From ac82dee5b6f64ca591301f1967a58a9c2fc01577 Mon Sep 17 00:00:00 2001
From: Benjamin Ironside Goldstein
 <91905639+benironside@users.noreply.github.com>
Date: Fri, 31 May 2024 16:33:05 -0400
Subject: [PATCH] updates cloud security section of billing page (#5262)

* updates cloud security section of billing page

* updates

* adds detail

* minor updates

* incorporates Nastasha's review

* Update docs/serverless/billing.mdx

Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com>

---------

Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com>
---
 docs/serverless/billing.mdx | 27 +++++++++++++++++++++++++--
 1 file changed, 25 insertions(+), 2 deletions(-)

diff --git a/docs/serverless/billing.mdx b/docs/serverless/billing.mdx
index 3f6575852e..72662c191f 100644
--- a/docs/serverless/billing.mdx
+++ b/docs/serverless/billing.mdx
@@ -32,6 +32,29 @@ Cloud Protection is an _optional_ add-on to Security Analytics that provides val
 * **Cloud Protection Essentials** — Protects your cloud workloads, continuously tracks posture of your cloud assets, and helps you manage risks by detecting configuration issues per CIS benchmarks.
 * **Cloud Protection Complete** — Adds response capabilities and configuration drift prevention for Cloud Workloads.
 
-You pay based on the number of protected cloud workload and other cloud assets you configure for use with Elastic Cloud Security. Note that logs, events, alerts, and configuration data ingested into your security project are billed using the **Ingest** and **Retention** pricing described above.
+Your total cost depends on the number of protected cloud workloads and other billable cloud assets you configure for use with Elastic Cloud Security. 
 
-For detailed ((elastic-sec)) serverless project rates, check [Elastic Cloud pricing table](https://cloud.elastic.co/cloud-pricing-table?productType=serverless&project=security).
+For <DocLink id="serverlessSecurityCspm" text="CSPM"/>, billing is based on how many billable resources (`resource.id`s) you monitor. The following types of assets are considered billable:
+
+- VMs:
+    - **AWS:** EC2 instances
+    - **Azure:** Virtual machines
+    - **GCP:** Compute engine instances
+- Storage resources:
+    - **AWS:** S3, S3 Glacier, EBS 
+    - **Azure:** Archive, Blob, Managed disk
+    - **GCP:** Cloud storage, Persistent disk, Coldline storage 
+- SQL databases and servers: 
+    - **AWS:** RDS, DynamoDB, Redshift
+    - **Azure:** SQL database, Cosmos DB, Synapse Analytics
+    - **GCP:** Cloud SQL, Firestore, BigQuery
+
+For <DocLink id="serverlessSecurityKspm" text="KSPM"/>, billing is based on how many Kubernetes nodes (`agent.id`s) you monitor.
+
+For <DocLink id="serverlessSecurityVulnManagementOverview" text="CNVM"/>, billing is based on how many cloud assets (`cloud.instance.id`s) you monitor.
+
+For <DocLink id="serverlessSecurityD4cOverview" text="D4C"/>, billing is based on how many agents (`agent.id`s) you use.
+
+Logs, events, alerts, and configuration data ingested into your security project are billed using the **Ingest** and **Retention** pricing described above.
+
+For more details about ((elastic-sec)) serverless project rates and billable assets, refer to Cloud Protection in the [Elastic Cloud pricing table](https://cloud.elastic.co/cloud-pricing-table?productType=serverless&project=security).