diff --git a/deploy-manage/_snippets/ecloud-security.md b/deploy-manage/_snippets/ecloud-security.md
index d551adae1e..bc178a1fa3 100644
--- a/deploy-manage/_snippets/ecloud-security.md
+++ b/deploy-manage/_snippets/ecloud-security.md
@@ -3,7 +3,7 @@
 In both {{ech}} and {{serverless-full}}, you can also configure [IP filters](/deploy-manage/security/ip-filtering-cloud.md) to prevent unauthorized access to your deployments and projects.
 
 In {{ech}}, you can augment these security features in the following ways:
-* [Configure private connectivity and apply VPC filtering](/deploy-manage/security/traffic-filtering.md) to establish a secure connection for your {{ecloud}} deployments to communicate with other cloud services, and restrict traffic to deployments based on those private connections.
+* [Configure private connectivity and apply VPC filtering](/deploy-manage/security/private-connectivity.md) to establish a secure connection for your {{ecloud}} deployments to communicate with other cloud services, and restrict traffic to deployments based on those private connections.
 * Encrypt your deployment with a [customer-managed encryption key](/deploy-manage/security/encrypt-deployment-with-customer-managed-encryption-key.md).
 * [Secure your settings](/deploy-manage/security/secure-settings.md) using {{es}} and {{kib}} keystores.
 * Use the list of [{{ecloud}} static IPs](/deploy-manage/security/elastic-cloud-static-ips.md) to allow or restrict communications in your infrastructure.
diff --git a/deploy-manage/deploy/cloud-enterprise/working-with-deployments.md b/deploy-manage/deploy/cloud-enterprise/working-with-deployments.md
index 36c61e5933..304676794c 100644
--- a/deploy-manage/deploy/cloud-enterprise/working-with-deployments.md
+++ b/deploy-manage/deploy/cloud-enterprise/working-with-deployments.md
@@ -57,7 +57,7 @@ From the deployment main page, you can quickly access the following configuratio
 From the **Deployment > Security** view, you can manage security settings, authentication, and access controls. Refer to [Secure your clusters](../../../deploy-manage/users-roles/cluster-or-deployment-auth.md) for more details on security options for your deployments.
 
 * [Reset the `elastic` user password](../../users-roles/cluster-or-deployment-auth/manage-elastic-user-cloud.md)
-* [Set up traffic filters](../../security/traffic-filtering.md) to restrict traffic to your deployment
+* [Set up IP filters](../../security/ip-filtering-ece.md) to restrict traffic to your deployment
 * Configure {{es}} keystore settings, also known as [secure settings](../../security/secure-settings.md)
 * Configure trust relationships for [remote clusters](../../remote-clusters/ece-enable-ccs.md)
 
diff --git a/deploy-manage/deploy/elastic-cloud/azure-native-isv-service.md b/deploy-manage/deploy/elastic-cloud/azure-native-isv-service.md
index 39f9f4d9c4..d2145ef74b 100644
--- a/deploy-manage/deploy/elastic-cloud/azure-native-isv-service.md
+++ b/deploy-manage/deploy/elastic-cloud/azure-native-isv-service.md
@@ -103,7 +103,7 @@ Check the following sections to learn more about the Azure Native ISV Service:
 * **Troubleshooting**
 
     * [I receive an error message about not having required authorization.](#azure-integration-authorization-access)
-    * [My {{ecloud}} deployment creation failed.](#azure-integration-deployment-failed-traffic-filter)
+    * [My {{ecloud}} deployment creation failed.](#azure-integration-deployment-failed-network-security)
     * [I can’t SSO into my {{ecloud}} deployment.](#azure-integration-failed-sso)
     * [I see some deployments in the {{ecloud}} console but not in the Azure Portal.](#azure-integration-cant-see-deployment)
     * [My {{ecloud}} Azure Native ISV Service logs are not being ingested.](#azure-integration-logs-not-ingested)
@@ -319,18 +319,7 @@ $$$azure-integration-how-to-access$$$How can I access my {{ecloud}} deployment?
 
 
 $$$azure-integration-modify-deployment$$$How can I modify my {{ecloud}} deployment?
-:   Modify your {{ecloud}} deployment in the {{ecloud}} console, which is accessed from the Azure UI through the **Advanced Settings** link on the deployment overview page. In the {{ecloud}} console you can perform a number of actions against your deployment, including:
-
-    * [Re-size](ec-customize-deployment-components.md) to increase or decrease the amount of RAM, CPU, and storage available to your deployment, or to add additional availability zones.
-    * [Upgrade](../../upgrade/deployment-or-cluster.md) your deployment to a new {{stack}} version.
-    * Enable or disable individual {{stack}} components such as APM and Machine Learning.
-    * [Update {{stack}} user settings](edit-stack-settings.md) in the component YML files.
-    * [Add or remove custom plugins](add-plugins-extensions.md).
-    * [Configure IP filtering](../../security/traffic-filtering.md).
-    * [Monitor your {{ecloud}} deployment](../../monitor/stack-monitoring/ece-ech-stack-monitoring.md) to ensure it remains healthy.
-    * Add or remove API keys to use the [REST API](cloud://reference/cloud-hosted/ec-api-restful.md).
-    * [And more](cloud-hosted.md)
-
+:   Modify your {{ecloud}} deployment in the {{ecloud}} console, which is accessed from the Azure UI through the **Advanced Settings** link on the deployment overview page. In the {{ecloud}} console you can perform [a number of actions against your deployment](/deploy-manage/deploy/elastic-cloud/cloud-hosted.md#ec_how_to_operate_elasticsearch_service).
 
 $$$azure-integration-delete-deployment$$$How can I delete my {{ecloud}} deployment?
 :   Delete the deployment directly from the Azure console. The delete operation performs clean-up activities in the Elastic console to ensure any running components are removed, so that no additional charges occur.
@@ -349,7 +338,7 @@ $$$azure-integration-monitor$$$How do I monitor my existing Azure services?
 
 
 ::::{note}
-If you want to send platform logs to a deployment that has [IP or Private Link traffic filters](../../security/traffic-filtering.md) enabled, then you need to contact [the Elastic Support Team](#azure-integration-support) to perform additional configurations. Refer support to the article [Azure++ Resource Logs blocked by Traffic Filters](https://support.elastic.co/knowledge/18603788).
+If you want to send platform logs to a deployment that has [network security policies](/deploy-manage/security/network-security.md) applied, then you need to contact [the Elastic Support Team](#azure-integration-support) to perform additional configurations. Refer support to the article [Azure++ Resource Logs blocked by Traffic Filters](https://support.elastic.co/knowledge/18603788).
 
 ::::
 
@@ -462,7 +451,7 @@ $$$azure-integration-authorization-access$$$I receive an error message about not
     Elastic is not currently integrated with Azure user management, so sharing deployment resources through the Cloud console with other Azure users is not possible. However, sharing direct access to these resources is possible. For details, check [Is the {{ecloud}} Azure Native ISV Service connected with Azure user management?](#azure-integration-azure-user-management).
 
 
-$$$azure-integration-deployment-failed-traffic-filter$$$My {{ecloud}} deployment creation failed.
+$$$azure-integration-deployment-failed-network-security$$$My {{ecloud}} deployment creation failed.
 :   When creating a new {{ecloud}} deployment, the deployment creation may fail with a `Your deployment failed` error. The process results with a status message such as:
 
     ```txt
@@ -477,20 +466,15 @@ $$$azure-integration-deployment-failed-traffic-filter$$$My {{ecloud}} deployment
       ]
     ```
 
-    One possible cause of a deployment creation failure is the default traffic filtering rules. Deployments fail to create if a previously created traffic filter has enabled the **Include by default** option. When this option is enabled, traffic to the deployment is blocked, including traffic that is part of the {{ecloud}} Azure Native ISV Service. As a result, some of the integration components are not successfully provisioned and the deployment creation fails.
+    One possible cause of a deployment creation failure is the default network security policies. Deployments fail to create if a previously created network security policy has enabled the **Include by default** option. When this option is enabled, traffic to the deployment is blocked, including traffic that is part of the {{ecloud}} Azure Native ISV Service. As a result, some of the integration components are not successfully provisioned and the deployment creation fails.
 
     Follow these steps to resolve the problem:
 
     1. Login to the [{{ecloud}} Console](https://cloud.elastic.co?page=docs&placement=docs-body).
-    2. Go to the [Traffic filters page](https://cloud.elastic.co/deployment-features/traffic-filters).
+    2. Go to the [Network security page](https://cloud.elastic.co/deployment-features/traffic-filters).
     3. Edit the traffic filter and disable the **Include by default** option.
-
-        :::{image} /deploy-manage/images/cloud-ec-marketplace-azure-traffic-filter-option.png
-        :alt: The Include by default option under Add to Deployments on the Traffic Filter page
-        :::
-
     4. In Azure, create a new {{ecloud}} deployment.
-    5. After the deployment has been created successfully, go back to the [Traffic filters page](https://cloud.elastic.co/deployment-features/traffic-filters) in {{ecloud}} and re-enable the **Include by default** option.
+    5. After the deployment has been created successfully, go back to the [Network security page](https://cloud.elastic.co/deployment-features/traffic-filters) in {{ecloud}} and re-enable the **Include by default** option.
 
 
 If your deployment still does not create successfully, [contact the Elastic Support Team](#azure-integration-support) for assistance.
@@ -511,7 +495,7 @@ Mimicking this metadata by manually adding tags to an {{ecloud}} deployment will
 
 $$$azure-integration-logs-not-ingested$$$My {{ecloud}} Azure Native ISV Service logs are not being ingested.
 :   * When you set up monitoring for your Azure services, if your Azure and Elastic resources are in different subscriptions, you need to make sure that the `Microsoft.Elastic` resource provider is registered in the subscription in which the Azure resources exist. Check [How do I monitor my existing Azure services?](#azure-integration-monitor) for details.
-* If you are using [IP or Private Link traffic filters](../../security/traffic-filtering.md), reach out to [the Elastic Support Team](#azure-integration-support).
+* If you are using [network security policies](/deploy-manage/security/network-security.md), reach out to [the Elastic Support Team](#azure-integration-support).
 
 
 
diff --git a/deploy-manage/deploy/elastic-cloud/ec-customize-deployment-components.md b/deploy-manage/deploy/elastic-cloud/ec-customize-deployment-components.md
index 016fa01d89..012fa4f117 100644
--- a/deploy-manage/deploy/elastic-cloud/ec-customize-deployment-components.md
+++ b/deploy-manage/deploy/elastic-cloud/ec-customize-deployment-components.md
@@ -129,7 +129,7 @@ Refer to [Manage your Integrations Server](manage-integrations-server.md) to lea
 
 ## Security [ec_security]
 
-Here, you can configure features that keep your deployment secure: reset the password for the `elastic` user, set up traffic filters, and add settings to the {{es}} keystore. You can also set up remote connections to other deployments.
+Here, you can configure features that keep your deployment secure: reset the password for the `elastic` user, set up network security, and add settings to the {{es}} keystore. You can also set up remote connections to other deployments.
 
 
 ## Actions [ec_actions]
diff --git a/deploy-manage/deploy/elastic-cloud/heroku.md b/deploy-manage/deploy/elastic-cloud/heroku.md
index 72e0fe21ca..ffd4cbda16 100644
--- a/deploy-manage/deploy/elastic-cloud/heroku.md
+++ b/deploy-manage/deploy/elastic-cloud/heroku.md
@@ -82,7 +82,7 @@ You might want to add more layers of security to your deployment, such as:
 
 * Add more users to the deployment with third-party authentication providers and services like [SAML](../../users-roles/cluster-or-deployment-auth/saml.md), [OpenID Connect](../../users-roles/cluster-or-deployment-auth/openid-connect.md), or [Kerberos](../../users-roles/cluster-or-deployment-auth/kerberos.md).
 * Do not use clients that only support HTTP to connect to {{ecloud}}. If you need to do so, you should use a reverse proxy setup.
-* Create [traffic filters](../../security/traffic-filtering.md) and apply them to your deployments.
+* Create [network security policies](/deploy-manage/security/network-security.md) and apply them to your deployments.
 * If needed, you can [reset](../../users-roles/cluster-or-deployment-auth/built-in-users.md) the `elastic` password.
 
 ### Scale or adjust your deployment [echscale_or_adjust_your_deployment]
diff --git a/deploy-manage/deploy/elastic-cloud/restrictions-known-problems.md b/deploy-manage/deploy/elastic-cloud/restrictions-known-problems.md
index 9fe2730afa..b36b61089e 100644
--- a/deploy-manage/deploy/elastic-cloud/restrictions-known-problems.md
+++ b/deploy-manage/deploy/elastic-cloud/restrictions-known-problems.md
@@ -17,15 +17,13 @@ When using {{ecloud}}, there are some limitations you should be aware of:
 * [Transport client](#ec-restrictions-transport-client)
 * [{{es}} and {{kib}} plugins](#ec-restrictions-plugins)
 * [Watcher](#ec-restrictions-watcher)
-* [Private Link and SSO to {{kib}} URLs](#ec-restrictions-traffic-filters-kibana-sso)
-* [PDF report generation using Alerts or Watcher webhooks](#ec-restrictions-traffic-filters-watcher)
+* [Private connectivity and SSO to {{kib}} URLs](#ec-restrictions-network-security-kibana-sso)
+* [PDF report generation using Alerts or Watcher webhooks](#ec-restrictions-network-security-watcher)
 * [Kibana](#ec-restrictions-kibana)
-% * [APM Agent central configuration with Private Link or traffic filters](#ec-restrictions-apm-traffic-filters)
-* [Fleet with Private Link or traffic filters](#ec-restrictions-fleet-traffic-filters)
+* [Fleet with network security](#ec-restrictions-fleet-network-security)
 * [Restoring a snapshot across deployments](#ec-snapshot-restore-enterprise-search-kibana-across-deployments)
 * [Migrate Fleet-managed {{agents}} across deployments by restoring a snapshot](#ec-migrate-elastic-agent)
 * [Regions and Availability Zones](#ec-regions-and-availability-zone)
-% * [Known problems](#ec-known-problems)
 
 For limitations related to logging and monitoring, check the [Restrictions and limitations](../../monitor/stack-monitoring/ece-ech-stack-monitoring.md#restrictions-monitoring) section of the logging and monitoring page.
 
@@ -62,7 +60,7 @@ $$$ec-restrictions-apis-kibana$$$
 ## Transport client [ec-restrictions-transport-client]
 
 * The transport client is not considered thread safe in a cloud environment. We recommend that you use the Java REST client instead. This restriction relates to the fact that your deployments hosted on {{ecloud}} are behind proxies, which prevent the transport client from communicating directly with {{es}} clusters.
-* The transport client is not supported over [private link connections](../../security/aws-privatelink-traffic-filters.md). Use the Java REST client instead, or connect over the public internet.
+* The transport client is not supported over [private connections](../../security/private-connectivity.md). Use the Java REST client instead, or connect over the public internet.
 % * The transport client does not work with {{es}} clusters at version 7.6 and later that are hosted on Cloud. Transport client continues to work with {{es}} clusters at version 7.5 and earlier. Note that the transport client was deprecated with version 7.0 and will be removed with 8.0.
 
 
@@ -86,15 +84,15 @@ Watcher comes preconfigured with a directly usable email account provided by Ela
 Alternatively, a custom mail server can be configured as described in [Configuring a custom mail server](../../../explore-analyze/alerts-cases/watcher/enable-watcher.md#watcher-custom-mail-server)
 
 
-## Private Link and SSO to {{kib}} URLs [ec-restrictions-traffic-filters-kibana-sso]
+## Private connectivity and SSO to {{kib}} URLs [ec-restrictions-network-security-kibana-sso]
 
-Currently you can’t use SSO to login directly from {{ecloud}} into {{kib}} endpoints that are protected by Private Link traffic filters. However, you can still SSO into Private Link protected {{kib}} endpoints individually using the [SAML](../../users-roles/cluster-or-deployment-auth/saml.md) or [OIDC](../../users-roles/cluster-or-deployment-auth/openid-connect.md) protocol from your own identity provider, just not through the {{ecloud}} console. Stack level authentication using the {{es}} username and password should also work with `{{kibana-id}}.{vpce|privatelink|psc}.domain` URLs.
+Currently you can’t use SSO to login directly from {{ecloud}} into {{kib}} endpoints that are protected by private connections. However, you can still SSO into private {{kib}} endpoints individually using the [SAML](../../users-roles/cluster-or-deployment-auth/saml.md) or [OIDC](../../users-roles/cluster-or-deployment-auth/openid-connect.md) protocol from your own identity provider, just not through the {{ecloud}} console. Stack level authentication using the {{es}} username and password should also work with `{{kibana-id}}.{vpce|privatelink|psc}.domain` URLs.
 
 
-## PDF report generation using Alerts or Watcher webhooks [ec-restrictions-traffic-filters-watcher]
+## PDF report generation using Alerts or Watcher webhooks [ec-restrictions-network-security-watcher]
 
 * PDF report automatic generation via Alerts is not possible on {{ecloud}}.
-* PDF report generation isn’t possible for deployments running on {{stack}} version 8.7.0 or before that are protected by traffic filters. This limitation doesn’t apply to public webhooks such as Slack, PagerDuty, and email. For deployments running on {{stack}} version 8.7.1 and beyond, [PDF report automatic generation via Watcher webhook](../../../explore-analyze/report-and-share/automating-report-generation.md#use-watcher) is possible using the `xpack.notification.webhook.additional_token_enabled` configuration setting to bypass traffic filters.
+* PDF report generation isn’t possible for deployments running on {{stack}} version 8.7.0 or before that are protected by network security. This limitation doesn’t apply to public webhooks such as Slack, PagerDuty, and email. For deployments running on {{stack}} version 8.7.1 and beyond, [PDF report automatic generation via Watcher webhook](../../../explore-analyze/report-and-share/automating-report-generation.md#use-watcher) is possible using the `xpack.notification.webhook.additional_token_enabled` configuration setting to bypass network security.
 
 
 ## {{kib}} [ec-restrictions-kibana]
@@ -102,19 +100,9 @@ Currently you can’t use SSO to login directly from {{ecloud}} into {{kib}} end
 * The maximum size of a single {{kib}} instance is 8GB. This means, {{kib}} instances can be scaled up to 8GB before they are scaled out. For example, when creating a deployment with a {{kib}} instance of size 16GB, then 2x8GB instances are created. If you face performance issues with {{kib}} PNG or PDF reports, the recommendations are to create multiple, smaller dashboards to export the data, or to use a third party browser extension for exporting the dashboard in the format you need.
 * Running an external {{kib}} in parallel to {{ecloud}}’s {{kib}} instances may cause errors, for example [`Unable to decrypt attribute`](../../../explore-analyze/alerts-cases/alerts/alerting-common-issues.md#rule-cannot-decrypt-api-key), due to a mismatched [`xpack.encryptedSavedObjects.encryptionKey`](kibana://reference/configuration-reference/security-settings.md#security-encrypted-saved-objects-settings) as {{ecloud}} does not [allow users to set](edit-stack-settings.md) nor expose this value. While workarounds are possible, this is not officially supported nor generally recommended.
 
+## Fleet with network security [ec-restrictions-fleet-network-security]
 
-% ## APM Agent central configuration with PrivateLink or traffic filters [ec-restrictions-apm-traffic-filters]
-
-% If you are using APM 7.9.0 or older:
-
-% * You cannot use [APM Agent central configuration](/solutions/observability/apm/apm-agent-central-configuration.md) if your deployment is secured by [traffic filters](../../security/traffic-filtering.md).
-% * If you access your APM deployment over [PrivateLink](../../security/aws-privatelink-traffic-filters.md), to use APM Agent central configuration you need to allow access to the APM deployment over public internet.
-
-
-## Fleet with PrivateLink or traffic filters [ec-restrictions-fleet-traffic-filters]
-
-% * You cannot use Fleet 7.13.x if your deployment is secured by [traffic filters](../../security/traffic-filtering.md). Fleet 7.14.0 and later works with traffic filters (both Private Link and IP filters).
-* If you are using Fleet 8.12+, using a remote {{es}} output with a target cluster that has [traffic filters](../../security/traffic-filtering.md) enabled is not currently supported.
+* If you are using Fleet 8.12+, using a remote {{es}} output with a target cluster that has network security enabled is not currently supported.
 
 ## Restoring a snapshot across deployments [ec-snapshot-restore-enterprise-search-kibana-across-deployments]
 
@@ -143,13 +131,6 @@ To make a seamless migration, after restoring from a snapshot there are some add
 * The AWS `us-west-1` region is limited to two availability zones for ES data nodes and one (tiebreaker only) virtual zone (as depicted by the `-z` in the AZ (`us-west-1z`). Deployment creation with three availability zones for {{es}} data nodes for hot, warm, and cold tiers is not possible. This includes scaling an existing deployment with one or two AZs to three availability zones. The virtual zone `us-west-1z` can only hold an {{es}} tiebreaker node (no data nodes). The workaround is to use a different AWS US region that allows three availability zones, or to scale existing nodes up within the two availability zones.
 * The AWS `eu-central-2` region is limited to two availability zones for CPU Optimized (ARM) Hardware profile ES data node and warm/cold tier. Deployment creation with three availability zones for {{es}} data nodes for hot (for CPU Optimized (ARM) profile), warm and cold tiers is not possible. This includes scaling an existing deployment with one or two AZs to three availability zones. The workaround is to use a different AWS region that allows three availability zones, or to scale existing nodes up within the two availability zones.
 
-
-% ## Known problems [ec-known-problems]
-
-% * There is a known problem affecting clusters with versions 7.7.0 and 7.7.1 due to [a bug in Elasticsearch](https://github.com/elastic/elasticsearch/issues/56739). Although rare, this bug can prevent you from running plans. If this occurs we recommend that you retry the plan, and if that fails contact support to get your plan through. Because of this bug we recommend you to upgrade to version 7.8 and higher, where the problem has already been addressed.
-% * A known issue can prevent direct rolling upgrades from {{es}} version 5.6.10 to version 6.3.0. As a workaround, we have removed version 6.3.0 from the [{{ecloud}} Console](https://cloud.elastic.co?page=docs&placement=docs-body) for new cluster deployments and for upgrading existing ones. If you are affected by this issue, check [Rolling upgrades from 5.6.x to 6.3.0 fails with "java.lang.IllegalStateException: commit doesn’t contain history uuid"](https://elastic.my.salesforce.com/articles/Support_Article/Rolling-upgrades-to-6-3-0-from-5-x-fails-with-java-lang-IllegalStateException-commit-doesn-t-contain-history-uuid?popup=false&id=kA0610000005JFG) in our Elastic Support Portal. If these steps do not work or you do not have access to the Support Portal, you can contact `support@elastic.co`.
-
-
 ## Repository Analysis API is unavailable in {{ecloud}} [ec-repository-analyis-unavailable]
 
 * The {{es}} [Repository analysis API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-snapshot-repository-analyze) is not available in {{ecloud}} due to deployments defaulting to having [operator privileges](../../users-roles/cluster-or-deployment-auth/operator-privileges.md) enabled that prevent non-operator privileged users from using it along with a number of other APIs.
diff --git a/deploy-manage/deploy/elastic-cloud/tools-apis.md b/deploy-manage/deploy/elastic-cloud/tools-apis.md
index 2fc80cbee8..1ca11b5aa4 100644
--- a/deploy-manage/deploy/elastic-cloud/tools-apis.md
+++ b/deploy-manage/deploy/elastic-cloud/tools-apis.md
@@ -30,7 +30,7 @@ The following REST APIs allow you to manage your {{ecloud}} organization, users,
 
 | Area | API | Tasks |
 | --- | --- | --- |
-| {{ecloud}} organization<br><br>{{ech}} deployments | [{{ecloud}} API](https://www.elastic.co/docs/api/doc/cloud/) | Manage your Cloud organization, members, costs, billing, and more.<br><br>Manage your hosted deployments and all of the resources associated with them, including scaling or autoscaling resources, and managing traffic filters, deployment extensions, remote clusters, and {{stack}} versions.<br><br>Refer to [{{ecloud}} RESTful API](cloud://reference/cloud-hosted/ec-api-restful.md) for usage information and examples. |
+| {{ecloud}} organization<br><br>{{ech}} deployments | [{{ecloud}} API](https://www.elastic.co/docs/api/doc/cloud/) | Manage your Cloud organization, members, costs, billing, and more.<br><br>Manage your hosted deployments and all of the resources associated with them, including scaling or autoscaling resources, and managing network security, deployment extensions, remote clusters, and {{stack}} versions.<br><br>Refer to [{{ecloud}} RESTful API](cloud://reference/cloud-hosted/ec-api-restful.md) for usage information and examples. |
 | {{serverless-full}} projects | [{{serverless-full}} API](https://www.elastic.co/docs/api/doc/elastic-cloud-serverless) | Manage {{serverless-full}} projects. |
 | {{ecloud}} services | [Service Status API](https://status.elastic.co/api/) | Programmatically ingest [service status](/deploy-manage/cloud-organization/service-status.md) updates. |
 
diff --git a/deploy-manage/remote-clusters/ec-enable-ccs.md b/deploy-manage/remote-clusters/ec-enable-ccs.md
index 955c28a1a7..744ac6f786 100644
--- a/deploy-manage/remote-clusters/ec-enable-ccs.md
+++ b/deploy-manage/remote-clusters/ec-enable-ccs.md
@@ -52,17 +52,17 @@ The steps, information, and authentication method required to configure CCS and
     * [From an ECK environment](ec-enable-ccs-for-eck.md)
 
 
-## Remote clusters and network security [ec-ccs-ccr-traffic-filtering]
+## Remote clusters and network security [ec-ccs-ccr-network-security]
 
 ::::{note}
-[Network security](../security/traffic-filtering.md) isn’t supported for cross-cluster operations initiated from an {{ece}} environment to a remote {{ech}} deployment.
+[Network security](../security/network-security.md) isn’t supported for cross-cluster operations initiated from an {{ece}} environment to a remote {{ech}} deployment.
 ::::
 
-You can use [network security policies](../security/traffic-filtering.md) to restrict access to deployments used as a local or remote cluster, without impacting cross-cluster search or cross-cluster replication.
+You can use [network security policies](../security/network-security.md) to restrict access to deployments used as a local or remote cluster, without impacting cross-cluster search or cross-cluster replication.
 
-Network security for remote clusters supports 2 methods:
+Network security for remote clusters supports the following methods:
 
-* [Filtering by IP addresses and Classless Inter-Domain Routing (CIDR) masks](../security/ip-traffic-filtering.md)
+* [Filtering by IP addresses and Classless Inter-Domain Routing (CIDR) masks](../security/ip-filtering.md)
 * Filtering by Organization or {{es}} cluster ID with a **Remote cluster** private connection policy. You can configure this type of policy from the **Access and security** > **Network security** page of your organization or using the [{{ecloud}} RESTful API](https://www.elastic.co/docs/api/doc/cloud) and apply it from each deployment’s **Security** page.
 
 ::::{note}
diff --git a/deploy-manage/remote-clusters/ec-remote-cluster-other-ess.md b/deploy-manage/remote-clusters/ec-remote-cluster-other-ess.md
index c8f6f5e477..99f46b9d86 100644
--- a/deploy-manage/remote-clusters/ec-remote-cluster-other-ess.md
+++ b/deploy-manage/remote-clusters/ec-remote-cluster-other-ess.md
@@ -14,7 +14,7 @@ products:
 This section explains how to configure a deployment to connect remotely to clusters belonging to a different {{ecloud}} organization.
 
 ::::{note}
-If network security policies are applied to the remote cluster, the remote cluster administrator must configure a private connection policy of type remote cluster, using either the organization ID or the Elasticsearch cluster ID as the filtering criteria. For detailed instructions, refer to [Remote clusters and network security](/deploy-manage/remote-clusters/ec-enable-ccs.md#ec-ccs-ccr-traffic-filtering).
+If network security policies are applied to the remote cluster, the remote cluster administrator must configure a private connection policy of type remote cluster, using either the organization ID or the Elasticsearch cluster ID as the filtering criteria. For detailed instructions, refer to [Remote clusters and network security](/deploy-manage/remote-clusters/ec-enable-ccs.md#ec-ccs-ccr-network-security).
 ::::
 
 ## Allow the remote connection [ec_allow_the_remote_connection_2]
diff --git a/deploy-manage/remote-clusters/ec-remote-cluster-same-ess.md b/deploy-manage/remote-clusters/ec-remote-cluster-same-ess.md
index 4adb30d292..26f97e4966 100644
--- a/deploy-manage/remote-clusters/ec-remote-cluster-same-ess.md
+++ b/deploy-manage/remote-clusters/ec-remote-cluster-same-ess.md
@@ -14,7 +14,7 @@ products:
 This section explains how to configure a deployment to connect remotely to clusters belonging to the same {{ecloud}} organization.
 
 ::::{note}
-If network security is enabled on the remote cluster, the remote cluster administrator must configure a private connection policy of type **Remote cluster**, specifying either the organization ID or the Elasticsearch cluster ID. For detailed instructions, refer to [Remote clusters and network security](/deploy-manage/remote-clusters/ec-enable-ccs.md#ec-ccs-ccr-traffic-filtering).
+If network security is enabled on the remote cluster, the remote cluster administrator must configure a private connection policy of type **Remote cluster**, specifying either the organization ID or the Elasticsearch cluster ID. For detailed instructions, refer to [Remote clusters and network security](/deploy-manage/remote-clusters/ec-enable-ccs.md#ec-ccs-ccr-network-security).
 ::::
 
 ## Allow the remote connection [ec_allow_the_remote_connection]
diff --git a/deploy-manage/remote-clusters/ece-enable-ccs.md b/deploy-manage/remote-clusters/ece-enable-ccs.md
index b99615b9fa..d1c6c4e5b0 100644
--- a/deploy-manage/remote-clusters/ece-enable-ccs.md
+++ b/deploy-manage/remote-clusters/ece-enable-ccs.md
@@ -58,18 +58,18 @@ The steps, information, and authentication method required to configure CCS and
     * [From an ECK environment](ece-enable-ccs-for-eck.md)
 
 
-## Remote clusters and traffic filtering [ece-ccs-ccr-traffic-filtering]
+## Remote clusters and network security [ece-ccs-ccr-network-security]
 
 ::::{note}
-Traffic filtering isn’t supported for cross-cluster operations initiated from an {{ece}} environment to a remote {{ech}} deployment.
+Network security isn’t supported for cross-cluster operations initiated from an {{ece}} environment to a remote {{ech}} deployment.
 ::::
 
 
-For remote clusters configured using TLS certificate authentication, [traffic filtering](../security/traffic-filtering.md) can be enabled to restrict access to deployments that are used as a local or remote cluster without any impact to cross-cluster search or cross-cluster replication.
+For remote clusters configured using TLS certificate authentication, [network security](../security/network-security.md) can be enabled to restrict access to deployments that are used as a local or remote cluster without any impact to cross-cluster search or cross-cluster replication.
 
-Traffic filtering for remote clusters supports 2 methods:
+Traffic filtering for remote clusters supports two methods:
 
-* [Filtering by IP addresses and Classless Inter-Domain Routing (CIDR) masks](../security/ip-traffic-filtering.md)
+* [Filtering by IP addresses and Classless Inter-Domain Routing (CIDR) masks](../security/ip-filtering-ece.md)
 * Filtering by Organization or {{es}} cluster ID with a Remote cluster type filter. You can configure this type of filter from the **Platform** > **Security** page of your environment or using the [{{ece}} API](https://www.elastic.co/docs/api/doc/cloud-enterprise) and apply it from each deployment’s **Security** page.
 
 ::::{note}
diff --git a/deploy-manage/security/_snippets/cluster-communication-network.md b/deploy-manage/security/_snippets/cluster-communication-network.md
index 49ff1b78c8..b5bb8585b1 100644
--- a/deploy-manage/security/_snippets/cluster-communication-network.md
+++ b/deploy-manage/security/_snippets/cluster-communication-network.md
@@ -3,5 +3,5 @@
   * **The transport layer**: Used mainly for inter-node communications, and in certain cases for cluster to cluster communication.
   * In self-managed {{es}} clusters, you can also [Configure {{kib}} and {{es}} to use mutual TLS](/deploy-manage/security/kibana-es-mutual-tls.md).
 * [Enable cipher suites for stronger encryption](/deploy-manage/security/enabling-cipher-suites-for-stronger-encryption.md): The TLS and SSL protocols use a cipher suite that determines the strength of encryption used to protect the data. You may want to enable the use of additional cipher suites, so you can use different cipher suites for your TLS communications or communications with authentication providers.
-* [Add network security policies](/deploy-manage/security/traffic-filtering.md): Network security allows you to limit how your deployments can be accessed. Add another layer of security to your installation and deployments by restricting inbound traffic to only the sources that you trust. In both {{ech}} deployments and {{serverless-short}} projects, you can restrict access based on IP addresses or CIDR ranges. In {{ech}} deployments, you can secure connectivity through AWS PrivateLink, Azure Private Link, or GCP Private Service Connect and filter traffic using VPC filters.
+* [Add network security policies](/deploy-manage/security/network-security.md): Network security allows you to limit how your deployments can be accessed. Add another layer of security to your installation and deployments by restricting inbound traffic to only the sources that you trust. In both {{ech}} deployments and {{serverless-short}} projects, you can restrict access based on IP addresses or CIDR ranges. In {{ech}} deployments, you can secure connectivity through AWS PrivateLink, Azure Private Link, or GCP Private Service Connect and filter traffic using VPC filters.
 * [Allow or deny {{ech}} IP ranges](/deploy-manage/security/elastic-cloud-static-ips.md): {{ecloud}} publishes a list of IP addresses used by its {{ech}} services for both incoming and outgoing traffic. Users can use these lists to configure their network firewalls as needed to allow or restrict traffic related to {{ech}} services.
\ No newline at end of file
diff --git a/deploy-manage/security/_snippets/cluster-comparison.md b/deploy-manage/security/_snippets/cluster-comparison.md
index 2b747341a8..4d7b329574 100644
--- a/deploy-manage/security/_snippets/cluster-comparison.md
+++ b/deploy-manage/security/_snippets/cluster-comparison.md
@@ -20,7 +20,7 @@ Select your deployment type below to see what's available and how implementation
 | **Communication** | TLS (HTTP layer) | Fully managed | Automatically configured by Elastic |
 | | TLS (Transport layer) | Fully managed | Automatically configured by Elastic |
 | **Network** | IP filtering | Configurable | [Configure IP-based access restrictions](/deploy-manage/security/ip-filtering-cloud.md) |
-| | Private connectivity and VPC filtering | Configurable | [Establish a secure VPC connection](/deploy-manage/security/private-link-traffic-filters.md) |
+| | Private connectivity and VPC filtering | Configurable | [Establish a secure VPC connection](/deploy-manage/security/private-connectivity.md) |
 | | Kubernetes network policies | N/A |  |
 | **Data** | Encryption at rest | Managed | You can [bring your own encryption key](/deploy-manage/security/encrypt-deployment-with-customer-managed-encryption-key.md) |
 | | Secure settings | Configurable | [Configure secure settings](/deploy-manage/security/secure-settings.md) |
diff --git a/deploy-manage/security/_snippets/private-connection-fleet.md b/deploy-manage/security/_snippets/private-connection-fleet.md
index 5596c6d907..b891de9d3f 100644
--- a/deploy-manage/security/_snippets/private-connection-fleet.md
+++ b/deploy-manage/security/_snippets/private-connection-fleet.md
@@ -1,4 +1,4 @@
-If you are using {{service-name}} together with Fleet, and enrolling the Elastic Agent with a PrivateLink URL, you need to configure Fleet Server to use and propagate the {{service-name}} URL by updating the **Fleet Server hosts** field in the **Fleet settings** section of {{kib}}. Otherwise, Elastic Agent will reset to use a default address instead of the {{service-name}} URL. 
+If you are using {{service-name}} together with Fleet, and enrolling the Elastic Agent with a private connection URL, you need to configure Fleet Server to use and propagate the {{service-name}} URL by updating the **Fleet Server hosts** field in the **Fleet settings** section of {{kib}}. Otherwise, Elastic Agent will reset to use a default address instead of the {{service-name}} URL. 
 
 The URL needs to follow this pattern: 
 
@@ -6,7 +6,7 @@ The URL needs to follow this pattern:
 https://{{fleet_component_ID_or_deployment_alias}}.fleet.{{private_hosted_zone_domain_name}}:443`
 ```
 
-Similarly, the {{es}} host needs to be updated to propagate the PrivateLink URL. The {{es}} URL needs to follow this pattern: 
+Similarly, the {{es}} host needs to be updated to propagate the private connection URL. The {{es}} URL needs to follow this pattern: 
 
 ```text
 https://elasticsearch_cluster_ID_or_deployment_alias}}.es.{{private_hosted_zone_domain_name}}:443
diff --git a/deploy-manage/security/claim-traffic-filter-link-id-ownership-through-api.md b/deploy-manage/security/claim-private-connection-api.md
similarity index 85%
rename from deploy-manage/security/claim-traffic-filter-link-id-ownership-through-api.md
rename to deploy-manage/security/claim-private-connection-api.md
index 8bf45d3b57..c791011add 100644
--- a/deploy-manage/security/claim-traffic-filter-link-id-ownership-through-api.md
+++ b/deploy-manage/security/claim-private-connection-api.md
@@ -8,18 +8,18 @@ products:
   - id: cloud-hosted
 ---
 
-# Claim private connection ownership [ec-claim-traffic-filter-link-id-through-the-api]
+# Claim private connection ownership
 
 This example demonstrates how to use the {{ecloud}} RESTful API to claim different types of private connection IDs (AWS PrivateLink, Azure Private Link, and GCP Private Service Connect). We cover the following examples:
 
-* [Claim a private connection ID](#ec-claim-a-traffic-filter-link-id)
+* [Claim a private connection ID](#claim-private-connection-id)
 
     * [AWS PrivateLink](#ec-claim-aws-privatelink)
     * [Azure Private Link](#ec-claim-azure-private-link)
     * [GCP Private Service Connect](#ec-claim-gcp-private-service-connect)
 
-* [List claimed private connection IDs](#ec-list-claimed-traffic-filter-link-id)
-* [Unclaim a private connection ID](#ec-unclaim-a-traffic-filter-link-id)
+* [List claimed private connection IDs](#list-claimed-private-connection-ids)
+* [Unclaim a private connection ID](#unclaim-private-connection-id)
 
     * [AWS PrivateLink](#ec-unclaim-aws-privatelink)
     * [Azure Private Link](#ec-unclaim-azure-private-link)
@@ -27,7 +27,7 @@ This example demonstrates how to use the {{ecloud}} RESTful API to claim differe
 
 
 
-## Claim a private connection ID [ec-claim-a-traffic-filter-link-id] 
+## Claim a private connection ID [claim-private-connection-id] 
 
 
 ### AWS PrivateLink [ec-claim-aws-privatelink] 
@@ -81,7 +81,7 @@ https://api.elastic-cloud.com/api/v1/deployments/traffic-filter/link-ids/_claim
 ```
 
 
-## List claimed private connection IDs [ec-list-claimed-traffic-filter-link-id] 
+## List claimed private connection IDs [list-claimed-private-connection-ids] 
 
 ```sh
 curl \
@@ -91,7 +91,7 @@ https://api.elastic-cloud.com/api/v1/deployments/traffic-filter/link-ids \
 ```
 
 
-## Unclaim a private connection ID [ec-unclaim-a-traffic-filter-link-id] 
+## Unclaim a private connection ID [unclaim-private-connection-id] 
 
 
 ### AWS PrivateLink [ec-unclaim-aws-privatelink] 
diff --git a/deploy-manage/security/elastic-cloud-static-ips.md b/deploy-manage/security/elastic-cloud-static-ips.md
index 0075aa81d2..ddae87e867 100644
--- a/deploy-manage/security/elastic-cloud-static-ips.md
+++ b/deploy-manage/security/elastic-cloud-static-ips.md
@@ -12,7 +12,7 @@ products:
 
 {{ecloud}} provides a range of static IP addresses that enable you to allow or deny IP ranges. There are two types of static IP addresses, [ingress](#ec-ingress) and [egress](#ec-egress), and they each have their own set of use cases. In general, static IPs can be used to introduce network controls (for example, firewall rules) for traffic that goes to and from {{ecloud}} deployments over the Internet. Use of static IPs is not applicable to private cloud service provider connections (for example, AWS/Azure PrivateLink, GCP Private Service Connect). 
 
-Static IP addresses are [subject to change](#ec-warning), and not all [cloud provider regions](#ec-regions) are currently fully supported for ingress and egress static IPs. For this reason, we generally do not recommend that you use firewall rules to allow or restrict certain IP ranges. Consider using [private link](/deploy-manage/security/private-link-traffic-filters.md) traffic filters for deployment endpoints on {{ech}}. However, in situations where using Private Link services do not meet requirements (for example, secure traffic **from** {{ecloud}}), static IP ranges can be used.
+Static IP addresses are [subject to change](#ec-warning), and not all [cloud provider regions](#ec-regions) are currently fully supported for ingress and egress static IPs. For this reason, we generally do not recommend that you use firewall rules to allow or restrict certain IP ranges. Consider using [private connectivity](/deploy-manage/security/private-connectivity.md) for deployment endpoints on {{ech}}. However, in situations where using private connectivity services do not meet requirements (for example, secure traffic **from** {{ecloud}}), static IP ranges can be used.
 
 
 ## Ingress Static IPs: Traffic to {{ecloud}} [ec-ingress] 
@@ -33,7 +33,7 @@ Not suitable usage of ingress static IPs to introduce network controls:
 Suitable usage of egress static IPs to introduce network controls:
 
 * Traffic **from {{ecloud}} deployments** towards the public Internet, your private cloud network over the public Internet, or your on-premises network over the public Internet (e.g. custom Slack alerts, Email alerts, {{kib}} alerts, etc.) uses Egress Static IPs as network source
-* Cross-cluster replication/cross-cluster search traffic **from {{ecloud}} deployments** towards on-premises {{ece}} deployments protected by on-premises firewalls or {{ece}} traffic filters
+* Cross-cluster replication/cross-cluster search traffic **from {{ecloud}} deployments** towards on-premises {{ece}} deployments protected by on-premises firewalls or {{ece}} IP filters
 
 Not suitable usage of egress static IPs to introduce network controls:
 
diff --git a/deploy-manage/security/ip-filtering-basic.md b/deploy-manage/security/ip-filtering-basic.md
index a1371d6914..ba3ff6ff70 100644
--- a/deploy-manage/security/ip-filtering-basic.md
+++ b/deploy-manage/security/ip-filtering-basic.md
@@ -10,7 +10,7 @@ products:
   - id: elasticsearch
 ---
 
-# Manage IP filtering in ECK and self-managed clusters
+# Manage IP filters in ECK and self-managed clusters
 
 You can apply IP filtering to application clients, node clients, or transport clients, remote cluster clients, in addition to other nodes that are attempting to join the cluster.
 
diff --git a/deploy-manage/security/ip-filtering-cloud.md b/deploy-manage/security/ip-filtering-cloud.md
index b5e21bc34d..445fc8773a 100644
--- a/deploy-manage/security/ip-filtering-cloud.md
+++ b/deploy-manage/security/ip-filtering-cloud.md
@@ -22,13 +22,13 @@ Filtering network traffic, by IP address or CIDR block, is one of the security l
 There are types of filters are available for filtering by IP address or CIDR block:
 
 * **Ingress or inbound IP filters**: These restrict access to your deployments from a set of IP addresses or CIDR blocks. These filters are available through the UI.
-* **Egress or outbound IP filters**: These restrict the set of IP addresses or CIDR blocks accessible from your deployment. These might be used to restrict access to a certain region or service. This feature is currently only available through the [Traffic Filtering API](/deploy-manage/security/ec-traffic-filtering-through-the-api.md). {applies_to}`ess: beta` {applies_to}`serverless: unavailable` 
+* **Egress or outbound IP filters**: These restrict the set of IP addresses or CIDR blocks accessible from your deployment. These might be used to restrict access to a certain region or service. This feature is currently only available through the [Traffic Filtering API](/deploy-manage/security/network-security-api.md). {applies_to}`ess: beta` {applies_to}`serverless: unavailable` 
 
 Follow the step described here to set up ingress or inbound IP filters through the {{ecloud}} Console.
 
-To learn how IP filters work together, and alongside [private connection policies](private-link-traffic-filters.md), refer to [](/deploy-manage/security/network-security-policies.md).
+To learn how IP filters work together, and alongside [private connection policies](private-connectivity.md), refer to [](/deploy-manage/security/network-security-policies.md).
 
-To learn how to manage IP filters using the Traffic Filtering API, refer to [](/deploy-manage/security/ec-traffic-filtering-through-the-api.md).
+To learn how to manage IP filters using the Traffic Filtering API, refer to [](/deploy-manage/security/network-security-api.md).
 
 :::{note}
 To learn how to create IP filters for {{ece}} deployments, refer to [](ip-filtering-ece.md).
diff --git a/deploy-manage/security/ip-filtering-ece.md b/deploy-manage/security/ip-filtering-ece.md
index e86f4ddac8..b536e3c266 100644
--- a/deploy-manage/security/ip-filtering-ece.md
+++ b/deploy-manage/security/ip-filtering-ece.md
@@ -19,7 +19,7 @@ Follow the steps described here to set up ingress or inbound IP filters through
 
 To learn how IP filtering rules work together, refer to [](ece-filter-rules.md).
 
-To learn how to manage IP filters using the Traffic Filtering API, refer to [](/deploy-manage/security/ec-traffic-filtering-through-the-api.md).
+To learn how to manage IP filters using the Traffic Filtering API, refer to [](/deploy-manage/security/network-security-api.md).
 
 :::{note}
 To learn how to create IP filters for {{ech}} deployments or {{serverless-full}} projects, refer to [](ip-filtering-cloud.md).
diff --git a/deploy-manage/security/ip-traffic-filtering.md b/deploy-manage/security/ip-filtering.md
similarity index 73%
rename from deploy-manage/security/ip-traffic-filtering.md
rename to deploy-manage/security/ip-filtering.md
index bbb1a25e8c..c09aa54284 100644
--- a/deploy-manage/security/ip-traffic-filtering.md
+++ b/deploy-manage/security/ip-filtering.md
@@ -16,7 +16,7 @@ This section covers filtering network traffic by IP address or CIDR block.
 The way you configure IP filters, and how filtering is enforced, depends on your deployment type.
 
 :::{tip}
-If you use {{ech}} or {{eck}}, then other [network security](/deploy-manage/security/traffic-filtering.md) methods are also available.
+If you use {{ech}} or {{eck}}, then other [network security](/deploy-manage/security/network-security.md) methods are also available.
 :::
 
 ## Serverless and ECH
@@ -24,19 +24,19 @@ If you use {{ech}} or {{eck}}, then other [network security](/deploy-manage/secu
 In {{serverless-full}} and {{ech}}, IP filters are a type of [network security policy](/deploy-manage/security/network-security-policies.md). They are created at the organization level, and then applied at the deployment level. Follow these guides to learn how to create, apply, and manage these filters using your preferred method:
   
   * [In the {{ecloud}} console](/deploy-manage/security/ip-filtering-cloud.md)
-  * [Using the {{ecloud}} API](/deploy-manage/security/ec-traffic-filtering-through-the-api.md)
+  * [Using the {{ecloud}} API](/deploy-manage/security/network-security-api.md)
   
-To learn how multiple IP filters are processed, and how IP filters and [private connections](/deploy-manage/security/private-link-traffic-filters.md) work together in ECH, refer to [](/deploy-manage/security/network-security-policies.md).
+To learn how multiple IP filters are processed, and how IP filters and [private connections](/deploy-manage/security/private-connectivity.md) work together in ECH, refer to [](/deploy-manage/security/network-security-policies.md).
 
 ## ECE
 
 In {{ece}}, filter rules are created at the platform level, and then applied at the deployment level. Follow these guides to learn how to create, apply, and manage these policies using your preferred method:
   
   * [In the Cloud UI](/deploy-manage/security/ip-filtering-ece.md)
-  * [Using the {{ecloud}} API](/deploy-manage/security/ec-traffic-filtering-through-the-api.md)
+  * [Using the {{ecloud}} API](/deploy-manage/security/network-security-api.md)
   
 To learn how multiple rules are processed, refer to [](/deploy-manage/security/ece-filter-rules.md).
 
 ## ECK and self managed
 
-In {{eck}} and self-managed clusters, IP filters are applied at the cluster level using `elasticsearch.yml`. [Learn how to configure IP filtering at the cluster level](/deploy-manage/security/ip-filtering-basic.md).
\ No newline at end of file
+In {{eck}} and self-managed clusters, IP filters are applied at the cluster level using `elasticsearch.yml`. [Learn how to configure IP filters at the cluster level](/deploy-manage/security/ip-filtering-basic.md).
diff --git a/deploy-manage/security/ec-traffic-filtering-through-the-api.md b/deploy-manage/security/network-security-api.md
similarity index 87%
rename from deploy-manage/security/ec-traffic-filtering-through-the-api.md
rename to deploy-manage/security/network-security-api.md
index f2f61582dd..b89799e505 100644
--- a/deploy-manage/security/ec-traffic-filtering-through-the-api.md
+++ b/deploy-manage/security/network-security-api.md
@@ -14,28 +14,28 @@ products:
 navigation_title: Through the API
 ---
 
-# Manage network security through the API [ec-traffic-filtering-through-the-api]
+# Manage network security through the API
 
 This example demonstrates how to use the {{ecloud}} RESTful API, {{ece}} RESTful API, or {{serverless-full}} RESTful API or to manage different types of network security policies and rules. 
 
 We cover the following examples:
 
-* [Create an IP filter policy or IP filtering rule set](#ec-create-a-traffic-filter-rule-set)
+* [Create an IP filter policy or IP filtering rule set](#create-ip-filter-policy)
 
-  * [Ingress](#ec-ip-traffic-filters-ingress-rule-set)
-  * [Egress](#ec-ip-traffic-filters-egress-rule-set) {applies_to}`ess: beta`
+  * [Ingress](#ip-filter-policy-ingress)
+  * [Egress](#ip-filter-policy-egress) {applies_to}`ess: beta`
   
 * [Create a private connection policy](#private-connection) {applies_to}`ess:`
-  * [AWS Privatelink](#ec-aws-privatelink-traffic-filters-rule-set)
-  * [Azure Private Link](#ec-azure-privatelink-traffic-filters-rule-set)
-  * [GCP Private Service Connect](#ec-gcp-private-service-connect-traffic-filters-rule-set)
+  * [AWS Privatelink](#private-connection-policy-aws)
+  * [Azure Private Link](#private-connection-policy-azure)
+  * [GCP Private Service Connect](#private-connection-policy-gcp)
 
-* [Update a policy or rule set](#ec-update-a-traffic-filter-rule-set)
-* [Associate a policy or rule set with a project or deployment](#ec-associate-rule-set-with-a-deployment)
-* [Remove a policy or rule set from a project or deployment](#ec-delete-rule-set-association-with-a-deployment)
-* [Delete a policy or rule set](#ec-delete-a-rule-set)
+* [Update a policy or rule set](#update-policy-rs)
+* [Associate a policy or rule set with a project or deployment](#associate-policy-rs-with-deployment)
+* [Remove a policy or rule set from a project or deployment](#delete-policy-rs-association-with-deployment)
+* [Delete a policy or rule set](#delete-policy-rs)
 
-Refer to [](traffic-filtering.md) to learn more about network security across all deployment types.
+Refer to [](network-security.md) to learn more about network security across all deployment types.
 
 :::{tip}
 Policies in {{ecloud}} are the equivalent of rule sets in {{ece}} and the {{ecloud}} API.
@@ -67,13 +67,13 @@ In {{ecloud}}, terminology related to network security has changed to more accur
 | Private connection policy | Private link traffic filter |
 | VPC filter | Private link filter rule |
 
-## Create an IP filter policy or IP filtering rule set [ec-create-a-traffic-filter-rule-set]
+## Create an IP filter policy or IP filtering rule set [create-ip-filter-policy]
 
 IP filter policies in {{ecloud}} are the equivalent of IP filtering rule sets in {{ece}}.
 
 Both policies and rule sets consist of multiple unique entries, each representing a source IP address or CIDR range. In {{ecloud}}, these entries are referred to as sources. In {{ece}} and the {{ecloud}} API, these entries are referred to as rules.
 
-### Ingress [ec-ip-traffic-filters-ingress-rule-set]
+### Ingress [ip-filter-policy-ingress]
 
 Send a request like the following to create an IP filter ingress policy or rule set:
 
@@ -184,7 +184,7 @@ If the request is successful, a response containing an ID for the policy or rule
 ```
 
 
-### Egress [ec-ip-traffic-filters-egress-rule-set]
+### Egress [ip-filter-policy-egress]
 ```{applies_to}
 deployment:
   ess: beta
@@ -250,7 +250,7 @@ A private connection policy is required to establish a private connection with A
 :::
 
 
-### AWS Privatelink [ec-aws-privatelink-traffic-filters-rule-set]
+### AWS Privatelink [private-connection-policy-aws]
 
 Send a request like the following to create an AWS PrivateLink private connection policy:
 
@@ -275,10 +275,10 @@ https://api.elastic-cloud.com/api/v1/deployments/traffic-filter/rulesets \
 '
 ```
 
-1. To learn how to find the value for `source` for type `vpce`, refer to [Find your VPC endpoint ID](aws-privatelink-traffic-filters.md#ec-find-your-endpoint). This setting is supported only in AWS regions.
+1. To learn how to find the value for `source` for type `vpce`, refer to [Find your VPC endpoint ID](private-connectivity-aws.md#ec-find-your-endpoint). This setting is supported only in AWS regions.
 
 
-### Azure Private Link [ec-azure-privatelink-traffic-filters-rule-set]
+### Azure Private Link [private-connection-policy-azure]
 
 Send a request like the following to create an Azure Private Link private connection policy:
 
@@ -304,10 +304,10 @@ https://api.elastic-cloud.com/api/v1/deployments/traffic-filter/rulesets \
 '
 ```
 
-1. To learn how to find the value for `azure_endpoint_name` and `azure_endpoint_guid` for type `azure_private_endpoint`, refer to [Find your private endpoint resource name](azure-private-link-traffic-filters.md#ec-find-your-resource-name) and [Find your private endpoint resource ID](azure-private-link-traffic-filters.md#ec-find-your-resource-id). This setting is supported only in Azure regions.
+1. To learn how to find the value for `azure_endpoint_name` and `azure_endpoint_guid` for type `azure_private_endpoint`, refer to [Find your private endpoint resource name](private-connectivity-azure.md#ec-find-your-resource-name) and [Find your private endpoint resource ID](private-connectivity-azure.md#ec-find-your-resource-id). This setting is supported only in Azure regions.
 
 
-### GCP Private Service Connect [ec-gcp-private-service-connect-traffic-filters-rule-set]
+### GCP Private Service Connect [private-connection-policy-gcp]
 
 Send a request like the following to create a GCP Private Service Connect private connection policy:
 
@@ -332,10 +332,10 @@ https://api.elastic-cloud.com/api/v1/deployments/traffic-filter/rulesets \
 '
 ```
 
-1. To find the value for `source` for type `gcp_private_service_connect_endpoint`, check [Find your Private Service Connect connection ID](gcp-private-service-connect-traffic-filters.md#ec-find-your-psc-connection-id). This setting is supported only in GCP regions.
+1. To find the value for `source` for type `gcp_private_service_connect_endpoint`, check [Find your Private Service Connect connection ID](private-connectivity-gcp.md#ec-find-your-psc-connection-id). This setting is supported only in GCP regions.
 
 
-## Update a policy or rule set [ec-update-a-traffic-filter-rule-set]
+## Update a policy or rule set [update-policy-rs]
 
 Send a request like the following to update an IP filter ingress policy or rule set.
 
@@ -425,7 +425,7 @@ https://$COORDINATOR_HOST:12443/api/v1/deployments/traffic-filter/rulesets/$RULE
 ::::
 
 
-## Associate a policy or rule set with a project or deployment [ec-associate-rule-set-with-a-deployment]
+## Associate a policy or rule set with a project or deployment [associate-policy-rs-with-deployment]
 
 Send a request like the following to associate a policy or rule set with a project or deployment.
 
@@ -498,7 +498,7 @@ https://$COORDINATOR_HOST:12443/api/v1/deployments/traffic-filter/rulesets/$RULE
 :::::
 
 
-## Remove a policy or rule set from a project or deployment [ec-delete-rule-set-association-with-a-deployment]
+## Remove a policy or rule set from a project or deployment [delete-policy-rs-association-with-deployment]
 
 Send a request like the following to remove a policy or rule set from a project or deployment.
 
@@ -556,7 +556,7 @@ https://$COORDINATOR_HOST:12443/api/v1/deployments/traffic-filter/rulesets/$RULE
 ::::
 
 
-## Delete a policy or rule set [ec-delete-a-rule-set]
+## Delete a policy or rule set [delete-policy-rs]
 
 Send a request like the following to delete a policy or rule set.
 
diff --git a/deploy-manage/security/network-security-policies.md b/deploy-manage/security/network-security-policies.md
index f0026032db..a7c2163560 100644
--- a/deploy-manage/security/network-security-policies.md
+++ b/deploy-manage/security/network-security-policies.md
@@ -10,7 +10,7 @@ applies_to:
 
 By default, in {{ech}} and {{serverless-full}}, all your deployments are accessible over the public internet without restrictions.
 
-Network security policies include [IP filters](/deploy-manage/security/ip-filtering-cloud.md) and [private connections](/deploy-manage/security/private-link-traffic-filters.md). They are created at the organization level, and need to be associated with one or more resources, such as a deployment or project, to take effect. After you associate at least one policy with a resource, traffic that does not match the policy or any other policy associated with the resource is denied.
+Network security policies include [IP filters](/deploy-manage/security/ip-filtering-cloud.md) and [private connections](/deploy-manage/security/private-connectivity.md). They are created at the organization level, and need to be associated with one or more resources, such as a deployment or project, to take effect. After you associate at least one policy with a resource, traffic that does not match the policy or any other policy associated with the resource is denied.
 
 Policies apply to external traffic only. Internal traffic is managed by the deployment or project. For example, in {{ech}}, {{kib}} can connect to {{es}}, as well as internal services which manage the deployment. Other deployments can’t connect to deployments protected by network security policies.
 
diff --git a/deploy-manage/security/traffic-filtering.md b/deploy-manage/security/network-security.md
similarity index 73%
rename from deploy-manage/security/traffic-filtering.md
rename to deploy-manage/security/network-security.md
index 90a1524325..43a1f9b0ba 100644
--- a/deploy-manage/security/traffic-filtering.md
+++ b/deploy-manage/security/network-security.md
@@ -43,8 +43,8 @@ You can also allow traffic to or from a [remote cluster](/deploy-manage/remote-c
 
 | Filter type | Description | Applicable deployment types |
 | --- | --- | --- |
-| [IP filters](ip-traffic-filtering.md) | Filter traffic from the public internet by allowlisting specific IP addresses and Classless Inter-Domain Routing (CIDR) masks.<br><br>• [In {{serverless-short}} or ECH](/deploy-manage/security/ip-filtering-cloud.md)<br><br>• [In ECE](/deploy-manage/security/ip-filtering-ece.md)<br><br>• [In ECK or self-managed](/deploy-manage/security/ip-filtering-basic.md) | {{serverless-short}}, ECH, ECE, ECK, and self-managed clusters |
-| [Private connectivity and VPC filtering](/deploy-manage/security/private-link-traffic-filters.md) | Establish private connections between {{es}} and other resources hosted by the same cloud provider using private link services, and further secure these connections using VPC filtering. Choose the relevant option for your region:<br><br>• AWS regions: [AWS PrivateLink](/deploy-manage/security/aws-privatelink-traffic-filters.md)<br><br>• Azure regions: [Azure Private Link](/deploy-manage/security/azure-private-link-traffic-filters.md)<br><br>• GCP regions: [GCP Private Service Connect](/deploy-manage/security/gcp-private-service-connect-traffic-filters.md) | {{ech}} only |
+| [IP filters](ip-filtering.md) | Filter traffic from the public internet by allowlisting specific IP addresses and Classless Inter-Domain Routing (CIDR) masks.<br><br>• [In {{serverless-short}} or ECH](/deploy-manage/security/ip-filtering-cloud.md)<br><br>• [In ECE](/deploy-manage/security/ip-filtering-ece.md)<br><br>• [In ECK or self-managed](/deploy-manage/security/ip-filtering-basic.md) | {{serverless-short}}, ECH, ECE, ECK, and self-managed clusters |
+| [Private connectivity and VPC filtering](/deploy-manage/security/private-connectivity.md) | Establish private connections between {{es}} and other resources hosted by the same cloud provider using private link services, and further secure these connections using VPC filtering. Choose the relevant option for your region:<br><br>• AWS regions: [AWS PrivateLink](/deploy-manage/security/private-connectivity-aws.md)<br><br>• Azure regions: [Azure Private Link](/deploy-manage/security/private-connectivity-azure.md)<br><br>• GCP regions: [GCP Private Service Connect](/deploy-manage/security/private-connectivity-gcp.md) | {{ech}} only |
 | [Kubernetes network policies](/deploy-manage/security/k8s-network-policies.md) | Isolate pods by restricting incoming and outgoing network connections to a trusted set of sources and destinations. | {{eck}} only |
 
 :::{include} _snippets/eck-traffic-filtering.md
diff --git a/deploy-manage/security/aws-privatelink-traffic-filters.md b/deploy-manage/security/private-connectivity-aws.md
similarity index 95%
rename from deploy-manage/security/aws-privatelink-traffic-filters.md
rename to deploy-manage/security/private-connectivity-aws.md
index 5617041bca..6b72dfe8c8 100644
--- a/deploy-manage/security/aws-privatelink-traffic-filters.md
+++ b/deploy-manage/security/private-connectivity-aws.md
@@ -99,10 +99,10 @@ The process of setting up a private connection with AWS PrivateLink is split bet
 | 1. [Create a VPC endpoint using {{ecloud}} service name.](#ec-aws-vpc-dns) |  |
 | 2. [Create a DNS record pointing to the VPC endpoint.](#ec-aws-vpc-dns) |  |
 |  | 3. **Optional**: [Create a private connection policy.](#ec-add-vpc-elastic)<br><br>A private connection policy is required to filter traffic using the VPC endpoint ID. |
-|  | 4. **Optional**: [Associate the private connection policy with deployments](#ec-associate-traffic-filter-private-link-rule-set). |
+|  | 4. **Optional**: [Associate the private connection policy with deployments](#associate-private-connection-policy). |
 |  | 5. [Interact with your deployments over PrivateLink](#ec-access-the-deployment-over-private-link). |
 
-After you create your private connection policy, you can [edit](#ec-edit-traffic-filter-private-link-rule-set), [disconnect](#remove-filter-deployment), or [delete](#ec-delete-traffic-filter-private-link-rule-set) it.
+After you create your private connection policy, you can [edit](#edit-private-connection-policy), [disassociate](#remove-private-connection-policy), or [delete](#delete-private-connection-policy) it.
 
 :::{admonition} Private connection policies are optional
 Private connection policies are optional for AWS PrivateLink. After the VPC endpoint and DNS record are created, private connectivity is established.
@@ -226,8 +226,8 @@ Creating a private connection policy and associating it with your deployments al
 Follow these high-level steps to add a private connection policy that can be associated with your deployments.
 
 1. Optional: [Find your VPC endpoint ID](#ec-find-your-endpoint).
-2. [Create a private connection policy using the VPC endpoint](#ec-create-traffic-filter-private-link-rule-set).
-3. [Associate the VPC endpoint with your deployment](#ec-associate-traffic-filter-private-link-rule-set).
+2. [Create a private connection policy using the VPC endpoint](#create-private-connection-policy).
+3. [Associate the VPC endpoint with your deployment](#associate-private-connection-policy).
 
 ### Optional: Find your VPC endpoint ID [ec-find-your-endpoint]
 
@@ -240,7 +240,7 @@ You can find your VPC endpoint ID in the AWS console:
 :screenshot:
 :::
 
-### Create a new private connection policy [ec-create-traffic-filter-private-link-rule-set]
+### Create a new private connection policy [create-private-connection-policy]
 
 Create a new private connection policy.
 
@@ -267,11 +267,11 @@ Create a new private connection policy.
 13. Optional: Under **Apply to resources**, associate the new private connection policy with one or more deployments. If you specified a VPC filter, then after you associate the filter with a deployment, it starts filtering traffic.
 14. To automatically attach this private connection policy to new deployments, select **Apply by default**.
 15.  Click **Create**.
-16. (Optional) You can [claim your VPC endpoint ID](/deploy-manage/security/claim-traffic-filter-link-id-ownership-through-api.md), so that no other organization is able to use it in a private connection policy.
+16. (Optional) You can [claim your VPC endpoint ID](/deploy-manage/security/claim-private-connection-api.md), so that no other organization is able to use it in a private connection policy.
 
-The next step is to [associate the policy](#ec-associate-traffic-filter-private-link-rule-set) with your deployment.
+The next step is to [associate the policy](#associate-private-connection-policy) with your deployment.
 
-### Optional: Associate a private connection policy with a deployment [ec-associate-traffic-filter-private-link-rule-set]
+### Optional: Associate a private connection policy with a deployment [associate-private-connection-policy]
 
 You can associate a private connection policy with your deployment from the policy's settings, or from your deployment's settings. 
 
@@ -342,7 +342,7 @@ To access the deployment:
 
 After you create your private connection policy, you can edit it, remove it from your deployment, or delete it.
 
-### Edit a private connection policy [ec-edit-traffic-filter-private-link-rule-set]
+### Edit a private connection policy [edit-private-connection-policy]
 
 You can edit a policy's name, description, VPC endpoint ID, and more.
 
@@ -355,7 +355,7 @@ You can edit a policy's name, description, VPC endpoint ID, and more.
 You can also edit private connection policies from your deployment's **Security** page or your project's **Network security** page.
 :::
 
-### Remove a private connection policy from your deployment [remove-filter-deployment]
+### Remove a private connection policy from your deployment [remove-private-connection-policy]
 
 If you want to a specific policy from a deployment, or delete the policy, then you need to disconnect it from any associated deployments first. You can do this from the policy's settings, or from your deployment's settings. To remove an association through the UI:
 
@@ -376,7 +376,7 @@ If you want to a specific policy from a deployment, or delete the policy, then y
 7. Click **Update** to save your changes.
 
 
-### Delete a private connection policy [ec-delete-traffic-filter-private-link-rule-set]
+### Delete a private connection policy [delete-private-connection-policy]
 
 If you need to remove a policy, you must first remove any associations with deployments.
 
diff --git a/deploy-manage/security/azure-private-link-traffic-filters.md b/deploy-manage/security/private-connectivity-azure.md
similarity index 92%
rename from deploy-manage/security/azure-private-link-traffic-filters.md
rename to deploy-manage/security/private-connectivity-azure.md
index c5de783aa7..e8aeb82308 100644
--- a/deploy-manage/security/azure-private-link-traffic-filters.md
+++ b/deploy-manage/security/private-connectivity-azure.md
@@ -70,9 +70,10 @@ The process of setting up the private connection with Azure Private link is spli
 | 1. [Create a private endpoint using {{ecloud}} service alias](#ec-private-link-azure-dns). |  |
 | 2. [Create a DNS record pointing to the private endpoint](#ec-private-link-azure-dns). |  |
 |  | 3. [Create a private connection policy](#ec-azure-allow-traffic-from-link-id). |
-|  | 4. [Associate the Azure private connection policy with your deployments](#ec-associate-traffic-filter-private-link-rule-set). |
+|  | 4. [Associate the Azure private connection policy with your deployments](#associate-private-connection-policy). |
 |  | 5. [Interact with your deployments over Private Link](#ec-azure-access-the-deployment-over-private-link). |
 
+After you create your private connection policy, you can [edit](#edit-private-connection-policy), [disassociate](#remove-private-connection-policy), or [delete](#delete-private-connection-policy) it.
 
 ### Create your private endpoint and DNS entries in Azure [ec-private-link-azure-dns]
 
@@ -80,7 +81,7 @@ The process of setting up the private connection with Azure Private link is spli
 
     Follow the [Azure instructions](https://docs.microsoft.com/en-us/azure/private-link/create-private-endpoint-portal#create-a-private-endpoint) for details on creating a private endpoint to an endpoint service.
 
-    Use [the service aliases for your region](/deploy-manage/security/azure-private-link-traffic-filters.md#ec-private-link-azure-service-aliases). Select the **Connect to an Azure resource by resource ID or alias** option. For example for the region `eastus2` the service alias is `eastus2-prod-002-privatelink-service.64359fdd-7893-4215-9929-ece3287e1371.eastus2.azure.privatelinkservice`
+    Use [the service aliases for your region](#ec-private-link-azure-service-aliases). Select the **Connect to an Azure resource by resource ID or alias** option. For example for the region `eastus2` the service alias is `eastus2-prod-002-privatelink-service.64359fdd-7893-4215-9929-ece3287e1371.eastus2.azure.privatelinkservice`
 
     ::::{note}
     The Private Link endpoint is created in the `Awaiting Approval` state. We validate and approve the endpoints when you create the private connection policy using the Private Link `resource ID`, as described in the next section [Create a private connection policy](#ec-azure-allow-traffic-from-link-id).
@@ -110,9 +111,9 @@ Follow these high-level steps to add a private connection policy that can be ass
 
 1. [Find your private endpoint resource name](#ec-find-your-resource-name).
 2. [Find your private endpoint resource ID](#ec-find-your-resource-id).
-3. [Create policies using the Private Link Endpoint resource ID](#ec-azure-create-traffic-filter-private-link-rule-set).
+3. [Create policies using the Private Link Endpoint resource ID](#create-private-connection-policy).
 4. [Test the connection](#test-the-connection).
-5. [Associate the private endpoint with your deployment](#ec-associate-traffic-filter-private-link-rule-set).
+5. [Associate the private endpoint with your deployment](#associate-private-connection-policy).
 
 ### Find your private endpoint resource name [ec-find-your-resource-name]
 
@@ -137,7 +138,7 @@ Follow these high-level steps to add a private connection policy that can be ass
 :::
 
 
-### Create a policy using the Private Link Endpoint resource [ec-azure-create-traffic-filter-private-link-rule-set]
+### Create a policy using the Private Link Endpoint resource [create-private-connection-policy]
 
 When you have your private endpoint name and ID, you can create a private connection policy.
 
@@ -177,11 +178,11 @@ The Private Link connection will be approved automatically after the private con
 
 10. To automatically attach this private connection policy to new deployments, select **Apply by default**.
 11.  Click **Create**.
-12. Optional: You can [claim your Private Endpoint resource name and ID](/deploy-manage/security/claim-traffic-filter-link-id-ownership-through-api.md), so that no other organization is able to use it in a private connection policy.
+12. Optional: You can [claim your Private Endpoint resource name and ID](/deploy-manage/security/claim-private-connection-api.md), so that no other organization is able to use it in a private connection policy.
 
 Creating the policy approves the Private Link connection.
 
-After the private link connection is approved, you can optionally [test the connection](#test-the-connection), and then [associate the policy](#ec-associate-traffic-filter-private-link-rule-set) with your deployment.
+After the private link connection is approved, you can optionally [test the connection](#test-the-connection), and then [associate the policy](#associate-private-connection-policy) with your deployment.
 
 ### Test the connection
 
@@ -246,11 +247,7 @@ $ curl -v https://my-deployment-d53192.es.privatelink.eastus2.azure.elastic-clou
 curl: (7) Failed to connect to my-deployment-d53192.es.privatelink.eastus2.azure.elastic-cloud.com port 9243: No route to host
 ```
 
-
-The next step is to [associate the policy](/deploy-manage/security/aws-privatelink-traffic-filters.md#ec-associate-traffic-filter-private-link-rule-set) with your deployment.
-
-
-### Associate a private connection policy with a deployment [ec-associate-traffic-filter-private-link-rule-set]
+### Associate a private connection policy with a deployment [associate-private-connection-policy]
 
 You can associate a private connection policy with your deployment from the policy's settings, or from your deployment's settings. 
 
@@ -344,7 +341,7 @@ This means your deployment on {{ecloud}} can be in a different region than the P
     1. Create your Private Link Endpoint using the service alias for region 2 in the region 1 VNET (let’s call this VNET1).
     2. Create a Private Hosted Zone for region 2, and associate it with VNET1 similar to the step [Create a Private Link endpoint and DNS](#ec-private-link-azure-dns). Note that you are creating these resources in region 1, VNET1.
 
-2. [Create a private connection policy](#ec-azure-create-traffic-filter-private-link-rule-set) in the region where your deployment is hosted, and [associate it](#ec-associate-traffic-filter-private-link-rule-set) with your deployment.
+2. [Create a private connection policy](#create-private-connection-policy) in the region where your deployment is hosted, and [associate it](#associate-private-connection-policy) with your deployment.
    
 3. [Test the connection](#ec-azure-access-the-deployment-over-private-link) from a VM or client in region 1 to your Private Link endpoint, and it should be able to connect to your {{es}} cluster hosted in region 2.
 
@@ -352,7 +349,7 @@ This means your deployment on {{ecloud}} can be in a different region than the P
 
 After you create your private connection policy, you can edit it, remove it from your deployment, or delete it.
 
-### Edit a private connection policy [ec-azure-edit-traffic-filter-private-link-rule-set]
+### Edit a private connection policy [edit-private-connection-policy]
 
 You can edit a policy's name, description, VPC endpoint ID, and more.
 
@@ -365,7 +362,7 @@ You can edit a policy's name, description, VPC endpoint ID, and more.
 You can also edit network security policies from your deployment's **Security** page or your project's **Network security** page.
 :::
 
-### Remove a private connection policy from your deployment [remove-filter-deployment]
+### Remove a private connection policy from your deployment [remove-private-connection-policy]
 
 If you want to a specific policy from a deployment, or delete the policy, then you need to disconnect it from any associated deployments first. You can do this from the policy's settings, or from your deployment's settings. To remove an association through the UI:
 
@@ -385,7 +382,7 @@ If you want to a specific policy from a deployment, or delete the policy, then y
 6. Under **Apply to resources**, click the `x` beside the resource that you want to disconnect.
 7. Click **Update** to save your changes.
 
-### Delete a private connection policy [ec-azure-delete-traffic-filter-private-link-rule-set]
+### Delete a private connection policy [delete-private-connection-policy]
 
 If you need to remove a policy, you must first remove any associations with deployments.
 
diff --git a/deploy-manage/security/gcp-private-service-connect-traffic-filters.md b/deploy-manage/security/private-connectivity-gcp.md
similarity index 92%
rename from deploy-manage/security/gcp-private-service-connect-traffic-filters.md
rename to deploy-manage/security/private-connectivity-gcp.md
index ab97fd5df7..d38b3f2a1d 100644
--- a/deploy-manage/security/gcp-private-service-connect-traffic-filters.md
+++ b/deploy-manage/security/private-connectivity-gcp.md
@@ -75,11 +75,11 @@ The process of setting up the Private link connection to your deployments is spl
 | --- | --- |
 | [1. Create a Private Service Connect endpoint using {{ecloud}} Service Attachment URI.](#ec-private-service-connect-enpoint-dns) |  |
 | [2. Create a DNS record pointing to the Private Service Connect endpoint.](#ec-private-service-connect-enpoint-dns) |  |
-|  | [3. Optional: Create a private connection policy with the PSC Connection ID.](#ec-psc-create-traffic-filter-psc-rule-set) |
-|  | [4. Optional: Associate the private connection policy with your deployments.](#ec-psc-associate-traffic-filter-psc-rule-set) |
+|  | [3. Optional: Create a private connection policy with the PSC Connection ID.](#create-private-connection-policy) |
+|  | [4. Optional: Associate the private connection policy with your deployments.](#associate-private-connection-policy) |
 |  | [5. Interact with your deployments over Private Service Connect.](#ec-psc-access-the-deployment-over-psc) |
 
-After you create your private connection policy, you can [edit](#ec-edit-traffic-filter-psc-rule-set), [disconnect](#remove-filter-deployment), or [delete](#ec-delete-traffic-filter-psc-rule-set) it.
+After you create your private connection policy, you can [edit](#edit-private-connection-policy), [disassociate](#remove-private-connection-policy), or [delete](#delete-private-connection-policy) it.
 
 :::{admonition} Private connection policies are optional
 Private connection policies are optional for GCP Private Service Connect. After the Private Service Connect endpoint and DNS record are created, private connectivity is established.
@@ -97,7 +97,7 @@ Creating a private connection policy and associating it with your deployments al
 
     Follow the [Google Cloud instructions](https://cloud.google.com/vpc/docs/configure-private-service-connect-services#create-endpoint) for details on creating a Private Service Connect endpoint to access Private Service Connect services.
 
-    Use [the Service Attachment URI for your region](/deploy-manage/security/gcp-private-service-connect-traffic-filters.md#ec-private-service-connect-uris). Select the **Published service** option and enter the selected Service Attachment URI as the **Target service**. For example, for the region `asia-southeast1` the Service Attachment URI is `projects/cloud-production-168820/regions/asia-southeast1/serviceAttachments/proxy-psc-production-asia-southeast1-v1-attachment`
+    Use [the Service Attachment URI for your region](#ec-private-service-connect-uris). Select the **Published service** option and enter the selected Service Attachment URI as the **Target service**. For example, for the region `asia-southeast1` the Service Attachment URI is `projects/cloud-production-168820/regions/asia-southeast1/serviceAttachments/proxy-psc-production-asia-southeast1-v1-attachment`
 
     ::::{note}
     you need to [reserve a static internal IP address](https://cloud.google.com/compute/docs/ip-addresses/reserve-static-internal-ip-address) in your VPC. The address is used by Private Service Connect endpoint.
@@ -173,8 +173,8 @@ Creating a private connection policy and associating it with your deployments al
 Follow these high-level steps to add a private connection policy that can be associated with your deployments.
 
 1. Optional: [Find your Private Service Connect connection ID](#ec-find-your-psc-connection-id).
-2. [Create policies using the Private Service Connect endpoint connection ID](#ec-psc-create-traffic-filter-psc-rule-set).
-3. [Associate the Private Service Connect endpoint with your deployment](#ec-psc-associate-traffic-filter-psc-rule-set).
+2. [Create policies using the Private Service Connect endpoint connection ID](#create-private-connection-policy).
+3. [Associate the Private Service Connect endpoint with your deployment](#associate-private-connection-policy).
 
 ### Optional: Find your Private Service Connect connection ID [ec-find-your-psc-connection-id]
 
@@ -183,7 +183,7 @@ The PSC connection ID is only required if you want to filter traffic to your dep
 1. Go to your Private Service Connect endpoint in the Google Cloud console.
 2. Copy the value of **PSC Connection ID**.
 
-### Create a new private connection policy [ec-psc-create-traffic-filter-psc-rule-set]
+### Create a new private connection policy [create-private-connection-policy]
 
 Create a new private connection policy.
 
@@ -210,11 +210,11 @@ Create a new private connection policy.
 13. Optional: Under **Apply to resources**, associate the new private connection policy with one or more deployments. If you specified a VPC filter, then after you associate the filter with a deployment, it starts filtering traffic.
 14. To automatically attach this private connection policy to new deployments, select **Apply by default**.
 15.  Click **Create**.
-16. (Optional) You can [claim your Private Service Connect endpoint connection ID](/deploy-manage/security/claim-traffic-filter-link-id-ownership-through-api.md), so that no other organization is able to use it in a private connection policy.
+16. (Optional) You can [claim your Private Service Connect endpoint connection ID](/deploy-manage/security/claim-private-connection-api.md), so that no other organization is able to use it in a private connection policy.
 
-The next step is to [associate the policy](#ec-psc-associate-traffic-filter-psc-rule-set) with your deployment.
+The next step is to [associate the policy](#associate-private-connection-policy) with your deployment.
 
-### Optional: Associate a policy with a deployment [ec-psc-associate-traffic-filter-psc-rule-set]
+### Optional: Associate a policy with a deployment [associate-private-connection-policy]
 
 You can associate a private connection policy with your deployment from the policy's settings, or from your deployment's settings. 
 
@@ -282,7 +282,7 @@ To access the deployment:
 
 After you create your private connection policy, you can edit it, remove it from your deployment, or delete it.
 
-### Edit a private connection policy [ec-edit-traffic-filter-psc-rule-set]
+### Edit a private connection policy [edit-private-connection-policy]
 
 You can edit a policy's name, description, VPC endpoint ID, and more.
 
@@ -296,7 +296,7 @@ You can also edit network security policies from your deployment's **Security**
 :::
 
 
-### Remove a private connection policy from your deployment [remove-filter-deployment]
+### Remove a private connection policy from your deployment [remove-private-connection-policy]
 
 If you want to a specific policy from a deployment, or delete the policy, then you need to disconnect it from any associated deployments first. You can do this from the policy's settings, or from your deployment's settings. To remove an association through the UI:
 
@@ -330,7 +330,7 @@ If you want to a specific policy from a deployment, or delete the policy, then y
 6. Under **Apply to resources**, click the `x` beside the resource that you want to disconnect.
 7. Click **Update** to save your changes.
 
-### Delete a private connection policy [ec-delete-traffic-filter-psc-rule-set]
+### Delete a private connection policy [delete-private-connection-policy]
 
 If you need to remove a policy, you must first remove any associations with deployments.
 
diff --git a/deploy-manage/security/private-link-traffic-filters.md b/deploy-manage/security/private-connectivity.md
similarity index 78%
rename from deploy-manage/security/private-link-traffic-filters.md
rename to deploy-manage/security/private-connectivity.md
index 1574213a86..4c0047a536 100644
--- a/deploy-manage/security/private-link-traffic-filters.md
+++ b/deploy-manage/security/private-connectivity.md
@@ -18,11 +18,11 @@ Choose the relevant option for your cloud service provider:
 
 | Cloud service provider | Service |
 | --- | --- |
-| AWS | [AWS PrivateLink](/deploy-manage/security/aws-privatelink-traffic-filters.md) |
-| Azure | [Azure Private Link](/deploy-manage/security/azure-private-link-traffic-filters.md) |
-| GCP | [GCP Private Service Connect](/deploy-manage/security/gcp-private-service-connect-traffic-filters.md) |
+| AWS | [AWS PrivateLink](/deploy-manage/security/private-connectivity-aws.md) |
+| Azure | [Azure Private Link](/deploy-manage/security/private-connectivity-azure.md) |
+| GCP | [GCP Private Service Connect](/deploy-manage/security/private-connectivity-gcp.md) |
 
-After you set up your private connection, you can [claim ownership of your private connection ID](/deploy-manage/security/claim-traffic-filter-link-id-ownership-through-api.md) to prevent other organizations from using it.
+After you set up your private connection, you can [claim ownership of your private connection ID](/deploy-manage/security/claim-private-connection-api.md) to prevent other organizations from using it.
 
 To learn how private connection policies work, how they affect your deployment, and how they interact with [IP filter policies](ip-filtering-cloud.md), refer to [](/deploy-manage/security/network-security-policies.md).
 
diff --git a/deploy-manage/toc.yml b/deploy-manage/toc.yml
index a327709a4b..9c17d7516c 100644
--- a/deploy-manage/toc.yml
+++ b/deploy-manage/toc.yml
@@ -484,22 +484,22 @@ toc:
                 children:
                   - file: security/k8s-https-settings.md
                   - file: security/k8s-transport-settings.md
-          - file: security/traffic-filtering.md
+          - file: security/network-security.md
             children:
               - file: security/network-security-policies.md
               - file: security/ece-filter-rules.md
-              - file: security/ip-traffic-filtering.md
+              - file: security/ip-filtering.md
                 children:
                   - file: security/ip-filtering-cloud.md
                   - file: security/ip-filtering-ece.md
                   - file: security/ip-filtering-basic.md
-              - file: security/private-link-traffic-filters.md
+              - file: security/private-connectivity.md
                 children:
-                  - file: security/aws-privatelink-traffic-filters.md
-                  - file: security/azure-private-link-traffic-filters.md
-                  - file: security/gcp-private-service-connect-traffic-filters.md
-                  - file: security/claim-traffic-filter-link-id-ownership-through-api.md
-              - file: security/ec-traffic-filtering-through-the-api.md
+                  - file: security/private-connectivity-aws.md
+                  - file: security/private-connectivity-azure.md
+                  - file: security/private-connectivity-gcp.md
+                  - file: security/claim-private-connection-api.md
+              - file: security/network-security-api.md
               - file: security/k8s-network-policies.md
           - file: security/elastic-cloud-static-ips.md
           - file: security/kibana-session-management.md
diff --git a/deploy-manage/users-roles.md b/deploy-manage/users-roles.md
index b01706d51f..0abb16ad9c 100644
--- a/deploy-manage/users-roles.md
+++ b/deploy-manage/users-roles.md
@@ -22,7 +22,7 @@ The methods that you use to authenticate users and control access depends on the
 ::::{note}
 Preventing unauthorized access is only one element of a complete security strategy. To secure your Elastic environment, you can also do the following:
  
-* Restrict the nodes and clients that can connect to the cluster using [traffic filters](/deploy-manage/security/traffic-filtering.md). 
+* Restrict the nodes and clients that can connect to the cluster using [network security](/deploy-manage/security/network-security.md) policies. 
 * Take steps to maintain your data integrity and confidentiality by [encrypting HTTP and inter-node communications](/deploy-manage/security/secure-cluster-communications.md), as well as [encrypting your data at rest](/deploy-manage/security/data-security.md).
 * Maintain an [audit trail](/deploy-manage/security/logging-configuration/security-event-audit-logging.md) for security-related events.
 * Control access to dashboards and other saved objects in your UI using [{{kib}} spaces](/deploy-manage/manage-spaces.md). 
diff --git a/deploy-manage/users-roles/cluster-or-deployment-auth/operator-only-functionality.md b/deploy-manage/users-roles/cluster-or-deployment-auth/operator-only-functionality.md
index 0d97d9da12..20964f86f0 100644
--- a/deploy-manage/users-roles/cluster-or-deployment-auth/operator-only-functionality.md
+++ b/deploy-manage/users-roles/cluster-or-deployment-auth/operator-only-functionality.md
@@ -35,7 +35,7 @@ Operator privileges provide protection for APIs and dynamic cluster settings. An
 
 ## Operator-only dynamic cluster settings [operator-only-dynamic-cluster-settings]
 
-* All [IP filtering](../../security/ip-traffic-filtering.md) settings
+* All [IP filtering](../../security/ip-filtering.md) settings
 * The following dynamic [machine learning settings](elasticsearch://reference/elasticsearch/configuration-reference/machine-learning-settings.md):
 
     * `xpack.ml.node_concurrent_job_allocations`
diff --git a/redirects.yml b/redirects.yml
index 9db6cbf393..e9d430f1b2 100644
--- a/redirects.yml
+++ b/redirects.yml
@@ -2,7 +2,7 @@ redirects:
   'deploy-manage/security/secure-http-communications.md': '!deploy-manage/security/secure-cluster-communications.md'
   'deploy-manage/security/manually-configure-security-in-self-managed-cluster.md': '!deploy-manage/security/self-setup.md'
   'deploy-manage/security/security-certificates-keys.md': '!deploy-manage/security/self-auto-setup.md'
-  'deploy-manage/security/ece-traffic-filtering-through-the-api.md': 'deploy-manage/security/ec-traffic-filtering-through-the-api.md'
+  'deploy-manage/security/ece-traffic-filtering-through-the-api.md': 'deploy-manage/security/network-security-api.md'
   'deploy-manage/security/install-stack-demo-secure.md': '!deploy-manage/security/self-setup.md'
   'reference/observability/fields-and-object-schemas/logs-app-fields.md': '!reference/observability/fields-and-object-schemas.md'
   'reference/observability/fields-and-object-schemas/metrics-app-fields.md': '!reference/observability/fields-and-object-schemas.md'
@@ -173,7 +173,7 @@ redirects:
   'solutions/observability/apps/writer-role.md': 'solutions/observability/synthetics/writer-role.md'
   'solutions/observability/apps/reader-role.md': 'solutions/observability/synthetics/reader-role.md'
   'solutions/observability/apps/manage-data-retention.md': 'solutions/observability/synthetics/manage-data-retention.md'
-  'solutions/observability/apps/use-synthetics-with-traffic-filters.md': 'solutions/observability/synthetics/traffic-filters.md'
+  'solutions/observability/apps/use-synthetics-with-traffic-filters.md': 'solutions/observability/synthetics/network-security.md'
   'solutions/observability/apps/migrate-from-elastic-synthetics-integration.md': 'solutions/observability/synthetics/migrate-from-elastic-synthetics-integration.md'
   'solutions/observability/apps/scale-architect-synthetics-deployment.md': 'solutions/observability/synthetics/scale-architect-synthetics-deployment.md'
   'solutions/observability/apps/synthetics-support-matrix.md': 'solutions/observability/synthetics/support-matrix.md'
@@ -212,9 +212,81 @@ redirects:
 # Related to https://github.com/elastic/docs-content/pull/1329
   'manage-data/ingest/transform-enrich/ingest-pipelines-serverless.md': 'manage-data/ingest/transform-enrich/ingest-pipelines.md'
 
+# Rebranded traffic filters to network security, privatelink to private connectivity
+  'deploy-manage/security/traffic-filtering.md': 'deploy-manage/security/network-security.md'
+  'deploy-manage/security/private-link-traffic-filters.md': 'deploy-manage/security/private-connectivity.md'
+  'deploy-manage/security/ip-traffic-filtering.md': 'deploy-manage/security/ip-filtering.md'
+  'deploy-manage/security/gcp-private-service-connect-traffic-filters.md': 
+    to: 'deploy-manage/security/private-connectivity-gcp.md'
+    anchors:
+      'ec-psc-create-traffic-filter-psc-rule-set': 'create-private-connection-policy'
+      'ec-psc-associate-traffic-filter-psc-rule-set': 'associate-private-connection-policy'
+      'ec-edit-traffic-filter-psc-rule-set': 'edit-private-connection-policy'
+      'remove-filter-deployment': 'remove-private-connection-policy'
+      'ec-delete-traffic-filter-psc-rule-set': 'delete-private-connection-policy'
+  'deploy-manage/security/aws-privatelink-traffic-filters.md': 
+    to: 'deploy-manage/security/private-connectivity-aws.md'
+    anchors:
+      'ec-associate-traffic-filter-private-link-rule-set': 'associate-private-connection-policy'
+      'ec-edit-traffic-filter-private-link-rule-set': 'edit-private-connection-policy'
+      'ec-delete-traffic-filter-private-link-rule-set': 'delete-private-connection-policy'
+      'remove-filter-deployment': 'remove-private-connection-policy'
+      'ec-create-traffic-filter-private-link-rule-set': 'create-private-connection-policy'
+  'deploy-manage/security/azure-private-link-traffic-filters.md': 
+    to: 'deploy-manage/security/private-connectivity-azure.md'
+    anchors:
+      'ec-associate-traffic-filter-private-link-rule-set': 'associate-private-connection-policy'
+      'ec-azure-edit-traffic-filter-private-link-rule-set': 'edit-private-connection-policy'
+      'remove-filter-deployment': 'remove-private-connection-policy'
+      'ec-azure-delete-traffic-filter-private-link-rule-set': 'delete-private-connection-policy'
+      ec-azure-create-traffic-filter-private-link-rule-set': 'create-private-connection-policy'
+  'deploy-manage/security/ec-traffic-filtering-through-the-api.md': 
+    to: 'deploy-manage/security/network-security-api.md'
+    anchors:
+      'ec-create-a-traffic-filter-rule-set': 'create-ip-filter-policy'
+      'ec-ip-traffic-filters-ingress-rule-set': 'ip-filter-policy-ingress'
+      'ec-ip-traffic-filters-egress-rule-set': 'ip-filter-policy-egress'
+      'ec-aws-privatelink-traffic-filters-rule-set': 'private-connection-policy-aws'
+      'ec-azure-privatelink-traffic-filters-rule-set': 'private-connection-policy-azure'
+      'ec-gcp-private-service-connect-traffic-filters-rule-set': 'private-connection-policy-gcp'
+      'ec-update-a-traffic-filter-rule-set': 'update-policy-rs'
+      'ec-associate-rule-set-with-a-deployment': 'associate-policy-rs-with-deployment'
+      'ec-delete-rule-set-association-with-a-deployment': 'delete-policy-rs-association-with-deployment'
+      'ec-delete-a-rule-set': 'delete-policy-rs'
+  'deploy-manage/security/claim-traffic-filter-link-id-ownership-through-api.md': 
+    to: 'deploy-manage/security/claim-private-connection-api.md'
+    anchors:
+      'ec-claim-a-traffic-filter-link-id': 'claim-private-connection-id'
+      'ec-list-claimed-traffic-filter-link-id': 'list-claimed-private-connection-ids'
+      'ec-unclaim-a-traffic-filter-link-id': 'unclaim-private-connection-id'
+  'solutions/observability/synthetics/traffic-filters.md': 
+    to: 'solutions/observability/synthetics/network-security.md'
+    anchors:
+      '_add_the_traffic_filter': '_add_the_ip_filter'
+  'deploy-manage/deploy/elastic-cloud/restrictions-known-problems.md':
+    anchors: {}
+    many:
+    - to: 'deploy-manage/deploy/elastic-cloud/restrictions-known-problems.md'
+      anchors:
+        'ec-restrictions-fleet-traffic-filters': 'ec-restrictions-fleet-network-security'
+        'ec-restrictions-traffic-filters-kibana-sso': 'ec-restrictions-network-security-kibana-sso'
+        'ec-restrictions-traffic-filters-watcher': 'ec-restrictions-network-security-watcher'
+  'deploy-manage/deploy/elastic-cloud/azure-native-isv-service.md':
+    to: 'deploy-manage/deploy/elastic-cloud/azure-native-isv-service.md'
+    anchors:
+      'azure-integration-deployment-failed-traffic-filter': 'azure-integration-deployment-failed-network-security'
+  'deploy-manage/remote-clusters/ec-enable-ccs.md':
+    to: 'deploy-manage/remote-clusters/ec-enable-ccs.md'
+    anchors:
+      'ec-ccs-ccr-traffic-filtering': 'ec-ccs-ccr-network-security'
+  'deploy-manage/remote-clusters/ece-enable-ccs.md':
+    to: 'deploy-manage/remote-clusters/ece-enable-ccs.md'
+    anchors:
+      'ece-ccs-ccr-traffic-filtering': 'ece-ccs-ccr-network-security'
+  
 # Related to https://github.com/elastic/docs-content/pull/2010
   'manage-data/lifecycle/index-lifecycle-management/index-management-in-kibana.md': 'manage-data/data-store/index-basics.md'
 
   # Related to https://github.com/elastic/docs-content/pull/2097
   'explore-analyze/machine-learning/machine-learning-in-kibana/xpack-ml-anomalies.md': 'explore-analyze/machine-learning/anomaly-detection.md'
-  'explore-analyze/machine-learning/machine-learning-in-kibana/xpack-ml-dfa-analytics.md': 'explore-analyze/machine-learning/data-frame-analytics.md'
\ No newline at end of file
+  'explore-analyze/machine-learning/machine-learning-in-kibana/xpack-ml-dfa-analytics.md': 'explore-analyze/machine-learning/data-frame-analytics.md'
diff --git a/reference/fleet/remote-elasticsearch-output.md b/reference/fleet/remote-elasticsearch-output.md
index 9086c08abf..cf29dc26b4 100644
--- a/reference/fleet/remote-elasticsearch-output.md
+++ b/reference/fleet/remote-elasticsearch-output.md
@@ -20,7 +20,7 @@ This feature is part of the Enterprise subscription offering under the name of *
 
 These limitations apply to remote {{es}} output:
 
-* Using a remote {{es}} output with a target cluster that has [traffic filters](/deploy-manage/security/traffic-filtering.md) enabled is not currently supported.
+* Using a remote {{es}} output with a target cluster that has [network security](/deploy-manage/security/network-security.md) enabled is not currently supported.
 * Using {{elastic-defend}} is currently not supported when a remote {{es}} output is configured for an agent.
 
 ## Configuration
diff --git a/solutions/observability/synthetics/create-monitors-with-projects.md b/solutions/observability/synthetics/create-monitors-with-projects.md
index 289ce5931f..e1b5328d3d 100644
--- a/solutions/observability/synthetics/create-monitors-with-projects.md
+++ b/solutions/observability/synthetics/create-monitors-with-projects.md
@@ -50,7 +50,7 @@ You should also decide where you want to run the monitors before getting started
 % Stateful only for following note?
 
 ::::{note}
-If you are setting up Synthetics for a deployment configured with [traffic filters](/deploy-manage/security/traffic-filtering.md), connections into {{es}} are restricted and results will not be able to be written back into {{es}} unless granted. For more details, refer to [Use Synthetics with traffic filters](/solutions/observability/synthetics/traffic-filters.md).
+If you are setting up Synthetics for a deployment configured with [network security](/deploy-manage/security/network-security.md), connections into {{es}} are restricted and results will not be able to be written back into {{es}} unless granted. For more details, refer to [Use Synthetics with network security](/solutions/observability/synthetics/network-security.md).
 
 ::::
 
diff --git a/solutions/observability/synthetics/traffic-filters.md b/solutions/observability/synthetics/network-security.md
similarity index 64%
rename from solutions/observability/synthetics/traffic-filters.md
rename to solutions/observability/synthetics/network-security.md
index 9be6d774ff..6cacc2ba0d 100644
--- a/solutions/observability/synthetics/traffic-filters.md
+++ b/solutions/observability/synthetics/network-security.md
@@ -3,19 +3,20 @@ mapped_pages:
   - https://www.elastic.co/guide/en/observability/current/synthetics-traffic-filters.html
 applies_to:
   stack:
+  serverless:
 products:
   - id: observability
 ---
 
-# Use Synthetics with traffic filters [synthetics-traffic-filters]
+# Use Synthetics with network security
 
-If you are setting up Synthetics for a deployment configured with [traffic filters](/deploy-manage/security/traffic-filtering.md), none of your results will be visible in the {{synthetics-app}} until permission to write the results to {{es}} is explicitly granted.
+If you are setting up Synthetics for a deployment configured with [network security](/deploy-manage/security/network-security.md), specifically IP filters or VCP filters, none of your results will be visible in the {{synthetics-app}} until permission to write the results to {{es}} is explicitly granted.
 
-If you don’t configure the traffic filters, the tests will run, but in the UI it will appear like they are not running because the results cannot be written back to {{es}}.
+If you don’t configure additional IP filters, the tests will run, but in the UI it will appear like they are not running because the results cannot be written back to {{es}}.
 
 ## Obtain the IP address [_obtain_the_ip_address]
 
-The IP address or CIDR block of the hosts running the tests need to be configured in your [Traffic filters](/deploy-manage/security/ip-traffic-filtering.md) to allow inbound connection into your {{es}} instance to store the results.
+The IP address or CIDR block of the hosts running the tests need to be configured in your [IP filters](/deploy-manage/security/ip-filtering.md) to allow inbound connection into your {{es}} instance to store the results.
 
 The IP addresses to be used depend on where the monitors are running, either on Elastic’s global managed testing infrastructure or {{private-location}}s.
 
@@ -43,16 +44,13 @@ Note that as regions are added, this list will change. Similarly existing region
 
 If you’re running tests from [{{private-location}}s](/solutions/observability/synthetics/monitor-resources-on-private-networks.md), you will have the {{agent}} installed on host machines that run the tests. You need to obtain the address ranges for these machines. This needs to be the IP address that the host is making the connection from into the {{es}} cluster. This *might not* be the IP address bound to the network interface of the host machine, but the proxy or other address based on your network configuration.
 
-## Add the traffic filter [_add_the_traffic_filter]
+## Add the IP filter [_add_the_ip_filter]
 
-Once you know the CIDR blocks for your testing sources, add them to your {{es}} deployment. Find detailed instructions in the [IP traffic filters](/deploy-manage/security/ip-traffic-filtering.md) docs.
+Once you know the CIDR blocks for your testing sources, add them to your {{es}} deployment. Find detailed instructions in the [](/deploy-manage/security/ip-filtering.md) docs.
 
-For example, if you had a {{private-location}} running with a public CIDR block of `1.2.3.4/32` and were running tests from the `Europe - United Kingdom` region, you would first create a traffic filter with the following:
+For example, if you had a {{private-location}} running with a public CIDR block of `1.2.3.4/32` and were running tests from the `Europe - United Kingdom` region, you would first create an IP filter with the following sources:
 
-:::{image} /solutions/images/observability-synthetics-traffic-filters-create-filter.png
-:alt: Create a traffic filter in {{ecloud}}
-:screenshot:
-:::
-
-Once the traffic filter has been created, it needs to be assigned to the deployment from which you’re managing monitors from (the deployment containing the {{es}} cluster where your results need to go).
+* `1.2.3.4/32`
+* `34.89.99.187/32`
 
+In ECH, ECE, and {{serverless-short}}, after the IP filter has been created, it needs to be associated with the deployment from which you’re managing monitors from (the deployment containing the {{es}} cluster where your results need to go).
diff --git a/solutions/security/cloud/get-started-with-cspm-for-aws.md b/solutions/security/cloud/get-started-with-cspm-for-aws.md
index 5c878c24c2..46c71f53e0 100644
--- a/solutions/security/cloud/get-started-with-cspm-for-aws.md
+++ b/solutions/security/cloud/get-started-with-cspm-for-aws.md
@@ -52,10 +52,6 @@ You can set up CSPM for AWS either by enrolling a single cloud account, or by en
 
 8. Once you’ve selected an authentication method and provided all necessary credentials, click **Save and continue** to finish deployment. Your data should start to appear within a few minutes.
 
-::::{admonition} Important
-Agentless deployment does not work if you are using [Traffic filtering](/deploy-manage/security/traffic-filtering.md).
-::::
-
 ## Agent-based deployment [cspm-aws-agent-based]
 
 
diff --git a/solutions/security/cloud/get-started-with-cspm-for-azure.md b/solutions/security/cloud/get-started-with-cspm-for-azure.md
index 07f21cab8f..ca0d1e7b0c 100644
--- a/solutions/security/cloud/get-started-with-cspm-for-azure.md
+++ b/solutions/security/cloud/get-started-with-cspm-for-azure.md
@@ -43,10 +43,6 @@ You can set up CSPM for Azure by by enrolling an Azure organization (management
 7. Next, you’ll need to authenticate to Azure by providing a **Client ID**, **Tenant ID**, and **Client Secret**. To learn how to generate them, refer to [Service principal with client secret](/solutions/security/cloud/get-started-with-cspm-for-azure.md#cspm-azure-client-secret).
 8. Once you’ve provided the necessary credentials, click **Save and continue** to finish deployment. Your data should start to appear within a few minutes.
 
-::::{admonition} Important
-Agentless deployment does not work if you are using [Traffic filtering](/deploy-manage/security/traffic-filtering.md).
-::::
-
 ## Agent-based deployment [cspm-azure-agent-based]
 
 
diff --git a/solutions/security/cloud/get-started-with-cspm-for-gcp.md b/solutions/security/cloud/get-started-with-cspm-for-gcp.md
index 11338a79f8..b54fcf061d 100644
--- a/solutions/security/cloud/get-started-with-cspm-for-gcp.md
+++ b/solutions/security/cloud/get-started-with-cspm-for-gcp.md
@@ -43,10 +43,6 @@ You can set up CSPM for GCP either by enrolling a single project, or by enrollin
 7. Next, you’ll need to authenticate to GCP. Expand the **Steps to Generate GCP Account Credentials** section, then follow the instructions that appear to automatically create the necessary credentials using Google Cloud Shell.
 8. Once you’ve provided the necessary credentials, click **Save and continue** to finish deployment. Your data should start to appear within a few minutes.
 
-::::{admonition} Important
-Agentless deployment does not work if you are using [Traffic filtering](/deploy-manage/security/traffic-filtering.md).
-::::
-
 ## Agent-based deployment [cspm-gcp-agent-based]
 
 
diff --git a/solutions/toc.yml b/solutions/toc.yml
index 918381a427..a79c56555c 100644
--- a/solutions/toc.yml
+++ b/solutions/toc.yml
@@ -307,7 +307,7 @@ toc:
                   - file: observability/synthetics/writer-role.md
                   - file: observability/synthetics/reader-role.md
               - file: observability/synthetics/manage-data-retention.md
-              - file: observability/synthetics/traffic-filters.md
+              - file: observability/synthetics/network-security.md
               - file: observability/synthetics/migrate-from-elastic-synthetics-integration.md
               - file: observability/synthetics/scale-architect-synthetics-deployment.md
               - file: observability/synthetics/support-matrix.md