elastic · natasha-moore-elastic · Feb 26, 2025 · Feb 21, 2025 · Feb 21, 2025 · Feb 21, 2025
@@ -197,7 +197,6 @@ toc:
       - file: docs-content/serverless/security-alerts-manage.md
       - file: docs-content/serverless/security-automated-response-actions.md
       - file: docs-content/serverless/security-automatic-import.md
-      - file: docs-content/serverless/security-behavioral-detection-use-cases.md
       - file: docs-content/serverless/security-benchmark-rules-kspm.md
       - file: docs-content/serverless/security-benchmark-rules.md
       - file: docs-content/serverless/security-blocklist.md
@@ -228,7 +227,6 @@ toc:
       - file: docs-content/serverless/security-endpoint-management-req.md
       - file: docs-content/serverless/security-endpoints-page.md
       - file: docs-content/serverless/security-environment-variable-capture.md
-      - file: docs-content/serverless/security-ers-requirements.md
       - file: docs-content/serverless/security-event-filters.md
       - file: docs-content/serverless/security-get-started-with-kspm.md
       - file: docs-content/serverless/security-host-isolation-exceptions.md
@@ -239,8 +237,6 @@ toc:
       - file: docs-content/serverless/security-linux-file-monitoring.md
       - file: docs-content/serverless/security-llm-connector-guides.md
       - file: docs-content/serverless/security-llm-performance-matrix.md
-      - file: docs-content/serverless/security-machine-learning.md
-      - file: docs-content/serverless/security-ml-requirements.md
       - file: docs-content/serverless/security-overview-dashboard.md
       - file: docs-content/serverless/security-policies-page.md
       - file: docs-content/serverless/security-posture-faq.md
@@ -262,7 +258,6 @@ toc:
       - file: docs-content/serverless/security-triage-alerts-with-elastic-ai-assistant.md
       - file: docs-content/serverless/security-trusted-applications.md
       - file: docs-content/serverless/security-tune-detection-signals.md
-      - file: docs-content/serverless/security-turn-on-risk-engine.md
       - file: docs-content/serverless/security-view-alert-details.md
       - file: docs-content/serverless/security-visualize-alerts.md
       - file: docs-content/serverless/security-vuln-management-dashboard-dash.md

@@ -6,21 +6,15 @@ mapped_urls:
 
 # Anomaly detection
 
-% What needs to be done: Align serverless/stateful
 
-% Use migrated content from existing pages that map to this page:
-
-% - [x] ./raw-migrated-files/security-docs/security/machine-learning.md
-% - [ ] ./raw-migrated-files/docs-content/serverless/security-machine-learning.md
-
-[{{ml-cap}}](/explore-analyze/machine-learning/anomaly-detection.md) functionality is available when you have the appropriate subscription, are using a **{{ess-trial}}[cloud deployment]**, or are testing out a **Free Trial**. Refer to [Machine learning job and rule requirements](/solutions/security/advanced-entity-analytics/machine-learning-job-rule-requirements.md) for more information.
+[{{ml-cap}}](/explore-analyze/machine-learning/anomaly-detection.md) functionality is available when you have the appropriate role, subscription, are using a [cloud deployment](https://cloud.elastic.co/registration?page=docs&placement=docs-body), or are testing out a **Free Trial**. Refer to [Machine learning job and rule requirements](/solutions/security/advanced-entity-analytics/machine-learning-job-rule-requirements.md) for more information.
 
 You can view the details of detected anomalies within the `Anomalies` table widget shown on the Hosts, Network, and associated details pages, or even narrow to the specific date range of an anomaly from the `Max anomaly score by job` field in the overview of the details pages for hosts and IPs. These interfaces also offer the ability to drag and drop details of the anomaly to Timeline, such as the `Entity` itself, or any of the associated `Influencers`.
 
 
 ## Manage {{ml}} jobs [manage-jobs]
 
-If you have the `machine_learning_admin` role, you can use the **ML job settings** interface on the **Alerts**, **Rules**, and **Rule Exceptions** pages to view, start, and stop {{elastic-sec}} {{ml}} jobs.
+If you have the appropriate role, you can use the **ML job settings** interface on the **Alerts**, **Rules**, and **Rule Exceptions** pages to view, start, and stop {{elastic-sec}} {{ml}} jobs.
 
 :::{image} ../../../images/security-ml-ui.png
 :alt: ML job settings UI on the Alerts page

@@ -6,18 +6,6 @@ mapped_urls:
 
 # Behavioral detection use cases
 
-% What needs to be done: Align serverless/stateful
-
-% Use migrated content from existing pages that map to this page:
-
-% - [x] ./raw-migrated-files/security-docs/security/behavioral-detection-use-cases.md
-% - [ ] ./raw-migrated-files/docs-content/serverless/security-behavioral-detection-use-cases.md
-
-% Internal links rely on the following IDs being on this page (e.g. as a heading ID, paragraph ID, etc):
-
-$$$ml-integrations$$$
-
-$$$security-behavioral-detection-use-cases-elastic-integrations-for-behavioral-detection-use-cases$$$
 
 Behavioral detection identifies potential internal and external threats based on user and host activity. It uses a threat-centric approach to flag suspicious activity by analyzing patterns, anomalies, and context enrichment.
 
@@ -29,7 +17,8 @@ The behavioral detection feature is built on {{elastic-sec}}'s foundational SIEM
 Behavioral detection integrations provide a convenient way to enable behavioral detection capabilities. They streamline the deployment of components that implement behavioral detection, such as data ingestion, transforms, rules, {{ml}} jobs, and scripts.
 
 ::::{admonition} Requirements
-* Behavioral detection integrations require a [Platinum subscription](https://www.elastic.co/pricing) or higher.
+* In {{stack}}, behavioral detection integrations require a [Platinum subscription](https://www.elastic.co/pricing) or higher.
+* In serverless, behavioral detection integrations require the Security Analytics Complete [project feature](/deploy-manage/deploy/elastic-cloud/project-settings.md).
 * To learn more about the requirements for using {{ml}} jobs, refer to [Machine learning job and rule requirements](/solutions/security/advanced-entity-analytics/machine-learning-job-rule-requirements.md).
 
 ::::