Update introduction to solutions

get-started/_snippets/observability-overview.md

@@ -0,0 +1,45 @@
+Elastic {{observability}} provides unified observability across applications and infrastructure. It combines logs, metrics, application traces, user experience data, and more into a single, integrated platform.
+This consolidation allows for powerful, cross-referenced analysis, enabling teams to move from detecting issues to understanding their root causes quickly and efficiently.
+By leveraging the search and analytics capabilities of {{es}}, it offers a holistic view of system behavior.
+
+Elastic {{observability}} embraces open standards like OpenTelemetry for flexible data collection, and offers scalable, cost-efficient data retention with tiered storage.
+
+For a complete overview, refer to [](/solutions/observability/get-started/what-is-elastic-observability.md).
+
+## Use cases [observability-use-cases]
+
+Apply {{observability}} to various scenarios to improve operational awareness and system reliability. 
+
+:::{dropdown} Use cases
+:open:
+* **Log monitoring and analytics:** Centralize and analyze petabytes of log data from any source. This enables quick searching, ad-hoc queries with ES|QL, and visualization with prebuilt dashboards to diagnose issues.
+* **Application Performance Monitoring (APM):** Gain code-level visibility into application performance. By collecting and analyzing traces with native OTel support, teams can identify bottlenecks, track errors, and optimize the end-user experience.
+* **Infrastructure monitoring:** Monitor metrics from servers, virtual machines, containers, and serverless environments with over 400 out-of-the-box integrations, including OpenTelemetry. This provides deep insights into resource utilization and overall system health.
+* **AI-powered log analysis with Streams**: Ingest raw logs in any format directly to a single endpoint without the need for complex agent management or manual parsing pipelines. Streams leverages AI to automatically parse, structure, and analyze log data on the fly.
+* **Digital experience monitoring:**
+  * **Real User Monitoring (RUM):** Capture and analyze data on how real users interact with web applications to improve perceived performance.
+  * **Synthetic monitoring:** Proactively simulate user journeys and API calls to test application availability and functionality.
+  * **Uptime monitoring:** Continuously check the status of services and applications to ensure they are available.
+* **Universal Profiling:** Gain visibility into system performance and identify expensive lines of code without application instrumentation, helping to increase CPU efficiency and reduce cloud spend.
+* **LLM Observability:** Gain deep insights into the performance, usage, and costs of Large Language Model (LLM) prompts and responses.
+* **Incident response and management:** Investigate operational incidents by correlating data from multiple sources, accelerating root cause analysis and resolution.
+:::
+
+To start your {{observability}} journey, read the [**Get started**](/solutions/observability/get-started.md) guide, which presents all the essential steps, with links to valuable resources. You can also browse the {{observability}} [**Quickstart guides**](/solutions/observability/get-started/quickstarts.md).
+
+## Core concepts [observability-concepts]
+
+At the heart of Elastic {{observability}} are several key components that enable its capabilities. 
+
+:::{dropdown} Concepts
+:open:
+* The three pillars of {{observability}} are:
+
+  * [**Logs:**](/solutions/observability/logs.md) Timestamped records of events that provide detailed, contextual information.
+  * [**Metrics:**](/solutions/observability/infra-and-hosts/analyze-infrastructure-host-metrics.md) Numerical measurements of system performance and health over time.
+  * [**Traces:**](/solutions/observability/apm/traces.md) Representations of end-to-end journeys of requests as they travel through distributed systems.
+* [**OpenTelemetry:**](/solutions/observability/apm/opentelemetry/index.md) {{Observability}} offers first-class, production-grade support for OpenTelemetry. This allows organizations to use vendor-neutral instrumentation and stream native OTel data without proprietary agents, leveraging the Elastic Distribution of OpenTelemetry (EDOT).
+* [**AIOps and AI Assistant:**](/solutions/observability/observability-ai-assistant.md) Leverages predictive analytics and an LLM-powered AI Assistant to reduce the time required to detect, investigate, and resolve incidents. This includes zero-config anomaly detection, pattern analysis, and the ability to surface correlations and root causes.
+* **[Alerting](/solutions/observability/incident-management/alerting.md) and [Cases](/solutions/observability/incident-management/cases.md):** Allows you to create  rules to detect complex conditions and perform actions. Cases allows teams to stay aware of potential issues and track investigation details, assign tasks, and collaborate on resolutions.
+* [**Service Level Objectives (SLOs):**](/solutions/observability/incident-management/service-level-objectives-slos.md) A framework for defining and monitoring the reliability of a service. Elastic {{observability}} allows for creating and tracking SLOs to ensure that performance targets are being met.
+:::

get-started/_snippets/security-overview.md

@@ -0,0 +1,50 @@
+{{elastic-sec}} is a unified security solution that unifies SIEM (Security Information and Event Management), XDR, (Extended Detection and Response), endpoint security, and cloud security into a single platform so you can detect, prevent, and respond to cyber threats across your entire environment in near real time.
+{{elastic-sec}} leverages {{es}}'s powerful search and analytics capabilities, and {{kib}}'s visualization and collaboration features.
+By combining prevention, detection, and response capabilities, {{elastic-sec}} helps your organization reduce its security risk.
+
+Install {{elastic-sec}} on one of our {{ecloud}} deployments or your own self-managed infrastructure.  
+
+## Use cases [security-use-cases]
+
+Use {{elastic-sec}} to protect your systems from security threats.
+
+:::{dropdown} Use cases
+:open:
+
+* **SIEM:** {{elastic-sec}}'s modern SIEM provides a centralized platform for ingesting, analyzing, and managing security data from various sources. 
+* **Third-party integration support:** Ingest data from a various tools and data sources so you can centralize your security data.
+* **Threat detection and analytics:** Identify threats by using prebuilt rules with the ability to customize or create custom detection rules, automatically detect anomalous activity with built-in machine learning jobs, or proactively search for threats using our powerful threat hunting and interactive visualization tools. 
+* **Automatic migration:** Migrate SIEM rules from other platforms to {{elastic-sec}}. 
+* **Endpoint protection and threat prevention:** Automatically stop cybersecurity attacks—such as malware and ransomware—before damage and loss can occur.
+* **AI-powered features:** Leverage generative AI to help enhance threat detection, assist with incident response, and improve day-to-day security operations.
+* **Custom dashboards and visualizations:** Create custom dashboards and visualizations to gain insights into security events.
+* **Cloud Security:** {{elastic-sec}} provides the following cloud features:
+  * **Cloud Security Posture Management (CSPM) and Kubernetes Security Posture Management (KSPM):** Check cloud service configurations against security benchmarks to identify and resolve misconfigurations that can be exploited.
+  * **Cloud Workload Protection:** Get visibility and runtime protection for cloud workloads.
+  * **Vulnerability Management:** Uncover vulnerabilities within your cloud infrastructure.
+:::
+
+If you're new to {{elastic-sec}} and want to try it out, go to [](/solutions/security/get-started.md) and [](/solutions/security/get-started/quickstarts.md).
+
+## Core concepts [security-concepts]
+
+Before diving into setup and configuration, familiarize yourself with the foundational terms and core concepts that power {{elastic-sec}}.
+
+:::{dropdown} Concepts
+:open: 
+
+* [**{{agent}}:**](/reference/fleet/index.md#elastic-agent) A single, unified way to collect logs, metrics, and other types of data from a host. {{agent}} can also protect hosts from security threats, query data from operating systems, and forward data from remote services or hardware. 
+* [**{{elastic-defend}}:**](/solutions/security/configure-elastic-defend/install-elastic-defend.md) {{elastic-sec}}'s Endpoint Detection and Response (EDR) tool that protects endpoints from malicious activity. {{elastic-defend}} uses a combination of techniques like machine learning, behavioral analysis, and prebuilt rules to detect, prevent, and respond to threats in real-time.
+* [**{{elastic-endpoint}}:**](/solutions/security/manage-elastic-defend/elastic-endpoint-self-protection-features.md) The security component, enabled by {{agent}}, that performs {{elastic-defend}}'s threat monitoring and prevention capabilities. 
+* [**Detection engine:**](/solutions/security/detect-and-alert.md) The framework that detects threats by using rules to search for suspicious events in your data, and generates alerts when events meet a rule's criteria.
+* [**Detection rules:**](/solutions/security/detect-and-alert/about-detection-rules.md) Sets of conditions that identify potential threats and malicious activities. Rules analyze various data sources, including logs and network traffic, to detect anomalies, suspicious behaviors, or known attack patterns. {{elastic-sec}} ships out-of-the-box prebuilt rules, and you can create your own custom rules. 
+* [**Alerts:**](/solutions/security/detect-and-alert/manage-detection-alerts.md) Notifications that are generated when rule conditions are met. Alerts include a wide range of information about potential threats, including host, user, network, and other contextual data to assist your investigation.  
+* [**Machine learning and anomaly detection:**](/solutions/security/advanced-entity-analytics/anomaly-detection.md) Anomaly detection jobs identify anomalous events or patterns in your data. Use these with machine learning detection rules to generate alerts when behavior deviates from normal activity.
+* [**Entity analytics:**](/solutions/security/advanced-entity-analytics/overview.md) A threat detection feature that combines the power of Elastic’s detection engine and machine learning capabilities to identify unusual behavior for hosts, users, and services. 
+* [**Cases:**](/solutions/security/investigate/cases.md) Allows you to collect and share information about security issues. Opening a case lets you track key investigation details and collect alerts in a central location. You can also send cases to external systems.
+* [**Timeline:**](/solutions/security/investigate/timeline.md) Investigate security events so you can gather and analyze data related to alerts or suspicious activity. You can add events to Timeline from various sources, build custom queries, and import/export a Timeline to collaborate and share. 
+* [**Security posture management:**](/solutions/security/cloud.md) Includes native cloud security features, such as Cloud Security Posture Management (CSPM) and Cloud Native Vulnerability Management (CNVM), that help you evaluate your cloud infrastructure's configuration against security best practices and identify vulnerabilities. You can use Elastic's native tools or ingest third-party cloud security data and incorporate it into {{elastic-sec}}'s workflows.
+* [**AI Assistant:**](/solutions/security/ai/ai-assistant.md) Helps with tasks like alert investigation, incident response, and query generation. It utilizes natural language processing and knowledge retrieval to provide context-aware assistance, summarize threats, suggest next steps, and automate workflows. Use AI Assistant to better understand and respond to security incidents.
+* [**Attack Discovery:**](/solutions/security/ai/attack-discovery.md) Uses large language models (LLMs) to analyze security alerts, identify coordinated attack patterns, and provide actionable intelligence to security operations teams. It improves alert triage efficiency by automatically correlating related alerts into comprehensive, simplified threat summaries, allowing you to quickly understand and respond to the most impactful attacks.
+* [**Elastic AI SOC Engine (EASE):**](/solutions/security/ai/ease/ease-intro.md) Integrates Elastic's AI-powered security tools into existing SIEM and EDR/XDR platforms to help mitigate alert fatigue, accelerate threat investigations, and improve response efficiency ({{serverless-short}} only).
+:::

get-started/index.md

@@ -33,21 +33,17 @@ You'll also find other helpful information, such as how to use our docs, trainin
 
 Elastic provides an open source search, analytics, and AI platform, and out-of-the-box solutions for observability and security. The Search AI platform combines the power of search and generative AI to provide near real-time search and analysis with relevance to reduce your time to value.
 
-Elastic offers the following solutions or types of projects:
-
-* [**{{es}}**](/solutions/search/get-started.md): Build powerful search and RAG applications using {{es}}'s vector database, AI toolkit, and advanced retrieval capabilities.  
-* [**Elastic {{observability}}**](/solutions/observability/get-started.md): Gain comprehensive visibility into applications, infrastructure, and user experience through logs, metrics, traces, and other telemetry data, all in a single interface.
-* [**{{elastic-sec}}**](/solutions/security/get-started.md): Combine SIEM, endpoint security, and cloud security to provide comprehensive tools for threat detection and prevention, investigation, and response.
-
 ## Explore the fundamentals
 
 Continue your journey with these essential guides that will help you understand and work with Elastic:
 
-* **[The {{stack}}](/get-started/the-stack.md)**: Dive deeper into how the {{stack}}—our suite of open-source tools, including {{es}}, {{kib}}, {{beats}}, and {{ls}}—components work together. Learn about data ingestion methods and understand the core concepts of storing, visualizing, and querying your data.
+* **[](/get-started/introduction.md)**: Get an introduction to the {{es}}, Elastic {{observability}}, and {{elastic-sec}} solutions and projects.
+
+* **[](/get-started/the-stack.md)**: Dive deeper into how the {{stack}}—our suite of open-source tools, including {{es}}, {{kib}}, {{beats}}, and {{ls}}—components work together. Learn about data ingestion methods and understand the core concepts of storing, visualizing, and querying your data.
 
-* **[Deployment options](/get-started/deployment-options.md)**: Explore the different ways you can deploy Elastic, from fully managed serverless solutions to self-managed installations, and choose the approach that best fits your operational needs.
+* **[](/get-started/deployment-options.md)**: Explore the different ways you can deploy Elastic, from fully managed serverless solutions to self-managed installations, and choose the approach that best fits your operational needs.
 
-* **[Versioning and availability](/get-started/versioning-availability.md)**: Learn how Elastic handles versioning, understand feature availability across different deployment types, and navigate our continuously updated documentation with confidence.
+* **[](/get-started/versioning-availability.md)**: Learn how Elastic handles versioning, understand feature availability across different deployment types, and navigate our continuously updated documentation with confidence.
 
 ## Training resources