cloudflare · Maddy-Cloudflare · May 7, 2026 · May 7, 2026 · May 7, 2026
@@ -1107,7 +1107,7 @@
 /learning-paths/get-started/security/ssl-tls/ /ssl/origin-configuration/ssl-modes/ 301
 /learning-paths/get-started/security/bot-fight-mode/ /bots/get-started/bot-fight-mode/ 301
 /learning-paths/get-started/security/secure-origin/ /fundamentals/security/protect-your-origin-server/ 301
-/learning-paths/get-started/security/security-center/ /security-center/ 301
+/learning-paths/get-started/security/security-center/ /threat-intelligence/ 301
 /learning-paths/get-started/security/add-on-products/ /products/?product-group=Application+security 301
 /learning-paths/get-started/security/security-settings/ /fundamentals/security/ 301
 /learning-paths/get-started/performance/ /fundamentals/performance/ 301
@@ -1133,7 +1133,7 @@
 /learning-paths/get-started-free/security/dnssec/ /dns/dnssec/#enable-dnssec 301
 /learning-paths/get-started-free/security/security-settings/ /fundamentals/security/ 301
 /learning-paths/get-started-free/security/bot-fight-mode/ /bots/get-started/bot-fight-mode/ 301
-/learning-paths/get-started-free/security/security-center/ /security-center/ 301
+/learning-paths/get-started-free/security/security-center/ /threat-intelligence/ 301
 /learning-paths/get-started-free/security/add-on-products/ /products/?product-group=Application+security 301
 /learning-paths/get-started-free/other-features/ /fundamentals/ 301
 /learning-paths/get-started-free/other-features/rules/ /rules/ 301
@@ -1489,8 +1489,8 @@
 /ruleset-engine/rules-language/fields/http-request-response/ /ruleset-engine/rules-language/fields/reference/ 301
 /ruleset-engine/rules-language/fields/magic-firewall/ /cloudflare-network-firewall/reference/network-firewall-fields/ 301
 # security center
-/security-center/indicator-feeds/getting-started/ /security-center/indicator-feeds/ 301
-/security-center/indicator-feeds/get-started/ /security-center/indicator-feeds/ 301
+/security-center/indicator-feeds/getting-started/ /threat-intelligence/indicator-feeds/ 301
+/security-center/indicator-feeds/get-started/ /threat-intelligence/indicator-feeds/ 301
 
 # spectrum
 /spectrum/changelog/ /spectrum/ 301
@@ -2818,3 +2818,10 @@
 
 # Security Insights (moved from Security Center to Security)
 /security-center/security-insights/* /security/security-insights/:splat 301
+
+# Security Center renamed to Threat intelligence
+/security-center/ /threat-intelligence/ 301
+/security-center/* /threat-intelligence/:splat 301
+
+# Learning path Security Center module renamed
+/learning-paths/application-security/security-center/* /learning-paths/application-security/threat-intelligence/:splat 301
@@ -2,11 +2,11 @@
 title: URL Scanner now supports geo-specific scanning
 description: Enterprise users can now choose the location from which URL scans are performed.
 products:
-  - security-center
+  - threat-intelligence
 date: 2025-05-08
 ---
 
-Enterprise customers can now choose the geographic location from which a URL scan is performed — either via [Security Center](/security-center/investigate/) in the Cloudflare dashboard or via the [URL Scanner API](/api/resources/url_scanner/subresources/scans/methods/create/).
+Enterprise customers can now choose the geographic location from which a URL scan is performed — either via [Security Center](/threat-intelligence/investigate/) in the Cloudflare dashboard or via the [URL Scanner API](/api/resources/url_scanner/subresources/scans/methods/create/).
 
 This feature gives security teams greater insight into how a website behaves across different regions, helping uncover targeted, location-specific threats.
 
@@ -16,4 +16,4 @@ This feature gives security teams greater insight into how a website behaves acr
 - Region-aware scanning: Understand how content changes by location — useful for detecting regionally tailored attacks.
 - Default behavior: If no location is set, scans default to the user’s current geographic region.
 
-Learn more in the [Security Center documentation](/security-center/).
+Learn more in the [Security Center documentation](/threat-intelligence/).
@@ -4,6 +4,6 @@ description: Quickly create and save multiple Brand Protection queries via API.
 date: 2025-08-15
 ---
 
-[Brand Protection](/security-center/brand-protection/) detects domains that may be impersonating your brand — from common misspellings (`cloudfalre.com`) to malicious concatenations (`cloudflare-okta.com`). Saved search queries run continuously and alert you when suspicious domains appear.
+[Brand Protection](/threat-intelligence/brand-protection/) detects domains that may be impersonating your brand — from common misspellings (`cloudfalre.com`) to malicious concatenations (`cloudflare-okta.com`). Saved search queries run continuously and alert you when suspicious domains appear.
 
 You can now create and save multiple queries in a single step, streamlining setup and management. Available now via the [Brand Protection bulk query creation API](/api/resources/brand_protection/subresources/queries/methods/bulk/).
@@ -14,10 +14,10 @@ The reports are generated monthly and provide cyber security insights trends for
 
 The reports also include an industry benchmark, comparing your cyber security landscape to peers in your industry.
 
-![Application Security report mock data](~/assets/images/changelog/security-center/2025-10-17-application-security-report-mock-data.png)
+![Application Security report mock data](~/assets/images/changelog/threat-intelligence/2025-10-17-application-security-report-mock-data.png)
 
 Learn more about the reports by referring to the [Security Reports documentation](/analytics/account-and-zone-analytics/app-security-reports/).
 
 Use the feedback survey link at the top of the page to help us improve the reports.
 
-![Application Security report survey](~/assets/images/changelog/security-center/2025-10-17-report-feedback-survey.png)
+![Application Security report survey](~/assets/images/changelog/threat-intelligence/2025-10-17-report-feedback-survey.png)
@@ -6,7 +6,7 @@ date: 2025-10-27
 
 The Requests for Information (RFI) dashboard now shows users the number of tokens used by each submitted RFI to better understand usage of tokens and how they relate to each request submitted. 
 
-![Cloudforce One RFI tokens](~/assets/images/changelog/security-center/2025-10-24RFITokens.png)
+![Cloudforce One RFI tokens](~/assets/images/changelog/threat-intelligence/2025-10-24RFITokens.png)
 
 What’s new:
 

@@ -6,4 +6,4 @@ date: 2025-10-31
 
 The Brand Protection logo query dashboard now allows you to use the **Report to Cloudflare** button to submit an Abuse report directly from the Brand Protection logo queries dashboard. While you could previously report new domains that were impersonating your brand before, now you can do the same for websites found to be using your logo without your permission. The abuse reports will be prefilled and you will only need to validate a few fields before you can click the submit button, after which our team process your request.
 
-Ready to start? Check out the [Brand Protection docs](/security-center/brand-protection/). 
+Ready to start? Check out the [Brand Protection docs](/threat-intelligence/brand-protection/). 
@@ -7,4 +7,4 @@ date: 2025-11-21
 The threat events platform now has threat insights available for some relevant parent events. Threat intelligence analyst users can access these insights for their threat hunting activity. 
 Insights are also highlighted in the Cloudflare dashboard by a small `lightning icon` and the insights can refer to multiple, connected events, potentially part of the same attack or campaign and associated with the same threat actor.  
 
-For more information, refer to [Analyze threat events](/security-center/cloudforce-one/#analyze-threat-events). 
+For more information, refer to [Analyze threat events](/threat-intelligence/cloudforce-one/#analyze-threat-events). 
@@ -17,4 +17,4 @@ We have significantly upgraded our Logo Matching capabilities within Brand Prote
 - **Expose sophisticated impersonators** who use slightly altered logos to bypass basic detection filters.
 - **Faster triage** of the most relevant threats immediately using visual indicators, reducing the time spent manually reviewing matches.
 
-Ready to protect your visual identity? Learn more in our [Brand Protection documentation](/security-center/brand-protection/).
+Ready to protect your visual identity? Learn more in our [Brand Protection documentation](/threat-intelligence/brand-protection/).
@@ -9,11 +9,11 @@ What's new:
 
 - **Sankey Diagrams**: Trace the flow of attacks from country of origin to target country to identify which regions are being hit hardest and where the threat infrastructure resides.
 
-![Sankey Diagram](~/assets/images/changelog/security-center/2026-02-19-sankey-diagram.png)
+![Sankey Diagram](~/assets/images/changelog/threat-intelligence/2026-02-19-sankey-diagram.png)
 
 - **Dataset Distribution over time**: Instantly pivot your view to understand if a specific campaign is targeting your sector or if it is a broad-spectrum commodity attack.
 
-![Events over time](~/assets/images/changelog/security-center/2026-02-19-events-over-time.png)
+![Events over time](~/assets/images/changelog/threat-intelligence/2026-02-19-events-over-time.png)
 
 - **Enhanced Filtering**: Use these visual tools to filter and drill down into specific attack vectors directly from the charts.
 

@@ -18,4 +18,4 @@ We have introduced new triage controls to help you manage your Brand Protection
 - Auditability and recovery through the visibility toggle, ensuring that no match is ever truly "lost" and can be re-evaluated if a site's content changes.
 - Improved collaboration as your team members can see which matches have already been vetted and dismissed by others.
 
-Ready to clean up your match queue? Learn more in our [Brand Protection documentation](/security-center/brand-protection/).
+Ready to clean up your match queue? Learn more in our [Brand Protection documentation](/threat-intelligence/brand-protection/).
@@ -14,7 +14,7 @@ By linking your saved views to the Cloudflare Notifications Center, you can ensu
 
 - **Daily Digests**: opt for a summarized report delivered once a day. This is ideal for maintaining situational awareness of broader trends, like regional activity shifts or industry-wide threat landscapes, without cluttering your inbox.
 
-![Threat Events notifications](~/assets/images/changelog/security-center/threat-events-notifications.png)
+![Threat Events notifications](~/assets/images/changelog/threat-intelligence/threat-events-notifications.png)
 
 ### How to get started
 
@@ -24,4 +24,4 @@ To set up an alert, go to **Application Security** > **Threat Intelligence** > *
 2. Open the **Manage Saved Views** menu.
 3. Select **Add Alert** next to your chosen view to configure your notification preferences in the Cloudflare dashboard.
 
-For more technical details on configuring notifications, refer to the [Threat Events documentation](/security-center/cloudforce-one/).
+For more technical details on configuring notifications, refer to the [Threat Events documentation](/threat-intelligence/cloudforce-one/).
@@ -17,4 +17,4 @@ We have introduced a unified investigation workspace within Brand Protection to
 - Eliminate fragmented workflows by viewing all matches across different query buckets in a single table, reducing the need to click through dozens of individual query pages
 - Correlate related campaigns by seeing similar domains or infrastructure patterns that appear across multiple saved queries
 
-Learn more in our [Brand Protection documentation](/security-center/brand-protection/).
+Learn more in our [Brand Protection documentation](/threat-intelligence/brand-protection/).
@@ -3,10 +3,10 @@ name: infrastructure-attack-surface
 
 entry:
   title: Infrastructure
-  url: /security-center/infrastructure/
+  url: /threat-intelligence/infrastructure/
   show: false
 
 meta:
   title: Cloudflare Infrastructure docs
-  description: The Infrastructure tab in Security Center displays an overview of the infrastructure associated with your Cloudflare account after enabling Security Insights.
+  description: The Infrastructure tab in Threat intelligence displays an overview of the infrastructure associated with your Cloudflare account after enabling Security Insights.
   author: "@cloudflare"
@@ -0,0 +1,13 @@
+id: mTGfbs
+name: Threat intelligence
+
+entry:
+  title: Threat intelligence
+  url: /threat-intelligence/
+  group: Application security
+  additional_groups: [Analytics]
+
+meta:
+  title: Cloudflare Threat intelligence docs
+  description: Enhance your security posture with a range of security products and one-click solutions
+  author: "@cloudflare"
@@ -3,7 +3,7 @@ title: Security reports
 pcx_content_type: concept
 description: View account-wide application security reports covering WAF, bots, DDoS, and API Shield.
 products:
-  - security-center
+  - threat-intelligence
 tags:
   - Analytics
 sidebar:

@@ -6,7 +6,6 @@ products:
   - api-shield
 sidebar:
   order: 7
-
 ---
 
 Cloudflare API Shield provides API security, management tools, and integration with the Cloudflare Developer Platform for building new APIs.

@@ -70,7 +70,7 @@ Use managed labels to identify endpoints by use case. Cloudflare may automatical
 
 ### Risk labels
 
-Cloudflare automatically runs risk scans every 24 hours on your saved endpoints. API Shield applies these labels when a scan finds security risks on your endpoints. A corresponding Security Center Insight is also raised when risks are found.
+Cloudflare automatically runs risk scans every 24 hours on your saved endpoints. API Shield applies these labels when a scan finds security risks on your endpoints. A corresponding Threat intelligence Insight is also raised when risks are found.
 
 `cf-risk-missing-auth`: Automatically added when all successful requests lack a session identifier. Refer to [Authentication Posture](/api-shield/security/authentication-posture/#process) for more information.
 

@@ -23,7 +23,7 @@ Authentication Posture detects API endpoints with missing or inconsistent authen
 
 For example, a security team member may expect that their API endpoints `/api/v1/users` and `/api/v1/orders` require authentication. However, bugs in origin API authentication policies can create broken authentication vulnerabilities — allowing unauthenticated access to protected resources. Authentication Posture details the authentication status of successful requests to your API endpoints, alerting to potential misconfigurations.
 
-Consider a typical e-commerce application. Users can browse items and prices without logging in. However, to retrieve order details via `GET /api/v1/orders/{order_id}`, users must log in and pass an Authorization HTTP header with all requests. Cloudflare alerts you via [Security Center Insights](/security/security-insights/) and [Endpoint labels](/api-shield/management-and-monitoring/endpoint-labels/) if successful requests reach this endpoint or any other endpoint without authentication when <GlossaryTooltip term="session identifier">session identifiers</GlossaryTooltip> are configured.
+Consider a typical e-commerce application. Users can browse items and prices without logging in. However, to retrieve order details via `GET /api/v1/orders/{order_id}`, users must log in and pass an Authorization HTTP header with all requests. Cloudflare alerts you via [Security Insights](/security/security-insights/) and [Endpoint labels](/api-shield/management-and-monitoring/endpoint-labels/) if successful requests reach this endpoint or any other endpoint without authentication when <GlossaryTooltip term="session identifier">session identifiers</GlossaryTooltip> are configured.
 
 ## Process
 

@@ -63,7 +63,7 @@ You are responsible for understanding and complying with any legal obligations y
 
 ## How do I have a block removed from my website?
 
-To disable a block, either because you have determined that the blocked content is not CSAM (a false positive) or because you have taken down the blocked content, view [Blocked Content in the Security Center](/fundamentals/reference/report-abuse/blocked-content/) in the Cloudflare Dashboard and request reviews on the relevant blocks. A request to remove a block must be accompanied by a representation from you confirming that the blocked content is not CSAM or has been removed.
+To disable a block, either because you have determined that the blocked content is not CSAM (a false positive) or because you have taken down the blocked content, view [Blocked Content](/fundamentals/reference/report-abuse/blocked-content/) in the Cloudflare Dashboard and request reviews on the relevant blocks. A request to remove a block must be accompanied by a representation from you confirming that the blocked content is not CSAM or has been removed.
 
 These actions are available to users with the following roles:
 

@@ -86,7 +86,7 @@ In this case, in addition to the steps indicated below, the best approach is:
 
 ## 3. Check the script reputation
 
-If Cloudflare considers the resource’s domain a "malicious domain", it is likely that the domain does not have a good reputation. The domain may be known for hosting malware or for being used for phishing attacks. Usually, reviewing the domain/hostname is sufficient to understand why you received the alert. You can use tools like Cloudflare's [Security Center Investigate](https://dash.cloudflare.com/?to=/:account/security-center/investigate) platform to help with this validation.
+If Cloudflare considers the resource’s domain a "malicious domain", it is likely that the domain does not have a good reputation. The domain may be known for hosting malware or for being used for phishing attacks. Usually, reviewing the domain/hostname is sufficient to understand why you received the alert. You can use tools like Cloudflare's [Threat intelligence Investigate](https://dash.cloudflare.com/?to=/:account/security-center/investigate) platform to help with this validation.
 
 If Cloudflare's internal systems classified the script as containing "malicious code", external tools may not confirm the detection you got from Cloudflare, since the machine learning (ML) model being used is Cloudflare-specific technology.
 
@@ -100,7 +100,7 @@ You could use a virtual machine to perform some of the following analysis:
 
 1. Open the script URL and get the script source code. If the script is obfuscated or encoded, this could be a sign that the script is malicious.
 2. Scan the script source code for any hostnames or IP addresses.
-3. For each hostname or IP address you identified, use Cloudflare's Security Center Investigate platform to look up threat information and/or search online for potential Indicators of Compromise.
+3. For each hostname or IP address you identified, use Cloudflare's Threat intelligence Investigate platform to look up threat information and/or search online for potential Indicators of Compromise.
 
 </Steps>
 

@@ -67,7 +67,7 @@ Gateway users on Enterprise plans can create HTTP policies with [file sandboxing
 
 **UK NCSC indicator feed publicly available in Gateway**
 
-Gateway users on any plan can now use the [PDNS threat intelligence feed](/security-center/indicator-feeds/#publicly-available-feeds) provided by the UK National Cyber Security Centre (NCSC) in DNS policies.
+Gateway users on any plan can now use the [PDNS threat intelligence feed](/threat-intelligence/indicator-feeds/#publicly-available-feeds) provided by the UK National Cyber Security Centre (NCSC) in DNS policies.
 
 ## 2024-07-14
Original file line number	Diff line number	Diff line change
Expand Up		@@ -6,4 +6,4 @@ date: 2025-10-31

		The Brand Protection logo query dashboard now allows you to use the Report to Cloudflare button to submit an Abuse report directly from the Brand Protection logo queries dashboard. While you could previously report new domains that were impersonating your brand before, now you can do the same for websites found to be using your logo without your permission. The abuse reports will be prefilled and you will only need to validate a few fields before you can click the submit button, after which our team process your request.

		Ready to start? Check out the [Brand Protection docs](/security-center/brand-protection/).
		Ready to start? Check out the [Brand Protection docs](/threat-intelligence/brand-protection/).