diff --git a/docs/AI-for-security/ai-for-security.asciidoc b/docs/AI-for-security/ai-for-security.asciidoc
index 01974f06e8..0364ad951e 100644
--- a/docs/AI-for-security/ai-for-security.asciidoc
+++ b/docs/AI-for-security/ai-for-security.asciidoc
@@ -15,6 +15,7 @@ include::connector-guides-landing-pg.asciidoc[leveloffset=+1]
include::connect-to-azure-openai.asciidoc[leveloffset=+2]
include::connect-to-bedrock.asciidoc[leveloffset=+2]
include::connect-to-openai.asciidoc[leveloffset=+2]
+include::connect-to-vertex.asciidoc[leveloffset=+2]
include::connect-to-byo.asciidoc[leveloffset=+2]
diff --git a/docs/AI-for-security/connect-to-vertex.asciidoc b/docs/AI-for-security/connect-to-vertex.asciidoc
new file mode 100644
index 0000000000..5cd253f7fb
--- /dev/null
+++ b/docs/AI-for-security/connect-to-vertex.asciidoc
@@ -0,0 +1,119 @@
+[[connect-to-vertex]]
+= Connect to Google Vertex
+
+:frontmatter-description: Set up a Google Vertex LLM connector.
+:frontmatter-tags-products: [security]
+:frontmatter-tags-content-type: [guide]
+:frontmatter-tags-user-goals: [get-started]
+
+This page provides step-by-step instructions for setting up a Google Vertex AI connector for the first time. This connector type enables you to leverage Vertex AI's large language models (LLMs) within {elastic-sec}. You'll first need to enable Vertex AI, then generate an API key, and finally configure the connector in your {elastic-sec} project.
+
+IMPORTANT: Before continuing, you should have an active project in one of Google Vertex AI's https://cloud.google.com/vertex-ai/docs/general/locations#feature-availability[supported regions].
+
+[discrete]
+== Enable the Vertex AI API
+
+1. Log in to the GCP console and navigate to **Vertex AI → Vertex AI Studio → Overview**.
+2. If you're new to Vertex AI, the **Get started with Vertex AI Studio** popup appears. Click **Vertex AI API**, then click **ENABLE**.
+
+The following video demonstrates these steps.
+
+=======
+++++
+
+
+
+++++
+=======
+
+NOTE: For more information about enabling the Vertex AI API, refer to https://cloud.google.com/vertex-ai/docs/start/cloud-environment[Google's documentation].
+
+[discrete]
+== Create a Vertex AI service account
+
+1. In the GCP console, navigate to **APIs & Services → Library**.
+2. Search for **Vertex AI API**, select it, and click **MANAGE**.
+3. In the left menu, navigate to **Credentials** then click **+ CREATE CREDENTIALS** and select **Service account**.
+4. Name the new service account, then click **CREATE AND CONTINUE**.
+5. Under **Select a role**, select **Vertex AI User**, then click **CONTINUE**.
+6. Click **Done**.
+
+The following video demonstrates these steps.
+
+=======
+++++
+
+
+
+++++
+=======
+
+[discrete]
+== Generate an API key
+
+1. Return to Vertex AI's **Credentials** menu and click **Manage service accounts**.
+2. Search for the service account you just created, select it, then click the link that appears under **Email**.
+3. Go to the **KEYS** tab, click **ADD KEY**, then select **Create new key**.
+4. Select **JSON**, then click **CREATE** to download the key. Keep it somewhere secure.
+
+The following video demonstrates these steps.
+
+=======
+++++
+
+
+
+++++
+=======
+
+[discrete]
+== Configure the Google Gemini connector
+
+Finally, configure the connector in your Elastic deployment:
+
+1. Log in to your Elastic deployment.
+2. Navigate to **Stack Management → Connectors → Create Connector → Google Gemini**.
+3. Name your connector to help keep track of the model version you are using.
+4. Under **URL**, enter the URL for your region.
+5. Enter your **GCP Region** and **GCP Project ID**.
+6. Under **Default model**, specify either `gemini-1.5.pro` or `gemini-1.5-flash`. https://cloud.google.com/vertex-ai/generative-ai/docs/learn/models[Learn more about the models].
+7. Under **Authentication**, enter your API key.
+8. Click **Save**.
+
+The following video demonstrates these steps.
+
+=======
+++++
+
+
+
+++++
+=======
diff --git a/docs/AI-for-security/connector-guides-landing-pg.asciidoc b/docs/AI-for-security/connector-guides-landing-pg.asciidoc
index 9e0c68205d..aa08cfad26 100644
--- a/docs/AI-for-security/connector-guides-landing-pg.asciidoc
+++ b/docs/AI-for-security/connector-guides-landing-pg.asciidoc
@@ -8,4 +8,5 @@ Setup guides are available for the following LLM providers:
* <>
* <>
* <>
+* <>
* <>
diff --git a/docs/cloud-native-security/cspm-get-started-gcp.asciidoc b/docs/cloud-native-security/cspm-get-started-gcp.asciidoc
index 524fc3f54e..e5db04d34f 100644
--- a/docs/cloud-native-security/cspm-get-started-gcp.asciidoc
+++ b/docs/cloud-native-security/cspm-get-started-gcp.asciidoc
@@ -60,11 +60,6 @@ For most users, the simplest option is to use a Google Cloud Shell script to aut
+
image::images/cspm-cloudshell-trust.png[The cloud shell confirmation popup]
+
-NOTE: Google has deprecated its old Cloud Shell editor. If you continue to use it, you may encounter the following message:
-+
-image::images/cspm-cloudshell-old-editor.png[The cloud shell switch editor popup]
-+
-If the message appears, click **X** or **Try the new Editor** and follow the next steps. When you switch to the new editor, your context should remain unchanged.
. In Google Cloud Shell, execute the command you copied. Once it finishes, return to {kib} and wait for the confirmation of data received from your new integration. Then you can click **View Assets** to see your data.
NOTE: If you encounter any issues running the command, return to {kib} and navigate again to Google Cloud Shell.
diff --git a/docs/dashboards/images/dashboards-landing-page.png b/docs/dashboards/images/dashboards-landing-page.png
index 686ccf00b1..c947bfab19 100644
Binary files a/docs/dashboards/images/dashboards-landing-page.png and b/docs/dashboards/images/dashboards-landing-page.png differ
diff --git a/docs/getting-started/configure-integration-policy.asciidoc b/docs/getting-started/configure-integration-policy.asciidoc
index 9ef4e7796e..d0cb0a5bd9 100644
--- a/docs/getting-started/configure-integration-policy.asciidoc
+++ b/docs/getting-started/configure-integration-policy.asciidoc
@@ -212,7 +212,9 @@ register {elastic-sec} as your hosts' antivirus software by enabling **Register
NOTE: Windows Server versions are not supported. Antivirus registration requires Windows Security Center, which is not included in Windows Server operating systems.
-You can also choose **Sync with malware protection level** to automatically set antivirus registration based on how you've configured {elastic-defend}'s <>. If malware protection is turned on and set to **Prevent**, antivirus registration will also be enabled; in any other case, antivirus registration will be disabled.
+By default, the **Sync with malware protection level** is selected to automatically set antivirus registration to match how you've configured {elastic-defend}'s <>. If malware protection is turned on _and_ set to **Prevent**, antivirus registration will also be enabled; in any other case, antivirus registration will be disabled.
+
+If you don't want to sync antivirus registration, you can set it manually with **Enabled** or **Disabled**.
[role="screenshot"]
image::images/register-as-antivirus.png[Detail of Register as antivirus option.]
diff --git a/docs/getting-started/data-views-in-sec.asciidoc b/docs/getting-started/data-views-in-sec.asciidoc
index 50d4248761..7b0d75074b 100644
--- a/docs/getting-started/data-views-in-sec.asciidoc
+++ b/docs/getting-started/data-views-in-sec.asciidoc
@@ -28,7 +28,7 @@ image::images/dataview-filter-example.gif[video showing how to filter the active
This only allows you to add index patterns that match indices that currently contain data (other index patterns are unavailable). Note that any changes made are saved in the current browser window and won't persist if you open a new tab.
-NOTE: You cannot update the data view for the Alerts page. It always shows data from `.alerts-security.alerts-default`.
+NOTE: You cannot update the data view for the Alerts page. This includes referencing a cross-cluster search (CCS) data view or any other data view. The Alerts page always shows data from `.alerts-security.alerts-default`.
[discrete]
[[default-data-view-security]]
diff --git a/docs/getting-started/images/register-as-antivirus.png b/docs/getting-started/images/register-as-antivirus.png
index 25a12eea74..61fb3d2fa6 100644
Binary files a/docs/getting-started/images/register-as-antivirus.png and b/docs/getting-started/images/register-as-antivirus.png differ
diff --git a/docs/serverless/cloud-native-security/vuln-management-faq.mdx b/docs/serverless/cloud-native-security/vuln-management-faq.mdx
index 5eecfd2589..45343c15d2 100644
--- a/docs/serverless/cloud-native-security/vuln-management-faq.mdx
+++ b/docs/serverless/cloud-native-security/vuln-management-faq.mdx
@@ -19,6 +19,10 @@ The CNVM integration uses various security data sources. The complete list can b
CNVM uses the open source scanner [Trivy](https://github.com/aquasecurity/trivy) v0.35.
+**What system architectures are supported?**
+
+Because of Trivy's limitations, CNVM can only be deployed on ARM-based VMs. However, it can scan hosts regardless of system architecture.
+
**How often are the security data sources synchronized?**
The CNVM integration fetches the latest data sources at the beginning of every scan cycle to ensure up-to-date vulnerability information.
diff --git a/docs/serverless/cloud-native-security/vuln-management-get-started.mdx b/docs/serverless/cloud-native-security/vuln-management-get-started.mdx
index fb8bbadbdc..1ad336be49 100644
--- a/docs/serverless/cloud-native-security/vuln-management-get-started.mdx
+++ b/docs/serverless/cloud-native-security/vuln-management-get-started.mdx
@@ -15,6 +15,7 @@ This page explains how to set up Cloud Native Vulnerability Management (CNVM).
* CNVM only works in the `Default` ((kib)) space. Installing the CNVM integration on a different ((kib)) space will not work.
* Requires ((agent)) version 8.8 or higher.
+* CNVM can only be deployed on ARM-based VMs.
* To view vulnerability scan findings, you need the appropriate user role to read the following indices:
* `logs-cloud_security_posture.vulnerabilities-*`
* `logs-cloud_security_posture.vulnerabilities_latest-*`
diff --git a/docs/serverless/edr-install-config/configure-endpoint-integration-policy.mdx b/docs/serverless/edr-install-config/configure-endpoint-integration-policy.mdx
index a59a02988f..bcab7e77be 100644
--- a/docs/serverless/edr-install-config/configure-endpoint-integration-policy.mdx
+++ b/docs/serverless/edr-install-config/configure-endpoint-integration-policy.mdx
@@ -249,7 +249,9 @@ register ((elastic-sec)) as your hosts' antivirus software by enabling **Registe
Windows Server is not supported. Antivirus registration requires Windows Security Center, which is not included in Windows Server operating systems.
-You can also choose **Sync with malware protection level** to automatically set antivirus registration based on how you've configured ((elastic-defend))'s malware protection. If malware protection is turned on and set to **Prevent**, antivirus registration will also be enabled; in any other case, antivirus registration will be disabled.
+By default, the **Sync with malware protection level** is selected to automatically set antivirus registration to match how you've configured ((elastic-defend))'s malware protection. If malware protection is turned on _and_ set to **Prevent**, antivirus registration will also be enabled; in any other case, antivirus registration will be disabled.
+
+If you don't want to sync antivirus registration, you can set it manually with **Enabled** or **Disabled**.
diff --git a/docs/serverless/images/configure-endpoint-integration-policy/-getting-started-register-as-antivirus.png b/docs/serverless/images/configure-endpoint-integration-policy/-getting-started-register-as-antivirus.png
index 25a12eea74..61fb3d2fa6 100644
Binary files a/docs/serverless/images/configure-endpoint-integration-policy/-getting-started-register-as-antivirus.png and b/docs/serverless/images/configure-endpoint-integration-policy/-getting-started-register-as-antivirus.png differ
diff --git a/docs/serverless/images/dashboards-overview/-dashboards-dashboards-landing-page.png b/docs/serverless/images/dashboards-overview/-dashboards-dashboards-landing-page.png
index 319e66b731..c947bfab19 100644
Binary files a/docs/serverless/images/dashboards-overview/-dashboards-dashboards-landing-page.png and b/docs/serverless/images/dashboards-overview/-dashboards-dashboards-landing-page.png differ
diff --git a/docs/serverless/images/es-ui-overview/-dashboards-dashboards-landing-page.png b/docs/serverless/images/es-ui-overview/-dashboards-dashboards-landing-page.png
index 319e66b731..c947bfab19 100644
Binary files a/docs/serverless/images/es-ui-overview/-dashboards-dashboards-landing-page.png and b/docs/serverless/images/es-ui-overview/-dashboards-dashboards-landing-page.png differ