diff --git a/solutions/security/advanced-entity-analytics/anomaly-detection.md b/solutions/security/advanced-entity-analytics/anomaly-detection.md
index 0d7b6fd082..38442e295a 100644
--- a/solutions/security/advanced-entity-analytics/anomaly-detection.md
+++ b/solutions/security/advanced-entity-analytics/anomaly-detection.md
@@ -26,7 +26,7 @@ If you have the appropriate role, you can use the **ML job settings** interface
 
 You can also check the status of {{ml}} detection rules, and start or stop their associated {{ml}} jobs:
 
-* On the **Rules** page, the **Last response** column displays the rule’s current [status](/solutions/security/detect-and-alert/manage-detection-rules.md#rule-status). An indicator icon (![Error icon from rules table](../../../images/security-rules-table-error-icon.png "")) also appears if a required {{ml}} job isn’t running. Click the icon to list the affected jobs, then click **Visit rule details page to investigate** to open the rule’s details page.
+* On the **Rules** page, the **Last response** column displays the rule’s current [status](/solutions/security/detect-and-alert/manage-detection-rules.md#rule-status). An indicator icon (![Error icon from rules table](../../../images/security-rules-table-error-icon.png "title =20x20")) also appears if a required {{ml}} job isn’t running. Click the icon to list the affected jobs, then click **Visit rule details page to investigate** to open the rule’s details page.
 
     :::{image} ../../../images/security-rules-table-ml-job-error.png
     :alt: Rules table {{ml}} job error
diff --git a/solutions/security/ai/ai-assistant.md b/solutions/security/ai/ai-assistant.md
index 382f7edbea..1149a7fada 100644
--- a/solutions/security/ai/ai-assistant.md
+++ b/solutions/security/ai/ai-assistant.md
@@ -97,10 +97,10 @@ Use these features to adjust and act on your conversations with AI Assistant:
 * Quick Prompt availability varies based on context—for example, the **Alert summarization** Quick Prompt appears when you open AI Assistant while viewing an alert. To customize existing Quick Prompts and create new ones, click **Add Quick Prompt**.
 * In an active conversation, you can use the inline actions that appear on messages to incorporate AI Assistant’s responses into your workflows:
 
-    * **Add note to timeline** (![Add note icon](../../../images/security-icon-add-note.png "")): Add the selected text to your currently active Timeline as a note.
-    * **Add to existing case** (![Add to case icon](../../../images/security-icon-add-to-case.png "")): Add a comment to an existing case using the selected text.
-    * **Copy to clipboard** (![Copy to clipboard icon](../../../images/security-icon-copy.png "")): Copy the text to clipboard to paste elsewhere. Also helpful for resubmitting a previous prompt.
-    * **Add to timeline** (![Add to timeline icon](../../../images/security-icon-add-to-timeline.png "")): Add a filter or query to Timeline using the text. This button appears for particular queries in AI Assistant’s responses.
+    * **Add note to timeline** (![Add note icon](../../../images/security-icon-add-note.png "title =20x20")): Add the selected text to your currently active Timeline as a note.
+    * **Add to existing case** (![Add to case icon](../../../images/security-icon-add-to-case.png "title =20x20")): Add a comment to an existing case using the selected text.
+    * **Copy to clipboard** (![Copy to clipboard icon](../../../images/security-icon-copy.png "title =20x20")): Copy the text to clipboard to paste elsewhere. Also helpful for resubmitting a previous prompt.
+    * **Add to timeline** (![Add to timeline icon](../../../images/security-icon-add-to-timeline.png "title =20x20")): Add a filter or query to Timeline using the text. This button appears for particular queries in AI Assistant’s responses.
 
 
 Be sure to specify which language you’d like AI Assistant to use when writing a query. For example: "Can you generate an Event Query Language query to find four failed logins followed by a successful login?"
@@ -136,7 +136,7 @@ To modify Anonymization settings, you need the **Elastic AI Assistant: All** pri
 The **Anonymization** tab of the Security AI settings menu allows you to define default data anonymization behavior for events you send to AI Assistant. Fields with **Allowed*** toggled on are included in events provided to AI Assistant. ***Allowed*** fields with ***Anonymized** set to **Yes** are included, but with their values obfuscated.
 
 ::::{note}
-You can access anonymization settings directly from the **Attack Discovery** page by clicking the settings (![Settings icon](../../../images/security-icon-settings.png "title=70%")) button next to the model selection dropdown menu.
+You can access anonymization settings directly from the **Attack Discovery** page by clicking the settings (![Settings icon](../../../images/security-icon-settings.png "title =20x20")) button next to the model selection dropdown menu.
 ::::
 
 
diff --git a/solutions/security/ai/identify-investigate-document-threats.md b/solutions/security/ai/identify-investigate-document-threats.md
index 8005334c5c..e0ce7d931b 100644
--- a/solutions/security/ai/identify-investigate-document-threats.md
+++ b/solutions/security/ai/identify-investigate-document-threats.md
@@ -50,7 +50,7 @@ At any point in a conversation with AI Assistant, you can add data, narrative su
 
 ## Generate reports [use-case-incident-reporting-create-a-case-using-ai-assistant]
 
-From the AI Assistant dialog window, click **Add to case** (![Add to case icon](../../../images/security-icon-add-to-case.png "")) next to a message to add the information in that message to a [case](/solutions/security/investigate/cases.md). Cases help centralize relevant details in one place for easy sharing with stakeholders.
+From the AI Assistant dialog window, click **Add to case** (![Add to case icon](../../../images/security-icon-add-to-case.png "title =20x20")) next to a message to add the information in that message to a [case](/solutions/security/investigate/cases.md). Cases help centralize relevant details in one place for easy sharing with stakeholders.
 
 If you add a message that contains a discovery to a case, AI Assistant automatically adds the attack summary and all associated alerts to the case. You can also add AI Assistant messages that contain remediation steps and relevant data to the case.
 
diff --git a/solutions/security/dashboards/detection-rule-monitoring-dashboard.md b/solutions/security/dashboards/detection-rule-monitoring-dashboard.md
index fa2b65117c..f228a45de7 100644
--- a/solutions/security/dashboards/detection-rule-monitoring-dashboard.md
+++ b/solutions/security/dashboards/detection-rule-monitoring-dashboard.md
@@ -43,7 +43,7 @@ The following visualizations are included:
 
 ## Visualization panel actions [rule-visualization-actions]
 
-Open a panel’s options menu (![Options menu](../../../images/security-three-dot-icon.png "")) customize the panel or use its data for further analysis and investigation:
+Open a panel’s options menu (![Options menu](../../../images/security-three-dot-icon.png "title =20x20")) customize the panel or use its data for further analysis and investigation:
 
 * **Edit panel settings**: Customize the panel’s display settings. Options vary by visualization type.
 * **Inspect**: Examine the panel’s underlying data and queries.
diff --git a/solutions/security/dashboards/entity-analytics-dashboard.md b/solutions/security/dashboards/entity-analytics-dashboard.md
index 667e6d5b0b..267eec6662 100644
--- a/solutions/security/dashboards/entity-analytics-dashboard.md
+++ b/solutions/security/dashboards/entity-analytics-dashboard.md
@@ -54,7 +54,7 @@ Interact with the table to filter data, view more details, and take action:
 * Click a user name link to open the user details flyout.
 * Hover over a user name link to display inline actions: **Add to timeline**, which adds the selected value to Timeline, and **Copy to Clipboard**, which copies the user name value for you to paste later.
 * Click **View all** in the upper-right to display all user risk information on the Users page.
-* Click the number link in the **Alerts** column to view the alerts on the Alerts page. Hover over the number and select **Investigate in timeline** (![Investigate in timeline icon](../../../images/security-timeline-button-osquery.png "")) to launch Timeline with a query that includes the associated user name value.
+* Click the number link in the **Alerts** column to view the alerts on the Alerts page. Hover over the number and select **Investigate in timeline** (![Investigate in timeline icon](../../../images/security-timeline-button-osquery.png "title =20x20")) to launch Timeline with a query that includes the associated user name value.
 
 For more information about user risk scores, refer to [Entity risk scoring](/solutions/security/advanced-entity-analytics/entity-risk-scoring.md).
 
@@ -79,7 +79,7 @@ Interact with the table to filter data, view more details, and take action:
 * Click a host name link to open the host details flyout.
 * Hover over a host name link to display inline actions: **Add to timeline**, which adds the selected value to Timeline, and **Copy to Clipboard**, which copies the host name value for you to paste later.
 * Click **View all** in the upper-right to display all host risk information on the Hosts page.
-* Click the number link in the **Alerts** column to view the alerts on the Alerts page. Hover over the number and select **Investigate in timeline** (![Investigate in timeline icon](../../../images/security-timeline-button-osquery.png "")) to launch Timeline with a query that includes the associated host name value.
+* Click the number link in the **Alerts** column to view the alerts on the Alerts page. Hover over the number and select **Investigate in timeline** (![Investigate in timeline icon](../../../images/security-timeline-button-osquery.png "title =20x20")) to launch Timeline with a query that includes the associated host name value.
 
 For more information about host risk scores, refer to [Entity risk scoring](/solutions/security/advanced-entity-analytics/entity-risk-scoring.md).
 
@@ -120,7 +120,7 @@ Interact with the table to filter data and view more details:
 * Select the **Risk level** dropdown to filter the table by the selected user or host risk level.
 * Select the **Criticality** dropdown to filter the table by the selected asset criticality level.
 * Select the **Source** dropdown to filter the table by the data source.
-* Click the **View details** icon (![View details icon](../../../images/security-view-details-icon.png "")) to open the entity details flyout.
+* Click the **View details** icon (![View details icon](../../../images/security-view-details-icon.png "title =20x20")) to open the entity details flyout.
 
 
 ## Anomalies [entity-anomalies]
diff --git a/solutions/security/dashboards/overview-dashboard.md b/solutions/security/dashboards/overview-dashboard.md
index bfea217a22..b444253010 100644
--- a/solutions/security/dashboards/overview-dashboard.md
+++ b/solutions/security/dashboards/overview-dashboard.md
@@ -31,7 +31,7 @@ The **Security news** section provides the latest {{elastic-sec}} news to help y
 
 Time-based histograms show the number of detections, alerts, and events that have occurred within the selected time range. To focus on a particular time, click and drag to select a time range, or choose a preset value. The **Stack by** menu lets you select which field is used to organize the data. For example, in the Alert trend histogram, stack by `kibana.alert.rule.name` to display alert counts by rule name within the specified time frame.
 
-Hover over histograms, graphs, and tables to display an **Inspect** button (![Inspect icon](../../../images/security-inspect-icon.png "")) or options menu (![Three-dot menu icon](../../../images/security-three-dot-icon.png "")). Click to inspect the visualization’s {{es}} queries, add it to a new or existing case, or open it in Lens for customization.
+Hover over histograms, graphs, and tables to display an **Inspect** button (![Inspect icon](../../../images/security-inspect-icon.png "title =20x20")) or options menu (![Three-dot menu icon](../../../images/security-three-dot-icon.png "title =20x20")). Click to inspect the visualization’s {{es}} queries, add it to a new or existing case, or open it in Lens for customization.
 
 
 ## Host and network events [_host_and_network_events]
diff --git a/solutions/security/detect-and-alert/add-manage-exceptions.md b/solutions/security/detect-and-alert/add-manage-exceptions.md
index 2f7762e1c7..726353a42a 100644
--- a/solutions/security/detect-and-alert/add-manage-exceptions.md
+++ b/solutions/security/detect-and-alert/add-manage-exceptions.md
@@ -199,7 +199,7 @@ Additionally, to add an Endpoint exception to an endpoint protection rule, there
 
 
     ::::{note}
-    * Fields with conflicts are marked with a warning icon (![Field conflict warning icon](../../../images/security-field-warning-icon.png "")). Using these fields might cause unexpected exceptions behavior. For more information, refer to [Troubleshooting type conflicts and unmapped fields](../../../troubleshoot/security/detection-rules.md#rule-exceptions-field-conflicts).
+    * Fields with conflicts are marked with a warning icon (![Field conflict warning icon](../../../images/security-field-warning-icon.png "title =20x20")). Using these fields might cause unexpected exceptions behavior. For more information, refer to [Troubleshooting type conflicts and unmapped fields](../../../troubleshoot/security/detection-rules.md#rule-exceptions-field-conflicts).
     * The `is one of` and `is not one of` operators support identical, case-sensitive values. For example, if you want to match the values `Windows` and `windows`, add both values to the **Value** field.
 
     ::::
diff --git a/solutions/security/detect-and-alert/create-manage-value-lists.md b/solutions/security/detect-and-alert/create-manage-value-lists.md
index e4384b0f9d..cde26bd809 100644
--- a/solutions/security/detect-and-alert/create-manage-value-lists.md
+++ b/solutions/security/detect-and-alert/create-manage-value-lists.md
@@ -93,8 +93,8 @@ You can also edit value lists while creating and managing exceptions that use va
 2. Click **Manage value lists**. The **Manage value lists** window opens.
 3. From the **Value lists** table, you can:
 
-    1. Click the **Export value list** button (![Export button from Manage value lists window](../../../images/security-export-value-list.png "")) to export the value list.
-    2. Click the **Remove value list** button (![Remove button from Manage value lists window](../../../images/security-remove-value-list.png "")) to delete the value list.
+    1. Click the **Export value list** button (![Export button from Manage value lists window](../../../images/security-export-value-list.png "title =20x20")) to export the value list.
+    2. Click the **Remove value list** button (![Remove button from Manage value lists window](../../../images/security-remove-value-list.png "title =20x20")) to delete the value list.
 
         :::{image} ../../../images/security-manage-value-list.png
         :alt: Import value list flyout with action buttons highlighted
diff --git a/solutions/security/detect-and-alert/monitor-rule-executions.md b/solutions/security/detect-and-alert/monitor-rule-executions.md
index 68c79de681..e931fd453b 100644
--- a/solutions/security/detect-and-alert/monitor-rule-executions.md
+++ b/solutions/security/detect-and-alert/monitor-rule-executions.md
@@ -63,7 +63,7 @@ Use these controls to filter what’s included in the logs table:
 * The date and time picker sets the time range of rule executions included in the table. This is separate from the global date and time picker at the top of the rule details page.
 * The **Source event time range** button toggles the display of data pertaining to the time range of manual runs.
 * The **Show metrics columns** toggle includes more or less data in the table, pertaining to the timing of each rule execution.
-* The **Actions** column allows you to show alerts generated from a given rule execution. Click the filter icon (![Filter icon](../../../images/security-filter-icon.png "")) to create a global search filter based on the rule execution’s ID value. This replaces any previously applied filters, changes the global date and time range to 24 hours before and after the rule execution, and displays a confirmation notification. You can revert this action by clicking **Restore previous filters** in the notification.
+* The **Actions** column allows you to show alerts generated from a given rule execution. Click the filter icon (![Filter icon](../../../images/security-filter-icon.png "title =20x20")) to create a global search filter based on the rule execution’s ID value. This replaces any previously applied filters, changes the global date and time range to 24 hours before and after the rule execution, and displays a confirmation notification. You can revert this action by clicking **Restore previous filters** in the notification.
 
 
 ### Manual runs table [manual-runs-table]
diff --git a/solutions/security/endpoint-response-actions.md b/solutions/security/endpoint-response-actions.md
index d6062d1305..269a7adeb6 100644
--- a/solutions/security/endpoint-response-actions.md
+++ b/solutions/security/endpoint-response-actions.md
@@ -292,7 +292,7 @@ You can also get a list of commands in the [Help panel](/solutions/security/endp
 
 ## Help panel [help-panel]
 
-Click ![Help icon](../../images/security-help-icon.png "") **Help** in the upper-right to open the **Help** panel, which lists available response action commands and parameters as a reference.
+Click ![Help icon](../../images/security-help-icon.png "title =20x20") **Help** in the upper-right to open the **Help** panel, which lists available response action commands and parameters as a reference.
 
 ::::{note}
 This panel displays only the response actions that you have the user role or privileges to perform.
@@ -305,7 +305,7 @@ This panel displays only the response actions that you have the user role or pri
 :screenshot:
 :::
 
-You can use this panel to build commands with less typing. Click the add icon (![Add icon](../../images/security-add-command-icon.png "")) to add a command to the input area, enter any additional parameters or a comment, then press **Return** to run the command.
+You can use this panel to build commands with less typing. Click the add icon (![Add icon](../../images/security-add-command-icon.png "title =20x20")) to add a command to the input area, enter any additional parameters or a comment, then press **Return** to run the command.
 
 If the endpoint is running an older version of {{agent}}, some response actions may not be supported, as indicated by an informational icon and tooltip. [Upgrade {{agent}}](/reference/ingestion-tools/fleet/upgrade-elastic-agent.md) on the endpoint to be able to use the latest response actions.
 
diff --git a/solutions/security/endpoint-response-actions/isolate-host.md b/solutions/security/endpoint-response-actions/isolate-host.md
index 609c1de3bd..d50902dd46 100644
--- a/solutions/security/endpoint-response-actions/isolate-host.md
+++ b/solutions/security/endpoint-response-actions/isolate-host.md
@@ -45,7 +45,7 @@ All actions executed on a host are tracked in the host’s response actions hist
 ::::{dropdown} Isolate a host from a detection alert
 1. Open a detection alert:
 
-    * From the Alerts table or Timeline: Click **View details** (![View details icon](../../../images/security-view-details-icon.png "")).
+    * From the Alerts table or Timeline: Click **View details** (![View details icon](../../../images/security-view-details-icon.png "title =20x20")).
     * From a case with an attached alert: Click **Show alert details** (**>**).
 
 2. Click **Take action → Isolate host**.
@@ -116,7 +116,7 @@ After the host is successfully isolated, an **Isolated** status is added to the
 ::::{dropdown} Release a host from a detection alert
 1. Open a detection alert:
 
-    * From the Alerts table or Timeline: Click **View details** (![View details icon](../../../images/security-view-details-icon.png "")).
+    * From the Alerts table or Timeline: Click **View details** (![View details icon](../../../images/security-view-details-icon.png "title =20x20")).
     * From a case with an attached alert: Click **Show alert details** (**>**).
 
 2. From the alert details flyout, click **Take action → Release host**.
diff --git a/solutions/security/get-started/elastic-security-ui.md b/solutions/security/get-started/elastic-security-ui.md
index b95896af9c..de8c3262d0 100644
--- a/solutions/security/get-started/elastic-security-ui.md
+++ b/solutions/security/get-started/elastic-security-ui.md
@@ -19,22 +19,22 @@ Filter for alerts, events, processes, and other important security data by enter
 :screenshot:
 :::
 
-* To refine your search results, select **Add Filter** (![Add filter icon](../../../images/security-add-filter-icon.png "")), then enter the field, operator (such as `is not` or `is between`), and value for your filter.
-* To save the current KQL query and any applied filters, select **Saved query menu** (![Saved query menu icon](../../../images/security-saved-query-menu-icon.png "")), enter a name for the saved query, and select **Save saved query**.
+* To refine your search results, select **Add Filter** (![Add filter icon](../../../images/security-add-filter-icon.png "title =20x20")), then enter the field, operator (such as `is not` or `is between`), and value for your filter.
+* To save the current KQL query and any applied filters, select **Saved query menu** (![Saved query menu icon](../../../images/security-saved-query-menu-icon.png "title =20x20")), enter a name for the saved query, and select **Save saved query**.
 
 
 ## Navigation menu [navigation-menu-overview]
 
-The navigation menu contains direct links and expandable groups, identified by the group icon (![Group icon](../../../images/security-group-icon.png "")).
+The navigation menu contains direct links and expandable groups, identified by the group icon (![Group icon](../../../images/security-group-icon.png "title =20x20")).
 
 * Click a top-level link to go directly to its landing page, which contains links and information for related pages.
-* Click a group’s icon (![Group icon](../../../images/security-group-icon.png "")) to open its flyout menu, which displays links to related pages within that group. Click a link in the flyout to navigate to its landing page.
-* Click the **Collapse side navigation** icon (![Side menu collapse icon](../../../images/security-side-button.png "")) to collapse and expand the main navigation menu.
+* Click a group’s icon (![Group icon](../../../images/security-group-icon.png "title =20x20")) to open its flyout menu, which displays links to related pages within that group. Click a link in the flyout to navigate to its landing page.
+* Click the **Collapse side navigation** icon (![Side menu collapse icon](../../../images/security-side-button.png "title =20x20")) to collapse and expand the main navigation menu.
 
 
 ## Visualization actions [visualization-actions]
 
-Many {{elastic-sec}} histograms, graphs, and tables display an **Inspect** button (![Inspect icon](../../../images/security-inspect-icon.png "")) when you hover over them. Click to examine the {{es}} queries used to retrieve data throughout the app.
+Many {{elastic-sec}} histograms, graphs, and tables display an **Inspect** button (![Inspect icon](../../../images/security-inspect-icon.png "title =20x20")) when you hover over them. Click to examine the {{es}} queries used to retrieve data throughout the app.
 
 :::{image} ../../../images/security-inspect-icon-context.png
 :alt: Inspect icon
@@ -42,7 +42,7 @@ Many {{elastic-sec}} histograms, graphs, and tables display an **Inspect** butto
 :screenshot:
 :::
 
-Other visualizations display an options menu (![Three-dot menu icon](../../../images/security-three-dot-icon.png "")), which allows you to inspect the visualization’s queries, add it to a new or existing case, or open it in Lens for customization.
+Other visualizations display an options menu (![Three-dot menu icon](../../../images/security-three-dot-icon.png "title =20x20")), which allows you to inspect the visualization’s queries, add it to a new or existing case, or open it in Lens for customization.
 
 :::{image} ../../../images/security-viz-options-menu-open.png
 :alt: Options menu opened
@@ -61,7 +61,7 @@ Throughout the {{security-app}}, you can hover over many data fields and values
 :screenshot:
 :::
 
-In some visualizations, these actions are available in the legend by clicking a value’s options icon (![Vertical three-dot icon](../../../images/security-three-dot-icon-vertical.png "")).
+In some visualizations, these actions are available in the legend by clicking a value’s options icon (![Vertical three-dot icon](../../../images/security-three-dot-icon-vertical.png "title =20x20")).
 
 :::{image} ../../../images/security-inline-actions-legend.png
 :alt: Actions in a visualization legend
diff --git a/solutions/security/investigate/session-view.md b/solutions/security/investigate/session-view.md
index e2ee26323f..c467b67bd1 100644
--- a/solutions/security/investigate/session-view.md
+++ b/solutions/security/investigate/session-view.md
@@ -74,7 +74,7 @@ The Session View UI has the following features:
 
 Session View includes additional badges not pictured above:
 
-* The alert badge for multiple alerts appears when a single event causes alerts of multiple types (![Gear icon](../../../images/security-sess-view-process-alert-icon.png "") for `process` alerts, ![Page icon](../../../images/security-sess-view-file-alert-icon.png "") for `file` alerts, and ![Page icon](../../../images/security-sess-view-network-alert-icon.png "") for `network` alerts):
+* The alert badge for multiple alerts appears when a single event causes alerts of multiple types (![Gear icon](../../../images/security-sess-view-process-alert-icon.png "title =20x20") for `process` alerts, ![Page icon](../../../images/security-sess-view-file-alert-icon.png "title =20x20") for `file` alerts, and ![Page icon](../../../images/security-sess-view-network-alert-icon.png "title =20x20") for `network` alerts):
 
     :::{image} ../../../images/security-session-view-alert-types-badge.png
     :alt: The alert badge for a command with all three alert types
diff --git a/troubleshoot/security/detection-rules.md b/troubleshoot/security/detection-rules.md
index c2aa5bea54..5096316c8b 100644
--- a/troubleshoot/security/detection-rules.md
+++ b/troubleshoot/security/detection-rules.md
@@ -87,7 +87,7 @@ Turning off `autocomplete:useTimeRange` could cause performance issues if the da
 :::::{dropdown} Warning about type conflicts and unmapped fields
 :name: rule-exceptions-field-conflicts
 
-A warning icon (![Field conflict warning icon](../../images/security-field-warning-icon.png "")) and message appear for fields with [type conflicts](#fields-with-conflicting-types) across multiple indices or  fields that are [unmapped](#unmapped-field-conflict). You can learn more about the conflict by clicking the warning message.
+A warning icon (![Field conflict warning icon](../../images/security-field-warning-icon.png "title =20x20")) and message appear for fields with [type conflicts](#fields-with-conflicting-types) across multiple indices or  fields that are [unmapped](#unmapped-field-conflict). You can learn more about the conflict by clicking the warning message.
 
 ::::{note}
 A field can have type conflicts *and* be unmapped in specified indices.