diff --git a/docs/events/timeline-templates.asciidoc b/docs/events/timeline-templates.asciidoc
index b4e90f9535..54fafc59ed 100644
--- a/docs/events/timeline-templates.asciidoc
+++ b/docs/events/timeline-templates.asciidoc
@@ -136,7 +136,7 @@ NOTE: You cannot delete prebuilt templates.
 == Export and import Timeline templates
 
 You can import and export Timeline templates, which enables importing templates
-from one {kib} space or instance to another. Exported templates are saved in an `ndjson` file.
+from one space or {elastic-sec} instance to another. Exported templates are saved in an `ndjson` file.
 
 . Go to *Timelines* -> *Templates*.
 . To export templates, do one of the following:
diff --git a/docs/events/timeline-ui-overview.asciidoc b/docs/events/timeline-ui-overview.asciidoc
index fe3d534f8e..9d2dc54ef6 100644
--- a/docs/events/timeline-ui-overview.asciidoc
+++ b/docs/events/timeline-ui-overview.asciidoc
@@ -171,7 +171,7 @@ then select an action from the *Bulk actions* menu.
 == Export and import Timelines
 
 You can export and import Timelines, which enables you to share Timelines from one
-{kib} space or instance to another. Exported Timelines are saved as `.ndjson` files.
+space or {elastic-sec} instance to another. Exported Timelines are saved as `.ndjson` files.
 
 To export Timelines:
 
diff --git a/docs/getting-started/data-views-in-sec.asciidoc b/docs/getting-started/data-views-in-sec.asciidoc
index 1e5d4d8000..62cfddaa9f 100644
--- a/docs/getting-started/data-views-in-sec.asciidoc
+++ b/docs/getting-started/data-views-in-sec.asciidoc
@@ -33,7 +33,7 @@ NOTE: You cannot update the data view for the Alerts page. This includes referen
 [[default-data-view-security]]
 == The default {data-source}
 
-The default {data-source} is defined by the `securitySolution:defaultIndex` setting, which you can modify in {kib}'s advanced settings (**Stack Management** > **Advanced Settings** > **Security Solution**). To learn more about this setting, including its default value, refer to {security-guide}/advanced-settings.html#update-sec-indices[Advanced settings].
+The default {data-source} is defined by the `securitySolution:defaultIndex` setting, which you can modify in {security-guide}/advanced-settings.html#update-sec-indices[advanced settings].
 
 The first time a user visits {elastic-sec} within a given {kib} {kibana-ref}/xpack-spaces.html[space], the default {data-source} generates in that space and becomes active. 
 
diff --git a/docs/getting-started/security-spaces.asciidoc b/docs/getting-started/security-spaces.asciidoc
index 0e06ee2d83..be1a8c27eb 100644
--- a/docs/getting-started/security-spaces.asciidoc
+++ b/docs/getting-started/security-spaces.asciidoc
@@ -2,13 +2,13 @@
 = Spaces and {elastic-sec}
 
 {elastic-sec} supports the organization of your security operations into
-logical instances with the {kibana-ref}/xpack-spaces.html[{kib} spaces]
+logical instances with the {kibana-ref}/xpack-spaces.html[spaces]
 feature. Each space in {kib} represents a separate logical instance of
 {elastic-sec} in which detection rules, rule exceptions, value lists,
 alerts, Timelines, cases, and {kib} advanced settings are private to the
 space and accessible only by users that have role privileges to
-access the space. For details about configuring privileges for
-{es} and {kib}, refer to <<detections-permissions-section>>.
+access the space. For details about privileges for
+{elastic-sec} and specific features, refer to <<sec-requirements>>.
 
 For example, if you create a `SOC_prod` space in which you load and
 activate all the {elastic-sec} prebuilt detection rules, these rules and
@@ -22,7 +22,7 @@ the `SOC_dev` space, and they will run independently of those in the
 [NOTE]
 ===== 
 By default, alerts created by detection rules are stored in {es} indices
-under the `.alerts-security.alerts-<Kibana-space>` index pattern, and they may be
+under the `.alerts-security.alerts-<space-name>` index pattern, and they may be
 accessed by any user with role privileges to access those
 {es} indices. In our example above, any user with {es} privileges to access
 `.alerts-security.alerts-SOC_prod` will be able to view `SOC_prod` alerts from
diff --git a/docs/serverless/explore/data-views-in-sec.mdx b/docs/serverless/explore/data-views-in-sec.mdx
index ec94ad099a..91f48a2fef 100644
--- a/docs/serverless/explore/data-views-in-sec.mdx
+++ b/docs/serverless/explore/data-views-in-sec.mdx
@@ -44,14 +44,8 @@ This only allows you to add index patterns that match indices that currently con
 
 ## The default ((data-source))
 
-The default ((data-source)) is defined by the `securitySolution:defaultIndex` setting, which you can modify in your project's advanced settings{/* path to be updated: (**Stack Management** → **Advanced Settings** → **Security Solution**) */}. To learn more about this setting, including its default value, refer to <DocLink slug="/serverless/security/advanced-settings" />).
+The default ((data-source)) is defined by the `securitySolution:defaultIndex` setting, which you can modify in <DocLink slug="/serverless/security/advanced-settings">advanced settings</DocLink>.
 
-The first time a user visits ((elastic-sec)){/* within a given ((kib)) [space](((kibana-ref))/xpack-spaces.html)*/}, the default ((data-source)) generates{/* in that space*/} and becomes active.
+The first time a user visits ((elastic-sec)) within a given ((kib)) <DocLink slug="/serverless/spaces">space</DocLink>, the default ((data-source)) generates in that space and becomes active.
 
-{/* TO-DO: in the first sentence of the following note, link to the Serverless page that explains spaces. */}
-
-<DocCallOut title="Note">
-    Your space must have **Data View Management**{/*{kibana-ref}/xpack-spaces.html#spaces-control-feature-visibility[feature visibility*/} feature visibility setting enabled for the default ((data-source)) to generate and become active in your space. 
-</DocCallOut>
-
-If you delete the active ((data-source)) when there are no other defined ((data-sources)), the default ((data-source)) will regenerate and become active upon refreshing any ((elastic-sec)) page{/* in the space*/}.
+If you delete the active ((data-source)) when there are no other defined ((data-sources)), the default ((data-source)) will regenerate and become active upon refreshing any ((elastic-sec)) page in the space.
diff --git a/docs/serverless/investigate/timeline-templates-ui.mdx b/docs/serverless/investigate/timeline-templates-ui.mdx
index 1ebcc84146..68eab9ce24 100644
--- a/docs/serverless/investigate/timeline-templates-ui.mdx
+++ b/docs/serverless/investigate/timeline-templates-ui.mdx
@@ -135,7 +135,7 @@ You cannot delete prebuilt templates.
 
 ## Export and import Timeline templates
 
-You can import and export Timeline templates, which enables importing templates from one {/*space or (*/}((elastic-sec)) instance to another. Exported templates are saved in an `ndjson` file.
+You can import and export Timeline templates, which enables importing templates from one space or ((elastic-sec)) instance to another. Exported templates are saved in an `ndjson` file.
 
 1. Go to **Investigations** → **Timelines** → **Templates**.
 1. To export templates, do one of the following:
diff --git a/docs/serverless/investigate/timelines-ui.mdx b/docs/serverless/investigate/timelines-ui.mdx
index b3c74e1600..bb77be3496 100644
--- a/docs/serverless/investigate/timelines-ui.mdx
+++ b/docs/serverless/investigate/timelines-ui.mdx
@@ -176,7 +176,7 @@ then select an action from the **Bulk actions** menu.
 
 ## Export and import Timelines
 
-You can export and import Timelines, which enables you to share Timelines from one {/* space or */} ((elastic-sec)) instance to another. Exported Timelines are saved as `.ndjson` files.
+You can export and import Timelines, which enables you to share Timelines from one space or ((elastic-sec)) instance to another. Exported Timelines are saved as `.ndjson` files.
 
 To export Timelines:
 
diff --git a/docs/serverless/sec-requirements.mdx b/docs/serverless/sec-requirements.mdx
index 9245321622..b398594ec6 100644
--- a/docs/serverless/sec-requirements.mdx
+++ b/docs/serverless/sec-requirements.mdx
@@ -15,9 +15,9 @@ Provide access to ((elastic-sec)) by assigning a user the appropriate <DocLink s
 
 To use ((elastic-sec)), your role must have at least:
 
-* `Read` privilege for the `Security` feature in the [space](((kibana-ref))/xpack-spaces.html). This grants you `Read` access to all features in ((elastic-sec)) except cases. You need additional <DocLink slug="/serverless/security/cases-requirements">minimum privileges</DocLink> to use cases.
-* `Read` and `view_index_metadata` privileges for all ((elastic-sec)) indices, such as
-`filebeat-*`, `packetbeat-*`, `logs-*`, and `endgame-*` indices.
+    * `Read` privilege for the `Security` feature in the <DocLink slug="/serverless/spaces">space</DocLink>. This grants you `Read` access to all features in ((elastic-sec)) except cases. You need additional <DocLink slug="/serverless/security/cases-requirements">minimum privileges</DocLink> to use cases.
+    * `Read` and `view_index_metadata` privileges for all ((elastic-sec)) indices, such as
+    `filebeat-*`, `packetbeat-*`, `logs-*`, and `endgame-*` indices.
 
 <DocCallOut title="Note">
     <DocLink slug="/serverless/security/advanced-settings" /> describes how to modify ((elastic-sec)) indices.
diff --git a/docs/serverless/security-spaces.mdx b/docs/serverless/security-spaces.mdx
new file mode 100644
index 0000000000..2dfd5f0501
--- /dev/null
+++ b/docs/serverless/security-spaces.mdx
@@ -0,0 +1,16 @@
+---
+slug: /serverless/security/security-spaces
+title: Spaces and ((elastic-sec))
+description: Learn how spaces work in ((elastic-sec)).
+tags: [ 'serverless', 'security', 'reference' ]
+---
+
+((elastic-sec)) supports the organization of your security operations into logical instances with the <DocLink slug="/serverless/spaces">spaces</DocLink> feature. Each space in ((kib)) represents a separate logical instance of ((elastic-sec)) in which detection rules, rule exceptions, value lists, alerts, Timelines, cases, and ((kib)) advanced settings are private to the space and accessible only by users that have role privileges to access the space. For details about privileges for ((elastic-sec)) and specific features, refer to <DocLink slug="/serverless/security/requirements-overview" />.
+
+For example, if you create a `SOC_prod` space in which you load and activate all the ((elastic-sec)) prebuilt detection rules, these rules and any detection alerts they generate will be accessible only when visiting the ((security-app)) in the `SOC_prod` space. If you then create a new `SOC_dev` space, you'll notice that no detection rules or alerts are present. Any rules subsequently loaded or created here will be private to the `SOC_dev` space, and they will run independently of those in the `SOC_prod` space.
+
+<DocCallOut title="Note">    
+    By default, alerts created by detection rules are stored in ((es)) indices under the `.alerts-security.alerts-<space-name>` index pattern, and they may be accessed by any user with role privileges to access those ((es)) indices. In our example above, any user with ((es)) privileges to access `.alerts-security.alerts-SOC_prod` will be able to view `SOC_prod` alerts from within ((es)) and other ((kib)) apps such as Discover. 
+
+    To ensure that detection alert data remains private to the space in which it was created, ensure that the roles assigned to your ((elastic-sec)) users include ((es)) privileges that limit their access to alerts within their space's alerts index. 
+</DocCallOut>
diff --git a/docs/serverless/serverless-security.docnav.json b/docs/serverless/serverless-security.docnav.json
index 72b13a523e..6c8c4fabce 100644
--- a/docs/serverless/serverless-security.docnav.json
+++ b/docs/serverless/serverless-security.docnav.json
@@ -21,7 +21,12 @@
     },
     {
       "slug": "/serverless/security/security-ui", 
-      "classic-sources": [ "enSecurityEsUiOverview" ]
+      "classic-sources": [ "enSecurityEsUiOverview" ],
+      "items": [
+        {
+          "slug": "/serverless/security/security-spaces"
+        }
+      ]
     }, 
     {
       "label": "AI for security",