update for docsmobile v2.0.0 (#5375)

docs/serverless/advanced-entity-analytics/advanced-behavioral-detections.mdx

@@ -1,5 +1,4 @@
 ---
-id: serverlessSecurityAdvancedBehavioralDetections
 slug: /serverless/security/advanced-behavioral-detections
 title: Advanced behavioral detections
 description: Learn about advanced behavioral detections and its capabilities.
@@ -13,5 +12,5 @@ Elastic's ((ml)) capabilities and advanced correlation, scoring, and visualizati
 
 Advanced behavioral detections includes two key capabilities:
 
-* <DocLink id="serverlessSecurityMachineLearning">Anomaly detection</DocLink>
-* <DocLink id="serverlessSecurityBehavioralDetectionUseCases" />
+* <DocLink slug="/serverless/security/machine-learning">Anomaly detection</DocLink>
+* <DocLink slug="/serverless/security/behavioral-detection-use-cases" />

docs/serverless/advanced-entity-analytics/advanced-entity-analytics-overview.mdx

@@ -1,5 +1,4 @@
 ---
-id: serverlessSecurityAdvancedEntityAnalytics
 slug: /serverless/security/advanced-entity-analytics
 title: Advanced Entity Analytics
 description: Learn about Advanced Entity Analytics and its capabilities.
@@ -13,5 +12,5 @@ Advanced Entity Analytics generates a set of threat detection and risk analytics
 
 Advanced Entity Analytics provides two key capabilities:
 
-* <DocLink id="serverlessSecurityEntityRiskScoring" />
-* <DocLink id="serverlessSecurityAdvancedBehavioralDetections" />
+* <DocLink slug="/serverless/security/entity-risk-scoring" />
+* <DocLink slug="/serverless/security/advanced-behavioral-detections" />

docs/serverless/advanced-entity-analytics/analyze-risk-score-data.mdx

@@ -1,5 +1,4 @@
 ---
-id: serverlessSecurityAnalyzeRiskScoreData
 slug: /serverless/security/analyze-risk-score-data
 title: View and analyze risk score data
 description: Monitor risk score changes of hosts and users in your environment.
@@ -11,16 +10,16 @@ status: in review
 
 The ((security-app)) provides several options to monitor the change in the risk posture of hosts and users from your environment. Use the following places in the ((security-app)) to view and analyze risk score data:
 
-* <DocLink id="serverlessSecurityAnalyzeRiskScoreData" section="entity-analytics-dashboard">Entity Analytics dashboard</DocLink>
-* <DocLink id="serverlessSecurityAnalyzeRiskScoreData" section="alerts-page">Alerts page</DocLink>
-* <DocLink id="serverlessSecurityAnalyzeRiskScoreData" section="alert-details-flyout">Alert details flyout</DocLink>
-* <DocLink id="serverlessSecurityAnalyzeRiskScoreData" section="hosts-and-users-pages">Hosts and Users pages</DocLink>
-* <DocLink id="serverlessSecurityAnalyzeRiskScoreData" section="host-and-user-details-pages">Host and user details pages</DocLink>
-* <DocLink id="serverlessSecurityAnalyzeRiskScoreData" section="host-and-user-details-flyouts">Host and user details flyouts</DocLink>
+* <DocLink slug="/serverless/security/analyze-risk-score-data" section="entity-analytics-dashboard">Entity Analytics dashboard</DocLink>
+* <DocLink slug="/serverless/security/analyze-risk-score-data" section="alerts-page">Alerts page</DocLink>
+* <DocLink slug="/serverless/security/analyze-risk-score-data" section="alert-details-flyout">Alert details flyout</DocLink>
+* <DocLink slug="/serverless/security/analyze-risk-score-data" section="hosts-and-users-pages">Hosts and Users pages</DocLink>
+* <DocLink slug="/serverless/security/analyze-risk-score-data" section="host-and-user-details-pages">Host and user details pages</DocLink>
+* <DocLink slug="/serverless/security/analyze-risk-score-data" section="host-and-user-details-flyouts">Host and user details flyouts</DocLink>
 
 
 <DocCallOut title="Tip">
-We recommend that you prioritize <DocLink id="serverlessSecurityAnalyzeRiskScoreData" section="alert-triaging">alert triaging</DocLink> to identify anomalies or abnormal behavior patterns.
+We recommend that you prioritize <DocLink slug="/serverless/security/analyze-risk-score-data" section="alert-triaging">alert triaging</DocLink> to identify anomalies or abnormal behavior patterns.
 </DocCallOut>
 
 ## Entity Analytics dashboard
@@ -46,7 +45,7 @@ To display entity risk score and asset criticality data in the Alerts table, sel
 * `user.risk.calculated_score_norm` or `host.risk.calculated_score_norm`
 * `user.asset.criticality` or `host.asset.criticality`
 
-Learn more about <DocLink id="serverlessSecurityAlertsUiManage" section="customize-the-alerts-table">customizing the Alerts table</DocLink>.
+Learn more about <DocLink slug="/serverless/security/alerts-manage" section="customize-the-alerts-table">customizing the Alerts table</DocLink>.
 
 ![Risk scores in the Alerts table](../images/analyze-risk-score-data/alerts-table-rs.png)
 
@@ -58,7 +57,7 @@ To analyze alerts associated with high-risk or business-critical entities, you c
 If you change the entity's criticality level after an alert is generated, that alert document will include the original criticality level and will not reflect the new criticality level.
 </DocCallOut>
 
-* Use the drop-down filter controls to filter alerts by entity risk level or asset criticality level. To do this, <DocLink id="serverlessSecurityAlertsUiManage" section="edit-drop-down-filter-controls">edit the default controls</DocLink> to filter by:
+* Use the drop-down filter controls to filter alerts by entity risk level or asset criticality level. To do this, <DocLink slug="/serverless/security/alerts-manage" section="edit-drop-down-filter-controls">edit the default controls</DocLink> to filter by:
 
   * `user.risk.calculated_level` or `host.risk.calculated_level` for entity risk level:
 

docs/serverless/advanced-entity-analytics/asset-criticality.mdx

@@ -1,5 +1,4 @@
 ---
-id: serverlessSecurityAssetCriticality
 slug: /serverless/security/asset-criticality
 title: Asset criticality
 description: Learn how to use asset criticality to improve your security operations.
@@ -12,9 +11,9 @@ status: in review
 <DocCallOut title="Requirements">
 To view and assign asset criticality, you must:
 * Have the appropriate user role.
-* Turn on the `securitySolution:enableAssetCriticality` <DocLink id="serverlessSecurityAdvancedSettings" section="enable-asset-criticality-workflows" >advanced setting</DocLink>.
+* Turn on the `securitySolution:enableAssetCriticality` <DocLink slug="/serverless/security/advanced-settings" section="enable-asset-criticality-workflows" >advanced setting</DocLink>.
 
-For more information, refer to <DocLink id="serverlessSecurityERSRequirements">Entity risk scoring prerequisites</DocLink>.
+For more information, refer to <DocLink slug="/serverless/security/ers-requirements">Entity risk scoring prerequisites</DocLink>.
 </DocCallOut>
 
 The asset criticality feature allows you to classify your organization's entities based on various operational factors that are important to your organization. Through this classification, you can improve your threat detection capabilities by focusing your alert triage, threat-hunting, and investigation activities on high-impact entities.
@@ -30,7 +29,7 @@ For example, you can assign **Extreme impact** to business-critical entities, or
 
 ## View and assign asset criticality
 
-Entities do not have a default asset criticality level. You can either assign asset criticality to your entities individually, or <DocLink id="serverlessSecurityAssetCriticality" section="bulk-assign-asset-criticality">bulk assign</DocLink> it to multiple entities by importing a text file.
+Entities do not have a default asset criticality level. You can either assign asset criticality to your entities individually, or <DocLink slug="/serverless/security/asset-criticality" section="bulk-assign-asset-criticality">bulk assign</DocLink> it to multiple entities by importing a text file.
 
 When you assign, change, or unassign an individual entity's asset criticality level, that entity's risk score is immediately recalculated.
 
@@ -40,15 +39,15 @@ If you assign asset criticality using the file import feature, risk scores are *
 
 You can view, assign, change, or unassign asset criticality from the following places in the ((elastic-sec)) app:
 
-* The <DocLink id="serverlessSecurityHostsOverview" section="host-details-page">host details page</DocLink> and <DocLink id="serverlessSecurityUsersPage" section="user-details-page">user details page</DocLink>:
+* The <DocLink slug="/serverless/security/hosts-overview" section="host-details-page">host details page</DocLink> and <DocLink slug="/serverless/security/users-page" section="user-details-page">user details page</DocLink>:
 
   ![Assign asset criticality from the host details page](../images/asset-criticality/-assign-asset-criticality-host-details.png) 
 
-* The <DocLink id="serverlessSecurityHostsOverview" section="host-details-flyout">host details flyout</DocLink> and <DocLink id="serverlessSecurityUsersPage" section="user-details-flyout">user details flyout</DocLink>:
+* The <DocLink slug="/serverless/security/hosts-overview" section="host-details-flyout">host details flyout</DocLink> and <DocLink slug="/serverless/security/users-page" section="user-details-flyout">user details flyout</DocLink>:
 
   ![Assign asset criticality from the host details flyout](../images/asset-criticality/-assign-asset-criticality-host-flyout.png)
 
-* The host details flyout and user details flyout in <DocLink id="serverlessSecurityTimelinesUi">Timeline</DocLink>:
+* The host details flyout and user details flyout in <DocLink slug="/serverless/security/timelines-ui">Timeline</DocLink>:
 
   ![Assign asset criticality from the host details flyout in Timeline](../images/asset-criticality/-assign-asset-criticality-timeline.png)
 
@@ -92,22 +91,22 @@ This process overwrites any previously assigned asset criticality levels for the
 
 With asset criticality, you can improve your security operations by:
 
-* <DocLink id="serverlessSecurityAssetCriticality" section="prioritize-open-alerts">Prioritizing open alerts</DocLink>
-* <DocLink id="serverlessSecurityAssetCriticality" section="monitor-an-entitys-risk">Monitoring an entity's risk</DocLink>
+* <DocLink slug="/serverless/security/asset-criticality" section="prioritize-open-alerts">Prioritizing open alerts</DocLink>
+* <DocLink slug="/serverless/security/asset-criticality" section="monitor-an-entitys-risk">Monitoring an entity's risk</DocLink>
 
 ### Prioritize open alerts
 
 You can use asset criticality as a prioritization factor when triaging alerts and conducting investigations and response activities.
 
-Once you assign a criticality level to an entity, all subsequent alerts related to that entity are enriched with its criticality level. This additional context allows you to  <DocLink id="serverlessSecurityAnalyzeRiskScoreData" section="triage-alerts-associated-with-high-risk-or-business-critical-entities">prioritize alerts associated with business-critical entities</DocLink>.
+Once you assign a criticality level to an entity, all subsequent alerts related to that entity are enriched with its criticality level. This additional context allows you to  <DocLink slug="/serverless/security/analyze-risk-score-data" section="triage-alerts-associated-with-high-risk-or-business-critical-entities">prioritize alerts associated with business-critical entities</DocLink>.
 
 ### Monitor an entity's risk
 
-The risk scoring engine dynamically factors in an entity's asset criticality, along with `Open` and `Acknowledged` detection alerts to <DocLink id="serverlessSecurityEntityRiskScoring" section="how-is-risk-score-calculated">calculate the entity's overall risk score</DocLink>. This dynamic risk scoring allows you to monitor changes in the risk profiles of your most sensitive entities, and quickly escalate high-risk threats. 
+The risk scoring engine dynamically factors in an entity's asset criticality, along with `Open` and `Acknowledged` detection alerts to <DocLink slug="/serverless/security/entity-risk-scoring" section="how-is-risk-score-calculated">calculate the entity's overall risk score</DocLink>. This dynamic risk scoring allows you to monitor changes in the risk profiles of your most sensitive entities, and quickly escalate high-risk threats. 
 
 To view the impact of asset criticality on an entity's risk score, follow these steps:
 
-1. Open the <DocLink id="serverlessSecurityHostsOverview" section="host-details-flyout">host details flyout</DocLink> or <DocLink id="serverlessSecurityUsersPage" section="user-details-flyout">user details flyout</DocLink>. The risk summary section shows asset criticality's contribution to the overall risk score.
+1. Open the <DocLink slug="/serverless/security/hosts-overview" section="host-details-flyout">host details flyout</DocLink> or <DocLink slug="/serverless/security/users-page" section="user-details-flyout">user details flyout</DocLink>. The risk summary section shows asset criticality's contribution to the overall risk score.
 1. Click **View risk contributions** to open the flyout's left panel.
 1. In the **Risk contributions** section, verify the entity's criticality level from the time the alert was generated.
 

docs/serverless/advanced-entity-analytics/behavioral-detection-use-cases.mdx

@@ -1,5 +1,4 @@
 ---
-id: serverlessSecurityBehavioralDetectionUseCases
 slug: /serverless/security/behavioral-detection-use-cases
 title: Behavioral detection use cases
 description: Detect internal and external threats using behavioral detection integrations.
@@ -18,8 +17,8 @@ The behavioral detection feature is built on ((elastic-sec))'s foundational SIEM
 Behavioral detection integrations provide a convenient way to enable behavioral detection capabilities. They streamline the deployment of components that implement behavioral detection, such as data ingestion, transforms, rules, ((ml)) jobs, and scripts.
 
 <DocCallOut title="Requirements">
-* Behavioral detection integrations require the Security Analytics Complete <DocLink id="serverlessGeneralManageProject">project feature</DocLink>.
-* To learn more about the requirements for using ((ml)) jobs, refer to <DocLink id="serverlessSecurityMlRequirements" />.
+* Behavioral detection integrations require the Security Analytics Complete <DocLink slug="/serverless/elasticsearch/manage-project">project feature</DocLink>.
+* To learn more about the requirements for using ((ml)) jobs, refer to <DocLink slug="/serverless/security/ml-requirements" />.
 </DocCallOut>
 
 Here's a list of integrations for various behavioral detection use cases:

docs/serverless/advanced-entity-analytics/entity-risk-scoring.mdx

@@ -1,5 +1,4 @@
 ---
-id: serverlessSecurityEntityRiskScoring
 slug: /serverless/security/entity-risk-scoring
 title: Entity risk scoring
 description: Learn about the risk scoring engine and its features.
@@ -30,11 +29,11 @@ Entity risk scores are determined by the following risk inputs:
   }
 ]}>
   <DocRow>
-    <DocCell><DocLink id="serverlessSecurityAlertsUiManage">Alerts</DocLink></DocCell>
+    <DocCell><DocLink slug="/serverless/security/alerts-manage">Alerts</DocLink></DocCell>
     <DocCell>`.alerts-security.alerts-<space-id>` index alias</DocCell>
   </DocRow>
   <DocRow>
-    <DocCell><DocLink id="serverlessSecurityAssetCriticality">Asset criticality level</DocLink></DocCell>
+    <DocCell><DocLink slug="/serverless/security/asset-criticality">Asset criticality level</DocLink></DocCell>
     <DocCell>`.asset-criticality.asset-criticality-<space-id>` index alias</DocCell>
   </DocRow>
 </DocTable>
@@ -44,17 +43,17 @@ The resulting entity risk scores are stored in the `risk-score.risk-score-<space
 <DocCallOut title="Note">
 
 * Entities without any alerts, or with only `Closed` alerts, are not assigned a risk score.
-* To use asset criticality, you must enable the `securitySolution:enableAssetCriticality` <DocLink id="serverlessSecurityAdvancedSettings" section="enable-asset-criticality-workflows" >advanced setting</DocLink>.
+* To use asset criticality, you must enable the `securitySolution:enableAssetCriticality` <DocLink slug="/serverless/security/advanced-settings" section="enable-asset-criticality-workflows" >advanced setting</DocLink>.
 
 </DocCallOut>
 
 ## How is risk score calculated?
 
 1. The risk scoring engine runs hourly to aggregate `Open` and `Acknowledged` alerts from the last 30 days. For each entity, the engine processes up to 10,000 alerts.
 
-1. The engine groups alerts by `host.name` or `user.name`, and aggregates the individual alert risk scores (`kibana.alert.risk_score`) such that alerts with higher risk scores contribute more than alerts with lower risk scores. The resulting aggregated risk score is assigned to the **Alerts** category in the entity's <DocLink id="serverlessSecurityHostsOverview" section="host-risk-summary">risk summary</DocLink>.
+1. The engine groups alerts by `host.name` or `user.name`, and aggregates the individual alert risk scores (`kibana.alert.risk_score`) such that alerts with higher risk scores contribute more than alerts with lower risk scores. The resulting aggregated risk score is assigned to the **Alerts** category in the entity's <DocLink slug="/serverless/security/hosts-overview" section="host-risk-summary">risk summary</DocLink>.
 
-1. The engine then verifies the entity's <DocLink id="serverlessSecurityAssetCriticality">asset criticality level</DocLink>. If there is no asset criticality assigned, the entity risk score remains equal to the aggregated score from the **Alerts** category. If a criticality level is assigned, the engine updates the risk score based on the default risk weight for each criticality level. The asset criticality risk input is assigned to the **Asset Criticality** category in the entity's risk summary.
+1. The engine then verifies the entity's <DocLink slug="/serverless/security/asset-criticality">asset criticality level</DocLink>. If there is no asset criticality assigned, the entity risk score remains equal to the aggregated score from the **Alerts** category. If a criticality level is assigned, the engine updates the risk score based on the default risk weight for each criticality level. The asset criticality risk input is assigned to the **Asset Criticality** category in the entity's risk summary.
 
     | Asset criticality level | Default risk weight |
     |-------------------------|---------------------|
@@ -113,4 +112,4 @@ If `User_A` had no asset criticality level assigned, the user risk score would r
 
 </DocAccordion>
 
-Learn how to <DocLink id="serverlessSecurityTurnOnRiskEngine">turn on the risk scoring engine</DocLink>.
+Learn how to <DocLink slug="/serverless/security/turn-on-risk-engine">turn on the risk scoring engine</DocLink>.