elastic · jmikell821 · Nov 10, 2025 · Nov 6, 2025 · Nov 7, 2025 · Nov 10, 2025
@@ -1,7 +1,7 @@
 `applies_to` accepts the following keys in this structure.
 
 * `serverless`: Applies to [Elastic Cloud Serverless](https://www.elastic.co/docs/deploy-manage/deploy/elastic-cloud/serverless).
-  * `security`: Applies to Serverless [security projects](https://www.elastic.co/docs/solutions/security/get-started/create-security-project).
+  * `security`: Applies to Serverless [security projects](https://www.elastic.co/docs/solutions/security/get-started#create-sec-serverless-project).
   * `elasticsearch`: Applies to Serverless [search projects](https://www.elastic.co/docs/solutions/search/serverless-elasticsearch-get-started).
   * `observability`: Applies to Serverless [observability projects](https://www.elastic.co/docs/solutions/observability/get-started).
 * `stack`: Applies to the [Elastic Stack](https://www.elastic.co/docs/get-started/the-stack) including any Elastic Stack components.

@@ -47,7 +47,7 @@ For more information, check the [{{ech}} documentation](cloud-hosted.md).
 
 * [{{es}}](../../../solutions/search.md)
 * [Observability](../../../solutions/observability.md)
-* [Security](../../../solutions/security/elastic-security-serverless.md)
+* [Security](../../../solutions/security.md)
 
 When you create a project, you select the project type applicable to your use case, so only the relevant and impactful applications and features are easily accessible to you.
 

@@ -19,5 +19,5 @@ Choose the type of project that matches your needs and we’ll help you get star
 |  |  |
 | ![elasticsearch](../../images/64x64_Color_elasticsearch-logo-color-64px.png "elasticsearch =50%") | **Elasticsearch**<br> Build custom search applications with {{es}}.<br><br>[**View guide →**](/solutions/search/get-started.md)<br> |
 | ![observability](../../images/64x64_Color_observability-logo-color-64px.png "observability =50%") | **Observability**<br> Monitor applications and systems with Elastic Observability.<br><br>[**View guide →**](/solutions/observability/get-started.md)<br> |
-| ![security](../../images/64x64_Color_security-logo-color-64px.png "security =50%") | **Security**<br> Detect, investigate, and respond to threats with Elastic Security.<br><br>[**View guide →**](/solutions/security/get-started/create-security-project.md)<br> |
+| ![security](../../images/64x64_Color_security-logo-color-64px.png "security =50%") | **Security**<br> Detect, investigate, and respond to threats with Elastic Security.<br><br>[**View guide →**](/solutions/security/get-started.md#create-sec-serverless-project)<br> |
 |  |  |
@@ -29,7 +29,7 @@ Elastic provides three serverless solutions available on {{ecloud}}. Follow thes
 
 * **[{{es-serverless}}](/solutions/search/get-started.md)**: Build powerful applications and search experiences using a rich ecosystem of vector search capabilities, APIs, and libraries.
 * **[{{obs-serverless}}](../../../solutions/observability/get-started.md)**: Monitor your own platforms and services using powerful machine learning and analytics tools with your logs, metrics, traces, and APM data.
-* **[{{sec-serverless}}](../../../solutions/security/get-started/create-security-project.md)**: Detect, investigate, and respond to threats with SIEM, endpoint protection, and AI-powered analytics capabilities.
+* **[{{sec-serverless}}](../../../solutions/security/get-started.md#create-sec-serverless-project)**: Detect, investigate, and respond to threats with SIEM, endpoint protection, and AI-powered analytics capabilities.
 
 Afterwards, you can:
 

@@ -96,20 +96,20 @@ You can optionally [create custom roles in a project](/deploy-manage/users-roles
 
 | Name | Description | Available |
 | --- | --- | --- |
-| Admin | Has full access to project management, properties, and security privileges. Admins log into projects with superuser role privileges. | [![Elasticsearch](/deploy-manage/images/serverless-es-badge.svg "")](../../../solutions/search.md)[![Observability](/deploy-manage/images/serverless-obs-badge.svg "")](../../../solutions/observability.md)[![Security](/deploy-manage/images/serverless-sec-badge.svg "")](../../../solutions/security/elastic-security-serverless.md) |
+| Admin | Has full access to project management, properties, and security privileges. Admins log into projects with superuser role privileges. | [![Elasticsearch](/deploy-manage/images/serverless-es-badge.svg "")](../../../solutions/search.md)[![Observability](/deploy-manage/images/serverless-obs-badge.svg "")](../../../solutions/observability.md)[![Security](/deploy-manage/images/serverless-sec-badge.svg "")](../../../solutions/security.md) |
 | Developer | Creates API keys, indices, data streams, adds connectors, and builds visualizations. | [![Elasticsearch](/deploy-manage/images/serverless-es-badge.svg "")](../../../solutions/search.md) |
-| Viewer | Has read-only access to project details, data, and features. | [![Elasticsearch](/deploy-manage/images/serverless-es-badge.svg "")](../../../solutions/search.md)[![Observability](/deploy-manage/images/serverless-obs-badge.svg "")](../../../solutions/observability.md)[![Security](/deploy-manage/images/serverless-sec-badge.svg "")](../../../solutions/security/elastic-security-serverless.md) |
-| Editor | Configures all Observability or Security projects. Has read-only access to data indices. Has full access to all project features. | [![Observability](/deploy-manage/images/serverless-obs-badge.svg "")](../../../solutions/observability.md)[![Security](/deploy-manage/images/serverless-sec-badge.svg "")](../../../solutions/security/elastic-security-serverless.md) |
-| Tier 1 analyst | Ideal for initial alert triage. General read access, can create dashboards and visualizations. | [![Security](/deploy-manage/images/serverless-sec-badge.svg "")](../../../solutions/security/elastic-security-serverless.md) |
-| Tier 2 analyst | Ideal for alert triage and beginning the investigation process. Can create cases. | [![Security](/deploy-manage/images/serverless-sec-badge.svg "")](../../../solutions/security/elastic-security-serverless.md) |
-| Tier 3 analyst | Deeper investigation capabilities. Access to rules, lists, cases, Osquery, and response actions. | [![Security](/deploy-manage/images/serverless-sec-badge.svg "")](../../../solutions/security/elastic-security-serverless.md) |
-| Threat intelligence analyst | Access to alerts, investigation tools, and intelligence pages. | [![Security](/deploy-manage/images/serverless-sec-badge.svg "")](../../../solutions/security/elastic-security-serverless.md) |
-| Rule author | Access to detection engineering and rule creation. Can create rules from available data sources and add exceptions to reduce false positives. | [![Security](/deploy-manage/images/serverless-sec-badge.svg "")](../../../solutions/security/elastic-security-serverless.md) |
-| SOC manager | Access to alerts, cases, investigation tools, endpoint policy management, and response actions. | [![Security](/deploy-manage/images/serverless-sec-badge.svg "")](../../../solutions/security/elastic-security-serverless.md) |
-| Endpoint operations analyst | Access to endpoint response actions. Can manage endpoint policies, {{fleet}}, and integrations. | [![Security](/deploy-manage/images/serverless-sec-badge.svg "")](../../../solutions/security/elastic-security-serverless.md) |
-| Platform engineer | Access to {{fleet}}, integrations, endpoints, and detection content. | [![Security](/deploy-manage/images/serverless-sec-badge.svg "")](../../../solutions/security/elastic-security-serverless.md) |
-| Detections admin | All available detection engine permissions to include creating rule actions, such as notifications to third-party systems. | [![Security](/deploy-manage/images/serverless-sec-badge.svg "")](../../../solutions/security/elastic-security-serverless.md) |
-| Endpoint policy manager | Access to endpoint policy management and related artifacts. Can manage {{fleet}} and integrations. | [![Security](/deploy-manage/images/serverless-sec-badge.svg "")](../../../solutions/security/elastic-security-serverless.md) |
+| Viewer | Has read-only access to project details, data, and features. | [![Elasticsearch](/deploy-manage/images/serverless-es-badge.svg "")](../../../solutions/search.md)[![Observability](/deploy-manage/images/serverless-obs-badge.svg "")](../../../solutions/observability.md)[![Security](/deploy-manage/images/serverless-sec-badge.svg "")](../../../solutions/security.md) |
+| Editor | Configures all Observability or Security projects. Has read-only access to data indices. Has full access to all project features. | [![Observability](/deploy-manage/images/serverless-obs-badge.svg "")](../../../solutions/observability.md)[![Security](/deploy-manage/images/serverless-sec-badge.svg "")](../../../solutions/security.md) |
+| Tier 1 analyst | Ideal for initial alert triage. General read access, can create dashboards and visualizations. | [![Security](/deploy-manage/images/serverless-sec-badge.svg "")](../../../solutions/security.md) |
+| Tier 2 analyst | Ideal for alert triage and beginning the investigation process. Can create cases. | [![Security](/deploy-manage/images/serverless-sec-badge.svg "")](../../../solutions/security.md) |
+| Tier 3 analyst | Deeper investigation capabilities. Access to rules, lists, cases, Osquery, and response actions. | [![Security](/deploy-manage/images/serverless-sec-badge.svg "")](../../../solutions/security.md) |
+| Threat intelligence analyst | Access to alerts, investigation tools, and intelligence pages. | [![Security](/deploy-manage/images/serverless-sec-badge.svg "")](../../../solutions/security.md) |
+| Rule author | Access to detection engineering and rule creation. Can create rules from available data sources and add exceptions to reduce false positives. | [![Security](/deploy-manage/images/serverless-sec-badge.svg "")](../../../solutions/security.md) |
+| SOC manager | Access to alerts, cases, investigation tools, endpoint policy management, and response actions. | [![Security](/deploy-manage/images/serverless-sec-badge.svg "")](../../../solutions/security.md) |
+| Endpoint operations analyst | Access to endpoint response actions. Can manage endpoint policies, {{fleet}}, and integrations. | [![Security](/deploy-manage/images/serverless-sec-badge.svg "")](../../../solutions/security.md) |
+| Platform engineer | Access to {{fleet}}, integrations, endpoints, and detection content. | [![Security](/deploy-manage/images/serverless-sec-badge.svg "")](../../../solutions/security.md) |
+| Detections admin | All available detection engine permissions to include creating rule actions, such as notifications to third-party systems. | [![Security](/deploy-manage/images/serverless-sec-badge.svg "")](../../../solutions/security.md) |
+| Endpoint policy manager | Access to endpoint policy management and related artifacts. Can manage {{fleet}} and integrations. | [![Security](/deploy-manage/images/serverless-sec-badge.svg "")](../../../solutions/security.md) |
 
 ## Role scopes [ec-role-scoping]
 

@@ -12,7 +12,7 @@ products:
 
 # Maintenance windows
 
-This content applies to: [![Observability](/explore-analyze/images/serverless-obs-badge.svg "")](../../../solutions/observability.md) [![Security](/explore-analyze/images/serverless-sec-badge.svg "")](../../../solutions/security/elastic-security-serverless.md)
+This content applies to: [![Observability](/explore-analyze/images/serverless-obs-badge.svg "")](../../../solutions/observability.md) [![Security](/explore-analyze/images/serverless-sec-badge.svg "")](../../../solutions/security.md)
 
 
 You can schedule single or recurring maintenance windows to temporarily reduce rule notifications. For example, a maintenance window prevents false alarms during planned outages.

@@ -10,7 +10,7 @@ products:
 
 # Logstash pipelines [logstash-pipelines]
 
-This content applies to: [![Elasticsearch](/manage-data/images/serverless-es-badge.svg "")](../../../solutions/search.md) [![Observability](/manage-data/images/serverless-obs-badge.svg "")](../../../solutions/observability.md) [![Security](/manage-data/images/serverless-sec-badge.svg "")](../../../solutions/security/elastic-security-serverless.md)
+This content applies to: [![Elasticsearch](/manage-data/images/serverless-es-badge.svg "")](../../../solutions/search.md) [![Observability](/manage-data/images/serverless-obs-badge.svg "")](../../../solutions/observability.md) [![Security](/manage-data/images/serverless-sec-badge.svg "")](../../../solutions/security.md)
 
 On the **{{ls-pipelines-app}}** management page, you can control multiple {{ls}} instances and pipeline configurations.
 

@@ -587,6 +587,11 @@ redirects:
 
 # Related to https://github.com/elastic/docs-team/issues/104
   'solutions/observability/get-started/what-is-elastic-observability': 'solutions/observability.md'
+  'solutions/security/get-started/create-security-project.md': 
+    to: 'solutions/security/get-started.md'
+    anchors:
+      'create-sec-serverless-project':
+  'solutions/security/elastic-security-serverless.md': 'solutions/security.md'
 
 # Related to https://github.com/elastic/docs-content/pull/3808
-  'solutions/observability/get-started/other-tutorials/add-data-from-splunk.md': 'solutions/observability/get-started.md'
+  'solutions/observability/get-started/other-tutorials/add-data-from-splunk.md': 'solutions/observability/get-started.md'
@@ -14,7 +14,7 @@ This page describes how to create an EASE project, how to ingest your data, and
 
 To create an EASE project:
 
-1. [Create](/solutions/security/get-started/create-security-project.md) an {{sec-serverless}} project, and on the **Confirm your project settings** page, select **Elastic AI SOC Engine**. 
+1. [Create](/solutions/security/get-started.md#create-sec-serverless-project) an {{sec-serverless}} project, and on the **Confirm your project settings** page, select **Elastic AI SOC Engine**. 
 
    :::{image} /solutions/images/security-ease-create-ease-project.png
    :alt: The Confirm your project settings page

@@ -17,7 +17,7 @@ New to {{elastic-sec}}? Follow the instructions in this topic to get started. Th
 ::::::{{stepper}}
 :::::{{step}} Choose your deployment type   
 
-Elastic provides several self-managed and Elastic-managed options. For simplicity and speed, we recommend [](./elastic-security-serverless.md), which enables you to run {{elastic-sec}} in a fully managed environment so you don’t have to manage the underlying {{es}} cluster and {{kib}} instances. 
+Elastic provides several self-managed and Elastic-managed options. For simplicity and speed, we recommend {{sec-serverless}}, which enables you to run {{elastic-sec}} in a fully managed environment so you don’t have to manage the underlying {{es}} cluster and {{kib}} instances. 
 
 $$$create-sec-serverless-project$$$ 
 ::::{dropdown} Create an {{sec-serverless}} project 

@@ -15,7 +15,7 @@ In this quickstart guide, you'll learn how to get started with Elastic Security
 
 ## Prerequisites 
 
-* You can follow this guide using any deployment. To get up and running quickly, we recommend [](/solutions/security/elastic-security-serverless.md) with the **Security Analytics Complete** [feature tier](/deploy-manage/deploy/elastic-cloud/project-settings.md#elastic-sec-project-features). For a complete list of deployment options, refer to [](/deploy-manage/deploy.md#choosing-your-deployment-type).
+* You can follow this guide using any deployment. To get up and running quickly, we recommend [{{sec-serverless}}](/solutions/security/get-started.md#create-sec-serverless-project) with the **Security Analytics Complete** [feature tier](/deploy-manage/deploy/elastic-cloud/project-settings.md#elastic-sec-project-features). For a complete list of deployment options, refer to [](/deploy-manage/deploy.md#choosing-your-deployment-type).
 * An admin account for the cloud service provider (CSP) you want to use.