70a..ad9940280c 100644
--- a/explore-analyze/toc.yml
+++ b/explore-analyze/toc.yml
@@ -330,70 +330,71 @@ toc:
         children:
           - file: report-and-share/reporting-troubleshooting-csv.md
           - file: report-and-share/reporting-troubleshooting-pdf.md
-  - file: alerts.md
+  - file: alerts-cases.md
     children:
-      - file: alerts/kibana.md
+      - file: alerts-cases/alerts.md
         children:
-          - file: alerts/kibana/alerting-setup.md
-          - file: alerts/kibana/create-manage-rules.md
-          - file: alerts/kibana/view-alerts.md
-          - file: alerts/kibana/rule-types.md
+          - file: alerts-cases/alerts/alerting-getting-started.md 
+          - file: alerts-cases/alerts/alerting-setup.md
+          - file: alerts-cases/alerts/create-manage-rules.md
+          - file: alerts-cases/alerts/view-alerts.md
+          - file: alerts-cases/alerts/rule-types.md
             children:
-              - file: alerts/kibana/rule-type-index-threshold.md
-              - file: alerts/kibana/rule-type-es-query.md
-              - file: alerts/kibana/geo-alerting.md
-          - file: alerts/kibana/rule-action-variables.md
-          - file: alerts/kibana/alerting-troubleshooting.md
+              - file: alerts-cases/alerts/rule-type-index-threshold.md
+              - file: alerts-cases/alerts/rule-type-es-query.md
+              - file: alerts-cases/alerts/geo-alerting.md
+          - file: alerts-cases/alerts/rule-action-variables.md
+          - file: alerts-cases/alerts/alerting-troubleshooting.md
             children:
-              - file: alerts/kibana/alerting-common-issues.md
-              - file: alerts/kibana/event-log-index.md
-              - file: alerts/kibana/testing-connectors.md
-          - file: alerts/kibana/maintenance-windows.md
-      - file: alerts/watcher.md
+              - file: alerts-cases/alerts/alerting-common-issues.md
+              - file: alerts-cases/alerts/event-log-index.md
+              - file: alerts-cases/alerts/testing-connectors.md
+          - file: alerts-cases/alerts/maintenance-windows.md
+      - file: alerts-cases/watcher.md
         children:
-          - file: alerts/watcher/watcher-getting-started.md
-          - file: alerts/watcher/how-watcher-works.md
-          - file: alerts/watcher/encrypting-data.md
-          - file: alerts/watcher/input.md
+          - file: alerts-cases/watcher/watcher-getting-started.md
+          - file: alerts-cases/watcher/how-watcher-works.md
+          - file: alerts-cases/watcher/encrypting-data.md
+          - file: alerts-cases/watcher/input.md
             children:
-              - file: alerts/watcher/input-simple.md
-              - file: alerts/watcher/input-search.md
-              - file: alerts/watcher/input-http.md
-              - file: alerts/watcher/input-chain.md
-          - file: alerts/watcher/trigger.md
+              - file: alerts-cases/watcher/input-simple.md
+              - file: alerts-cases/watcher/input-search.md
+              - file: alerts-cases/watcher/input-http.md
+              - file: alerts-cases/watcher/input-chain.md
+          - file: alerts-cases/watcher/trigger.md
             children:
-              - file: alerts/watcher/trigger-schedule.md
-          - file: alerts/watcher/condition.md
+              - file: alerts-cases/watcher/trigger-schedule.md
+          - file: alerts-cases/watcher/condition.md
             children:
-              - file: alerts/watcher/condition-always.md
-              - file: alerts/watcher/condition-never.md
-              - file: alerts/watcher/condition-compare.md
-              - file: alerts/watcher/condition-array-compare.md
-              - file: alerts/watcher/condition-script.md
-          - file: alerts/watcher/actions.md
+              - file: alerts-cases/watcher/condition-always.md
+              - file: alerts-cases/watcher/condition-never.md
+              - file: alerts-cases/watcher/condition-compare.md
+              - file: alerts-cases/watcher/condition-array-compare.md
+              - file: alerts-cases/watcher/condition-script.md
+          - file: alerts-cases/watcher/actions.md
             children:
-              - file: alerts/watcher/action-foreach.md
-              - file: alerts/watcher/action-conditions.md
-              - file: alerts/watcher/actions-email.md
-              - file: alerts/watcher/actions-webhook.md
-              - file: alerts/watcher/actions-index.md
-              - file: alerts/watcher/actions-logging.md
-              - file: alerts/watcher/actions-slack.md
-              - file: alerts/watcher/actions-pagerduty.md
-              - file: alerts/watcher/actions-jira.md
-          - file: alerts/watcher/transform.md
+              - file: alerts-cases/watcher/action-foreach.md
+              - file: alerts-cases/watcher/action-conditions.md
+              - file: alerts-cases/watcher/actions-email.md
+              - file: alerts-cases/watcher/actions-webhook.md
+              - file: alerts-cases/watcher/actions-index.md
+              - file: alerts-cases/watcher/actions-logging.md
+              - file: alerts-cases/watcher/actions-slack.md
+              - file: alerts-cases/watcher/actions-pagerduty.md
+              - file: alerts-cases/watcher/actions-jira.md
+          - file: alerts-cases/watcher/transform.md
             children:
-              - file: alerts/watcher/transform-search.md
-              - file: alerts/watcher/transform-script.md
-              - file: alerts/watcher/transform-chain.md
-          - file: alerts/watcher/managing-watches.md
-          - file: alerts/watcher/example-watches.md
+              - file: alerts-cases/watcher/transform-search.md
+              - file: alerts-cases/watcher/transform-script.md
+              - file: alerts-cases/watcher/transform-chain.md
+          - file: alerts-cases/watcher/managing-watches.md
+          - file: alerts-cases/watcher/example-watches.md
             children:
-              - file: alerts/watcher/watch-cluster-status.md
-          - file: alerts/watcher/watcher-limitations.md
-      - file: alerts/cases.md
+              - file: alerts-cases/watcher/watch-cluster-status.md
+          - file: alerts-cases/watcher/watcher-limitations.md
+      - file: alerts-cases/cases.md
         children:
-          - file: alerts/cases/setup-cases.md
-          - file: alerts/cases/manage-cases.md
-          - file: alerts/cases/manage-cases-settings.md
+          - file: alerts-cases/cases/setup-cases.md
+          - file: alerts-cases/cases/manage-cases.md
+          - file: alerts-cases/cases/manage-cases-settings.md
   - file: numeral-formatting.md
\ No newline at end of file
diff --git a/explore-analyze/transforms/transform-alerts.md b/explore-analyze/transforms/transform-alerts.md
index e8e3100be2..eb9b9470d1 100644
--- a/explore-analyze/transforms/transform-alerts.md
+++ b/explore-analyze/transforms/transform-alerts.md
@@ -5,7 +5,7 @@ mapped_pages:
 
 # Generating alerts for transforms [transform-alerts]
 
-{{kib}} {alert-features} include support for {{transform}} health rules, which check the health of {{ctransforms}} with certain conditions. If the conditions of the rule are met, an alert is created and the associated actions run. For example, you can create a rule to check if a {{ctransform}} is started and to notify you in an email if it is not. To learn more about {{kib}} {alert-features}, refer to [Alerting](../alerts/kibana.md#alerting-getting-started).
+{{kib}} {alert-features} include support for {{transform}} health rules, which check the health of {{ctransforms}} with certain conditions. If the conditions of the rule are met, an alert is created and the associated actions run. For example, you can create a rule to check if a {{ctransform}} is started and to notify you in an email if it is not. To learn more about {{kib}} {alert-features}, refer to [Alerting](../alerts-cases/alerts.md#alerting-getting-started).
 
 ## Creating a rule [creating-transform-rules]
 
@@ -70,7 +70,7 @@ The name of an alert is always the same as the {{transform}} ID of the associate
 
 ## Action variables [transform-action-variables]
 
-The following variables are specific to the {{transform}} health rule type. You can also specify [variables common to all rules](../alerts/kibana/rule-action-variables.md).
+The following variables are specific to the {{transform}} health rule type. You can also specify [variables common to all rules](../alerts-cases/alerts/rule-action-variables.md).
 
 `context.message`
 :   A preconstructed message for the rule. For example: `Transform test-1 is not started.`
@@ -99,4 +99,4 @@ The following variables are specific to the {{transform}} health rule type. You
     {{/context.results}}
     ```
 
-For more examples, refer to [Rule action variables](../alerts/kibana/rule-action-variables.md).
+For more examples, refer to [Rule action variables](../alerts-cases/alerts/rule-action-variables.md).
diff --git a/raw-migrated-files/cloud/cloud-enterprise/ece-add-user-settings.md b/raw-migrated-files/cloud/cloud-enterprise/ece-add-user-settings.md
index 2138b0e37e..c9c7bfc2e0 100644
--- a/raw-migrated-files/cloud/cloud-enterprise/ece-add-user-settings.md
+++ b/raw-migrated-files/cloud/cloud-enterprise/ece-add-user-settings.md
@@ -27,7 +27,7 @@ To add user settings:
 
 ## Enable email notifications from Gmail [ece_enable_email_notifications_from_gmail]
 
-You can configure email notifications to Gmail for a user that you specify. For details, refer to [Configuring email actions](../../../explore-analyze/alerts/watcher/actions-email.md).
+You can configure email notifications to Gmail for a user that you specify. For details, refer to [Configuring email actions](../../../explore-analyze/alerts-cases/watcher/actions-email.md).
 
 ::::{warning}
 Before you add the `xpack.notification.email*` setting in Elasticsearch user settings, make sure you add the account SMTP password to the keystore as a [secret value](../../../deploy-manage/security/secure-settings.md).
diff --git a/raw-migrated-files/cloud/cloud-enterprise/ece-autoscaling.md b/raw-migrated-files/cloud/cloud-enterprise/ece-autoscaling.md
index 52439c5435..c9c57147eb 100644
--- a/raw-migrated-files/cloud/cloud-enterprise/ece-autoscaling.md
+++ b/raw-migrated-files/cloud/cloud-enterprise/ece-autoscaling.md
@@ -66,7 +66,7 @@ On a highly available deployment, autoscaling events are always applied to insta
 
 In the event that a data tier or machine learning node scales up to its maximum possible size, a notice appears on the deployment overview page prompting you to adjust your autoscaling settings in order to ensure optimal performance.
 
-A warning is also issued in the ECE `service-constructor` logs with the field `labels.autoscaling_notification_type` and a value of `data-tier-at-limit` (for a fully scaled data tier) or `ml-tier-at-limit` (for a fully scaled machine learning node). The warning is indexed in the `logging-and-metrics` deployment, so you can use that event to [configure an email notification](../../../explore-analyze/alerts/watcher/actions-email.md).
+A warning is also issued in the ECE `service-constructor` logs with the field `labels.autoscaling_notification_type` and a value of `data-tier-at-limit` (for a fully scaled data tier) or `ml-tier-at-limit` (for a fully scaled machine learning node). The warning is indexed in the `logging-and-metrics` deployment, so you can use that event to [configure an email notification](../../../explore-analyze/alerts-cases/watcher/actions-email.md).
 
 
 ## Restrictions and limitations [ece-autoscaling-restrictions]
diff --git a/raw-migrated-files/cloud/cloud/ec-watcher.md b/raw-migrated-files/cloud/cloud/ec-watcher.md
index 7e3969cb38..b36ce68022 100644
--- a/raw-migrated-files/cloud/cloud/ec-watcher.md
+++ b/raw-migrated-files/cloud/cloud/ec-watcher.md
@@ -1,7 +1,7 @@
 # Enable Watcher [ec-watcher]
 
 ::::{note}
-If you are looking for Kibana alerting, check [Alerting and Actions](../../../explore-analyze/alerts.md) in the Kibana Guide.
+If you are looking for Kibana alerting, check [Alerting and Actions](../../../explore-analyze/alerts-cases.md) in the Kibana Guide.
 ::::
 
 
@@ -18,18 +18,18 @@ To enable Watcher on a cluster, you may first need to perform one or several of
 
 * To receive default Elasticsearch Watcher alerts (cluster status, nodes changed, version mismatch), you need to have monitoring enabled to send to the Admin email address specified in Kibana. To enable this, go to **Advanced Settings > Admin email**.
 
-To learn more about Kibana alerting and how to use it, check [Alerting and Actions](../../../explore-analyze/alerts.md).
+To learn more about Kibana alerting and how to use it, check [Alerting and Actions](../../../explore-analyze/alerts-cases.md).
 
 
 ## Send alerts by email [ec-watcher-allowlist]
 
 Alerting can send alerts by email. You can configure notifications similar to the [operational emails](../../../deploy-manage/cloud-organization/operational-emails.md) that Elasticsearch Service sends automatically to alert you about performance issues in your clusters.
 
-Watcher in Elastic Cloud is preconfigured with an email service and can be used without any additional configuration. Alternatively, a custom mail server can be configured as described in [Configuring a custom mail server](../../../explore-analyze/alerts/watcher.md#ec-watcher-custom-mail-server)
+Watcher in Elastic Cloud is preconfigured with an email service and can be used without any additional configuration. Alternatively, a custom mail server can be configured as described in [Configuring a custom mail server](../../../explore-analyze/alerts-cases/watcher.md#ec-watcher-custom-mail-server)
 
-You can optionally add [HTML sanitization](../../../explore-analyze/alerts/watcher/actions-email.md#email-html-sanitization) settings under [Elasticsearch User settings](../../../deploy-manage/deploy/elastic-cloud/edit-stack-settings.md) in the [Elasticsearch Service Console](https://cloud.elastic.co?page=docs&placement=docs-body) so that HTML elements are sanitized in the email notification.
+You can optionally add [HTML sanitization](../../../explore-analyze/alerts-cases/watcher/actions-email.md#email-html-sanitization) settings under [Elasticsearch User settings](../../../deploy-manage/deploy/elastic-cloud/edit-stack-settings.md) in the [Elasticsearch Service Console](https://cloud.elastic.co?page=docs&placement=docs-body) so that HTML elements are sanitized in the email notification.
 
-For more information on sending alerts by email, check [Email action](../../../explore-analyze/alerts/watcher/actions-email.md).
+For more information on sending alerts by email, check [Email action](../../../explore-analyze/alerts-cases/watcher/actions-email.md).
 
 
 ## Cloud email service limits [ec-cloud-email-service-limits]
diff --git a/raw-migrated-files/docs-content/serverless/detections-logsdb-index-mode-impact.md b/raw-migrated-files/docs-content/serverless/detections-logsdb-index-mode-impact.md
index 79ff2bb233..efbef68ae4 100644
--- a/raw-migrated-files/docs-content/serverless/detections-logsdb-index-mode-impact.md
+++ b/raw-migrated-files/docs-content/serverless/detections-logsdb-index-mode-impact.md
@@ -32,7 +32,7 @@ Alerts that are generated by threshold, {{ml}}, and event correlation sequence r
 
 While we do not recommend using `_source` for actions, in cases where the action relies on the `_source`, the same limitations and changes apply.
 
-If you send alert notifications by enabling [actions](../../../explore-analyze/alerts.md#alerting-concepts-actions) to the external systems that have workflows or automations based on fields formatted from the original source, they may be affected. In particular, this can happen when the fields used are arrays of objects.
+If you send alert notifications by enabling [actions](../../../explore-analyze/alerts-cases.md#alerting-concepts-actions) to the external systems that have workflows or automations based on fields formatted from the original source, they may be affected. In particular, this can happen when the fields used are arrays of objects.
 
 We recommend checking and adjusting the rule actions using `_source` before switching to logsdb index mode.
 
diff --git a/raw-migrated-files/docs-content/serverless/elasticsearch-differences.md b/raw-migrated-files/docs-content/serverless/elasticsearch-differences.md
index 2b31f6f9e7..0e077d9777 100644
--- a/raw-migrated-files/docs-content/serverless/elasticsearch-differences.md
+++ b/raw-migrated-files/docs-content/serverless/elasticsearch-differences.md
@@ -124,7 +124,7 @@ These features have been replaced by a new feature and are therefore not availab
 
     Data stream lifecycle is an optimized lifecycle tool that lets you focus on the most common lifecycle management needs, without unnecessary hardware-centric concepts like data tiers.
 
-* **Watcher** is not available, in favor of [**Alerts**](../../../explore-analyze/alerts/kibana.md#rules-alerts).
+* **Watcher** is not available, in favor of [**Alerts**](../../../explore-analyze/alerts-cases/alerts.md#rules-alerts).
 
     Kibana Alerts allows rich integrations across use cases like APM, metrics, security, and uptime. Prepackaged rule types simplify setup and hide the details of complex, domain-specific detections, while providing a consistent interface across Kibana.
 
diff --git a/raw-migrated-files/docs-content/serverless/elasticsearch-explore-your-data.md b/raw-migrated-files/docs-content/serverless/elasticsearch-explore-your-data.md
index 8b0f7da3b1..25d666a529 100644
--- a/raw-migrated-files/docs-content/serverless/elasticsearch-explore-your-data.md
+++ b/raw-migrated-files/docs-content/serverless/elasticsearch-explore-your-data.md
@@ -40,7 +40,7 @@ $$$elasticsearch-explore-your-data-discover-your-data$$$
 
 ## Monitoring [_monitoring]
 
-[Rules](../../../explore-analyze/alerts.md)
+[Rules](../../../explore-analyze/alerts-cases.md)
 :   Create rules that trigger notifications when certain conditions are met in your data.
 
     🔍 Find **Rules** in your {{es-serverless}} project’s UI under **Project settings > Alerts and insights > Rules**.
diff --git a/raw-migrated-files/docs-content/serverless/maintenance-windows.md b/raw-migrated-files/docs-content/serverless/maintenance-windows.md
index 7f41335324..cd7d57fc4c 100644
--- a/raw-migrated-files/docs-content/serverless/maintenance-windows.md
+++ b/raw-migrated-files/docs-content/serverless/maintenance-windows.md
@@ -35,7 +35,7 @@ If you turn on **Filter alerts**, you can use KQL to filter the alerts affected
 
 ::::{note}
 * You can select only a single category when you turn on filters.
-* Some rules are not affected by maintenance window filters because their alerts do not contain requisite data. In particular, [{{stack-monitor-app}}](../../../deploy-manage/monitor/monitoring-data/kibana-alerts.md), [tracking containment](../../../explore-analyze/alerts/kibana/geo-alerting.md), [{{anomaly-jobs}} health](../../../explore-analyze/machine-learning/anomaly-detection/ml-configuring-alerts.md), and [transform health](../../../explore-analyze/transforms/transform-alerts.md) rules are not affected by the filters.
+* Some rules are not affected by maintenance window filters because their alerts do not contain requisite data. In particular, [{{stack-monitor-app}}](../../../deploy-manage/monitor/monitoring-data/kibana-alerts.md), [tracking containment](../../../explore-analyze/alerts-cases/alerts/geo-alerting.md), [{{anomaly-jobs}} health](../../../explore-analyze/machine-learning/anomaly-detection/ml-configuring-alerts.md), and [transform health](../../../explore-analyze/transforms/transform-alerts.md) rules are not affected by the filters.
 
 ::::
 
diff --git a/raw-migrated-files/docs-content/serverless/observability-create-anomaly-alert-rule.md b/raw-migrated-files/docs-content/serverless/observability-create-anomaly-alert-rule.md
index 002b7ab905..13b1a19e31 100644
--- a/raw-migrated-files/docs-content/serverless/observability-create-anomaly-alert-rule.md
+++ b/raw-migrated-files/docs-content/serverless/observability-create-anomaly-alert-rule.md
@@ -107,7 +107,7 @@ Use the default notification message or customize it. You can add more context t
 :class: screenshot
 :::
 
-The following variables are specific to this rule type. You can also specify [variables common to all rules](../../../explore-analyze/alerts/kibana/rule-action-variables.md).
+The following variables are specific to this rule type. You can also specify [variables common to all rules](../../../explore-analyze/alerts-cases/alerts/rule-action-variables.md).
 
 `context.alertDetailsUrl`
 :   Link to the alert troubleshooting view for further context and details. This will be an empty string if the `server.publicBaseUrl` is not configured.
diff --git a/raw-migrated-files/docs-content/serverless/observability-create-custom-threshold-alert-rule.md b/raw-migrated-files/docs-content/serverless/observability-create-custom-threshold-alert-rule.md
index d10e369855..f4264eceea 100644
--- a/raw-migrated-files/docs-content/serverless/observability-create-custom-threshold-alert-rule.md
+++ b/raw-migrated-files/docs-content/serverless/observability-create-custom-threshold-alert-rule.md
@@ -202,7 +202,7 @@ Use the default notification message or customize it. You can add more context t
 :class: screenshot
 :::
 
-The following variables are specific to this rule type. You can also specify [variables common to all rules](../../../explore-analyze/alerts/kibana/rule-action-variables.md).
+The following variables are specific to this rule type. You can also specify [variables common to all rules](../../../explore-analyze/alerts-cases/alerts/rule-action-variables.md).
 
 `context.alertDetailsUrl`
 :   Link to the alert troubleshooting view for further context and details. This will be an empty string if the `server.publicBaseUrl` is not configured.
diff --git a/raw-migrated-files/docs-content/serverless/observability-create-error-count-threshold-alert-rule.md b/raw-migrated-files/docs-content/serverless/observability-create-error-count-threshold-alert-rule.md
index a3180f08d2..2e3fe51043 100644
--- a/raw-migrated-files/docs-content/serverless/observability-create-error-count-threshold-alert-rule.md
+++ b/raw-migrated-files/docs-content/serverless/observability-create-error-count-threshold-alert-rule.md
@@ -109,7 +109,7 @@ Use the default notification message or customize it. You can add more context t
 :class: screenshot
 :::
 
-The following variables are specific to this rule type. You can also specify [variables common to all rules](../../../explore-analyze/alerts/kibana/rule-action-variables.md).
+The following variables are specific to this rule type. You can also specify [variables common to all rules](../../../explore-analyze/alerts-cases/alerts/rule-action-variables.md).
 
 `context.alertDetailsUrl`
 :   Link to the alert troubleshooting view for further context and details. This will be an empty string if the `server.publicBaseUrl` is not configured.
diff --git a/raw-migrated-files/docs-content/serverless/observability-create-failed-transaction-rate-threshold-alert-rule.md b/raw-migrated-files/docs-content/serverless/observability-create-failed-transaction-rate-threshold-alert-rule.md
index 4c5cb082a8..9fc8d5064d 100644
--- a/raw-migrated-files/docs-content/serverless/observability-create-failed-transaction-rate-threshold-alert-rule.md
+++ b/raw-migrated-files/docs-content/serverless/observability-create-failed-transaction-rate-threshold-alert-rule.md
@@ -109,7 +109,7 @@ Use the default notification message or customize it. You can add more context t
 :class: screenshot
 :::
 
-The following variables are specific to this rule type. You can also specify [variables common to all rules](../../../explore-analyze/alerts/kibana/rule-action-variables.md).
+The following variables are specific to this rule type. You can also specify [variables common to all rules](../../../explore-analyze/alerts-cases/alerts/rule-action-variables.md).
 
 `context.alertDetailsUrl`
 :   Link to the alert troubleshooting view for further context and details. This will be an empty string if the `server.publicBaseUrl` is not configured.
diff --git a/raw-migrated-files/docs-content/serverless/observability-create-inventory-threshold-alert-rule.md b/raw-migrated-files/docs-content/serverless/observability-create-inventory-threshold-alert-rule.md
index 75f8c84285..cfeb7f7dad 100644
--- a/raw-migrated-files/docs-content/serverless/observability-create-inventory-threshold-alert-rule.md
+++ b/raw-migrated-files/docs-content/serverless/observability-create-inventory-threshold-alert-rule.md
@@ -116,7 +116,7 @@ Use the default notification message or customize it. You can add more context t
 :class: screenshot
 :::
 
-The following variables are specific to this rule type. You can also specify [variables common to all rules](../../../explore-analyze/alerts/kibana/rule-action-variables.md).
+The following variables are specific to this rule type. You can also specify [variables common to all rules](../../../explore-analyze/alerts-cases/alerts/rule-action-variables.md).
 
 `context.alertDetailsUrl`
 :   Link to the alert troubleshooting view for further context and details. This will be an empty string if the `server.publicBaseUrl` is not configured.
diff --git a/raw-migrated-files/docs-content/serverless/observability-create-latency-threshold-alert-rule.md b/raw-migrated-files/docs-content/serverless/observability-create-latency-threshold-alert-rule.md
index 2d5aba71d5..1c45f5e7ee 100644
--- a/raw-migrated-files/docs-content/serverless/observability-create-latency-threshold-alert-rule.md
+++ b/raw-migrated-files/docs-content/serverless/observability-create-latency-threshold-alert-rule.md
@@ -113,7 +113,7 @@ Use the default notification message or customize it. You can add more context t
 :class: screenshot
 :::
 
-The following variables are specific to this rule type. You can also specify [variables common to all rules](../../../explore-analyze/alerts/kibana/rule-action-variables.md).
+The following variables are specific to this rule type. You can also specify [variables common to all rules](../../../explore-analyze/alerts-cases/alerts/rule-action-variables.md).
 
 `context.alertDetailsUrl`
 :   Link to the alert troubleshooting view for further context and details. This will be an empty string if the `server.publicBaseUrl` is not configured.
diff --git a/raw-migrated-files/docs-content/serverless/observability-create-manage-rules.md b/raw-migrated-files/docs-content/serverless/observability-create-manage-rules.md
index 06701ba3ab..1a852f328a 100644
--- a/raw-migrated-files/docs-content/serverless/observability-create-manage-rules.md
+++ b/raw-migrated-files/docs-content/serverless/observability-create-manage-rules.md
@@ -80,7 +80,7 @@ When you snooze a rule, the rule checks continue to run on a schedule but the al
 
 When a rule is in a snoozed state, you can cancel or change the duration of this state.
 
-To temporarily suppress notifications for *all* rules, create a [maintenance window](../../../explore-analyze/alerts/kibana/maintenance-windows.md).
+To temporarily suppress notifications for *all* rules, create a [maintenance window](../../../explore-analyze/alerts-cases/alerts/maintenance-windows.md).
 
 
 ## Import and export rules [observability-create-manage-rules-import-and-export-rules]
diff --git a/raw-migrated-files/docs-content/serverless/observability-create-slo-burn-rate-alert-rule.md b/raw-migrated-files/docs-content/serverless/observability-create-slo-burn-rate-alert-rule.md
index 29abcfea53..de731fce05 100644
--- a/raw-migrated-files/docs-content/serverless/observability-create-slo-burn-rate-alert-rule.md
+++ b/raw-migrated-files/docs-content/serverless/observability-create-slo-burn-rate-alert-rule.md
@@ -116,7 +116,7 @@ Use the default notification message or customize it. You can add more context t
 :class: screenshot
 :::
 
-The following variables are specific to this rule type. You can also specify [variables common to all rules](../../../explore-analyze/alerts/kibana/rule-action-variables.md).
+The following variables are specific to this rule type. You can also specify [variables common to all rules](../../../explore-analyze/alerts-cases/alerts/rule-action-variables.md).
 
 `context.alertDetailsUrl`
 :   Link to the alert troubleshooting view for further context and details. This will be an empty string if the `server.publicBaseUrl` is not configured.
diff --git a/raw-migrated-files/docs-content/serverless/observability-monitor-status-alert.md b/raw-migrated-files/docs-content/serverless/observability-monitor-status-alert.md
index c255acbb6a..c544548c68 100644
--- a/raw-migrated-files/docs-content/serverless/observability-monitor-status-alert.md
+++ b/raw-migrated-files/docs-content/serverless/observability-monitor-status-alert.md
@@ -107,7 +107,7 @@ Use the default notification message or customize it. You can add more context t
 :class: screenshot
 :::
 
-The following variables are specific to this rule type. You an also specify [variables common to all rules](../../../explore-analyze/alerts/kibana/rule-action-variables.md).
+The following variables are specific to this rule type. You an also specify [variables common to all rules](../../../explore-analyze/alerts-cases/alerts/rule-action-variables.md).
 
 `context.checkedAt`
 :   Timestamp of the monitor run.
diff --git a/raw-migrated-files/docs-content/serverless/observability-view-alerts.md b/raw-migrated-files/docs-content/serverless/observability-view-alerts.md
index 6547ed8eb3..9e6dcec31b 100644
--- a/raw-migrated-files/docs-content/serverless/observability-view-alerts.md
+++ b/raw-migrated-files/docs-content/serverless/observability-view-alerts.md
@@ -77,7 +77,7 @@ Use the toolbar buttons in the upper-left of the alerts table to customize the c
 * ***x* fields sorted**: Sort the table by one or more columns.
 * **Fields**: Select the fields to display in the table.
 
-For example, click **Fields** and choose the `Maintenance Windows` field. If an alert was affected by a maintenance window, its identifier appears in the new column. For more information about their impact on alert notifications, refer to [{{maint-windows-cap}}](../../../explore-analyze/alerts/kibana/maintenance-windows.md).
+For example, click **Fields** and choose the `Maintenance Windows` field. If an alert was affected by a maintenance window, its identifier appears in the new column. For more information about their impact on alert notifications, refer to [{{maint-windows-cap}}](../../../explore-analyze/alerts-cases/alerts/maintenance-windows.md).
 
 You can also use the toolbar buttons in the upper-right to customize the display options or view the table in full-screen mode.
 
diff --git a/raw-migrated-files/docs-content/serverless/project-settings-alerts.md b/raw-migrated-files/docs-content/serverless/project-settings-alerts.md
index 632c7a47bc..220404a9dd 100644
--- a/raw-migrated-files/docs-content/serverless/project-settings-alerts.md
+++ b/raw-migrated-files/docs-content/serverless/project-settings-alerts.md
@@ -12,6 +12,6 @@ Access to individual features is governed by Elastic user roles. Consult your ad
 | Feature | Description | Available in |
 | --- | --- | --- |
 | [{{connectors-app}}](../../../deploy-manage/manage-connectors.md) | Create and manage reusable connectors for triggering actions. | [![Elasticsearch](../../../images/serverless-es-badge.svg "")](../../../solutions/search.md)[![Observability](../../../images/serverless-obs-badge.svg "")](../../../solutions/observability.md)[![Security](../../../images/serverless-sec-badge.svg "")](../../../solutions/security/elastic-security-serverless.md) |
-| [{{maint-windows-cap}}](../../../explore-analyze/alerts/kibana/maintenance-windows.md) | Suppress rule notifications for scheduled periods of time. | [![Observability](../../../images/serverless-obs-badge.svg "")](../../../solutions/observability.md)[![Security](../../../images/serverless-sec-badge.svg "")](../../../solutions/security/elastic-security-serverless.md) |
-| [{{rules-app}}](../../../explore-analyze/alerts/kibana.md) | Create and manage rules that generate alerts. | [![Elasticsearch](../../../images/serverless-es-badge.svg "")](../../../solutions/search.md) |
+| [{{maint-windows-cap}}](../../../explore-analyze/alerts-cases/alerts/maintenance-windows.md) | Suppress rule notifications for scheduled periods of time. | [![Observability](../../../images/serverless-obs-badge.svg "")](../../../solutions/observability.md)[![Security](../../../images/serverless-sec-badge.svg "")](../../../solutions/security/elastic-security-serverless.md) |
+| [{{rules-app}}](../../../explore-analyze/alerts-cases/alerts.md) | Create and manage rules that generate alerts. | [![Elasticsearch](../../../images/serverless-es-badge.svg "")](../../../solutions/search.md) |
 | [Entity Risk Score](../../../solutions/security/advanced-entity-analytics/entity-risk-scoring.md) | Manage entity risk scoring, and preview risky entities. | [![Security](../../../images/serverless-sec-badge.svg "")](../../../solutions/security/elastic-security-serverless.md) |
diff --git a/raw-migrated-files/docs-content/serverless/rules.md b/raw-migrated-files/docs-content/serverless/rules.md
index 7bc2085537..5a4090ed92 100644
--- a/raw-migrated-files/docs-content/serverless/rules.md
+++ b/raw-migrated-files/docs-content/serverless/rules.md
@@ -94,7 +94,7 @@ You can pass rule values to an action at the time a condition is detected. To vi
 :class: screenshot
 :::
 
-For more information about common action variables, refer to [Rule actions variables](../../../explore-analyze/alerts/kibana/rule-action-variables.md)
+For more information about common action variables, refer to [Rule actions variables](../../../explore-analyze/alerts-cases/alerts/rule-action-variables.md)
 
 
 ## Alerts [rules-alerts]
diff --git a/raw-migrated-files/docs-content/serverless/security-detection-engine-overview.md b/raw-migrated-files/docs-content/serverless/security-detection-engine-overview.md
index 9f2d2436e5..a24c77cda7 100644
--- a/raw-migrated-files/docs-content/serverless/security-detection-engine-overview.md
+++ b/raw-migrated-files/docs-content/serverless/security-detection-engine-overview.md
@@ -15,7 +15,7 @@ There are several special prebuilt rules you need to know about:
 
 * **External Alerts**: Automatically creates an alert for all incoming third-party system alerts (for example, Suricata alerts).
 
-If you want to receive notifications via external systems, such as Slack or email, when alerts are created, use the [Alerting and Actions](../../../explore-analyze/alerts.md) framework.
+If you want to receive notifications via external systems, such as Slack or email, when alerts are created, use the [Alerting and Actions](../../../explore-analyze/alerts-cases.md) framework.
 
 After rules have started running, you can monitor their executions to verify they are functioning correctly, as well as view, manage, and troubleshoot alerts (see [Manage detection alerts](../../../solutions/security/detect-and-alert/manage-detection-alerts.md) and [Monitor and troubleshoot rule executions](../../../troubleshoot/security/detection-rules.md)).
 
diff --git a/raw-migrated-files/docs-content/serverless/security-reduce-notifications-alerts.md b/raw-migrated-files/docs-content/serverless/security-reduce-notifications-alerts.md
index 2f1b7f2d1c..aab8f5f5b4 100644
--- a/raw-migrated-files/docs-content/serverless/security-reduce-notifications-alerts.md
+++ b/raw-migrated-files/docs-content/serverless/security-reduce-notifications-alerts.md
@@ -5,6 +5,6 @@
 |  |  |
 | --- | --- |
 | [Rule action snoozing](../../../solutions/security/detect-and-alert/manage-detection-rules.md#snooze-rule-actions) | **Stops a specific rule’s notification actions from running**.<br><br>Use to avoid unnecessary notifications from a specific rule. The rule continues to run and generate alerts during the snooze period, but its [notification actions](../../../solutions/security/detect-and-alert/create-detection-rule.md#rule-response-action) don’t run.<br> |
-| [Maintenance window](../../../explore-analyze/alerts/kibana/maintenance-windows.md) | **Prevents all rules' notification actions from running**.<br><br>Use to avoid false alarms and unnecessary notifications during planned outages. All rules continue to run and generate alerts during the maintenance window, but their [notification actions](../../../solutions/security/detect-and-alert/create-detection-rule.md) don’t run.<br> |
+| [Maintenance window](../../../explore-analyze/alerts-cases/alerts/maintenance-windows.md) | **Prevents all rules' notification actions from running**.<br><br>Use to avoid false alarms and unnecessary notifications during planned outages. All rules continue to run and generate alerts during the maintenance window, but their [notification actions](../../../solutions/security/detect-and-alert/create-detection-rule.md) don’t run.<br> |
 | [Alert suppression](../../../solutions/security/detect-and-alert/suppress-detection-alerts.md) | **Reduces repeated or duplicate alerts**.<br><br>Use to reduce the number of alerts created when a rule meets its criteria repeatedly. Duplicate qualifying events are grouped, and only one alert is created for each group.<br> |
 | [Rule exception](../../../solutions/security/detect-and-alert/rule-exceptions.md) | **Prevents a rule from creating alerts under specific conditions**.<br><br>Use to reduce false positive alerts by preventing trusted processes and network activity from generating unnecessary alerts. You can configure an exception to be used by a single rule or shared among multiple rules, but they typically don’t affect *all* rules.<br> |
diff --git a/raw-migrated-files/docs-content/serverless/security-rules-create.md b/raw-migrated-files/docs-content/serverless/security-rules-create.md
index 12e218d31e..524cbf7209 100644
--- a/raw-migrated-files/docs-content/serverless/security-rules-create.md
+++ b/raw-migrated-files/docs-content/serverless/security-rules-create.md
@@ -697,7 +697,7 @@ You can use [mustache syntax](http://mustache.github.io/) to add variables to no
 The following variables can be passed for all rules:
 
 ::::{note}
-Refer to [Action frequency: Summary of alerts](../../../explore-analyze/alerts/kibana/rule-action-variables.md#alert-summary-action-variables) to learn about additional variables that can be passed if the rule’s action frequency is **Summary of alerts**.
+Refer to [Action frequency: Summary of alerts](../../../explore-analyze/alerts-cases/alerts/rule-action-variables.md#alert-summary-action-variables) to learn about additional variables that can be passed if the rule’s action frequency is **Summary of alerts**.
 
 ::::
 
diff --git a/raw-migrated-files/docs-content/serverless/security-rules-ui-management.md b/raw-migrated-files/docs-content/serverless/security-rules-ui-management.md
index fb4edaf09f..c63828eb72 100644
--- a/raw-migrated-files/docs-content/serverless/security-rules-ui-management.md
+++ b/raw-migrated-files/docs-content/serverless/security-rules-ui-management.md
@@ -76,7 +76,7 @@ Similarly, rules will be skipped if they can’t be modified by a bulk edit. For
         * **Add rule actions**: Add [rule actions](../../../solutions/security/detect-and-alert/create-detection-rule.md) on all selected rules. If you add multiple actions, you can specify an action frequency for each of them. To overwrite the frequency of existing actions select the option to **Overwrite all selected rules actions**.
 
             ::::{note}
-            Rule actions won’t run during a [maintenance window](../../../explore-analyze/alerts/kibana/maintenance-windows.md). They’ll resume running after the maintenance window ends.
+            Rule actions won’t run during a [maintenance window](../../../explore-analyze/alerts-cases/alerts/maintenance-windows.md). They’ll resume running after the maintenance window ends.
 
             ::::
 
diff --git a/raw-migrated-files/elasticsearch/elasticsearch-reference/bootstrap-checks-xpack.md b/raw-migrated-files/elasticsearch/elasticsearch-reference/bootstrap-checks-xpack.md
index 3987c33c38..e197284dcf 100644
--- a/raw-migrated-files/elasticsearch/elasticsearch-reference/bootstrap-checks-xpack.md
+++ b/raw-migrated-files/elasticsearch/elasticsearch-reference/bootstrap-checks-xpack.md
@@ -7,7 +7,7 @@ In addition to the [{{es}} bootstrap checks](../../../deploy-manage/deploy/self-
 
 If you use {{watcher}} and have chosen to encrypt sensitive data (by setting `xpack.watcher.encrypt_sensitive_data` to `true`), you must also place a key in the secure settings store.
 
-To pass this bootstrap check, you must set the `xpack.watcher.encryption_key` on each node in the cluster. For more information, see [Encrypting sensitive data in Watcher](../../../explore-analyze/alerts/watcher/encrypting-data.md).
+To pass this bootstrap check, you must set the `xpack.watcher.encryption_key` on each node in the cluster. For more information, see [Encrypting sensitive data in Watcher](../../../explore-analyze/alerts-cases/watcher/encrypting-data.md).
 
 
 ## PKI realm check [bootstrap-checks-xpack-pki-realm] 
diff --git a/raw-migrated-files/elasticsearch/elasticsearch-reference/xpack-alerting.md b/raw-migrated-files/elasticsearch/elasticsearch-reference/xpack-alerting.md
index d40c4509e3..d0809eff95 100644
--- a/raw-migrated-files/elasticsearch/elasticsearch-reference/xpack-alerting.md
+++ b/raw-migrated-files/elasticsearch/elasticsearch-reference/xpack-alerting.md
@@ -1,7 +1,7 @@
 # Watcher [xpack-alerting]
 
 ::::{tip} 
-{{kib}} Alerting provides a set of built-in actions and alerts that are integrated with applications such as APM, Metrics, Security, and Uptime. You can use {{kib}} Alerting to detect complex conditions within different {{kib}} apps and trigger actions when those conditions are met. For more information, see [Alerting and actions](../../../explore-analyze/alerts.md).
+{{kib}} Alerting provides a set of built-in actions and alerts that are integrated with applications such as APM, Metrics, Security, and Uptime. You can use {{kib}} Alerting to detect complex conditions within different {{kib}} apps and trigger actions when those conditions are met. For more information, see [Alerting and actions](../../../explore-analyze/alerts-cases.md).
 ::::
 
 
diff --git a/raw-migrated-files/kibana/kibana/action-types.md b/raw-migrated-files/kibana/kibana/action-types.md
index 28f1b2afa1..3f54229686 100644
--- a/raw-migrated-files/kibana/kibana/action-types.md
+++ b/raw-migrated-files/kibana/kibana/action-types.md
@@ -49,7 +49,7 @@ Rules use connectors to route actions to different destinations like log files,
 
 ## Required permissions [_required_permissions_2]
 
-Access to connectors is granted based on your privileges to alerting-enabled features. For more information, go to [Security](../../../explore-analyze/alerts/kibana/alerting-setup.md#alerting-security).
+Access to connectors is granted based on your privileges to alerting-enabled features. For more information, go to [Security](../../../explore-analyze/alerts-cases/alerts/alerting-setup.md#alerting-security).
 
 
 ## Connector networking configuration [_connector_networking_configuration]
@@ -120,4 +120,4 @@ If a connector is missing sensitive information after the import, a **Fix** butt
 
 The [Task Manager health API](../../../deploy-manage/monitor/kibana-task-manager-health-monitoring.md) helps you understand the performance of all tasks in your environment. However, if connectors fail to run, they will report as successful to Task Manager. The failure stats will not accurately depict the performance of connectors.
 
-For more information on connector successes and failures, refer to the [Event log index](../../../explore-analyze/alerts/kibana/event-log-index.md).
+For more information on connector successes and failures, refer to the [Event log index](../../../explore-analyze/alerts-cases/alerts/event-log-index.md).
diff --git a/raw-migrated-files/kibana/kibana/introduction.md b/raw-migrated-files/kibana/kibana/introduction.md
index 74429b7d20..5a2cf318c4 100644
--- a/raw-migrated-files/kibana/kibana/introduction.md
+++ b/raw-migrated-files/kibana/kibana/introduction.md
@@ -73,7 +73,7 @@ For a full list of data management UIs, refer to [**Stack Management**](../../..
 
 Detecting and acting on significant shifts and signals in your data is a need that exists in almost every use case. Alerting allows you to detect conditions in different {{kib}} apps and trigger actions when those conditions are met. For example, you might trigger an alert when a shift occurs in your business critical KPIs or when memory, CPU, or disk space take a dip. When the alert triggers, you can send a notification to a system that is part of your daily workflow: email, Slack, PagerDuty, ServiceNow, and other third party integrations.
 
-A dedicated view for creating, searching, and editing rules is in [**{{rules-ui}}**](../../../explore-analyze/alerts/kibana/create-manage-rules.md).
+A dedicated view for creating, searching, and editing rules is in [**{{rules-ui}}**](../../../explore-analyze/alerts-cases/alerts/create-manage-rules.md).
 
 
 ## Organize content [organize-and-secure]
diff --git a/raw-migrated-files/kibana/kibana/maintenance-windows.md b/raw-migrated-files/kibana/kibana/maintenance-windows.md
index f8bdd96533..1b858ed590 100644
--- a/raw-migrated-files/kibana/kibana/maintenance-windows.md
+++ b/raw-migrated-files/kibana/kibana/maintenance-windows.md
@@ -57,5 +57,5 @@ A maintenance window can have any one of the following statuses:
 * `Finished`: It ended and does not have a repeat schedule.
 * `Archived`: It is archived. In a future release, archived maintenance windows will be queued for deletion.
 
-When you [view alert details](../../../explore-analyze/alerts/kibana/create-manage-rules.md#rule-details) in {{kib}}, each alert shows unique identifiers for maintenance windows that affected it.
+When you [view alert details](../../../explore-analyze/alerts-cases/alerts/create-manage-rules.md#rule-details) in {{kib}}, each alert shows unique identifiers for maintenance windows that affected it.
 
diff --git a/raw-migrated-files/kibana/kibana/management.md b/raw-migrated-files/kibana/kibana/management.md
index 2663b2d28e..6e8fd91a5f 100644
--- a/raw-migrated-files/kibana/kibana/management.md
+++ b/raw-migrated-files/kibana/kibana/management.md
@@ -30,13 +30,13 @@ Access to individual features is governed by {{es}} and {{kib}} privileges. Cons
 
 |     |     |
 | --- | --- |
-| [{{rules-ui}}](../../../explore-analyze/alerts.md) | Centrally [manage your rules](../../../explore-analyze/alerts/kibana/create-manage-rules.md) across {{kib}}. |
-| [Cases](../../../explore-analyze/alerts/cases.md) | Create and manage cases to investigate issues. |
+| [{{rules-ui}}](../../../explore-analyze/alerts-cases.md) | Centrally [manage your rules](../../../explore-analyze/alerts-cases/alerts/create-manage-rules.md) across {{kib}}. |
+| [Cases](../../../explore-analyze/alerts-cases/cases.md) | Create and manage cases to investigate issues. |
 | [{{connectors-ui}}](../../../deploy-manage/manage-connectors.md) | Create and [manage reusable connectors](../../../deploy-manage/manage-connectors.md#connector-management) for triggering actions. |
 | [Reporting](../../../explore-analyze/report-and-share.md) | Monitor the generation of reports—PDF, PNG, and CSV—and download reports that you previously generated.A report can contain a dashboard, visualization, table with Discover search results, or Canvas workpad. |
 | Machine Learning Jobs | View, export, and import your [{{anomaly-detect}}](../../../explore-analyze/machine-learning/anomaly-detection.md) and[{{dfanalytics}}](../../../explore-analyze/machine-learning/data-frame-analytics.md) jobs. Open the Single MetricViewer or Anomaly Explorer to see your {{anomaly-detect}} results. |
-| [Watcher](../../../explore-analyze/alerts/watcher.md) | Detect changes in your data by creating, managing, and monitoring alerts.For example, you might create an alert when the maximum total CPU usage on a machine goesabove a certain percentage. |
-| [Maintenance windows](../../../explore-analyze/alerts/kibana/maintenance-windows.md) | Suppress rule notifications for scheduled periods of time. |
+| [Watcher](../../../explore-analyze/alerts-cases/watcher.md) | Detect changes in your data by creating, managing, and monitoring alerts.For example, you might create an alert when the maximum total CPU usage on a machine goesabove a certain percentage. |
+| [Maintenance windows](../../../explore-analyze/alerts-cases/alerts/maintenance-windows.md) | Suppress rule notifications for scheduled periods of time. |
 
 
 ## Security [manage-security] 
diff --git a/raw-migrated-files/kibana/kibana/tutorial-secure-access-to-kibana.md b/raw-migrated-files/kibana/kibana/tutorial-secure-access-to-kibana.md
index b49bde9d75..aa47dad363 100644
--- a/raw-migrated-files/kibana/kibana/tutorial-secure-access-to-kibana.md
+++ b/raw-migrated-files/kibana/kibana/tutorial-secure-access-to-kibana.md
@@ -11,7 +11,7 @@ This guide introduces you to three of {{kib}}'s security features: spaces, roles
 
 Do you have multiple teams using {{kib}}? Do you want a “playground” to experiment with new visualizations or rules? If so, then [{{kib}} Spaces](../../../deploy-manage/manage-spaces.md) can help.
 
-Think of a space as another instance of {{kib}}. A space allows you to organize your [dashboards](../../../explore-analyze/dashboards.md), [rules](../../../explore-analyze/alerts.md), [machine learning jobs](../../../explore-analyze/machine-learning/machine-learning-in-kibana.md), and much more into their own categories. For example, you might have a Marketing space for your marketeers to track the results of their campaigns, and an Engineering space for your developers to [monitor application performance](https://www.elastic.co/guide/en/apm/guide/current/apm-overview.html).
+Think of a space as another instance of {{kib}}. A space allows you to organize your [dashboards](../../../explore-analyze/dashboards.md), [rules](../../../explore-analyze/alerts-cases.md), [machine learning jobs](../../../explore-analyze/machine-learning/machine-learning-in-kibana.md), and much more into their own categories. For example, you might have a Marketing space for your marketeers to track the results of their campaigns, and an Engineering space for your developers to [monitor application performance](https://www.elastic.co/guide/en/apm/guide/current/apm-overview.html).
 
 The assets you create in one space are isolated from other spaces, so when you enter a space, you only see the assets that belong to that space.
 
diff --git a/raw-migrated-files/kibana/kibana/watcher-ui.md b/raw-migrated-files/kibana/kibana/watcher-ui.md
index 7fd2abfaa1..fc5eb306bf 100644
--- a/raw-migrated-files/kibana/kibana/watcher-ui.md
+++ b/raw-migrated-files/kibana/kibana/watcher-ui.md
@@ -4,17 +4,17 @@ Watcher is an {{es}} feature that you can use to create actions based on conditi
 
 Go to the **Watcher** page using the navigation menu or the [global search field](../../../get-started/the-stack.md#kibana-navigation-search). With this UI, you can:
 
-* [Create a simple threshold watch](../../../explore-analyze/alerts/watcher.md#watcher-create-threshold-alert)
-* [View your watch history and action status](../../../explore-analyze/alerts/watcher.md#watcher-getting-started)
-* [Deactivate and delete a watch](../../../explore-analyze/alerts/watcher.md#watcher-deactivate)
-* [Create an advanced watch using API syntax](../../../explore-analyze/alerts/watcher.md#watcher-create-advanced-watch)
+* [Create a simple threshold watch](../../../explore-analyze/alerts-cases/watcher.md#watcher-create-threshold-alert)
+* [View your watch history and action status](../../../explore-analyze/alerts-cases/watcher.md#watcher-getting-started)
+* [Deactivate and delete a watch](../../../explore-analyze/alerts-cases/watcher.md#watcher-deactivate)
+* [Create an advanced watch using API syntax](../../../explore-analyze/alerts-cases/watcher.md#watcher-create-advanced-watch)
 
 ![Watcher list](../../../images/kibana-watches.png "")
 
-[Alerting on cluster and index events](../../../explore-analyze/alerts/watcher.md) is a good source for detailed information on how watches work. If you are using the UI to create a threshold watch, take a look at the different watcher actions. If you are creating an advanced watch, you should be familiar with the parts of a watch—input, schedule, condition, and actions.
+[Alerting on cluster and index events](../../../explore-analyze/alerts-cases/watcher.md) is a good source for detailed information on how watches work. If you are using the UI to create a threshold watch, take a look at the different watcher actions. If you are creating an advanced watch, you should be familiar with the parts of a watch—input, schedule, condition, and actions.
 
 ::::{note}
-There are limitations in **Watcher** that affect {{kib}}. For information, refer to [Alerting](../../../explore-analyze/alerts/watcher/watcher-limitations.md).
+There are limitations in **Watcher** that affect {{kib}}. For information, refer to [Alerting](../../../explore-analyze/alerts-cases/watcher/watcher-limitations.md).
 ::::
 
 
@@ -74,9 +74,9 @@ You should now see a panel with default conditions and a visualization of the da
 
 ### Add an action [_add_an_action]
 
-Now that the condition is set, you must add an action. The action triggers when the watch condition is met. For a complete list of actions and how to configure them, see [Adding conditions to actions](../../../explore-analyze/alerts/watcher/action-conditions.md).
+Now that the condition is set, you must add an action. The action triggers when the watch condition is met. For a complete list of actions and how to configure them, see [Adding conditions to actions](../../../explore-analyze/alerts-cases/watcher/action-conditions.md).
 
-In this example, you’ll configure an email action. You must have an [email account configured](../../../explore-analyze/alerts/watcher/actions-email.md#configuring-email) in {{es}} for this example to work.
+In this example, you’ll configure an email action. You must have an [email account configured](../../../explore-analyze/alerts-cases/watcher/actions-email.md#configuring-email) in {{es}} for this example to work.
 
 1. Click **Add action** and select **Email**.
 2. In the **To email address** field, enter one or more email addresses to whom you want to send the message when the condition is met.
@@ -121,7 +121,7 @@ The **Execution history** tab shows each time the watch is triggered and the res
 
 ### Acknowledge action status [_acknowledge_action_status]
 
-The **Action statuses** tab lists all actions associated with the watch and the state of each action. Some actions can be acknowledged, which will prevent too many executions of that action for the relevant watch. See [Acknowledgement and throttling](../../../explore-analyze/alerts/watcher/actions.md#actions-ack-throttle) for details.
+The **Action statuses** tab lists all actions associated with the watch and the state of each action. Some actions can be acknowledged, which will prevent too many executions of that action for the relevant watch. See [Acknowledgement and throttling](../../../explore-analyze/alerts-cases/watcher/actions.md#actions-ack-throttle) for details.
 
 ![Action status tab](../../../images/kibana-alerts-status.png "")
 
@@ -141,7 +141,7 @@ Advanced watches are for users who are more familiar with {{es}} query syntax an
 
 ### Create the watch [_create_the_watch]
 
-On the Watch overview page, click **Create** and choose **Create advanced watch**. An advanced watch requires a name and ID.  Name is a user-friendly way to identify the watch, and ID refers to the identifier used by {{es}}.  Refer to [Watch definition](../../../explore-analyze/alerts/watcher/how-watcher-works.md#watch-definition) for how to input the watch JSON.
+On the Watch overview page, click **Create** and choose **Create advanced watch**. An advanced watch requires a name and ID.  Name is a user-friendly way to identify the watch, and ID refers to the identifier used by {{es}}.  Refer to [Watch definition](../../../explore-analyze/alerts-cases/watcher/how-watcher-works.md#watch-definition) for how to input the watch JSON.
 
 ![Create advanced watch](../../../images/kibana-advanced-watch-create.png "")
 
@@ -166,6 +166,6 @@ After starting the simulation, you’ll see a results screen. For more informati
 
 Refer to these examples for creating an advanced watch:
 
-* [Watch the status of an {{es}} cluster](../../../explore-analyze/alerts/watcher/watch-cluster-status.md)
+* [Watch the status of an {{es}} cluster](../../../explore-analyze/alerts-cases/watcher/watch-cluster-status.md)
 * [Watch event data](https://www.elastic.co/guide/en/elasticsearch/reference/current/watching-meetup-data.html)
 
diff --git a/raw-migrated-files/observability-docs/observability/apm-alerts.md b/raw-migrated-files/observability-docs/observability/apm-alerts.md
index 47ca94f53e..cda2dd70b0 100644
--- a/raw-migrated-files/observability-docs/observability/apm-alerts.md
+++ b/raw-migrated-files/observability-docs/observability/apm-alerts.md
@@ -20,7 +20,7 @@ The following APM rules are supported:
 | **Latency threshold** | Alert when the latency or failed transaction rate is abnormal.Threshold rules can be as broad or as granular as you’d like, enabling you to define exactly when you want to be alerted—​whether that’s at the environment level, service name level, transaction type level, and/or transaction name level. Read more in [Latency threshold rule →](../../../solutions/observability/incident-management/create-latency-threshold-rule.md) |
 
 ::::{tip}
-For a complete walkthrough of the **Create rule** flyout panel, including detailed information on each configurable property, see Kibana’s [Create and manage rules](../../../explore-analyze/alerts/kibana/create-manage-rules.md).
+For a complete walkthrough of the **Create rule** flyout panel, including detailed information on each configurable property, see Kibana’s [Create and manage rules](../../../explore-analyze/alerts-cases/alerts/create-manage-rules.md).
 
 ::::
 
@@ -63,8 +63,8 @@ From the Applications UI, select **Alerts and rules** → **Manage rules** to be
 
 ### More information [apm-alert-more-info]
 
-See [Alerting](../../../explore-analyze/alerts.md) for more information.
+See [Alerting](../../../explore-analyze/alerts-cases.md) for more information.
 
 ::::{note}
-If you are using an **on-premise** Elastic Stack deployment with security, communication between Elasticsearch and Kibana must have TLS configured. More information is in the alerting [prerequisites](../../../explore-analyze/alerts/kibana/alerting-setup.md#alerting-prerequisites).
+If you are using an **on-premise** Elastic Stack deployment with security, communication between Elasticsearch and Kibana must have TLS configured. More information is in the alerting [prerequisites](../../../explore-analyze/alerts-cases/alerts/alerting-setup.md#alerting-prerequisites).
 ::::
diff --git a/raw-migrated-files/observability-docs/observability/apm-anomaly-rule.md b/raw-migrated-files/observability-docs/observability/apm-anomaly-rule.md
index dd637293c1..6655c059c4 100644
--- a/raw-migrated-files/observability-docs/observability/apm-anomaly-rule.md
+++ b/raw-migrated-files/observability-docs/observability/apm-anomaly-rule.md
@@ -102,7 +102,7 @@ To add variables to alert messages, use [Mustache](https://mustache.github.io/)
 :alt: apm anomaly rule action variables
 :::
 
-The following variables are specific to this rule type. You an also specify [variables common to all rules](../../../explore-analyze/alerts/kibana/rule-action-variables.md).
+The following variables are specific to this rule type. You an also specify [variables common to all rules](../../../explore-analyze/alerts-cases/alerts/rule-action-variables.md).
 
 `context.alertDetailsUrl`
 :   Link to the alert troubleshooting view for further context and details. This will be an empty string if the server.publicBaseUrl is not configured.
diff --git a/raw-migrated-files/observability-docs/observability/apm-error-count-threshold-rule.md b/raw-migrated-files/observability-docs/observability/apm-error-count-threshold-rule.md
index fe5d4e3837..c55d7467c0 100644
--- a/raw-migrated-files/observability-docs/observability/apm-error-count-threshold-rule.md
+++ b/raw-migrated-files/observability-docs/observability/apm-error-count-threshold-rule.md
@@ -135,7 +135,7 @@ To add variables to alert messages, use [Mustache](https://mustache.github.io/)
 :alt: apm error count rule action variables
 :::
 
-The following variables are specific to this rule type. You an also specify [variables common to all rules](../../../explore-analyze/alerts/kibana/rule-action-variables.md).
+The following variables are specific to this rule type. You an also specify [variables common to all rules](../../../explore-analyze/alerts-cases/alerts/rule-action-variables.md).
 
 `context.alertDetailsUrl`
 :   Link to the alert troubleshooting view for further context and details. This will be an empty string if the server.publicBaseUrl is not configured.
diff --git a/raw-migrated-files/observability-docs/observability/apm-failed-transaction-rate-threshold-rule.md b/raw-migrated-files/observability-docs/observability/apm-failed-transaction-rate-threshold-rule.md
index 653b42cd57..4f402566b1 100644
--- a/raw-migrated-files/observability-docs/observability/apm-failed-transaction-rate-threshold-rule.md
+++ b/raw-migrated-files/observability-docs/observability/apm-failed-transaction-rate-threshold-rule.md
@@ -129,7 +129,7 @@ To add variables to alert messages, use [Mustache](https://mustache.github.io/)
 :alt: apm failed transaction rate threshold rule action variables
 :::
 
-The following variables are specific to this rule type. You an also specify [variables common to all rules](../../../explore-analyze/alerts/kibana/rule-action-variables.md).
+The following variables are specific to this rule type. You an also specify [variables common to all rules](../../../explore-analyze/alerts-cases/alerts/rule-action-variables.md).
 
 `context.alertDetailsUrl`
 :   Link to the alert troubleshooting view for further context and details. This will be an empty string if the server.publicBaseUrl is not configured.
diff --git a/raw-migrated-files/observability-docs/observability/apm-latency-threshold-rule.md b/raw-migrated-files/observability-docs/observability/apm-latency-threshold-rule.md
index 231d7685b9..ae844dbd9f 100644
--- a/raw-migrated-files/observability-docs/observability/apm-latency-threshold-rule.md
+++ b/raw-migrated-files/observability-docs/observability/apm-latency-threshold-rule.md
@@ -130,7 +130,7 @@ To add variables to alert messages, use [Mustache](https://mustache.github.io/)
 :alt: apm latency threshold rule action variables
 :::
 
-The following variables are specific to this rule type. You an also specify [variables common to all rules](../../../explore-analyze/alerts/kibana/rule-action-variables.md).
+The following variables are specific to this rule type. You an also specify [variables common to all rules](../../../explore-analyze/alerts-cases/alerts/rule-action-variables.md).
 
 `context.alertDetailsUrl`
 :   Link to the alert troubleshooting view for further context and details. This will be an empty string if the server.publicBaseUrl is not configured.
diff --git a/raw-migrated-files/observability-docs/observability/create-alerts-rules.md b/raw-migrated-files/observability-docs/observability/create-alerts-rules.md
index 0d5b53d24a..2ea0991230 100644
--- a/raw-migrated-files/observability-docs/observability/create-alerts-rules.md
+++ b/raw-migrated-files/observability-docs/observability/create-alerts-rules.md
@@ -10,7 +10,7 @@ To create SLO rules, you must first define a new SLO via the **Create new SLO**
 :::
 
 ::::{note}
-You can also centrally create and manage rules, including rules *not* related to {{observability}}, from the [{{kib}} Management UI](../../../explore-analyze/alerts/kibana/create-manage-rules.md).
+You can also centrally create and manage rules, including rules *not* related to {{observability}}, from the [{{kib}} Management UI](../../../explore-analyze/alerts-cases/alerts/create-manage-rules.md).
 ::::
 
 
@@ -21,9 +21,9 @@ From the {{observability}} Rules page, you can manage rules for {{observability}
 * Updating the status of existing rules (Enabled, Disabled, or Snoozed indefinitely)
 
 ::::{note}
-The {{observability}} Rules page allows you to set a rule to be "Snoozed indefinitely". To snooze a rule for a specific time period, you must use the centralized [{{rules-ui}} page](../../../explore-analyze/alerts/kibana/create-manage-rules.md).
+The {{observability}} Rules page allows you to set a rule to be "Snoozed indefinitely". To snooze a rule for a specific time period, you must use the centralized [{{rules-ui}} page](../../../explore-analyze/alerts-cases/alerts/create-manage-rules.md).
 
-[preview] To temporarily suppress notifications for *all* rules, create a [maintenance window](../../../explore-analyze/alerts/kibana/maintenance-windows.md).
+[preview] To temporarily suppress notifications for *all* rules, create a [maintenance window](../../../explore-analyze/alerts-cases/alerts/maintenance-windows.md).
 
 ::::
 
@@ -76,7 +76,7 @@ Click on an individual rule on the Rules page to view details including the rule
 :::
 
 ::::{note}
-You can also view rule details by clicking on individual rules in the [{{kib}} Management UI](../../../explore-analyze/alerts/kibana/create-manage-rules.md).
+You can also view rule details by clicking on individual rules in the [{{kib}} Management UI](../../../explore-analyze/alerts-cases/alerts/create-manage-rules.md).
 ::::
 
 
diff --git a/raw-migrated-files/observability-docs/observability/create-alerts.md b/raw-migrated-files/observability-docs/observability/create-alerts.md
index e6c8458ab7..83a7fb52b4 100644
--- a/raw-migrated-files/observability-docs/observability/create-alerts.md
+++ b/raw-migrated-files/observability-docs/observability/create-alerts.md
@@ -1,14 +1,14 @@
 # Alerting [create-alerts]
 
 ::::{important} 
-Make sure alerting is already set up in {{kib}}. For details, see [Setup and prerequisites](../../../explore-analyze/alerts/kibana/alerting-setup.md).
+Make sure alerting is already set up in {{kib}}. For details, see [Setup and prerequisites](../../../explore-analyze/alerts-cases/alerts/alerting-setup.md).
 
 ::::
 
 
 Alerting enables you to detect complex conditions defined by a **rule** within the Applications, Logs, Infrastructure, Synthetics, and Uptime UIs. When a condition is met, the rule tracks it as an **alert** and responds by triggering one or more **actions**.
 
-Alerts and rules related to service-level objectives (SLOs), and {{observability}} apps, including Applications, Logs, Infrastructure, Synthetics, and Uptime, can be managed in the {{observability}} UI. You can also manage {{observability}} app rules alongside rules for other apps from the [{{kib}} Management UI](../../../explore-analyze/alerts/kibana/create-manage-rules.md).
+Alerts and rules related to service-level objectives (SLOs), and {{observability}} apps, including Applications, Logs, Infrastructure, Synthetics, and Uptime, can be managed in the {{observability}} UI. You can also manage {{observability}} app rules alongside rules for other apps from the [{{kib}} Management UI](../../../explore-analyze/alerts-cases/alerts/create-manage-rules.md).
 
 
 ## Next steps [_next_steps_4] 
diff --git a/raw-migrated-files/observability-docs/observability/custom-threshold-alert.md b/raw-migrated-files/observability-docs/observability/custom-threshold-alert.md
index 2847eb70ed..40976007d4 100644
--- a/raw-migrated-files/observability-docs/observability/custom-threshold-alert.md
+++ b/raw-migrated-files/observability-docs/observability/custom-threshold-alert.md
@@ -193,7 +193,7 @@ Use the default notification message or customize it. You can add more context t
 :class: screenshot
 :::
 
-The following variables are specific to this rule type. You an also specify [variables common to all rules](../../../explore-analyze/alerts/kibana/rule-action-variables.md).
+The following variables are specific to this rule type. You an also specify [variables common to all rules](../../../explore-analyze/alerts-cases/alerts/rule-action-variables.md).
 
 `context.alertDetailsUrl`
 :   Link to the alert troubleshooting view for further context and details. This will be an empty string if the `server.publicBaseUrl` is not configured.
diff --git a/raw-migrated-files/observability-docs/observability/infrastructure-threshold-alert.md b/raw-migrated-files/observability-docs/observability/infrastructure-threshold-alert.md
index 0c0b923641..fae16ba4f6 100644
--- a/raw-migrated-files/observability-docs/observability/infrastructure-threshold-alert.md
+++ b/raw-migrated-files/observability-docs/observability/infrastructure-threshold-alert.md
@@ -91,7 +91,7 @@ Use the default notification message or customize it. You can add more context t
 :class: screenshot
 :::
 
-The following variables are specific to this rule type. You an also specify [variables common to all rules](../../../explore-analyze/alerts/kibana/rule-action-variables.md).
+The following variables are specific to this rule type. You an also specify [variables common to all rules](../../../explore-analyze/alerts-cases/alerts/rule-action-variables.md).
 
 `context.alertDetailsUrl`
 :   Link to the alert troubleshooting view for further context and details. This will be an empty string if the `server.publicBaseUrl` is not configured.
diff --git a/raw-migrated-files/observability-docs/observability/manage-cases.md b/raw-migrated-files/observability-docs/observability/manage-cases.md
index 1a0cbbfbaf..80e81940d6 100644
--- a/raw-migrated-files/observability-docs/observability/manage-cases.md
+++ b/raw-migrated-files/observability-docs/observability/manage-cases.md
@@ -28,7 +28,7 @@ You can configure email notifications that occur when users are assigned to case
 
 For hosted {{kib}} on {{ess}}:
 
-1. Add the email domains to the [notifications domain allowlist](../../../explore-analyze/alerts/kibana.md).
+1. Add the email domains to the [notifications domain allowlist](../../../explore-analyze/alerts-cases/alerts.md).
 
     You do not need to take any more steps to configure an email connector or update {{kib}} user settings, since the preconfigured Elastic-Cloud-SMTP connector is used by default.
 
diff --git a/raw-migrated-files/observability-docs/observability/monitor-status-alert.md b/raw-migrated-files/observability-docs/observability/monitor-status-alert.md
index 3c3a0ca732..c6ce8ff2d8 100644
--- a/raw-migrated-files/observability-docs/observability/monitor-status-alert.md
+++ b/raw-migrated-files/observability-docs/observability/monitor-status-alert.md
@@ -121,7 +121,7 @@ Use the default notification message or customize it. You can add more context t
 :class: screenshot
 :::
 
-The following variables are specific to this rule type. You an also specify [variables common to all rules](../../../explore-analyze/alerts/kibana/rule-action-variables.md).
+The following variables are specific to this rule type. You an also specify [variables common to all rules](../../../explore-analyze/alerts-cases/alerts/rule-action-variables.md).
 
 `context.checkedAt`
 :   Timestamp of the monitor run.
diff --git a/raw-migrated-files/observability-docs/observability/slo-burn-rate-alert.md b/raw-migrated-files/observability-docs/observability/slo-burn-rate-alert.md
index b6368b78fd..ec5d95a81a 100644
--- a/raw-migrated-files/observability-docs/observability/slo-burn-rate-alert.md
+++ b/raw-migrated-files/observability-docs/observability/slo-burn-rate-alert.md
@@ -85,7 +85,7 @@ Use the default notification message or customize it. You can add more context t
 :class: screenshot
 :::
 
-The following variables are specific to this rule type. You an also specify [variables common to all rules](../../../explore-analyze/alerts/kibana/rule-action-variables.md).
+The following variables are specific to this rule type. You an also specify [variables common to all rules](../../../explore-analyze/alerts-cases/alerts/rule-action-variables.md).
 
 `context.alertDetailsUrl`
 :   Link to the alert troubleshooting view for further context and details. This will be an empty string if the `server.publicBaseUrl` is not configured.
diff --git a/raw-migrated-files/observability-docs/observability/view-observability-alerts.md b/raw-migrated-files/observability-docs/observability/view-observability-alerts.md
index 854827a487..10493c610f 100644
--- a/raw-migrated-files/observability-docs/observability/view-observability-alerts.md
+++ b/raw-migrated-files/observability-docs/observability/view-observability-alerts.md
@@ -7,7 +7,7 @@ After alerts have been triggered, you can monitor their activity to verify they
 You can also add alerts to [Cases](../../../solutions/observability/incident-management/cases.md) to open and track potential infrastructure issues.
 
 ::::{note}
-You can centrally manage rules from the [{{kib}} Management UI](../../../explore-analyze/alerts/kibana/create-manage-rules.md) that provides a set of built-in [rule types](../../../explore-analyze/alerts/kibana/rule-types.md) and [connectors](../../../deploy-manage/manage-connectors.md) for you to use. Click **Manage Rules**.
+You can centrally manage rules from the [{{kib}} Management UI](../../../explore-analyze/alerts-cases/alerts/create-manage-rules.md) that provides a set of built-in [rule types](../../../explore-analyze/alerts-cases/alerts/rule-types.md) and [connectors](../../../deploy-manage/manage-connectors.md) for you to use. Click **Manage Rules**.
 ::::
 
 
@@ -68,7 +68,7 @@ Use the toolbar buttons in the upper-left of the alerts table to customize the c
 * ***x* fields sorted**: Sort the table by one or more columns.
 * **Fields**: Select the fields to display in the table.
 
-For example, click **Fields** and choose the `kibana.alert.maintenance_window_ids` field. If an alert was affected by a [maintenance window](../../../explore-analyze/alerts/kibana/maintenance-windows.md), its identifier appears in the new column:
+For example, click **Fields** and choose the `kibana.alert.maintenance_window_ids` field. If an alert was affected by a [maintenance window](../../../explore-analyze/alerts-cases/alerts/maintenance-windows.md), its identifier appears in the new column:
 
 :::{image} ../../../images/observability-alert-table-toolbar-buttons.png
 :alt: Alerts table with toolbar buttons highlighted
diff --git a/raw-migrated-files/security-docs/security/cases-open-manage.md b/raw-migrated-files/security-docs/security/cases-open-manage.md
index ef6ac22acf..ad2177bbac 100644
--- a/raw-migrated-files/security-docs/security/cases-open-manage.md
+++ b/raw-migrated-files/security-docs/security/cases-open-manage.md
@@ -43,7 +43,7 @@ You can configure email notifications that occur when users are assigned to case
 
 For hosted {{kib}} on {{ess}}:
 
-1. Add the email domains to the [notifications domain allowlist](../../../explore-analyze/alerts/kibana.md).
+1. Add the email domains to the [notifications domain allowlist](../../../explore-analyze/alerts-cases/alerts.md).
 
     You do not need to take any more steps to configure an email connector or update {{kib}} user settings, since the preconfigured Elastic-Cloud-SMTP connector is used by default.
 
diff --git a/raw-migrated-files/security-docs/security/detection-engine-overview.md b/raw-migrated-files/security-docs/security/detection-engine-overview.md
index 69cfcb0ff6..cf485283dc 100644
--- a/raw-migrated-files/security-docs/security/detection-engine-overview.md
+++ b/raw-migrated-files/security-docs/security/detection-engine-overview.md
@@ -14,7 +14,7 @@ There are several special prebuilt rules you need to know about:
 * [**Endpoint protection rules**](../../../solutions/security/manage-elastic-defend/endpoint-protection-rules.md): Automatically create alerts based on {{elastic-defend}}'s threat monitoring and prevention.
 * [**External Alerts**](https://www.elastic.co/guide/en/security/current/external-alerts.html): Automatically creates an alert for all incoming third-party system alerts (for example, Suricata alerts).
 
-If you want to receive notifications via external systems, such as Slack or email, when alerts are created, use the {{kib}} [Alerting and Actions](../../../explore-analyze/alerts.md) framework.
+If you want to receive notifications via external systems, such as Slack or email, when alerts are created, use the {{kib}} [Alerting and Actions](../../../explore-analyze/alerts-cases.md) framework.
 
 ::::{note}
 To use {{kib}} Alerting for detection alert notifications, you need the [appropriate license](https://www.elastic.co/subscriptions).
diff --git a/raw-migrated-files/security-docs/security/detections-logsdb-index-mode-impact.md b/raw-migrated-files/security-docs/security/detections-logsdb-index-mode-impact.md
index 04eff37bb3..b9a5350f0c 100644
--- a/raw-migrated-files/security-docs/security/detections-logsdb-index-mode-impact.md
+++ b/raw-migrated-files/security-docs/security/detections-logsdb-index-mode-impact.md
@@ -42,7 +42,7 @@ Alerts that are generated by threshold, {{ml}}, and event correlation sequence r
 
 While we do not recommend using `_source` for actions, in cases where the action relies on the `_source`, the same limitations and changes apply.
 
-If you send alert notifications by enabling [actions](../../../explore-analyze/alerts.md#alerting-concepts-actions) to the external systems that have workflows or automations based on fields formatted from the original source, they may be affected. In particular, this can happen when the fields used are arrays of objects.
+If you send alert notifications by enabling [actions](../../../explore-analyze/alerts-cases.md#alerting-concepts-actions) to the external systems that have workflows or automations based on fields formatted from the original source, they may be affected. In particular, this can happen when the fields used are arrays of objects.
 
 We recommend checking and adjusting the rule actions using `_source` before switching to logsdb index mode.
 
diff --git a/raw-migrated-files/security-docs/security/reduce-notifications-alerts.md b/raw-migrated-files/security-docs/security/reduce-notifications-alerts.md
index d82481c964..db2e7d6316 100644
--- a/raw-migrated-files/security-docs/security/reduce-notifications-alerts.md
+++ b/raw-migrated-files/security-docs/security/reduce-notifications-alerts.md
@@ -5,6 +5,6 @@
 |     |     |
 | --- | --- |
 | [Rule action snoozing](../../../solutions/security/detect-and-alert/manage-detection-rules.md#snooze-rule-actions) | **Stops a specific rule’s notification actions from running**.<br><br>Use to avoid unnecessary notifications from a specific rule. The rule continues to run and generate alerts during the snooze period, but its [notification actions](../../../solutions/security/detect-and-alert/create-detection-rule.md#rule-response-action) don’t run.<br> |
-| [Maintenance window](../../../explore-analyze/alerts/kibana/maintenance-windows.md) | **Prevents all rules' notification actions from running**.<br><br>Use to avoid false alarms and unnecessary notifications during planned outages. All rules continue to run and generate alerts during the maintenance window, but their [notification actions](../../../solutions/security/detect-and-alert/create-detection-rule.md#rule-notifications) don’t run.<br><br>::::{note} <br>Maintenance windows are a {{kib}} feature, configured outside of the {{security-app}} in **Stack Management**.<br>::::<br><br> |
+| [Maintenance window](../../../explore-analyze/alerts-cases/alerts/maintenance-windows.md) | **Prevents all rules' notification actions from running**.<br><br>Use to avoid false alarms and unnecessary notifications during planned outages. All rules continue to run and generate alerts during the maintenance window, but their [notification actions](../../../solutions/security/detect-and-alert/create-detection-rule.md#rule-notifications) don’t run.<br><br>::::{note} <br>Maintenance windows are a {{kib}} feature, configured outside of the {{security-app}} in **Stack Management**.<br>::::<br><br> |
 | [Alert suppression](../../../solutions/security/detect-and-alert/suppress-detection-alerts.md) | **Reduces repeated or duplicate alerts**.<br><br>Use to reduce the number of alerts created when a rule meets its criteria repeatedly. Duplicate qualifying events are grouped, and only one alert is created for each group.<br> |
 | [Rule exception](../../../solutions/security/detect-and-alert/rule-exceptions.md) | **Prevents a rule from creating alerts under specific conditions**.<br><br>Use to reduce false positive alerts by preventing trusted processes and network activity from generating unnecessary alerts. You can configure an exception to be used by a single rule or shared among multiple rules, but they typically don’t affect *all* rules.<br> |
diff --git a/raw-migrated-files/security-docs/security/rules-ui-create.md b/raw-migrated-files/security-docs/security/rules-ui-create.md
index 03dd68dc03..afe52626c3 100644
--- a/raw-migrated-files/security-docs/security/rules-ui-create.md
+++ b/raw-migrated-files/security-docs/security/rules-ui-create.md
@@ -690,7 +690,7 @@ You can use [mustache syntax](http://mustache.github.io/) to add variables to no
 The following variables can be passed for all rules:
 
 ::::{note}
-Refer to [Action frequency: Summary of alerts](../../../explore-analyze/alerts/kibana/rule-action-variables.md#alert-summary-action-variables) to learn about additional variables that can be passed if the rule’s action frequency is **Summary of alerts**.
+Refer to [Action frequency: Summary of alerts](../../../explore-analyze/alerts-cases/alerts/rule-action-variables.md#alert-summary-action-variables) to learn about additional variables that can be passed if the rule’s action frequency is **Summary of alerts**.
 ::::
 
 
diff --git a/raw-migrated-files/security-docs/security/rules-ui-management.md b/raw-migrated-files/security-docs/security/rules-ui-management.md
index 893c053142..758776291b 100644
--- a/raw-migrated-files/security-docs/security/rules-ui-management.md
+++ b/raw-migrated-files/security-docs/security/rules-ui-management.md
@@ -80,7 +80,7 @@ Similarly, rules will be skipped if they can’t be modified by a bulk edit. For
 
 
     ::::{note}
-    Rule actions won’t run during a [maintenance window](../../../explore-analyze/alerts/kibana/maintenance-windows.md). They’ll resume running after the maintenance window ends.
+    Rule actions won’t run during a [maintenance window](../../../explore-analyze/alerts-cases/alerts/maintenance-windows.md). They’ll resume running after the maintenance window ends.
     ::::
 
 
diff --git a/raw-migrated-files/toc.yml b/raw-migrated-files/toc.yml
index 0dad9a8002..200c9814b1 100644
--- a/raw-migrated-files/toc.yml
+++ b/raw-migrated-files/toc.yml
@@ -670,7 +670,6 @@ toc:
   - file: kibana/kibana/index.md
     children:
       - file: kibana/kibana/action-types.md
-      - file: kibana/kibana/alerting-getting-started.md
       - file: kibana/kibana/apm-settings-kb.md
       - file: kibana/kibana/connect-to-elasticsearch.md
       - file: kibana/kibana/console-kibana.md
diff --git a/solutions/observability/incident-management/create-an-anomaly-detection-rule.md b/solutions/observability/incident-management/create-an-anomaly-detection-rule.md
index 30a105ca69..7120c13a2a 100644
--- a/solutions/observability/incident-management/create-an-anomaly-detection-rule.md
+++ b/solutions/observability/incident-management/create-an-anomaly-detection-rule.md
@@ -137,7 +137,7 @@ Use the default notification message or customize it. You can add more context t
 :class: screenshot
 :::
 
-The following variables are specific to this rule type. You can also specify [variables common to all rules](../../../explore-analyze/alerts/kibana/rule-action-variables.md).
+The following variables are specific to this rule type. You can also specify [variables common to all rules](../../../explore-analyze/alerts-cases/alerts/rule-action-variables.md).
 
 `context.anomalyExplorerUrl`
 :   URL to open in the Anomaly Explorer.
diff --git a/solutions/observability/incident-management/create-an-elasticsearch-query-rule.md b/solutions/observability/incident-management/create-an-elasticsearch-query-rule.md
index f0d8ae63d8..8155f39a2d 100644
--- a/solutions/observability/incident-management/create-an-elasticsearch-query-rule.md
+++ b/solutions/observability/incident-management/create-an-elasticsearch-query-rule.md
@@ -171,7 +171,7 @@ Use the default notification message or customize it. You can add more context t
 :class: screenshot
 :::
 
-The following variables are specific to this rule type. You can also specify [variables common to all rules](../../../explore-analyze/alerts/kibana/rule-action-variables.md).
+The following variables are specific to this rule type. You can also specify [variables common to all rules](../../../explore-analyze/alerts-cases/alerts/rule-action-variables.md).
 
 `context.conditions`
 :   A string that describes the threshold condition. Example: `count greater than 4`.
diff --git a/solutions/observability/incident-management/create-log-threshold-rule.md b/solutions/observability/incident-management/create-log-threshold-rule.md
index c44eb5696d..31a97a7e81 100644
--- a/solutions/observability/incident-management/create-log-threshold-rule.md
+++ b/solutions/observability/incident-management/create-log-threshold-rule.md
@@ -152,7 +152,7 @@ Use the default notification message or customize it. You can add more context t
 :class: screenshot
 :::
 
-The following variables are specific to this rule type. You an also specify [variables common to all rules](../../../explore-analyze/alerts/kibana/rule-action-variables.md).
+The following variables are specific to this rule type. You an also specify [variables common to all rules](../../../explore-analyze/alerts-cases/alerts/rule-action-variables.md).
 
 `context.alertDetailsUrl`
 :   Link to the alert troubleshooting view for further context and details. This will be an empty string if the `server.publicBaseUrl` is not configured.
diff --git a/solutions/observability/incident-management/create-metric-threshold-rule.md b/solutions/observability/incident-management/create-metric-threshold-rule.md
index e271270a9b..7779ca0129 100644
--- a/solutions/observability/incident-management/create-metric-threshold-rule.md
+++ b/solutions/observability/incident-management/create-metric-threshold-rule.md
@@ -121,7 +121,7 @@ Use the default notification message or customize it. You can add more context t
 :class: screenshot
 :::
 
-The following variables are specific to this rule type. You an also specify [variables common to all rules](../../../explore-analyze/alerts/kibana/rule-action-variables.md).
+The following variables are specific to this rule type. You an also specify [variables common to all rules](../../../explore-analyze/alerts-cases/alerts/rule-action-variables.md).
 
 `context.alertDetailsUrl`
 :   Link to the alert troubleshooting view for further context and details. This will be an empty string if the `server.publicBaseUrl` is not configured.
diff --git a/solutions/observability/incident-management/create-tls-certificate-rule.md b/solutions/observability/incident-management/create-tls-certificate-rule.md
index b6594edf32..5b0102017d 100644
--- a/solutions/observability/incident-management/create-tls-certificate-rule.md
+++ b/solutions/observability/incident-management/create-tls-certificate-rule.md
@@ -106,7 +106,7 @@ Use the default notification message or customize it. You can add more context t
 :class: screenshot
 :::
 
-The following variables are specific to this rule type. You an also specify [variables common to all rules](../../../explore-analyze/alerts/kibana/rule-action-variables.md).
+The following variables are specific to this rule type. You an also specify [variables common to all rules](../../../explore-analyze/alerts-cases/alerts/rule-action-variables.md).
 
 `context.checkedAt`
 :   Timestamp of the monitor run.
@@ -251,7 +251,7 @@ Use the default notification message or customize it. You can add more context t
 :class: screenshot
 :::
 
-The following variables are specific to this rule type. You an also specify [variables common to all rules](../../../explore-analyze/alerts/kibana/rule-action-variables.md).
+The following variables are specific to this rule type. You an also specify [variables common to all rules](../../../explore-analyze/alerts-cases/alerts/rule-action-variables.md).
 
 `context.agingCommonNameAndDate`
 :   The common names and expiration date/time of the detected certs.
diff --git a/solutions/security/detect-and-alert/cross-cluster-search-detection-rules.md b/solutions/security/detect-and-alert/cross-cluster-search-detection-rules.md
index 0adcf72df0..140d683166 100644
--- a/solutions/security/detect-and-alert/cross-cluster-search-detection-rules.md
+++ b/solutions/security/detect-and-alert/cross-cluster-search-detection-rules.md
@@ -68,7 +68,7 @@ This section explains the general process for setting up cross-cluster search in
 
 ## Update a rule’s API key [update-api-key]
 
-Each detection rule has its own [API key](../../../explore-analyze/alerts/kibana/alerting-setup.md#alerting-authorization), which determines the data and actions the rule is allowed to access. When a user creates a new rule or changes an existing rule, their current privileges are saved to the rule’s API key. If that user’s privileges change in the future, the rule **does not** automatically update with the user’s latest privileges — you must update the rule’s API key if you want to update its privileges.
+Each detection rule has its own [API key](../../../explore-analyze/alerts-cases/alerts/alerting-setup.md#alerting-authorization), which determines the data and actions the rule is allowed to access. When a user creates a new rule or changes an existing rule, their current privileges are saved to the rule’s API key. If that user’s privileges change in the future, the rule **does not** automatically update with the user’s latest privileges — you must update the rule’s API key if you want to update its privileges.
 
 ::::{important}
 A rule’s API key is different from the API key you might have created for [authentication between local and remote clusters](#set-up-ccs-rules).
diff --git a/troubleshoot/elasticsearch/mapping-explosion.md b/troubleshoot/elasticsearch/mapping-explosion.md
index a0d97d79f6..39508902dc 100644
--- a/troubleshoot/elasticsearch/mapping-explosion.md
+++ b/troubleshoot/elasticsearch/mapping-explosion.md
@@ -14,7 +14,7 @@ Mapping explosion may surface as the following performance symptoms:
 * [CAT tasks](https://www.elastic.co/guide/en/elasticsearch/reference/current/cat-tasks.html) reporting long index durations only related to this index or indices. This usually relates to [pending tasks](https://www.elastic.co/guide/en/elasticsearch/reference/current/cluster-pending.html) reporting that the coordinating node is waiting for all other nodes to confirm they are on mapping update request.
 * Discover’s **Fields for wildcard** page-loading API command or [Dev Tools](../../explore-analyze/query-filter/tools/console.md) page-refreshing Autocomplete API commands are taking a long time (more than 10 seconds) or timing out in the browser’s Developer Tools Network tab. For more information, refer to our [walkthrough on troubleshooting Discover](https://www.elastic.co/blog/troubleshooting-guide-common-issues-kibana-discover-load).
 * Discover’s **Available fields** taking a long time to compile Javascript in the browser’s Developer Tools Performance tab. This may potentially escalate to temporary browser page unresponsiveness.
-* Kibana’s [alerting](../../explore-analyze/alerts/kibana.md) or [security rules](../../solutions/security/detect-and-alert.md) may error `The content length (X) is bigger than the maximum allowed string (Y)` where `X` is attempted payload and `Y` is {{kib}}'s [`server-maxPayload`](../../deploy-manage/deploy/self-managed/configure.md#server-maxPayload).
+* Kibana’s [alerting](../../explore-analyze/alerts-cases/alerts.md) or [security rules](../../solutions/security/detect-and-alert.md) may error `The content length (X) is bigger than the maximum allowed string (Y)` where `X` is attempted payload and `Y` is {{kib}}'s [`server-maxPayload`](../../deploy-manage/deploy/self-managed/configure.md#server-maxPayload).
 * Long {{es}} start-up durations.
 
 
diff --git a/troubleshoot/kibana/alerts.md b/troubleshoot/kibana/alerts.md
index d13524e616..c0958e34e2 100644
--- a/troubleshoot/kibana/alerts.md
+++ b/troubleshoot/kibana/alerts.md
@@ -23,13 +23,13 @@ Some of the resources, such as saved objects and API keys, may no longer be avai
 
 The following debugging tools are available:
 
-* {{kib}} versions 7.10 and above have a [Test connector](../../explore-analyze/alerts/kibana/testing-connectors.md) UI.
+* {{kib}} versions 7.10 and above have a [Test connector](../../explore-analyze/alerts-cases/alerts/testing-connectors.md) UI.
 * {{kib}} versions 7.11 and above include improved Webhook error messages, better overall debug logging for actions and connectors, and Task Manager [diagnostics endpoints](task-manager.md#task-manager-diagnosing-root-cause).
 
 
 ## Using rules and connectors list for the current state and finding issues [alerting-managment-detail]
 
-**{{rules-ui}}** in **{{stack-manage-app}}** lists the rules available in the space you’re currently in. When you click a rule name, you are navigated to the [details page](../../explore-analyze/alerts/kibana/create-manage-rules.md#rule-details) for the rule, where you can see currently active alerts. The start date on this page indicates when a rule is triggered, and for what alerts. In addition, the duration of the condition indicates how long the instance is active.
+**{{rules-ui}}** in **{{stack-manage-app}}** lists the rules available in the space you’re currently in. When you click a rule name, you are navigated to the [details page](../../explore-analyze/alerts-cases/alerts/create-manage-rules.md#rule-details) for the rule, where you can see currently active alerts. The start date on this page indicates when a rule is triggered, and for what alerts. In addition, the duration of the condition indicates how long the instance is active.
 
 :::{image} ../../images/kibana-rule-details-alerts-inactive.png
 :alt: Alerting management details
@@ -176,9 +176,9 @@ Investigating the underlying task can help you gauge whether the problem you’r
 
 In addition to the above methods, refer to the following approaches and common issues:
 
-* [Alerting common issues](../../explore-analyze/alerts/kibana/alerting-common-issues.md)
-* [Querying event log index](../../explore-analyze/alerts/kibana/event-log-index.md)
-* [Testing connectors using {{connectors-ui}} UI and the `kbn-action` tool](../../explore-analyze/alerts/kibana/testing-connectors.md)
+* [Alerting common issues](../../explore-analyze/alerts-cases/alerts/alerting-common-issues.md)
+* [Querying event log index](../../explore-analyze/alerts-cases/alerts/event-log-index.md)
+* [Testing connectors using {{connectors-ui}} UI and the `kbn-action` tool](../../explore-analyze/alerts-cases/alerts/testing-connectors.md)
 
 
 ### Temporarily throttle all tasks [alerting-kibana-throttle]
@@ -191,7 +191,7 @@ xpack.task_manager.poll_interval: 1h
 ```
 
 ::::{warning}
-This approach should be used only temporarily as a last resort to restore function to {{kib}} when it is unresponsive and attempts to identify and [snooze or disable](../../explore-analyze/alerts/kibana/create-manage-rules.md#controlling-rules) slow-running rules have not fixed the situation. It severely throttles all background tasks, not just those relating to {{alert-features}}. The task manager will run only one task at a time and will look for more work each hour.
+This approach should be used only temporarily as a last resort to restore function to {{kib}} when it is unresponsive and attempts to identify and [snooze or disable](../../explore-analyze/alerts-cases/alerts/create-manage-rules.md#controlling-rules) slow-running rules have not fixed the situation. It severely throttles all background tasks, not just those relating to {{alert-features}}. The task manager will run only one task at a time and will look for more work each hour.
 
 ::::