diff --git a/.claude/commands/doc-concept.md b/.claude/commands/doc-concept.md
new file mode 100644
index 00000000000..9ca77351509
--- /dev/null
+++ b/.claude/commands/doc-concept.md
@@ -0,0 +1,18 @@
+Create conceptual documentation following DITA-style concept topic structure.
+
+Generate comprehensive conceptual documentation that includes:
+
+1. **Overview**: High-level explanation of what this concept is
+2. **Context**: When and why this concept is relevant
+3. **Key Components**: Break down the main elements or aspects
+4. **Relationships**: How this concept relates to other concepts in the system
+5. **Use Cases**: Common scenarios where this concept applies
+6. **Benefits/Considerations**: Advantages and important considerations
+
+Structure the content with:
+- Clear headings and subheadings
+- Logical flow from general to specific
+- Cross-references to related task and reference documentation
+- Examples where helpful for understanding
+
+Focus on the "what" and "why" rather than step-by-step procedures.
\ No newline at end of file
diff --git a/.claude/commands/doc-map.md b/.claude/commands/doc-map.md
new file mode 100644
index 00000000000..e2f90a8e057
--- /dev/null
+++ b/.claude/commands/doc-map.md
@@ -0,0 +1,25 @@
+Create a documentation map or content organization structure following DITA-style map principles.
+
+Generate a hierarchical content organization that includes:
+
+1. **Content Inventory**: Survey existing documentation and identify gaps
+2. **Topic Hierarchy**: Organize content into logical groups:
+ - Getting Started / Introduction
+ - Concepts (understanding)
+ - Tasks (procedures)
+ - Reference (lookup)
+ - Troubleshooting
+ - Advanced Topics
+3. **Content Relationships**: Define how topics relate to each other
+4. **Navigation Structure**: Logical flow and pathways through content
+5. **Metadata Strategy**: Consistent tagging and categorization
+6. **Content Reuse Plan**: Identify reusable components and snippets
+
+Create:
+- Table of contents with hierarchical structure
+- Content matrix showing topic types and audiences
+- Cross-reference map showing relationships between topics
+- Templates and style guide recommendations
+- Content maintenance and update procedures
+
+Focus on creating a cohesive, navigable documentation ecosystem that serves different user needs and experience levels.
\ No newline at end of file
diff --git a/.claude/commands/doc-reference.md b/.claude/commands/doc-reference.md
new file mode 100644
index 00000000000..cd5ed14d4ac
--- /dev/null
+++ b/.claude/commands/doc-reference.md
@@ -0,0 +1,27 @@
+Create reference documentation following DITA-style reference topic structure.
+
+Generate comprehensive reference material that includes:
+
+1. **Purpose**: Brief description of what this reference covers
+2. **Syntax/Structure**: Formal syntax, schema, or structure definition
+3. **Parameters/Properties**: Detailed list with:
+ - Name and type
+ - Description and purpose
+ - Required vs optional
+ - Default values
+ - Valid values or constraints
+ - Examples
+4. **Return Values/Outputs**: What the API/function/command returns
+5. **Examples**: Multiple practical examples showing usage
+6. **Error Conditions**: Possible errors and their meanings
+7. **Related Items**: Links to related APIs, functions, or concepts
+
+Structure with:
+- Consistent formatting for technical elements
+- Tables for parameter lists and comparisons
+- Code blocks with proper syntax highlighting
+- Clear categorization and grouping
+- Alphabetical or logical ordering where appropriate
+- Cross-references to concept and task documentation
+
+Focus on precise, factual information for quick lookup and integration.
\ No newline at end of file
diff --git a/.claude/commands/doc-reuse.md b/.claude/commands/doc-reuse.md
new file mode 100644
index 00000000000..eae3221e497
--- /dev/null
+++ b/.claude/commands/doc-reuse.md
@@ -0,0 +1,27 @@
+Create reusable content components and manage content reuse following DITA principles.
+
+Identify and create reusable documentation elements including:
+
+1. **Content Analysis**: Review existing content for reuse opportunities:
+ - Common procedures or explanations
+ - Repeated warnings or notes
+ - Standard definitions or concepts
+ - Boilerplate text or disclaimers
+2. **Reusable Components**: Create modular content pieces:
+ - Snippets for common procedures
+ - Template structures for consistent formatting
+ - Standard definitions and glossary terms
+ - Common troubleshooting steps
+ - Boilerplate sections (prerequisites, legal notices)
+3. **Content Variables**: Define dynamic content elements:
+ - Product names and versions
+ - URLs and links
+ - Contact information
+ - Configuration values
+4. **Conditional Content**: Plan content variations for:
+ - Different audiences (admin, developer, end-user)
+ - Different products or versions
+ - Different platforms or environments
+5. **Reuse Strategy**: Document how to maintain and update shared content
+
+Focus on creating a sustainable content ecosystem that reduces duplication while maintaining consistency and accuracy across all documentation.
\ No newline at end of file
diff --git a/.claude/commands/doc-review.md b/.claude/commands/doc-review.md
new file mode 100644
index 00000000000..f065c55afad
--- /dev/null
+++ b/.claude/commands/doc-review.md
@@ -0,0 +1,35 @@
+Perform a comprehensive documentation review using New Relic standards.
+
+Review the current documentation and provide feedback on:
+
+1. **Content Quality**:
+ - Accuracy and technical correctness
+ - Completeness of information
+ - Logical flow and organization
+ - Clear problem-solution alignment
+
+2. **New Relic Style Compliance**:
+ - Voice and tone consistency
+ - Terminology usage (check against style guide)
+ - Code example formatting
+ - Heading structure and hierarchy
+
+3. **User Experience**:
+ - Scannability and readability
+ - Appropriate use of lists, tables, and callouts
+ - Cross-references and navigation
+ - Mobile-friendly formatting
+
+4. **Technical Standards**:
+ - MDX syntax correctness
+ - Frontmatter completeness
+ - Component usage consistency
+ - SEO optimization (titles, descriptions)
+
+5. **Accessibility**:
+ - Alt text for images
+ - Descriptive link text
+ - Proper heading hierarchy
+ - Color contrast considerations
+
+Provide specific, actionable feedback with line numbers and suggested improvements.
\ No newline at end of file
diff --git a/.claude/commands/doc-task.md b/.claude/commands/doc-task.md
new file mode 100644
index 00000000000..fb846ca773c
--- /dev/null
+++ b/.claude/commands/doc-task.md
@@ -0,0 +1,23 @@
+Create task-oriented documentation following DITA-style task topic structure.
+
+Generate step-by-step procedural documentation that includes:
+
+1. **Purpose**: Brief statement of what the task accomplishes
+2. **Prerequisites**: Required knowledge, permissions, or setup needed
+3. **Context**: When you would perform this task
+4. **Procedure**: Clear, numbered steps with:
+ - Action verbs starting each step
+ - Expected results or confirmations
+ - Code examples, commands, or UI interactions
+ - Screenshots or diagrams where helpful
+5. **Verification**: How to confirm the task was completed successfully
+6. **Troubleshooting**: Common issues and solutions
+7. **Next Steps**: What to do after completing this task
+
+Structure with:
+- Scannable numbered or bulleted lists
+- Clear action-oriented language
+- Consistent formatting for code, UI elements, and file paths
+- Cross-references to related concept and reference documentation
+
+Focus on the "how" with clear, actionable instructions.
\ No newline at end of file
diff --git a/.claude/json-prompt-guide.md b/.claude/json-prompt-guide.md
new file mode 100644
index 00000000000..281ce3a0d71
--- /dev/null
+++ b/.claude/json-prompt-guide.md
@@ -0,0 +1,193 @@
+# JSON Prompt Engineering Guide for Technical Writers
+
+## Template Structure
+
+```json
+{
+ "context": {
+ "project": "New Relic Documentation",
+ "audience": "developers|administrators|end-users",
+ "doc_type": "concept|task|reference|tutorial",
+ "existing_content": "file_path or description",
+ "related_docs": ["list", "of", "related", "files"]
+ },
+ "task": {
+ "primary_goal": "clear, specific objective",
+ "deliverable": "what you want created/updated",
+ "scope": "boundaries and limitations",
+ "success_criteria": ["measurable", "outcomes"]
+ },
+ "requirements": {
+ "style_guide": "New Relic voice and tone",
+ "format": "MDX with specific components",
+ "structure": "headings, sections, flow",
+ "examples": "code samples, screenshots, etc.",
+ "cross_references": "links to maintain"
+ },
+ "constraints": {
+ "length": "word count or section limits",
+ "technical_level": "beginner|intermediate|advanced",
+ "compliance": "security, legal, brand requirements",
+ "deadline": "time constraints if relevant"
+ },
+ "output_format": {
+ "structure": "specific markdown/MDX format",
+ "components": "New Relic doc components to use",
+ "frontmatter": "required metadata fields",
+ "review_checklist": "what to verify before completion"
+ }
+}
+```
+
+## Example Templates by Documentation Type
+
+### 1. New Feature Documentation
+```json
+{
+ "context": {
+ "project": "New Relic Documentation",
+ "audience": "developers",
+ "doc_type": "concept + task",
+ "existing_content": "none - new feature",
+ "related_docs": ["src/content/docs/apis/", "src/content/docs/integrations/"]
+ },
+ "task": {
+ "primary_goal": "Introduce new Security RX feature",
+ "deliverable": "Complete feature documentation with overview and setup",
+ "scope": "Cover core functionality, exclude advanced configurations",
+ "success_criteria": ["User can understand the feature", "User can complete basic setup", "SEO optimized"]
+ },
+ "requirements": {
+ "style_guide": "New Relic conversational but authoritative tone",
+ "format": "MDX with code blocks and callouts",
+ "structure": "Overview → Prerequisites → Setup → Verification → Next Steps",
+ "examples": "Working code samples, API calls, configuration files",
+ "cross_references": "Link to related security and API docs"
+ },
+ "constraints": {
+ "length": "1500-2500 words maximum",
+ "technical_level": "intermediate developers",
+ "compliance": "Include security best practices warnings",
+ "deadline": "none specified"
+ },
+ "output_format": {
+ "structure": "Standard New Relic doc template",
+ "components": "Use Callout, CodeBlock, InlineCode components",
+ "frontmatter": "Include title, description, redirects, freshnessValidatedDate",
+ "review_checklist": ["Accuracy", "Completeness", "Style compliance", "Link validation"]
+ }
+}
+```
+
+### 2. Documentation Update/Revision
+```json
+{
+ "context": {
+ "project": "New Relic Documentation",
+ "audience": "security engineers",
+ "doc_type": "reference update",
+ "existing_content": "src/content/docs/vulnerability-management/overview.mdx",
+ "related_docs": ["aws.mdx", "security NRQL examples"]
+ },
+ "task": {
+ "primary_goal": "Update Security RX overview with latest features",
+ "deliverable": "Revised overview page with current capabilities",
+ "scope": "Update existing sections, add 2-3 new sections",
+ "success_criteria": ["Reflects current product state", "Maintains existing structure", "Improves user onboarding"]
+ },
+ "requirements": {
+ "style_guide": "Match existing doc voice, update outdated terms",
+ "format": "Maintain current MDX structure and components",
+ "structure": "Keep existing headings, expand content within",
+ "examples": "Update code samples to current API versions",
+ "cross_references": "Verify all internal links still work"
+ },
+ "constraints": {
+ "length": "Don't exceed current length by more than 30%",
+ "technical_level": "Match current intermediate level",
+ "compliance": "Ensure security recommendations are current",
+ "deadline": "none specified"
+ },
+ "output_format": {
+ "structure": "Preserve existing heading structure",
+ "components": "Use same components as original",
+ "frontmatter": "Update freshnessValidatedDate, keep other metadata",
+ "review_checklist": ["No broken functionality", "Backward compatibility", "Updated examples work"]
+ }
+}
+```
+
+### 3. API Documentation Generation
+```json
+{
+ "context": {
+ "project": "New Relic Documentation",
+ "audience": "API developers",
+ "doc_type": "reference",
+ "existing_content": "OpenAPI spec or code comments",
+ "related_docs": ["authentication guides", "SDK documentation"]
+ },
+ "task": {
+ "primary_goal": "Generate comprehensive API reference from code",
+ "deliverable": "Complete API endpoint documentation",
+ "scope": "All public endpoints, exclude internal/deprecated ones",
+ "success_criteria": ["All endpoints documented", "Working code examples", "Clear error handling"]
+ },
+ "requirements": {
+ "style_guide": "Technical but accessible, New Relic API doc standards",
+ "format": "MDX with consistent parameter tables and code blocks",
+ "structure": "Endpoint → Parameters → Examples → Responses → Errors",
+ "examples": "cURL and JavaScript/Python examples for each endpoint",
+ "cross_references": "Link to authentication, rate limiting, SDK docs"
+ },
+ "constraints": {
+ "length": "Comprehensive but scannable",
+ "technical_level": "Intermediate to advanced developers",
+ "compliance": "Include rate limiting and security considerations",
+ "deadline": "none specified"
+ },
+ "output_format": {
+ "structure": "New Relic API reference template",
+ "components": "Use Table, CodeBlock, Callout for warnings",
+ "frontmatter": "Include API version, last updated, related endpoints",
+ "review_checklist": ["All examples tested", "Parameter types correct", "Error codes accurate"]
+ }
+}
+```
+
+## Quick Reference Prompts
+
+### Documentation Review
+```json
+{
+ "context": {"existing_content": "file_path", "audience": "target_user"},
+ "task": {"primary_goal": "comprehensive review", "deliverable": "actionable feedback"},
+ "requirements": {"style_guide": "New Relic standards", "format": "current MDX"},
+ "output_format": {"structure": "line-by-line feedback with suggestions"}
+}
+```
+
+### Content Gap Analysis
+```json
+{
+ "context": {"existing_content": "doc_section", "related_docs": ["comparative_files"]},
+ "task": {"primary_goal": "identify missing content", "deliverable": "gap analysis + recommendations"},
+ "requirements": {"style_guide": "match existing", "format": "structured analysis"},
+ "output_format": {"structure": "gaps → impact → priority → solutions"}
+}
+```
+
+## Best Practices for JSON Prompts
+
+1. **Be Specific**: Use exact file paths, not generic descriptions
+2. **Set Clear Boundaries**: Define what's in/out of scope
+3. **Include Success Criteria**: How will you know it's done well?
+4. **Reference Standards**: Always specify New Relic style requirements
+5. **Plan for Review**: Include what should be checked before publishing
+
+## Integration with Claude Code MCP
+
+- Use GitHub MCP to reference actual files and PRs
+- Leverage exploration agents for understanding doc relationships
+- Use task agents for complex multi-step documentation projects
+- Include file paths that Claude Code can directly access and analyze
\ No newline at end of file
diff --git a/.claude/prompt-engineering-cheatsheet.md b/.claude/prompt-engineering-cheatsheet.md
new file mode 100644
index 00000000000..46233ef81ad
--- /dev/null
+++ b/.claude/prompt-engineering-cheatsheet.md
@@ -0,0 +1,303 @@
+# Claude Code Prompt Engineering Cheat Sheet for Technical Writers
+
+## 🚫 Traditional Prompting vs ✅ Claude Code + MCP
+
+### ❌ INEFFECTIVE: Generic AI Writing Prompts
+```
+"Write documentation for our security feature"
+"Make this page better"
+"Create API docs"
+"Review this content"
+```
+
+### ✅ EFFECTIVE: Context-Rich, Structured Prompts
+
+## 📋 Quick Reference Templates
+
+### 1. Documentation Review
+```
+Review src/content/docs/vulnerability-management/overview.mdx for:
+- New Relic style guide compliance
+- Technical accuracy of Security RX features
+- User onboarding flow effectiveness
+- Cross-reference link validity
+
+Provide line-specific feedback with improvement suggestions.
+```
+
+### 2. Content Enhancement
+```
+Enhance the Security RX overview page by:
+1. Adding a "Quick Start" section for first-time users
+2. Including 3 practical NRQL query examples
+3. Strengthening the value proposition in the intro
+4. Ensuring all integration links work correctly
+
+Maintain existing MDX structure and New Relic voice.
+```
+
+### 3. Documentation Gap Analysis
+```
+Compare our current NRQL security examples against:
+- Popular vulnerability detection use cases
+- Integration documentation coverage
+- Competitor documentation completeness
+
+Identify top 5 missing examples and create them.
+```
+
+## 🎯 Prompt Patterns That Work
+
+### Pattern 1: Context → Task → Constraints → Output
+```
+CONTEXT: Working on Security RX docs for DevSecOps teams
+TASK: Create tutorial for setting up AWS Security Hub integration
+CONSTRAINTS: Must follow DITA task structure, include troubleshooting
+OUTPUT: Complete MDX file with working code examples
+```
+
+### Pattern 2: File-Specific Updates
+```
+Update src/content/docs/vulnerability-management/integrations/aws.mdx:
+- Add CloudFormation template examples
+- Update IAM policy requirements
+- Include new API endpoints from v2.1
+- Test all code examples for accuracy
+```
+
+### Pattern 3: Cross-Document Consistency
+```
+Ensure consistency across these Security RX files:
+- overview.mdx
+- integrations/aws.mdx
+- integrations/snyk.mdx
+
+Standardize: terminology, code formatting, cross-references, tone
+```
+
+## 🔧 Leveraging Claude Code's Unique Capabilities
+
+### 1. Repository Context Awareness
+**Instead of:** "Look at our docs"
+**Use:** "Review src/content/docs/vulnerability-management/ structure and identify inconsistencies with our integration pattern in src/content/docs/integrations/"
+
+### 2. Real-time File Analysis
+**Instead of:** "Check if this is correct"
+**Use:** "Verify that all NRQL examples in this file execute correctly and match our current schema"
+
+### 3. Cross-Reference Validation
+**Instead of:** "Make sure links work"
+**Use:** "Validate all internal links in the vulnerability management section and update any that point to deprecated pages"
+
+## 📊 Before/After Examples
+
+### Example 1: Feature Documentation
+
+#### ❌ BEFORE (Weak Prompt)
+```
+"Document the new security feature"
+```
+
+#### ✅ AFTER (Strong Prompt)
+```json
+{
+ "context": {
+ "feature": "Security RX Cloud Vulnerability Detection",
+ "audience": "DevSecOps engineers using AWS",
+ "existing_docs": "src/content/docs/vulnerability-management/",
+ "integration_point": "AWS Security Hub"
+ },
+ "task": {
+ "deliverable": "Complete feature documentation with setup guide",
+ "scope": "Cover installation, configuration, and first-use scenarios",
+ "examples_needed": ["CloudFormation template", "IAM policies", "NRQL queries"]
+ },
+ "requirements": {
+ "format": "DITA-style task documentation",
+ "voice": "New Relic conversational but authoritative",
+ "technical_level": "Intermediate AWS users"
+ }
+}
+```
+
+### Example 2: Content Review
+
+#### ❌ BEFORE (Vague Request)
+```
+"Is this page good?"
+```
+
+#### ✅ AFTER (Specific Review Criteria)
+```
+Review src/content/docs/vulnerability-management/overview.mdx against:
+
+CONTENT QUALITY:
+- Does the intro clearly explain Security RX value in <30 seconds?
+- Are use cases specific and actionable?
+- Do code examples work with current API?
+
+NEW RELIC STANDARDS:
+- Voice and tone consistency with style guide
+- Proper use of DNT, Callout, and CodeBlock components
+- SEO optimization (title, meta description, headings)
+
+USER EXPERIENCE:
+- Clear path from overview to first action
+- Logical information hierarchy
+- Mobile-friendly formatting
+
+Provide specific line numbers and actionable improvements.
+```
+
+### Example 3: API Documentation
+
+#### ❌ BEFORE (Generic Request)
+```
+"Create API docs from this code"
+```
+
+#### ✅ AFTER (Comprehensive Specification)
+```
+Generate API documentation for Security RX endpoints by:
+
+1. ANALYZING: Review the OpenAPI spec in /api/security-rx/
+2. STRUCTURING: Use New Relic API doc template pattern
+3. EXAMPLES: Create working cURL and JavaScript examples
+4. INTEGRATION: Cross-reference with existing authentication docs
+5. TESTING: Verify all examples execute successfully
+
+Include: endpoint descriptions, parameter tables, response schemas, error codes, rate limiting info.
+
+Format as MDX with proper frontmatter for New Relic docs site.
+```
+
+## 🎭 Role-Based Prompt Strategies
+
+### For Technical Writers
+```
+"As a technical writer reviewing this Security RX documentation, evaluate:
+- Information architecture and flow
+- Clarity for target audience (DevSecOps teams)
+- Completeness of task-oriented content
+- Integration with existing doc ecosystem"
+```
+
+### For Subject Matter Experts
+```
+"As a security engineer, verify this documentation for:
+- Technical accuracy of configurations
+- Real-world applicability of examples
+- Potential security implications or warnings needed
+- Missing edge cases or troubleshooting scenarios"
+```
+
+### For UX Writers
+```
+"As a UX writer, assess this documentation for:
+- User journey and onboarding flow
+- Language clarity and accessibility
+- Call-to-action effectiveness
+- Cognitive load and information hierarchy"
+```
+
+## ⚡ Power User Tips
+
+### 1. Batch Operations
+```
+"Perform these tasks in parallel:
+1. Review AWS integration docs for accuracy
+2. Update Snyk integration with new API changes
+3. Validate all NRQL examples execute correctly
+4. Check cross-references between security docs"
+```
+
+### 2. Template Creation
+```
+"Create a reusable template for integration documentation based on:
+- Current AWS integration structure
+- Snyk integration patterns
+- New Relic component usage standards
+- Include sections for: overview, setup, configuration, examples, troubleshooting"
+```
+
+### 3. Consistency Audits
+```
+"Audit all Security RX documentation for:
+- Consistent terminology (Security RX vs Vulnerability Management)
+- Standardized code formatting and syntax highlighting
+- Uniform use of callouts and warnings
+- Cross-reference completeness and accuracy"
+```
+
+## 🚀 Advanced Techniques
+
+### Multi-Document Updates
+```
+"Update security terminology across these files to use 'Security RX' consistently:
+- src/content/docs/vulnerability-management/*.mdx
+- src/nav/security.yml
+- Any cross-references in other documentation sections
+
+Maintain all existing functionality and links."
+```
+
+### Integration Testing
+```
+"Test the complete Security RX onboarding flow by:
+1. Following the overview documentation step-by-step
+2. Executing all NRQL examples provided
+3. Verifying integration setup instructions work
+4. Identifying any gaps or friction points
+5. Suggesting improvements for smoother user experience"
+```
+
+### Competitive Analysis Integration
+```
+"Compare our Security RX documentation approach with industry standards:
+- Analyze 3 similar security platform docs
+- Identify gaps in our coverage
+- Suggest improvements for competitive advantage
+- Maintain New Relic's unique voice and approach"
+```
+
+## 📋 Quick Copy-Paste Templates
+
+### Documentation Review
+```
+Review [FILE_PATH] for New Relic standards compliance:
+- Style guide adherence
+- Technical accuracy
+- User experience flow
+- SEO optimization
+Provide specific, actionable feedback.
+```
+
+### Content Creation
+```json
+{
+ "context": {"audience": "TARGET_USERS", "existing_content": "FILE_PATH"},
+ "task": {"deliverable": "SPECIFIC_OUTPUT", "scope": "BOUNDARIES"},
+ "requirements": {"style": "New Relic standards", "format": "MDX"},
+ "success_criteria": ["MEASURABLE_OUTCOMES"]
+}
+```
+
+### Gap Analysis
+```
+Compare [SECTION/FEATURE] documentation against:
+- User needs and use cases
+- Competitive offerings
+- Internal product capabilities
+Identify top priority gaps and solutions.
+```
+
+---
+
+## 🎯 Key Takeaways for Your Team
+
+1. **Be Specific**: Use file paths, line numbers, exact requirements
+2. **Provide Context**: Audience, purpose, existing content relationships
+3. **Set Success Criteria**: How will you know the output is good?
+4. **Leverage MCP**: Use GitHub integration, file analysis, cross-references
+5. **Structure Requests**: JSON format for complex tasks, clear templates for routine work
+6. **Test Everything**: Verify code examples, links, and user flows work correctly
\ No newline at end of file
diff --git a/.claude/security-rx-example-prompt.json b/.claude/security-rx-example-prompt.json
new file mode 100644
index 00000000000..b70b57f52e8
--- /dev/null
+++ b/.claude/security-rx-example-prompt.json
@@ -0,0 +1,55 @@
+{
+ "context": {
+ "project": "New Relic Documentation",
+ "audience": "security engineers and DevSecOps teams",
+ "doc_type": "concept + tutorial",
+ "existing_content": "src/content/docs/vulnerability-management/overview.mdx",
+ "related_docs": [
+ "src/content/docs/vulnerability-management/integrations/aws.mdx",
+ "src/content/docs/nrql/nrql-examples/security-nrql-query-examples.mdx"
+ ],
+ "current_state": "Overview page exists but needs expansion and better user onboarding"
+ },
+ "task": {
+ "primary_goal": "Enhance Security RX overview to improve user onboarding and feature adoption",
+ "deliverable": "Updated overview page with clearer value proposition and getting started path",
+ "scope": "Expand existing sections, add quickstart guide, improve NRQL examples integration",
+ "success_criteria": [
+ "Users understand Security RX value within 30 seconds",
+ "Clear path from overview to first meaningful action",
+ "Better integration with NRQL examples",
+ "Improved SEO with updated metadata"
+ ]
+ },
+ "requirements": {
+ "style_guide": "New Relic conversational but authoritative tone, avoid jargon",
+ "format": "Maintain existing MDX structure, enhance with interactive elements",
+ "structure": "Value prop → Key capabilities → Quick start → Advanced features → Next steps",
+ "examples": "Add 2-3 inline NRQL queries, real vulnerability scenarios",
+ "cross_references": "Strengthen links to integration docs and NRQL examples"
+ },
+ "constraints": {
+ "length": "Current page is ~800 words, can expand to 1200-1500 words maximum",
+ "technical_level": "Accessible to both security novices and experts",
+ "compliance": "Maintain all existing redirects and metadata",
+ "timeline": "Part of Security RX documentation improvement sprint"
+ },
+ "output_format": {
+ "structure": "Keep existing frontmatter structure, update freshnessValidatedDate",
+ "components": "Use existing Tabs, add Callout for key insights, CodeBlock for NRQL",
+ "frontmatter": "Update title if needed, enhance metaDescription for SEO",
+ "review_checklist": [
+ "All NRQL queries tested and working",
+ "Screenshots current and accessible",
+ "All internal links verified",
+ "Mobile-friendly formatting maintained"
+ ]
+ },
+ "specific_improvements": {
+ "intro_section": "Make the value proposition clearer and more compelling",
+ "getting_started": "Add a 'Your first 5 minutes with Security RX' section",
+ "nrql_integration": "Include 2-3 practical NRQL examples inline",
+ "use_case_expansion": "Add specific scenarios for different team roles",
+ "call_to_action": "Strengthen the path to first meaningful user action"
+ }
+}
\ No newline at end of file
diff --git a/src/content/docs/nrql/nrql-examples/security-nrql-query-examples.mdx b/src/content/docs/nrql/nrql-examples/security-nrql-query-examples.mdx
new file mode 100644
index 00000000000..5c1c2b34998
--- /dev/null
+++ b/src/content/docs/nrql/nrql-examples/security-nrql-query-examples.mdx
@@ -0,0 +1,222 @@
+---
+title: Security data NRQL query examples
+tags:
+ - Query your data
+ - 'NRQL: New Relic Query Language'
+ - NRQL query tutorials
+ - Security
+ - Vulnerability management
+ - Security RX
+metaDescription: Basic examples of using NRQL to query security data collected by New Relic Security RX, including vulnerability and cloud misconfiguration findings.
+freshnessValidatedDate: never
+---
+
+You can use NRQL to query the security data collected by [Security RX](/docs/vulnerability-management/), including vulnerabilities and cloud misconfigurations. This data is stored as `SECURITY_FINDING` entities in NRDB and can be queried to answer various security questions. Here are practical examples for monitoring and analyzing your security posture.
+
+## Raw security findings [#raw-security-findings]
+
+How can I see all security findings in my environment?
+
+```sql
+FROM Entity
+SELECT *
+WHERE type = 'SECURITY_FINDING'
+```
+
+## Active critical vulnerabilities by entity [#critical-vulnerabilities]
+
+Which entities have the most active critical vulnerabilities?
+
+```sql
+FROM Entity
+SELECT count(*)
+WHERE type = 'SECURITY_FINDING'
+ AND status = 'AFFECTED'
+ AND severity = 'CRITICAL'
+FACET impactedEntity.name
+```
+
+## CVE impact analysis [#cve-impact]
+
+Which entities are affected by a specific CVE?
+
+```sql
+FROM Entity
+SELECT count(*)
+WHERE type = 'SECURITY_FINDING'
+ AND status = 'AFFECTED'
+ AND cve.id = 'CVE-2024-23944'
+FACET impactedEntity.name
+```
+
+## Security data sources [#security-sources]
+
+What sources are reporting security findings in my environment?
+
+```sql
+FROM Entity
+SELECT count(*)
+WHERE type = 'SECURITY_FINDING'
+FACET source
+```
+
+## Active exploit detection [#active-exploits]
+
+Which CVEs with known active exploits have been detected in my entities?
+
+```sql
+FROM Entity
+SELECT count(*)
+WHERE type = 'SECURITY_FINDING'
+ AND cve.exploitKnown IS true
+FACET impactedEntity.name, cve.id
+```
+
+## High probability exploits [#high-probability-exploits]
+
+Which CVEs have a high likelihood of being exploited (EPSS > 95th percentile)?
+
+```sql
+FROM Entity
+SELECT count(*)
+WHERE type = 'SECURITY_FINDING'
+ AND cve.epssPercentile > '0.95'
+FACET cve.id
+```
+
+## Vulnerability threshold monitoring [#vulnerability-thresholds]
+
+Which entities exceed security thresholds (more than 5 critical or 10 high-severity vulnerabilities)?
+
+```sql
+SELECT impactedEntity FROM (
+ SELECT count(*) AS vulnerableCount
+ FROM Entity
+ WHERE type = 'SECURITY_FINDING' AND severity IN ('CRITICAL', 'HIGH')
+ FACET impactedEntity.name AS impactedEntity, severity
+)
+WHERE (severity = 'HIGH' AND vulnerableCount > 10) OR (severity = 'CRITICAL' AND vulnerableCount > 5)
+```
+
+## Cloud misconfiguration overview [#cloud-misconfigurations]
+
+How can I see all cloud misconfigurations?
+
+```sql
+FROM Entity
+SELECT *
+WHERE type = 'SECURITY_FINDING' AND findingType = 'MISCONFIGURATION'
+```
+
+## Misconfiguration status summary [#misconfiguration-status]
+
+What's the breakdown of misconfiguration findings by status?
+
+```sql
+FROM Entity
+SELECT uniqueCount(misconfiguration.issueTitle)
+WHERE type = 'SECURITY_FINDING' AND findingType = 'MISCONFIGURATION'
+FACET status
+```
+
+## Top misconfiguration types [#top-misconfigurations]
+
+What are the most common types of active misconfigurations?
+
+```sql
+FROM Entity
+SELECT count(*)
+WHERE type = 'SECURITY_FINDING'
+ AND findingType = 'MISCONFIGURATION'
+ AND internalState.active = true
+FACET misconfiguration.issueTitle
+LIMIT 10
+```
+
+## Riskiest cloud accounts [#risky-accounts]
+
+Which AWS accounts have the most high/critical severity misconfigurations?
+
+```sql
+FROM Entity
+SELECT uniqueCount(misconfiguration.issueTitle)
+WHERE type = 'SECURITY_FINDING'
+ AND findingType = 'MISCONFIGURATION'
+ AND internalState.active = true
+ AND severity IN ('CRITICAL', 'HIGH')
+FACET aparse(additionalInfo, '%"key":"cloudProviderAccountId","values":["*"]%') AS 'AWS Account ID'
+LIMIT 10
+```
+
+## Resource type analysis [#resource-types]
+
+Which cloud resource types have the most misconfigurations?
+
+```sql
+FROM Entity
+SELECT uniqueCount(misconfiguration.issueTitle)
+WHERE type = 'SECURITY_FINDING'
+ AND findingType = 'MISCONFIGURATION'
+ AND internalState.active = true
+FACET misconfiguration.normalizedResourceType
+```
+
+## Critical public exposures [#critical-exposures]
+
+Which resources are both critical severity and publicly exposed?
+
+```sql
+FROM Entity
+SELECT name, impactedEntity.name, misconfiguration.misconfigurationType
+WHERE type = 'SECURITY_FINDING'
+ AND findingType = 'MISCONFIGURATION'
+ AND internalState.active = true
+ AND severity = 'CRITICAL'
+ AND misconfiguration.misconfigurationType LIKE 'Effects/Data Exposure'
+SINCE 1 day ago
+```
+
+## Security findings trends [#security-trends]
+
+How have security findings changed over time?
+
+```sql
+FROM Entity
+SELECT count(*)
+WHERE type = 'SECURITY_FINDING'
+ AND status = 'AFFECTED'
+FACET severity
+TIMESERIES 1 day
+SINCE 1 week ago
+```
+
+## Remediation status tracking [#remediation-tracking]
+
+What's the remediation status of security findings?
+
+```sql
+FROM Entity
+SELECT count(*)
+WHERE type = 'SECURITY_FINDING'
+FACET status, severity
+```
+
+## Integration-specific queries [#integration-queries]
+
+How many findings are coming from each security integration?
+
+```sql
+FROM Entity
+SELECT count(*)
+WHERE type = 'SECURITY_FINDING'
+FACET source, findingType
+TIMESERIES 1 day
+SINCE 1 week ago
+```
+
+## What's next
+
+- Learn more about [Security RX](/docs/vulnerability-management/)
+- Set up [security integrations](/docs/vulnerability-management/integrations/) to populate your security data
+- Create [custom dashboards](/docs/query-your-data/explore-query-data/dashboards/introduction-dashboards/) using these queries
+- Configure [alerts](/docs/vulnerability-management/set-up-alerts/) based on security findings
\ No newline at end of file
diff --git a/src/content/docs/vulnerability-management/cloud-misconfig-prioritization.mdx b/src/content/docs/vulnerability-management/cloud-misconfig-prioritization.mdx
new file mode 100644
index 00000000000..7856a3cdd69
--- /dev/null
+++ b/src/content/docs/vulnerability-management/cloud-misconfig-prioritization.mdx
@@ -0,0 +1,155 @@
+---
+title: Understand cloud misconfiguration prioritization
+metaDescription: Learn how Security RX Cloud intelligently prioritizes cloud misconfigurations using advanced risk scoring algorithms.
+freshnessValidatedDate: never
+---
+
+Security RX Cloud uses intelligent prioritization to help you focus on the most critical security issues first. Our advanced risk scoring algorithm goes beyond basic severity ratings to provide contextual, actionable prioritization that considers multiple risk factors.
+
+## Why prioritization matters
+
+Cloud environments often generate hundreds or thousands of security findings, making it impossible to address everything at once. Without intelligent prioritization, teams often:
+
+* **Focus on the wrong issues**: Spend time on low-impact findings while critical risks go unaddressed
+* **Experience alert fatigue**: Become overwhelmed by the volume of security notifications
+* **Lack clear direction**: Struggle to know where to start remediation efforts
+* **Miss contextual risk**: Ignore how different findings combine to create larger security exposures
+
+## Security RX Cloud's risk scoring approach
+
+Our risk scoring engine automatically calculates priority scores by analyzing multiple risk factors to determine the true risk of each finding. This comprehensive approach ensures you focus on the issues that pose the highest actual risk to your organization.
+
+### Ground truth severity correction [#ground-truth-severity]
+
+**Problem solved**: AWS Security Hub sometimes labels critical security issues as "INFORMATIONAL," leading to dangerous misconfigurations being ignored.
+
+**How it works**: Security RX Cloud programmatically corrects misleading severity ratings by cross-referencing findings with official AWS security documentation. If AWS documentation classifies a finding as Critical, we ensure it's scored as Critical in our system, regardless of what the API reports.
+
+**Example**: An S3 bucket with public read access might be marked as "INFORMATIONAL" by AWS Security Hub, but our system correctly identifies this as "CRITICAL" based on the actual security impact.
+
+### Active threat detection [#active-threat]
+
+**Problem solved**: Not all security findings represent the same level of immediate danger. Some indicate active threats that require urgent attention.
+
+**How it works**: Security RX Cloud automatically adds significant priority bonuses to findings that indicate confirmed threats or active malicious activity, particularly those from AWS GuardDuty.
+
+**Threat indicators that receive priority bonuses**:
+* **MaliciousIPCaller**: Communication with known malicious IP addresses
+* **C&CActivity**: Command and control server communication
+* **Trojan**: Trojan horse activity detected
+* **CryptoCurrency**: Unauthorized cryptocurrency mining activity
+* **Backdoor**: Backdoor installation or communication
+
+### Asset type impact weighting [#asset-impact]
+
+**Problem solved**: A misconfiguration on a critical infrastructure component poses more risk than the same issue on a development resource.
+
+**How it works**: Our scoring engine considers the inherent criticality of different AWS resource types and applies higher priority weighting to high-impact assets.
+
+**High-priority resource types**:
+* **AWS::IAM::Role**: Identity and access management roles that control permissions
+* **AWS::KMS::Key**: Encryption keys that protect sensitive data
+* **AWS::RDS::Instance**: Database instances containing business data
+* **AWS::Lambda::Function**: Serverless functions with potentially broad access
+* **AWS::EC2::SecurityGroup**: Network security controls
+
+**Lower-priority resource types**:
+* Development and test resources
+* Log storage buckets
+* Non-critical compute instances
+
+### Public exposure analysis [#public-exposure]
+
+**Problem solved**: Resources exposed to the public internet face significantly higher risk than internal-only resources.
+
+**How it works**: Security RX Cloud analyzes each finding to determine if the affected resource is accessible from the public internet. If public exposure is detected, we add substantial bonus points to the risk score.
+
+**Public exposure factors**:
+* **Internet-facing load balancers**: Resources accessible through public load balancers
+* **Public IP addresses**: Instances with direct internet connectivity
+* **Open security groups**: Security groups allowing access from 0.0.0.0/0
+* **Public S3 buckets**: Storage buckets with public read or write permissions
+* **Public database instances**: Databases accessible from the internet
+
+## How findings are prioritized [#prioritization-logic]
+
+### Risk score calculation
+
+Each misconfiguration receives a comprehensive risk score based on:
+
+1. **Base severity**: Starting point from the original finding severity
+2. **Ground truth correction**: Adjustment based on actual documented impact
+3. **Threat indicator bonus**: Additional points for confirmed threats
+4. **Asset criticality multiplier**: Weight based on resource importance
+5. **Public exposure bonus**: Additional risk for internet-accessible resources
+6. **Business context**: Optional weighting based on business criticality tags
+
+### Priority ranking system
+
+Security RX Cloud converts risk scores into clear priority rankings:
+
+* **Critical**: Immediate attention required, highest business risk
+* **High**: Address within defined SLA timeframes
+* **Medium**: Important but not urgent, schedule for upcoming sprints
+* **Low**: Address during regular maintenance cycles
+
+### Contextual factors
+
+Beyond automated scoring, Security RX Cloud considers additional context:
+
+* **Resource tags**: Business criticality, environment type (prod/dev/test), team ownership
+* **Compliance frameworks**: Whether findings relate to specific compliance requirements
+* **Historical patterns**: Whether this type of finding has been exploited before
+* **Interconnected risks**: How findings combine to create larger attack surfaces
+
+## Types of supported findings [#finding-types]
+
+Security RX Cloud processes and prioritizes various types of cloud security findings:
+
+### Configuration-based findings
+* **Access control misconfigurations**: Overly permissive IAM policies, public resources
+* **Encryption gaps**: Unencrypted data stores, weak encryption configurations
+* **Network security issues**: Open security groups, unprotected network resources
+* **Logging deficiencies**: Missing audit logs, insufficient monitoring
+
+### Threat-based findings
+* **Malicious activity**: Active threats detected by GuardDuty
+* **Suspicious behavior**: Unusual access patterns or resource usage
+* **Compromise indicators**: Signs of potential security breaches
+* **Attack attempts**: Failed intrusion attempts or reconnaissance activity
+
+### Compliance-related findings
+* **Standards violations**: CIS Benchmark failures, industry standard deviations
+* **Regulatory requirements**: SOC 2, PCI DSS, HIPAA compliance gaps
+* **Best practice deviations**: AWS Well-Architected Framework violations
+
+## Using prioritization in your workflow [#workflow-integration]
+
+### For engineers
+* **Focus on critical findings first**: Address high-risk issues before lower-priority items
+* **Understand context**: Use the risk explanation to understand why an issue is prioritized
+* **Batch similar fixes**: Group related misconfigurations for efficient remediation
+* **Verify impact**: Use the public exposure and asset criticality information to validate fixes
+
+### For security teams
+* **Strategic resource allocation**: Direct team efforts toward highest-impact issues
+* **SLA management**: Set different response timeframes based on priority levels
+* **Risk communication**: Use priority levels to communicate urgency to stakeholders
+* **Trend analysis**: Monitor whether high-priority findings are increasing or decreasing
+
+### Best practices for prioritization
+* **Trust the algorithm**: Security RX Cloud's multi-factor approach is more accurate than single-dimension prioritization
+* **Consider business context**: Add business criticality tags to resources for better prioritization
+* **Regular review**: Periodically review prioritization to ensure it aligns with your risk tolerance
+* **Team training**: Educate teams on why certain findings are prioritized higher than others
+
+## Customizing prioritization [#customization]
+
+While Security RX Cloud's default prioritization works well for most organizations, you can enhance it by:
+
+* **Resource tagging**: Add business criticality and environment tags to improve context
+* **Team ownership**: Associate resources with responsible teams for better assignment
+* **Compliance mapping**: Tag resources with relevant compliance frameworks
+* **Business impact classification**: Identify business-critical applications and data stores
+
+Learn more about [remediation workflows](/docs/vulnerability-management/cloud-misconfig-remediation) and how to [set up cloud security integration](/docs/vulnerability-management/cloud-misconfig-setup) to get the most value from intelligent prioritization.
\ No newline at end of file
diff --git a/src/content/docs/vulnerability-management/cloud-misconfig-remediation.mdx b/src/content/docs/vulnerability-management/cloud-misconfig-remediation.mdx
new file mode 100644
index 00000000000..a6a2524e36f
--- /dev/null
+++ b/src/content/docs/vulnerability-management/cloud-misconfig-remediation.mdx
@@ -0,0 +1,231 @@
+---
+title: Remediate cloud misconfigurations
+metaDescription: Learn how to use Security RX Cloud's AI-generated remediation playbooks to fix cloud security issues across multiple workflows.
+freshnessValidatedDate: never
+---
+
+Security RX Cloud provides comprehensive, AI-generated remediation playbooks that guide you through fixing cloud misconfigurations using your preferred workflow. Instead of researching fixes across multiple sources, you get step-by-step instructions tailored to your tools and processes.
+
+## Problems remediation playbooks solve
+
+Traditional cloud security tools often leave you with incomplete information when it comes to actually fixing issues:
+
+* **Research overhead**: Time wasted looking up how to fix security misconfigurations across AWS documentation and security guides
+* **Context switching**: Having to leave your security dashboard to research and implement fixes
+* **Workflow mismatch**: Remediation guidance that doesn't match your team's preferred tools and processes
+* **Verification uncertainty**: Not knowing how to confirm that a fix was properly implemented
+* **Incomplete fixes**: Partial solutions that don't address the root cause of security issues
+
+## How Security RX Cloud remediation works
+
+Security RX Cloud's remediation system provides complete, AI-generated playbooks that include:
+
+### Multiple workflow options
+Every misconfiguration includes remediation instructions for different workflows, so you can choose the approach that fits your team's processes.
+
+### Production-ready code
+All code snippets are production-ready and follow security best practices, reducing the risk of introducing new issues while fixing existing ones.
+
+### Verification steps
+Each remediation playbook includes steps to verify that the fix was properly implemented and the security issue is resolved.
+
+## Remediation workflow options [#workflow-options]
+
+Security RX Cloud provides remediation instructions for four different workflows, allowing you to choose the approach that best fits your team's processes and tools.
+
+### Console-based remediation [#console-remediation]
+
+**Best for**: Quick fixes, one-off remediation, teams preferring graphical interfaces
+
+The Console workflow provides step-by-step, numbered instructions for fixing misconfigurations using the AWS Management Console.
+
+**What you get**:
+* **Sequential steps**: Clear, numbered instructions that walk you through each click and selection
+* **Visual guidance**: Screenshots and descriptions of what you'll see in the AWS console
+* **Error handling**: Common issues you might encounter and how to resolve them
+* **Verification steps**: How to confirm the fix was applied correctly
+
+
+
+
+ Example of detailed remediation guidance for an S3 bucket misconfiguration, showing multiple workflow options including Console, CLI, and verification steps.
+
+
+**Example use cases**:
+* Emergency fixes that need immediate implementation
+* One-time configuration changes
+* Teams new to infrastructure automation
+* Development and testing environments
+
+### CLI-based remediation [#cli-remediation]
+
+**Best for**: Automation scripts, command-line-first teams, batch operations
+
+The CLI workflow provides exact, copy-pasteable AWS CLI commands with detailed explanations.
+
+**What you get**:
+* **Copy-pasteable commands**: Ready-to-run AWS CLI commands with all necessary parameters
+* **Command explanations**: Clear descriptions of what each command does and why it's necessary
+* **Parameter details**: Explanation of command parameters and how to customize them for your environment
+* **Error handling**: Common CLI errors and how to troubleshoot them
+
+**Example use cases**:
+* Scripted remediation across multiple resources
+* Integration with existing automation tools
+* Bulk fixes across multiple AWS accounts
+* Teams comfortable with command-line interfaces
+
+### CloudFormation remediation [#cloudformation-remediation]
+
+**Best for**: Infrastructure as Code workflows, preventing configuration drift, production environments
+
+The CloudFormation workflow provides production-ready Infrastructure as Code templates that fix misconfigurations at the source.
+
+**What you get**:
+* **Complete templates**: Ready-to-deploy CloudFormation templates with proper resource definitions
+* **Parameter configuration**: Customizable parameters for different environments and use cases
+* **Resource relationships**: Proper dependencies and references between related resources
+* **Best practices**: Templates follow AWS CloudFormation best practices and security guidelines
+
+**Example use cases**:
+* Production environment fixes that need to be permanent
+* Preventing configuration drift by codifying correct configurations
+* Teams using Infrastructure as Code for deployment and management
+* Fixes that need to be replicated across multiple environments
+
+### Terraform remediation [#terraform-remediation]
+
+**Best for**: Terraform-based infrastructure management, multi-cloud environments, DevOps workflows
+
+The Terraform workflow provides Terraform code snippets that integrate with your existing Terraform configurations.
+
+**What you get**:
+* **Terraform resources**: Properly configured Terraform resource blocks with correct arguments
+* **Variable usage**: Examples of how to parameterize configurations for different environments
+* **Provider requirements**: Necessary provider configurations and version constraints
+* **State management**: Guidance on importing existing resources if needed
+
+**Example use cases**:
+* Teams already using Terraform for infrastructure management
+* Multi-cloud environments where Terraform provides consistency
+* DevOps workflows that require infrastructure changes to go through version control
+* Organizations with Terraform-based CI/CD pipelines
+
+## Remediation process workflow [#remediation-process]
+
+### 1. Access misconfiguration details
+
+Navigate to the specific misconfiguration you want to remediate:
+
+1. Go to **[one.newrelic.com > All capabilities](https://one.newrelic.com/all-capabilities) > Security RX > Cloud**
+2. Select **Misconfigurations** to view the detailed list
+3. Click on the specific misconfiguration you want to fix
+
+### 2. Understand the issue
+
+Before implementing fixes, review the misconfiguration details:
+
+* **Risk assessment**: Why this misconfiguration matters and its potential impact
+* **Affected resources**: Complete list of resources with this security finding
+* **Business context**: How this issue relates to your applications and data
+* **Compliance implications**: Whether this finding affects regulatory compliance
+
+### 3. Choose your remediation workflow
+
+Select the remediation tab that matches your preferred workflow:
+
+* **Console**: For immediate, interactive fixes
+* **CLI**: For command-line-based remediation
+* **CloudFormation**: For Infrastructure as Code fixes
+* **Terraform**: For Terraform-managed infrastructure
+
+### 4. Implement the fix
+
+Follow the step-by-step instructions provided for your chosen workflow:
+
+* **Copy the provided code**: All code snippets are ready to use
+* **Customize parameters**: Adjust any parameters for your specific environment
+* **Execute the fix**: Implement the remediation following the provided steps
+* **Handle errors**: Use the troubleshooting guidance if you encounter issues
+
+### 5. Verify the fix
+
+Every remediation playbook includes verification steps:
+
+* **Confirmation commands**: CLI commands or console checks to verify the fix
+* **Expected results**: What you should see if the fix was implemented correctly
+* **Troubleshooting**: What to do if verification fails
+* **Monitoring**: How to ensure the fix remains in place over time
+
+## Advanced remediation scenarios [#advanced-scenarios]
+
+### Bulk remediation across resources
+
+When the same misconfiguration affects multiple resources:
+
+* **CLI approach**: Use AWS CLI with loops or scripts to apply fixes across multiple resources
+* **Infrastructure as Code**: Update your templates to fix the issue across all affected resources
+* **Automation integration**: Integrate remediation commands into your existing automation tools
+
+### Multi-account remediation
+
+For organizations with multiple AWS accounts:
+
+* **Cross-account roles**: Use the provided CLI commands with cross-account role assumptions
+* **Account-specific parameters**: Customize the remediation for each account's specific configuration
+* **Centralized deployment**: Use AWS Organizations or other centralized deployment tools
+
+### Environment-specific considerations
+
+Different environments may require different approaches:
+
+* **Production**: Prefer Infrastructure as Code approaches to ensure changes are tracked and reversible
+* **Development**: Console or CLI approaches may be faster for non-critical environments
+* **Testing**: Use remediation as an opportunity to test fixes before applying to production
+
+## Best practices for remediation [#best-practices]
+
+### Security considerations
+
+* **Test fixes first**: Apply fixes to development or testing environments before production
+* **Backup configurations**: Take snapshots or backups before making changes
+* **Understand impact**: Review how fixes might affect application functionality
+* **Monitor after changes**: Watch for any unexpected behavior after implementing fixes
+
+### Process integration
+
+* **Change management**: Include security remediation in your change management processes
+* **Documentation**: Document what was fixed and why for future reference
+* **Team communication**: Notify relevant teams about security fixes that might affect their services
+* **Continuous improvement**: Use remediation patterns to improve your security practices
+
+### Automation opportunities
+
+* **Script common fixes**: Automate frequently needed remediation tasks
+* **CI/CD integration**: Include security fixes in your deployment pipelines
+* **Monitoring automation**: Set up alerts to detect when misconfigurations reoccur
+* **Policy as code**: Implement preventive controls to avoid future misconfigurations
+
+## Troubleshooting remediation issues [#troubleshooting]
+
+### Common remediation challenges
+
+* **Permission errors**: Ensure you have the necessary IAM permissions for the remediation actions
+* **Resource dependencies**: Some fixes may require changes to related resources
+* **Timing issues**: Some changes may take time to propagate across AWS services
+* **Validation failures**: Resources may not immediately show as fixed due to polling delays
+
+### Getting help
+
+If you encounter issues with remediation:
+
+* **Check prerequisites**: Ensure you have the necessary permissions and access
+* **Review error messages**: AWS error messages often provide specific guidance
+* **Consult AWS documentation**: The remediation playbooks reference official AWS documentation
+* **Contact support**: Reach out to New Relic support for platform-specific issues
+
+Learn more about [cloud misconfiguration prioritization](/docs/vulnerability-management/cloud-misconfig-prioritization) to understand which issues to remediate first, and [setup guides](/docs/vulnerability-management/cloud-misconfig-setup) for configuring Security RX Cloud integration.
\ No newline at end of file
diff --git a/src/content/docs/vulnerability-management/cloud-misconfig-setup.mdx b/src/content/docs/vulnerability-management/cloud-misconfig-setup.mdx
new file mode 100644
index 00000000000..512560a8bde
--- /dev/null
+++ b/src/content/docs/vulnerability-management/cloud-misconfig-setup.mdx
@@ -0,0 +1,195 @@
+---
+title: Set up Security RX Cloud integration
+metaDescription: Complete guide to integrating AWS Security Hub with Security RX Cloud for cloud misconfiguration management.
+freshnessValidatedDate: never
+---
+
+Security RX Cloud provides a unified security and posture management solution to streamline the discovery, management, and remediation process for cloud security findings. This guide walks you through setting up the integration with AWS Security Hub.
+
+## Overview
+
+Security RX Cloud uses a **polling integration** with AWS Security Hub, which is different from the existing webhook-based integration. This polling method allows for more comprehensive data collection and better integration with New Relic's auto-discovery capabilities.
+
+## Prerequisites
+
+Before setting up Security RX Cloud, ensure you have:
+
+* A New Relic account with Security RX access and appropriate user permissions
+* An AWS account with [AWS Security Hub enabled](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-settingup.html)
+* Appropriate IAM permissions for the integration
+* A New Relic [license key](/docs/accounts-partnerships/install-new-relic/account-setup/license-key) for the account you want to report data to
+
+## Connect your AWS account
+
+There are two setup paths depending on whether you're a new user or already have an existing AWS integration with New Relic.
+
+### For new users
+
+If you're connecting your AWS account to New Relic for the first time:
+
+
+
+ ### Navigate to the integration setup
+
+ 1. From the New Relic platform, navigate to **Infrastructure > AWS**
+ 2. Click **Add an AWS account** and follow the guided instructions
+ 3. For detailed guidance on the API polling integration, see our [AWS integration documentation](/docs/infrastructure/amazon-integrations/connect/set-up-aws-api-polling/)
+
+
+
+ ### Choose Security Hub Configuration
+
+ 1. During the setup process, you'll see integration options including **Security Hub Configuration**
+ 2. Select **Security Hub Configuration** to enable cloud security monitoring
+
+ 
+
+
+ Select Security Hub configurations during the AWS integration setup process.
+
+
+ 3. Choose your preferred setup method:
+ * **CloudFormation** (recommended for most users)
+ * **Manual integration** (for custom configurations)
+ * **Terraform** (for infrastructure as code workflows)
+
+
+
+ ### Configure auto-discovery
+
+ 1. When prompted, enable auto-discovery to automatically identify cloud resources
+ 2. Select the AWS regions you want to monitor
+ 3. Choose your polling frequency:
+ * **6 hours** (more frequent updates)
+ * **12 hours** (standard frequency)
+ 4. Save your configuration
+
+
+
+ ### Complete the setup
+
+ 1. Follow the remaining guided setup steps
+ 2. If using CloudFormation, launch the provided template in your AWS account
+ 3. Verify the integration is working by checking for incoming data
+
+
+
+### For existing AWS integration users
+
+If you already have an AWS account connected to New Relic:
+
+
+
+ ### Access integration management
+
+ 1. Navigate to **Infrastructure > AWS**
+ 2. Find your existing AWS account integration
+ 3. Click **Manage AWS Integration**
+
+
+
+ ### Install Security Hub integration
+
+ 1. Look for **AWS Security Hub** in the available integrations list
+ 2. If not already configured, you'll see an **Install** button
+ 3. Click **Install** to begin the setup process
+
+
+
+ ### Configure Security Hub settings
+
+ 1. Select your polling frequency (6 or 12 hours)
+ 2. Choose which AWS regions to monitor
+ 3. Save your configuration
+
+
+
+ ### Install auto-discovery (optional but recommended)
+
+ 1. Look for **AWS Auto Discovery** in the integration list
+ 2. If not already enabled, click **Install**
+ 3. Configure regional settings and scanning frequency
+ 4. Save the auto-discovery configuration
+
+
+
+## How auto-discovery works with SRX Cloud
+
+Security RX Cloud is built to leverage New Relic's core platform capabilities through auto-discovery:
+
+### Resource identification
+
+When you connect your AWS account and enable auto-discovery, our system:
+
+* Automatically identifies all your cloud resources (EC2 instances, S3 buckets, RDS databases, etc.)
+* Brings them into New Relic as monitored entities
+* Fetches live configuration data for these resources
+
+### Security enrichment
+
+Security RX Cloud then enhances these entities by:
+
+* Enriching them with security findings from AWS Security Hub
+* Providing contextual information about misconfigurations
+* Displaying current resource configuration alongside proposed remediation steps
+
+This integration makes it easy to see exactly what's wrong with a resource and how the proposed fix will correct it.
+
+## Integration with CSPM vendors
+
+### AWS Security Hub options
+
+Security RX Cloud integrates with AWS Security Hub, which can aggregate findings from multiple security tools:
+
+* **AWS native services**: GuardDuty, Inspector, Config, etc.
+* **Third-party CSPM tools**: Any tool that publishes findings to Security Hub
+* **Custom security findings**: Your own security tools that integrate with Security Hub
+
+### Understanding the golden path
+
+For optimal outcomes with Security RX Cloud:
+
+1. **Enable AWS Security Hub** as your central security findings aggregator
+2. **Configure your preferred CSPM tools** to publish findings to Security Hub
+3. **Use auto-discovery** to ensure all resources are monitored and contextualized
+4. **Set appropriate polling frequency** based on your security requirements
+
+## Troubleshooting common setup issues
+
+### Integration not showing data
+
+If you don't see security findings after setup:
+
+* Verify AWS Security Hub is enabled in your monitored regions
+* Check that your IAM permissions include Security Hub read access
+* Confirm that security findings exist in AWS Security Hub
+* Wait for the next polling cycle (up to 12 hours depending on your settings)
+
+### Auto-discovery not finding resources
+
+If resources aren't being discovered:
+
+* Verify auto-discovery is enabled for the correct regions
+* Check IAM permissions for EC2, S3, RDS, and other service read access
+* Ensure resources exist in the monitored regions
+* Wait for the next discovery scan
+
+### Performance considerations
+
+* Choose polling frequency based on your security response requirements
+* Monitor usage to ensure you're within your New Relic data limits
+* Consider regional scope to focus on your most critical environments
+
+## Next steps
+
+After completing the integration setup:
+
+* Review the [cloud misconfiguration prioritization guide](/docs/vulnerability-management/cloud-misconfig-prioritization) to understand how findings are scored
+* Learn about [remediation workflows](/docs/vulnerability-management/cloud-misconfig-remediation) for fixing misconfigurations
+* Choose your workflow based on your role:
+ * [Workflow for engineers](/docs/vulnerability-management/cloud-workflow-misconfig)
+ * [Workflow for security teams](/docs/vulnerability-management/security-workflow-cloud-misconfig)
\ No newline at end of file
diff --git a/src/content/docs/vulnerability-management/cloud-workflow-misconfig.mdx b/src/content/docs/vulnerability-management/cloud-workflow-misconfig.mdx
new file mode 100644
index 00000000000..b39c61732ae
--- /dev/null
+++ b/src/content/docs/vulnerability-management/cloud-workflow-misconfig.mdx
@@ -0,0 +1,200 @@
+---
+title: Manage misconfigurations in your cloud environment
+metaDescription: Use Security RX Cloud to discover, prioritize, and remediate cloud misconfigurations as an engineer.
+freshnessValidatedDate: never
+---
+
+As an engineer, you want to maintain healthy applications and infrastructure while understanding the security risks in your cloud environment. Security RX Cloud helps you discover, prioritize, and remediate cloud misconfigurations without leaving your development workflow.
+
+This document covers how to:
+
+* Improve your cloud security posture in real-time
+* Reduce context switching with automatic synchronization of AWS Security Hub findings
+* Prioritize the most critical misconfigurations based on intelligent risk scoring
+* Access detailed remediation guidance for multiple workflows (Console, CLI, Infrastructure as Code)
+
+If this workflow doesn't sound like you, check out our document on [managing vulnerabilities as a security team](/docs/vulnerability-management/security-workflow-cloud-misconfig).
+
+## Prerequisites
+
+Before you begin, ensure you have:
+
+* [Security RX Cloud integration set up](/docs/vulnerability-management/cloud-misconfig-setup) with your AWS account
+* AWS Security Hub enabled in your monitored regions
+* Access to Security RX in your New Relic account
+
+
+ New to Security RX Cloud? Start with our [setup guide](/docs/vulnerability-management/cloud-misconfig-setup) to connect your AWS account and enable auto-discovery.
+
+
+## Get started with Security RX Cloud [#get-started]
+
+Security RX Cloud provides a comprehensive view of your cloud security posture, allowing you to identify and remediate misconfigurations in real-time. By integrating with AWS Security Hub, you can automatically synchronize findings and reduce context switching between multiple security tools.
+
+### Access Security RX Cloud
+
+Navigate to **[one.newrelic.com > All capabilities](https://one.newrelic.com/all-capabilities) > Security RX** and select the **Cloud** tab to view your cloud security overview.
+
+For entity-specific security insights, you can also access Security RX through individual services:
+**[one.newrelic.com > All capabilities](https://one.newrelic.com/all-capabilities) > APM & services > (select an entity) > Security RX > Overview**
+
+
+
+
+
+ **[one.newrelic.com > All capabilities](https://one.newrelic.com/all-capabilities) > APM & services > (select an entity) > Security > Overview**
+
+
+
+## Understand your cloud security overview [#overview]
+
+The **Cloud** tab provides a comprehensive dashboard that helps you contextualize findings, identify top risk areas, and understand trends across your cloud environment.
+
+
+
+
+ The Security RX Cloud overview dashboard provides comprehensive visibility into your cloud security posture.
+
+
+### Problems the overview solves
+
+* **Overwhelming misconfiguration volume**: Large numbers of findings make it difficult to understand trends and prioritize efforts
+* **Lack of visibility**: No clear starting point for remediation efforts
+* **Stakeholder reporting**: Need for executive-level insights into security posture
+
+### Key overview features
+
+The cloud overview page displays:
+
+* **New misconfigurations**: Recently detected security findings requiring attention
+* **Top critical regions**: Geographic areas with the highest concentration of security issues
+* **Top resource types**: Which AWS services (S3, EC2, RDS, etc.) have the most security findings
+* **Risk breakdown by category**: Misconfigurations organized by security impact type
+* **Risk by account**: Multi-account view showing which AWS accounts need the most attention
+* **Critical VPC analysis**: Virtual private cloud environments with security concerns
+
+### Interpreting misconfiguration data
+
+The overview helps you:
+
+* **Assess exposure over time**: Track whether your security posture is improving or degrading
+* **View by category**: Understand whether you're dealing with compliance issues, active threats, or configuration drift
+* **Distinguish standards vs threats**: Differentiate between compliance violations and active security threats
+* **Breakdown by dimensions**: Filter by issue type, resource type, region, or cloud account for focused analysis
+
+
+## Prioritize and search cloud misconfigurations [#prioritize-search]
+
+After understanding your overall security posture, dive deeper into specific misconfigurations using the detailed views.
+
+### Problems this workflow solves
+
+* **Remediation overwhelm**: Not knowing where to start when facing hundreds of misconfigurations
+* **Context switching**: Having to jump between multiple tools to understand and fix issues
+* **Inefficient triage**: Spending time on low-impact issues instead of critical security risks
+
+### Access misconfiguration details
+
+Navigate to the **Misconfigurations** section within Security RX Cloud to view all detected security findings:
+
+1. Go to **[one.newrelic.com > All capabilities](https://one.newrelic.com/all-capabilities) > Security RX > Cloud**
+2. Select the **Misconfigurations** tab for a detailed list view
+
+
+
+
+ The Misconfigurations tab provides a detailed list view of all security findings with filtering and sorting capabilities.
+
+
+### Filter and sort misconfigurations
+
+Use the filtering and sorting capabilities to focus on what matters most:
+
+* **Sort by risk level**: Focus on critical and high-severity findings first
+* **Filter by resource type**: View misconfigurations for specific services (S3, EC2, RDS, etc.)
+* **Sort by detection time**: See the most recently discovered issues
+* **Filter by region**: Focus on specific AWS regions
+* **Filter by account**: Multi-account environments can filter by specific AWS accounts
+
+
+
+
+
+ **[one.newrelic.com > All capabilities](https://one.newrelic.com/all-capabilities) > Security RX > Cloud > Misconfigurations**
+
+
+
+### Resource-level analysis
+
+Use the **Resources** tab to understand security issues from a resource perspective:
+
+* **Contextualize severity profiles**: See how many critical, high, medium, and low findings each resource has
+* **Prioritize remediation efforts**: Focus on resources with multiple high-severity findings
+* **Understand blast radius**: See which resources are most critical to your infrastructure
+
+## Triage and remediate individual misconfigurations [#triage-remediate]
+
+When you've identified a misconfiguration to address, click on it to access detailed information and remediation guidance.
+
+### Problems this workflow solves
+
+* **Difficulty assessing impact**: Hard to understand the true risk and affected area of a misconfiguration
+* **Research overhead**: Time wasted looking up how to fix security issues
+* **Context switching**: Having to leave New Relic to research and implement fixes
+
+### Understanding misconfiguration details
+
+Each misconfiguration detail page provides:
+
+* **Risk assessment**: Why this misconfiguration matters and its potential impact
+* **Affected resources**: Complete list of resources with this security finding
+* **Resource context**: Current configuration, team ownership, tags, and operational metrics
+* **Remediation guidance**: Step-by-step instructions for multiple workflows
+
+### Access remediation instructions
+
+Security RX Cloud provides comprehensive, AI-generated remediation playbooks with multiple workflow options:
+
+* **Console**: Step-by-step instructions for fixing the issue in the AWS Management Console
+* **CLI**: Copy-pasteable AWS CLI commands with explanations
+* **CloudFormation**: Production-ready Infrastructure as Code snippets
+* **Terraform**: Terraform code snippets for infrastructure automation
+* **Verification**: Post-fix checklist to confirm the issue is resolved
+
+### Best practices for engineers
+
+* **Start with critical findings**: Focus on high-risk misconfigurations that could lead to data exposure
+* **Use Infrastructure as Code fixes**: Prefer CloudFormation or Terraform remediation to prevent configuration drift
+* **Verify fixes**: Always run the verification steps to ensure the misconfiguration is truly resolved
+* **Update your templates**: Apply fixes to your infrastructure code templates to prevent recurrence
+
+## Integration with development workflow
+
+Security RX Cloud is designed to fit into your existing development and operational processes:
+
+* **CI/CD integration**: Use the remediation code snippets in your infrastructure pipelines
+* **Incident response**: Quickly identify and fix security issues during incidents
+* **Regular maintenance**: Use the overview dashboard for regular security hygiene reviews
+* **Team collaboration**: Share misconfiguration details and remediation plans with team members
+
+Learn more about [understanding misconfiguration prioritization](/docs/vulnerability-management/cloud-misconfig-prioritization) and [detailed remediation workflows](/docs/vulnerability-management/cloud-misconfig-remediation).
+
+
+
+
diff --git a/src/content/docs/vulnerability-management/integrations/aws-securityhub-polling.mdx b/src/content/docs/vulnerability-management/integrations/aws-securityhub-polling.mdx
new file mode 100644
index 00000000000..8f9f37f5eae
--- /dev/null
+++ b/src/content/docs/vulnerability-management/integrations/aws-securityhub-polling.mdx
@@ -0,0 +1,69 @@
+---
+title: AWS security hub integration (Polling method)
+metaDescription: 'Send your security data from AWS Security Hub, GuardDuty, and inspector directly to New Relic.'
+freshnessValidatedDate: never
+---
+
+You can import AWS Security Hub findings into New Relic to achieve a single, unified view of vulnerabilities. The process uses the AWS API to poll for findings from AWS Security reporting services.
+After completing these steps, you will see new vulnerabilities detected by AWS Security tools in your New Relic account in real time, and you'll be able to build out analytics dashboards and enable on newly detected issues.
+
+## Set up API polling [#set-up-api]
+
+Follow these procedures to set up API polling. Both procedures require you to move between the New Relic UI and your AWS account.
+
+
+
+
+To connect additional **API Polling** integrations to New Relic:
+
+1. Go to **[one.newrelic.com > All capabilities](https://one.newrelic.com/all-capabilities) > Infrastructure > AWS**. Click on one of the available service tiles. From the [IAM console](https://console.aws.amazon.com/iam/home?#/roles), click **Roles** > **Create role** > **AWS account** > **Another AWS account**. Input the following:
+
+ * For `Account ID`, use `754728514883`
+ * Check the `Require external ID` box
+ * For `External ID`, enter your New Relic account ID
+ * Don't enable the setting to `Require MFA` (multi-factor authentication)
+1. Attach the **Policy**: Search for `ReadOnlyAccess` in the **Permissions policies** text box, select the checkbox for the policy named `ReadOnlyAccess`, then click **Next**. Alternatively, you can [create your own managed policy](/docs/integrations/amazon-integrations/getting-started/integrations-managed-policies) and limit the permissions you grant New Relic according to the AWS services you want to monitor.
+1. Enter `NewRelicInfrastructure-Integrations` for the **Role name**, then click **Create role** to select the newly created role from the list. On the **Role summary** page, select and copy the entire **Role ARN** (required later in this procedure).
+1. Configure a **Budgets** policy by viewing the **Role summary** for your new role. Open the **Add permissions** drop-down and click on **Create inline policy**. Open the **JSON** tab and add the following permission statement:
+
+ ```json
+ {
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Effect": "Allow",
+ "Action": [
+ "budgets:ViewBudget"
+ ],
+ "Resource": "*"
+ }
+ ]
+ }
+ ```
+1. Click **Review policy** to enter a policy name (like `NewRelicBudget`), then select **Create policy**.
+1. Return to the New Relic UI to enter your AWS account name and the ARN for the new role that you saved in step 2.
+1. Select the AWS services you want to monitor with the infrastructure integrations, then **Save**.
+
+It may take few minutes until new resources are detected and synthesized as entities. See Cloud integrations [system limits](/docs/data-apis/manage-data/view-system-limits) for more information.
+
+
+
+
+If you previously set up an ARN with a restrictive **AmazonEC2ReadOnlyAccess** policy, unlink your existing integration and create a new ARN with a broader policy.
+
+Follow the instructions to [connect your Amazon account to New Relic](/docs/infrastructure/new-relic-infrastructure/data-instrumentation/amazon-aws-ec2-integration-infrastructure#connect) .
+Provide the ARN that contains the **ReadOnlyAccess** policy.
+
+Once you complete your setup, you can see your integrations at **[one.newrelic.com > All capabilities](https://one.newrelic.com/all-capabilities) > Infrastructure > AWS**.
+
+
+
+
+
+
diff --git a/src/content/docs/vulnerability-management/integrations/aws.mdx b/src/content/docs/vulnerability-management/integrations/aws.mdx
index acd97bda7c8..e7a86a605d1 100644
--- a/src/content/docs/vulnerability-management/integrations/aws.mdx
+++ b/src/content/docs/vulnerability-management/integrations/aws.mdx
@@ -1,5 +1,5 @@
---
-title: AWS security integration
+title: AWS security integration (EventBridge method)
metaDescription: 'Send your security data from AWS Security Hub, GuardDuty, and inspector directly to New Relic.'
freshnessValidatedDate: never
---
@@ -119,5 +119,7 @@ Once you've created an API destination for ingest, create an Eventbridge rule to
```
Note that GuardDuty and Inspector results will only show this way, while SecurityHub vulnerabilities will be visible in New Relic's Security RX (if available).
+
+ For more comprehensive NRQL query examples for security data, including vulnerabilities and cloud misconfigurations, see [Security data NRQL query examples](/docs/nrql/nrql-examples/security-nrql-query-examples).
diff --git a/src/content/docs/vulnerability-management/overview.mdx b/src/content/docs/vulnerability-management/overview.mdx
index df330d12955..79fc5f9ca7e 100644
--- a/src/content/docs/vulnerability-management/overview.mdx
+++ b/src/content/docs/vulnerability-management/overview.mdx
@@ -24,7 +24,7 @@ With Security RX, you get:
* A birds-eye view of all vulnerabilities, including the ones that are detected by the New Relic platform and our integration partners such as [FOSSA](/docs/vulnerability-management/integrations/fossa/), [AWS Security Hub](/docs/vulnerability-management/integrations/aws/), [Trivy](/docs/vulnerability-management/integrations/trivy), [Snyk](/docs/vulnerability-management/integrations/snyk/), [Dependabot](/install/vm/), and more.
-* Continuous run-time visibility of vulnerabilities in your applications and infrastructure
+* Continuous run-time visibility of vulnerabilities in your applications, infrastructure, and cloud environments
* Near real-time deployment validation of security patches
@@ -34,6 +34,9 @@ With Security RX, overcome security blindspots across your entire stack from app
[Visit one.newrelic.com](https://one.newrelic.com/vulnerability-management) to get started today.
+## Query your security data
+
+Security RX stores vulnerability and cloud misconfiguration data as `SECURITY_FINDING` entities in NRDB, which you can query using NRQL to create custom dashboards, set up alerts, and analyze your security posture. For comprehensive NRQL query examples, see [Security data NRQL query examples](/docs/nrql/nrql-examples/security-nrql-query-examples).
## View security insights for developers, security teams, and architects
@@ -65,4 +68,35 @@ To dive deeper into these use cases, see [Manage vulnerabilities as a security t
+Certainly! Here's a more concise version of the pricing section for Security RX capability:
+
+---
+
+## Security RX pricing
+
+
+Security RX uses three meters for pricing based on monitored entities:
+
+* **APM services**
+* **Infrastructure hosts**
+* **Cloud resources**
+
+**Pricing and packaging**
+
+* **Advanced compute:** Billed via a CCU meter based on entity count.
+* **Minimum commitment:** 1-month minimum for active monitoring.
+
+
+New Relic Security RX provides automated, continuous vulnerability monitoring for APM and infrastructure instances, correlating security findings across third-party tools to cloud resources. Monthly costs depend on workloads monitored:
+
+* **Application Vulnerability Monitoring:** Evaluates APM Services for software vulnerabilities, correlating and enriching findings. Costs are based on the number of services assessed monthly, prorated for intermittent applications.
+
+* **Infrastructure Vulnerability Monitoring:** Evaluates infrastructure instances for vulnerabilities, correlating and enriching findings. Costs are based on the number of hosts assessed monthly, prorated for intermittent hosts.
+
+* **Cloud Security Assessments:** Correlates and enriches findings for cloud resources. Costs are based on the number of resources assessed monthly, prorated for intermittent resources.
+
+Security RX requires a minimum 30-day activation but can be disabled afterward. Monitoring is billed monthly based on hours monitored.
+
+
+
diff --git a/src/content/docs/vulnerability-management/security-workflow-cloud-misconfig.mdx b/src/content/docs/vulnerability-management/security-workflow-cloud-misconfig.mdx
new file mode 100644
index 00000000000..940836fd7d7
--- /dev/null
+++ b/src/content/docs/vulnerability-management/security-workflow-cloud-misconfig.mdx
@@ -0,0 +1,187 @@
+---
+title: Manage misconfigurations in your cloud environment as a DevSecOps, Platform, or Security team
+metaDescription: Use Security RX Cloud to gain visibility across your organization's cloud security posture and coordinate remediation efforts.
+freshnessValidatedDate: never
+---
+
+As a member of a DevSecOps, platform, or security team, you need comprehensive visibility into your organization's cloud security posture and the ability to coordinate remediation efforts across multiple teams and accounts. Security RX Cloud provides the centralized view and collaboration tools you need to manage cloud security at scale.
+
+This document covers how to:
+
+* Gain organization-wide visibility into cloud security posture
+* Understand and communicate security risk across stakeholders
+* Coordinate remediation efforts with development and operations teams
+* Track progress on security improvements over time
+* Reduce context switching with automatic synchronization of AWS Security Hub findings
+
+If this workflow doesn't sound like you, check out our document on [managing vulnerabilities as an engineer](/docs/vulnerability-management/cloud-workflow-misconfig).
+
+## Prerequisites
+
+Before you begin, ensure you have:
+
+* [Security RX Cloud integration set up](/docs/vulnerability-management/cloud-misconfig-setup) across all monitored AWS accounts
+* AWS Security Hub enabled in your organization's AWS accounts
+* Appropriate permissions to view security data across accounts and regions
+* Team access configured for Security RX in New Relic
+
+
+ For organization-wide visibility, ensure Security RX Cloud is configured for all AWS accounts in your organization. See our [setup guide](/docs/vulnerability-management/cloud-misconfig-setup) for multi-account configuration.
+
+
+
+## Assess organization-wide cloud security posture [#assess-posture]
+
+Security RX Cloud provides comprehensive visibility into your organization's cloud security posture, allowing you to identify trends, prioritize remediation efforts, and communicate risk to stakeholders.
+
+### Problems this approach solves
+
+* **Fragmented security visibility**: No single view of security posture across multiple AWS accounts and regions
+* **Stakeholder communication**: Difficulty explaining security risk and progress to executives and business teams
+* **Resource allocation**: Uncertainty about where to focus security team efforts for maximum impact
+* **Compliance reporting**: Manual effort required to generate security posture reports
+
+### Access the organization overview
+
+Navigate to **[one.newrelic.com > All capabilities](https://one.newrelic.com/all-capabilities) > Security RX > Cloud** to access your comprehensive cloud security dashboard.
+
+
+
+
+
+ **[one.newrelic.com > All capabilities](https://one.newrelic.com/all-capabilities) > Security RX > Cloud**
+
+
+
+### Key metrics for security leaders
+
+The cloud overview provides executive-level insights including:
+
+* **Total misconfiguration count**: Overall volume and trends over time
+* **Risk distribution**: Breakdown of critical, high, medium, and low-risk findings
+* **Account-level analysis**: Which AWS accounts pose the highest risk
+* **Regional distribution**: Geographic concentration of security issues
+* **Resource type analysis**: Which AWS services require the most attention
+* **Compliance posture**: Standards-based findings vs. active threat indicators
+
+
+
+
+ The AWS Account view provides detailed insights into which accounts pose the highest security risk and their misconfiguration breakdown.
+
+
+### Trending and historical analysis
+
+Use the time-based controls to understand:
+
+* **Security posture trajectory**: Whether your organization is improving or degrading over time
+* **Remediation velocity**: How quickly teams are addressing security findings
+* **New vs. resolved findings**: Balance between new discoveries and remediation efforts
+* **Seasonal patterns**: Whether certain times correlate with more security issues
+
+## Coordinate remediation efforts across teams [#coordinate-remediation]
+
+Security teams need to coordinate remediation efforts across multiple development and operations teams while tracking progress and ensuring accountability.
+
+### Problems this workflow solves
+
+* **Remediation assignment**: Difficulty assigning security findings to the right teams and individuals
+* **Progress tracking**: No visibility into whether assigned remediation work is being completed
+* **Team collaboration**: Challenges coordinating between security, development, and operations teams
+* **Escalation management**: Unclear processes for handling overdue or critical security findings
+
+### Team-based remediation management
+
+
+
+ Use Security RX Cloud's entity-based approach to assign remediation work:
+
+ * **Entity ownership mapping**: Associate cloud resources with responsible teams through tagging and metadata
+ * **Bulk assignment**: Assign multiple related misconfigurations to teams based on resource ownership
+ * **Workflow integration**: Connect assignments to your existing ticketing and project management systems
+ * **Notification automation**: Set up alerts when new critical findings are assigned to teams
+
+ Navigate to the **Resources** view to see all cloud resources organized by ownership and security posture.
+
+ 
+
+
+ The Resources view provides a comprehensive breakdown of cloud resources organized by security posture and ownership.
+
+
+
+
+ Monitor organization-wide remediation efforts through comprehensive tracking:
+
+ * **Team dashboards**: See which teams have outstanding security work and their remediation velocity
+ * **SLA monitoring**: Track whether teams are meeting security remediation service level agreements
+ * **Escalation triggers**: Automatically escalate overdue critical findings to management
+ * **Progress reporting**: Generate reports showing security improvement trends across teams
+
+ Use filtering to view progress by team, severity, or finding type for focused management.
+
+
+
+ Facilitate collaboration between security and development teams:
+
+ * **Shared context**: Provide teams with the same view of security findings and their business impact
+ * **Remediation guidance**: Share Security RX Cloud's detailed remediation instructions with development teams
+ * **Verification collaboration**: Work with teams to verify that fixes are properly implemented
+ * **Knowledge sharing**: Use remediation patterns to educate teams on secure configuration practices
+
+ The individual finding detail pages provide all the context teams need to understand and fix security issues.
+
+
+
+## Advanced security team workflows [#advanced-workflows]
+
+### Risk-based prioritization for security leaders
+
+Security teams need to make strategic decisions about resource allocation and risk acceptance:
+
+* **Risk scoring validation**: Review and adjust Security RX Cloud's intelligent risk scoring based on organizational context
+* **Compliance mapping**: Understand which findings relate to specific compliance frameworks (SOC 2, PCI DSS, etc.)
+* **Business impact assessment**: Correlate security findings with business-critical applications and data
+* **Risk acceptance documentation**: Track decisions about accepted risks and their justifications
+
+### Metrics and KPIs for security programs
+
+Use Security RX Cloud data to measure and improve your security program:
+
+* **Mean time to remediation (MTTR)**: Track how quickly your organization addresses security findings
+* **Security debt**: Monitor the accumulation of unaddressed security findings over time
+* **Team performance**: Compare remediation velocity across different teams and applications
+* **Trend analysis**: Identify whether your security posture is improving over time
+
+### Integration with security tools and processes
+
+* **SIEM integration**: Export security findings to your Security Information and Event Management system
+* **Ticketing integration**: Automatically create tickets in Jira, ServiceNow, or other systems
+* **Compliance reporting**: Generate reports for auditors and compliance teams
+* **Executive dashboards**: Create executive-level views of security posture and progress
+
+Learn more about [understanding misconfiguration prioritization](/docs/vulnerability-management/cloud-misconfig-prioritization) and [detailed remediation workflows](/docs/vulnerability-management/cloud-misconfig-remediation) to support your team coordination efforts.
diff --git a/src/nav/nrql.yml b/src/nav/nrql.yml
index 8353fbcea5c..2a832b9af87 100644
--- a/src/nav/nrql.yml
+++ b/src/nav/nrql.yml
@@ -61,5 +61,7 @@ pages:
path: /docs/nrql/nrql-examples/browserspa-nrql-query-examples
- title: Mobile NRQL examples
path: /docs/nrql/nrql-examples/nrql-query-examples-mobile-monitoring
+ - title: Security data NRQL examples
+ path: /docs/nrql/nrql-examples/security-nrql-query-examples
- title: Schedule NRQL searches
- path: /docs/nrql/using-nrql/schedule-nrql-searches
\ No newline at end of file
+ path: /docs/nrql/using-nrql/schedule-nrql-searches
diff --git a/src/nav/vuln-management.yml b/src/nav/vuln-management.yml
index d7a0a945784..1669626dd24 100644
--- a/src/nav/vuln-management.yml
+++ b/src/nav/vuln-management.yml
@@ -11,8 +11,10 @@ pages:
pages:
- title: Vulnerability integrations overview
path: /docs/vulnerability-management/integrations/intro
- - title: AWS Security
+ - title: AWS Security with EventBridge method
path: /docs/vulnerability-management/integrations/aws
+ - title: AWS Security with Polling method
+ path: /docs/vulnerability-management/integrations/aws-securityhub-polling
- title: Dependabot
path: /install/vm
- title: Snyk
@@ -27,8 +29,20 @@ pages:
path: /docs/vulnerability-management/integrations/fossa
- title: Understanding vulnerability prioritization
path: /docs/vulnerability-management/understanding-prioritization
+ - title: Manage cloud misconfigurations
+ pages:
+ - title: Set up cloud security integration
+ path: /docs/vulnerability-management/cloud-misconfig-setup
+ - title: Understand misconfiguration prioritization
+ path: /docs/vulnerability-management/cloud-misconfig-prioritization
+ - title: Remediate cloud misconfigurations
+ path: /docs/vulnerability-management/cloud-misconfig-remediation
+ - title: Workflow for engineers
+ path: /docs/vulnerability-management/cloud-workflow-misconfig
+ - title: Workflow for security teams
+ path: /docs/vulnerability-management/security-workflow-cloud-misconfig
- title: Manage vulnerabilities as an engineer
- pages:
+ pages:
- title: Manage vulnerabilities in your application
path: /docs/vulnerability-management/dev-workflow
- title: Manage vulnerabilities in your infrastructure
diff --git a/static/images/aws-account-misconfigurations-view.webp b/static/images/aws-account-misconfigurations-view.webp
new file mode 100644
index 00000000000..1d798c4946e
Binary files /dev/null and b/static/images/aws-account-misconfigurations-view.webp differ
diff --git a/static/images/aws-integration-setup.webp b/static/images/aws-integration-setup.webp
new file mode 100644
index 00000000000..ae2d5d4812c
Binary files /dev/null and b/static/images/aws-integration-setup.webp differ
diff --git a/static/images/s3-bucket-misconfiguration-remediation.webp b/static/images/s3-bucket-misconfiguration-remediation.webp
new file mode 100644
index 00000000000..c5f459c8100
Binary files /dev/null and b/static/images/s3-bucket-misconfiguration-remediation.webp differ
diff --git a/static/images/security-rx-misconfigurations-list.webp b/static/images/security-rx-misconfigurations-list.webp
new file mode 100644
index 00000000000..0618a2e600f
Binary files /dev/null and b/static/images/security-rx-misconfigurations-list.webp differ
diff --git a/static/images/security-rx-overview-dashboard.webp b/static/images/security-rx-overview-dashboard.webp
new file mode 100644
index 00000000000..93b1be9de71
Binary files /dev/null and b/static/images/security-rx-overview-dashboard.webp differ
diff --git a/static/images/security-rx-resources-dashboard.webp b/static/images/security-rx-resources-dashboard.webp
new file mode 100644
index 00000000000..7c22165523d
Binary files /dev/null and b/static/images/security-rx-resources-dashboard.webp differ