From 3aa2a3661f16ceb9af475d7ab4edf6464e79a270 Mon Sep 17 00:00:00 2001
From: jdv <julien@crowdsec.net>
Date: Tue, 5 May 2026 18:43:37 +0200
Subject: [PATCH 1/2] =?UTF-8?q?css=20adjsutments=20for=20readeability=20an?=
 =?UTF-8?q?d=20=E2=80=94=20repalcement=20in=20content=20recently=20added?=
 =?UTF-8?q?=20by=20me?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../docs/appsec/quickstart/haproxy_spoa.mdx   |  2 +-
 crowdsec-docs/docs/appsec/rules_deploy.md     | 10 +++++-----
 .../docs/getting_started/sdk_intro.mdx        |  6 +++---
 crowdsec-docs/docs/intro.mdx                  |  2 +-
 .../src/components/data/cti-integrations.ts   |  4 ++--
 crowdsec-docs/src/css/code.css                |  4 ++--
 crowdsec-docs/src/css/colors.css              |  2 +-
 crowdsec-docs/src/css/custom.css              |  4 ++--
 crowdsec-docs/src/pages/index.tsx             | 12 +++++------
 .../bouncers/cloudflare-workers.mdx           |  2 +-
 .../console/ip_reputation/api_keys.mdx        | 12 +++++------
 .../console/ip_reputation/intro.mdx           |  8 ++++----
 .../unversioned/console/premium_upgrade.mdx   |  4 ++--
 .../console/premium_upgrade/optimal_setup.mdx |  2 +-
 .../api_integration/integration_intro.mdx     |  2 +-
 .../api_integration/integration_ipdex.md      |  2 +-
 .../unversioned/cti_api/api_introduction.md   |  4 ++--
 crowdsec-docs/unversioned/cti_api/intro.mdx   | 20 +++++++++----------
 .../getting_started/health_check.mdx          |  2 +-
 .../unversioned/integrations/intro.mdx        | 16 +++++++--------
 .../unversioned/integrations/rawiplist.mdx    | 10 +++++-----
 .../integrations/remediationcomponent.mdx     | 10 +++++-----
 .../unversioned/integrations/sophos.mdx       |  4 ++--
 23 files changed, 72 insertions(+), 72 deletions(-)

diff --git a/crowdsec-docs/docs/appsec/quickstart/haproxy_spoa.mdx b/crowdsec-docs/docs/appsec/quickstart/haproxy_spoa.mdx
index 6a93579b6..ac453a309 100644
--- a/crowdsec-docs/docs/appsec/quickstart/haproxy_spoa.mdx
+++ b/crowdsec-docs/docs/appsec/quickstart/haproxy_spoa.mdx
@@ -13,7 +13,7 @@ Make sure the following are already done on the machine running HAProxy (each is
 
 1. **CrowdSec Security Engine** installed and running — see the [Linux quickstart](/u/getting_started/installation/linux).
 2. **HAProxy** already running and proxying your application(s).
-3. **HAProxy SPOA bouncer** (`crowdsec-haproxy-spoa-bouncer`) installed and registered against the CrowdSec LAPI — see the [SPOA bouncer guide](/u/bouncers/haproxy_spoa).
+3. **HAProxy SPOA bouncer** (`crowdsec-haproxy-spoa-bouncer`) installed and registered against the CrowdSec LAPI. See the [SPOA bouncer guide](/u/bouncers/haproxy_spoa).
 
 ## 1. Install the AppSec rule collections
 
diff --git a/crowdsec-docs/docs/appsec/rules_deploy.md b/crowdsec-docs/docs/appsec/rules_deploy.md
index f2aa80dd2..98bb26926 100644
--- a/crowdsec-docs/docs/appsec/rules_deploy.md
+++ b/crowdsec-docs/docs/appsec/rules_deploy.md
@@ -40,7 +40,7 @@ labels:
 
 Once the rule behaves as expected, the remaining steps package it for CrowdSec, wire it into the acquisition pipeline, and test it end to end.
 
-## Step 1 — Stage the Rule File
+## Step 1 - Stage the Rule File
 
 CrowdSec loads AppSec rules from `/etc/crowdsec/appsec-rules/`. Copy your YAML rule into that directory (create a `custom/` subfolder to keep things tidy if you manage several rules):
 
@@ -56,7 +56,7 @@ Make sure the `name` inside the rule file matches the file name convention you p
 If you run CrowdSec in a container, copy the file into the volume that is mounted at `/etc/crowdsec/appsec-rules/` inside the container.
 :::
 
-## Step 2 — Create an AppSec Configuration
+## Step 2 - Create an AppSec Configuration
 
 An AppSec configuration lists which rules to load and how to handle matches. Create a new file under `/etc/crowdsec/appsec-configs/` that targets your custom rule:
 
@@ -73,7 +73,7 @@ Key points:
 - `inband_rules` (and/or `outofband_rules`) accept glob patterns, so you can load multiple rules with a single entry such as `custom/block-*`.
 - During the reload step CrowdSec validates the syntax; if anything is off, the reload fails and the service logs the parsing error.
 
-## Step 3 — Reference the Configuration in the Acquisition File
+## Step 3 - Reference the Configuration in the Acquisition File
 
 The AppSec acquisition file (`/etc/crowdsec/acquis.d/appsec.yaml`) controls which configurations are active for the WAF component. Add your configuration to the `appsec_configs` list. Order matters: later entries override conflicting defaults such as `default_remediation`.
 
@@ -89,7 +89,7 @@ source: appsec
 
 If you only want to run your custom configuration, remove other entries and keep the list with a single item.
 
-## Step 4 — Reload CrowdSec and Validate the Load
+## Step 4 - Reload CrowdSec and Validate the Load
 
 Apply the changes by reloading the CrowdSec service:
 
@@ -106,7 +106,7 @@ sudo cscli appsec-configs list | grep block-nonnumeric-user-id
 
 The rule should appear as `enabled`, and the configuration should show up in the list. CrowdSec logs confirm the configuration was loaded without errors.
 
-## Step 5 — Functional Test with `curl`
+## Step 5 - Functional Test with `curl`
 
 Trigger the behaviour your rule is meant to catch to ensure it blocks as expected. For the example rule, send a request with a non-numeric `user_id` value:
 
diff --git a/crowdsec-docs/docs/getting_started/sdk_intro.mdx b/crowdsec-docs/docs/getting_started/sdk_intro.mdx
index a2d46fe37..16f10de0a 100644
--- a/crowdsec-docs/docs/getting_started/sdk_intro.mdx
+++ b/crowdsec-docs/docs/getting_started/sdk_intro.mdx
@@ -9,9 +9,9 @@ CrowdSec offers lightweight SDKs for Python and PHP to help developers seamlessl
 By using these SDKs, you can report signals such as suspicious IP activity or confirmed attacks directly to the Central API (CAPI). In return, your users gain access to the CrowdSec Community Blocklist, a curated and constantly updated list of IPs involved in malicious behavior observed across the global CrowdSec network.
 
 Why Integrate the SDK:
-- **Simple Integration** — Add signal sharing with just a few lines of code
-- **Community-Powered Protection** — Contributions help power our global threat intelligence network
-- **Mutual Benefit** — Your platform shares valuable intelligence and gains stronger real-time protection in return
+- **Simple Integration**: Add signal sharing with just a few lines of code
+- **Community-Powered Protection**: Contributions help power our global threat intelligence network
+- **Mutual Benefit**: Your platform shares valuable intelligence and gains stronger real-time protection in return
 
 ## Supported SDKs
 
diff --git a/crowdsec-docs/docs/intro.mdx b/crowdsec-docs/docs/intro.mdx
index 9ce915992..04890256e 100644
--- a/crowdsec-docs/docs/intro.mdx
+++ b/crowdsec-docs/docs/intro.mdx
@@ -54,7 +54,7 @@ Under the hood, the Security Engine has various components:
 -   The [Local API](local_api/intro.md) acts as a middleman:
     -   Between the [Log Processors](/log_processor/intro.mdx) and the [Remediation Components](/u/bouncers/intro) which are in charge of enforcing decisions.
     -   And with the [Central API](/central_api/intro.md) to share alerts and receive blocklists.
--   The [Remediation Components](/u/bouncers/intro) (also called bouncers) block malicious IPs at your chosen level—IpTables, firewalls, web servers, or reverse proxies. [See the full list on the CrowdSec Hub.](https://app.crowdsec.net/hub/remediation-components)
+-   The [Remediation Components](/u/bouncers/intro) (also called bouncers) block malicious IPs at your chosen level: IpTables, firewalls, web servers, or reverse proxies. [See the full list on the CrowdSec Hub.](https://app.crowdsec.net/hub/remediation-components)
 
 ## Deployment options
 
diff --git a/crowdsec-docs/src/components/data/cti-integrations.ts b/crowdsec-docs/src/components/data/cti-integrations.ts
index a05e0b8d7..3de594984 100644
--- a/crowdsec-docs/src/components/data/cti-integrations.ts
+++ b/crowdsec-docs/src/components/data/cti-integrations.ts
@@ -13,7 +13,7 @@ export const ctiIntegrations: CtiIntegrationData[] = [
 		slug: "ipdex",
 		href: "/u/cti_api/api_integration/integration_ipdex",
 		plugin: "CrowdSec CTI Reports",
-		desc: "IPDEX extracts IP addresses from your logs and cross-references them against CrowdSec's global threat intelligence network — instantly.",
+		desc: "IPDEX extracts IP addresses from your logs and cross-references them against CrowdSec's global threat intelligence network instantly.",
 		color: "#e55c2f",
 	},
 	{
@@ -29,7 +29,7 @@ export const ctiIntegrations: CtiIntegrationData[] = [
 		slug: "gigasheet",
 		href: "/u/cti_api/api_integration/integration_gigasheet",
 		plugin: "No-Code API Enrichment",
-		desc: "Enrich spreadsheet columns with CTI data using Gigasheet's no-code API enrichment feature — no scripting required.",
+		desc: "Enrich spreadsheet columns with CTI data using Gigasheet's no-code API enrichment feature. No scripting required.",
 		color: "#00b4d8",
 	},
 	{
diff --git a/crowdsec-docs/src/css/code.css b/crowdsec-docs/src/css/code.css
index d0846cc98..fb8093034 100644
--- a/crowdsec-docs/src/css/code.css
+++ b/crowdsec-docs/src/css/code.css
@@ -5,7 +5,7 @@
 }
 
 pre {
-	@apply rounded-lg font-semibold;
+	@apply rounded-lg font-medium;
 }
 
 .prism-code .token.plain {
@@ -18,5 +18,5 @@ pre {
 }
 
 code:not(.prism-code code) {
-	@apply bg-gray-100 dark:bg-gray-50 border-primary/20 border-solid border text-primary px-1 py-0.5 rounded-md font-semibold;
+	@apply bg-gray-100 dark:bg-gray-50 border-primary/20 border-solid border text-primary px-1 py-0.5 rounded-md font-medium;
 }
diff --git a/crowdsec-docs/src/css/colors.css b/crowdsec-docs/src/css/colors.css
index ac341f6d6..274eb7eb7 100644
--- a/crowdsec-docs/src/css/colors.css
+++ b/crowdsec-docs/src/css/colors.css
@@ -192,7 +192,7 @@ html[data-theme="dark"],
 	--ifm-global-shadow-md: 0px;
 	--ifm-code-font-size: 95%;
 	--ifm-font-family-base: "Instrument Sans", sans-serif; /* For body text */
-	--ifm-font-family-monospace: "Courier New", monospace; /* For code blocks */
+	--ifm-font-family-monospace: "Roboto Mono", ui-monospace, "SF Mono", "Cascadia Mono", "Segoe UI Mono", Menlo, Consolas, monospace; /* For code blocks */
 	--ifm-dropdown-background-color: rgb(var(--card));
 
 	/* Algolia global search colors */
diff --git a/crowdsec-docs/src/css/custom.css b/crowdsec-docs/src/css/custom.css
index 47f8656ed..1cb496aab 100644
--- a/crowdsec-docs/src/css/custom.css
+++ b/crowdsec-docs/src/css/custom.css
@@ -1,4 +1,4 @@
-@import url("https://fonts.googleapis.com/css2?family=Instrument+Sans:ital,wght@0,400..700;1,400..700&display=swap");
+@import url("https://fonts.googleapis.com/css2?family=Instrument+Sans:ital,wght@0,400..700;1,400..700&family=Roboto+Mono:wght@400;500&display=swap");
 
 @import "tailwindcss/base";
 @import "tailwindcss/components";
@@ -113,7 +113,7 @@ div.markdown {
 	padding: 14px 16px;
 }
 
-/* Quick-access strip — label + pill buttons in a row (matches homepage "Already running?" strip) */
+/* Quick-access strip - label + pill buttons in a row (matches homepage "Already running?" strip) */
 .doc-quick-strip {
 	display: flex;
 	align-items: center;
diff --git a/crowdsec-docs/src/pages/index.tsx b/crowdsec-docs/src/pages/index.tsx
index db1571b49..45f382f39 100644
--- a/crowdsec-docs/src/pages/index.tsx
+++ b/crowdsec-docs/src/pages/index.tsx
@@ -183,7 +183,7 @@ const SchemaBlock = ({ id, color, eyebrowIcon, eyebrow, title, ctaLabel, ctaHref
 			}}
 		/>
 
-		{/* header — always visible, clickable to toggle */}
+		{/* header - always visible, clickable to toggle */}
 		<button
 			type="button"
 			onClick={onToggle}
@@ -359,7 +359,7 @@ const intents: IntentCardProps[] = [
 		icon: <img src="/img/icons/shield.webp" className="h-8 w-8 border-0" alt="Blocklists" />,
 		accent: GREEN,
 		title: "Push a Blocklists into my firewall, CDN or WAF",
-		desc: "You manage network perimeter devices and want a URL to subscribe to — no agent to install.",
+		desc: "You manage network perimeter devices and want a URL to subscribe to. No agent to install.",
 		pill: "Blocklist Integration Endpoint",
 		href: "/blocklists",
 		aka: ["Threat Feeds", "IOC Streams", "Deny-list"],
@@ -389,7 +389,7 @@ const schemas: Omit<SchemaBlockProps, "open" | "onToggle">[] = [
 				num: 1,
 				icon: "⚡",
 				title: "Install the Security Engine",
-				desc: "Runs on your server, detects attack patterns in real time — immediately protected, and continuously updated with CrowdSec Community Blocklist.",
+				desc: "Runs on your server, detects attack patterns in real time. Immediately protected, and continuously updated with CrowdSec Community Blocklist.",
 			},
 			{
 				num: 2,
@@ -448,7 +448,7 @@ const schemas: Omit<SchemaBlockProps, "open" | "onToggle">[] = [
 		color: BLUE,
 		eyebrowIcon: "🔍",
 		eyebrow: "IP Reputation & CTI",
-		title: "Query threat intel — in the browser or via API in your tools",
+		title: "Query threat intel in the browser or via API in your tools",
 		ctaLabel: "Explore CTI →",
 		ctaHref: "/u/cti_api/intro",
 		steps: [
@@ -456,7 +456,7 @@ const schemas: Omit<SchemaBlockProps, "open" | "onToggle">[] = [
 				num: 1,
 				icon: "🖥️",
 				title: "Look up any IP in the Console",
-				desc: "Search instantly from our Web UI— get reputation score, behaviors, attack history, and CVE links.",
+				desc: "Search instantly from our Web UI. Get reputation score, behaviors, attack history, and CVE links.",
 			},
 			{
 				num: 2,
@@ -610,7 +610,7 @@ const HomePage = () => {
 					</div>
 				</section>
 
-				{/* How each path works — accordion */}
+				{/* How each path works - accordion */}
 				<section className="py-6 px-4">
 					<div className="container mx-auto" style={{ maxWidth: "940px" }}>
 						<div
diff --git a/crowdsec-docs/unversioned/bouncers/cloudflare-workers.mdx b/crowdsec-docs/unversioned/bouncers/cloudflare-workers.mdx
index 880559a2c..c0f642939 100644
--- a/crowdsec-docs/unversioned/bouncers/cloudflare-workers.mdx
+++ b/crowdsec-docs/unversioned/bouncers/cloudflare-workers.mdx
@@ -293,7 +293,7 @@ The Remediation Component does the following:
 
 :::info
 Autonomous mode is ideal for users who prefer not to run a continuous process on their host/VM.  
-Combined with [Blocklist as a Service (BLaaS)](/u/integrations/remediationcomponent), this provides the minimal footprint deployment—only running setup/cleanup commands when needed.
+Combined with [Blocklist as a Service (BLaaS)](/u/integrations/remediationcomponent), this provides the minimal footprint deployment, only running setup/cleanup commands when needed.
 :::
 
 In autonomous mode (enabled with the `-S` flag), the Remediation Component functions without requiring a continuously running Go daemon process. Instead:
diff --git a/crowdsec-docs/unversioned/console/ip_reputation/api_keys.mdx b/crowdsec-docs/unversioned/console/ip_reputation/api_keys.mdx
index d4b4389f8..349cf9a1e 100644
--- a/crowdsec-docs/unversioned/console/ip_reputation/api_keys.mdx
+++ b/crowdsec-docs/unversioned/console/ip_reputation/api_keys.mdx
@@ -24,11 +24,11 @@ export const PremiumBadge = () => (
   {[
     { label: "Community Plan Free Key", quota: "40 / month", desc: "Testing integrations, personal servers, ad-hoc lookups", color: GREEN },
     { label: "Premium Plan Free Key", quota: "120 / month", desc: "Regular enrichment, small SOC teams, recurring automation", color: BLUE },
-    { label: "Premium Keys Options", quota: "5K · 25K · 100K / month", desc: "Production SIEMs, SOARs, high-volume pipelines — requires Premium", color: PURPLE },
+    { label: "Premium Keys Options", quota: "5K · 25K · 100K / month", desc: "Production SIEMs, SOARs, high-volume pipelines. Requires Premium", color: PURPLE },
   ].map(({ label, quota, desc, color }) => (
     <div key={label} style={{ fontSize: "12.5px", color: "var(--ifm-color-emphasis-600)", lineHeight: 1.6 }}>
       <strong style={{ color, fontWeight: 600 }}>{label}</strong>
-      {" — "}
+      {" - "}
       <span style={{ fontFamily: "var(--ifm-font-family-monospace)", fontSize: "11.5px" }}>{quota}</span>
       {" · "}
       <span style={{ color: "var(--ifm-color-emphasis-600)" }}>{desc}</span>
@@ -62,7 +62,7 @@ export const PremiumBadge = () => (
 
 <div style={{display: 'flex', gap: '2rem', alignItems: 'flex-start'}}>
   <div style={{flex: '1'}}>
-There, you can choose among the various quota options. A free key is always available to test your integrations — the quota is higher if your organization is on a Premium plan.
+There, you can choose among the various quota options. A free key is always available to test your integrations. The quota is higher if your organization is on a Premium plan.
   </div>
   <div style={{flex: '0 0 50%'}}>
 <ThemedImage
@@ -78,16 +78,16 @@ There, you can choose among the various quota options. A free key is always avai
 :::warning CTI API Keys and trials
 - Purchasing a CTI API Key does **not** grant access to a Premium Plan trial.
 - Purchasing a CTI API Key while a trial is active will **immediately end the trial**.
-- Cancelled CTI API Keys are **non-refundable** and will not be prorated — the full price remains due regardless of when the cancellation occurs.
+- Cancelled CTI API Keys are **non-refundable** and will not be prorated, the full price remains due regardless of when the cancellation occurs.
 :::
 
 :::warning Lucene search via API
-The Advanced Search Lucene query interface available in the Console is a Web UI feature only — it is not accessible through self-service API keys. Programmatic access to bulk Lucene-style querying requires an Advanced CTI plan. [Contact our team](https://www.crowdsec.net/contact-crowdsec?message=Advanced%20CTI%20plan%20discussion) to discuss your use case.
+The Advanced Search Lucene query interface available in the Console is a Web UI feature only, it is not accessible through self-service API keys. Programmatic access to bulk Lucene-style querying requires an Advanced CTI plan. [Contact our team](https://www.crowdsec.net/contact-crowdsec?message=Advanced%20CTI%20plan%20discussion) to discuss your use case.
 :::
 
 ## Using the API
 
-CrowdSec provides [ready-made integrations](/u/cti_api/api_integration/integration_intro) for the most common security platforms — SIEM, SOAR, TIP, and investigation tools. If your platform is listed, that's the fastest way to get started.
+CrowdSec provides [ready-made integrations](/u/cti_api/api_integration/integration_intro) for the most common security platforms: SIEM, SOAR, TIP, and investigation tools. If your platform is listed, that's the fastest way to get started.
 
 If you prefer to use your own scripts, call the API directly from the command line, or build custom playbooks, the API is a straightforward REST interface authenticated with your key.
 
diff --git a/crowdsec-docs/unversioned/console/ip_reputation/intro.mdx b/crowdsec-docs/unversioned/console/ip_reputation/intro.mdx
index ec889d7a6..5a7075591 100644
--- a/crowdsec-docs/unversioned/console/ip_reputation/intro.mdx
+++ b/crowdsec-docs/unversioned/console/ip_reputation/intro.mdx
@@ -12,7 +12,7 @@ export const GREEN = "#22d3a0";
 export const PURPLE = "#a78bfa";
 
 <p style={{ fontSize: "14px", color: "var(--ifm-color-emphasis-600)", lineHeight: 1.65, marginBottom: "1.5rem" }}>
-  Query behavioral intelligence on any IP — reputation scores, attack patterns, linked CVEs, and activity history — sourced from hundreds of thousands of real CrowdSec deployments worldwide.
+  Query behavioral intelligence on any IP: reputation scores, attack patterns, linked CVEs, and activity history. Sourced from hundreds of thousands of real CrowdSec deployments worldwide.
 </p>
 
 {/* ── Row 1: two cards side by side ──────────────────────────────────── */}
@@ -24,7 +24,7 @@ export const PURPLE = "#a78bfa";
     <div style={{ fontSize: "22px", marginBottom: "8px" }}>🔍</div>
     <div style={{ fontWeight: 700, fontSize: "14px", marginBottom: "6px" }}>Explore in the Web UI</div>
     <div style={{ fontSize: "12.5px", color: "var(--ifm-color-emphasis-600)", lineHeight: 1.6, flexGrow: 1, marginBottom: "14px" }}>
-      No setup needed. Search any IP directly from your browser — run Lucene queries with live faceted filters (reputation, country, AS, behaviors, classifications) and open any result to see its full report: <strong>threat score</strong>, behaviors mapped to MITRE ATT&amp;CK, <strong>linked CVEs</strong>, and time-windowed activity. The homepage also surfaces a <strong>Top 10 Most Aggressive IPs</strong> leaderboard updated every 24h.
+      No setup needed. Search any IP directly from your browser: run Lucene queries with live faceted filters (reputation, country, AS, behaviors, classifications) and open any result to see its full report: <strong>threat score</strong>, behaviors mapped to MITRE ATT&amp;CK, <strong>linked CVEs</strong>, and time-windowed activity. The homepage also surfaces a <strong>Top 10 Most Aggressive IPs</strong> leaderboard updated every 24h.
     </div>
     <div style={{ display: "flex", flexDirection: "column", gap: "6px" }}>
       <Link to="/u/console/ip_reputation/search_ui" style={{ fontSize: "12.5px", fontWeight: 600 }}><span>IP Search →</span></Link>
@@ -39,7 +39,7 @@ export const PURPLE = "#a78bfa";
     <div style={{ fontSize: "22px", marginBottom: "8px" }}>🔑</div>
     <div style={{ fontWeight: 700, fontSize: "14px", marginBottom: "6px" }}>Enrich your Alerts</div>
     <div style={{ fontSize: "12.5px", color: "var(--ifm-color-emphasis-600)", lineHeight: 1.6, flexGrow: 1, marginBottom: "12px" }}>
-      Unlock programmatic access to 30+ enrichment fields per IP — reputation, behaviors, CVEs, attack context, MITRE mappings, and more. Use it to enrich SIEM alerts, automate lookups, or feed threat intel platforms. <strong>Free tier included, no credit card needed.</strong>
+      Unlock programmatic access to 30+ enrichment fields per IP: reputation, behaviors, CVEs, attack context, MITRE mappings, and more. Use it to enrich SIEM alerts, automate lookups, or feed threat intel platforms. <strong>Free tier included, no credit card needed.</strong>
     </div>
 
     <div style={{ display: "flex", flexDirection: "column", gap: "6px" }}>
@@ -62,7 +62,7 @@ export const PURPLE = "#a78bfa";
         <a href="https://tracker.crowdsec.net/" target="_blank" rel="noopener noreferrer" style={{ color: "inherit" }}>Live Exploit Tracker ↗</a>
       </div>
       <div style={{ fontSize: "12.5px", color: "var(--ifm-color-emphasis-600)", lineHeight: 1.6, marginBottom: "8px" }}>
-        A dedicated platform tracking CVEs actively exploited in the wild — with exploitation momentum, opportunity scores, and the IPs behind each attack. Uses the same CTI API key.
+        A dedicated platform tracking CVEs actively exploited in the wild: with exploitation momentum, opportunity scores, and the IPs behind each attack. Uses the same CTI API key.
       </div>
       <Link to="/u/tracker_api/intro" style={{ fontSize: "12px", fontWeight: 600 }}><span>Explore the Live Exploit Tracker →</span></Link>
     </div>
diff --git a/crowdsec-docs/unversioned/console/premium_upgrade.mdx b/crowdsec-docs/unversioned/console/premium_upgrade.mdx
index a1ba2aaa4..c3f460b26 100644
--- a/crowdsec-docs/unversioned/console/premium_upgrade.mdx
+++ b/crowdsec-docs/unversioned/console/premium_upgrade.mdx
@@ -105,7 +105,7 @@ export const personaOptions = [
 	title="Unlimited Blocklist Subscriptions"
 	metric="3 → ∞"
 	category="protection"
-	description="Subscribe to as many specialized blocklists as needed—bruteforce, botnets, tor, scanners, proxies—without limits."
+	description="Subscribe to as many specialized blocklists as needed without limits: bruteforce, botnets, tor, scanners, proxies..."
 	comparison={{
 		before: "Community: 3 max",
 		after: "Premium: unlimited"
@@ -123,7 +123,7 @@ export const personaOptions = [
 	title="Remediation Sync"
 	metric="Streamlined"
 	category="protection"
-	description="Automatically sync security decisions to all Security Engines and integrations. One blocklist update propagates everywhere—zero manual work."
+	description="Automatically sync security decisions to all Security Engines and integrations. One blocklist update propagates everywhere, zero manual work."
 	stats={[
 		{ value: "2×", label: "more proactive blocking" },
 		{ value: "0", label: "manual propagation" }
diff --git a/crowdsec-docs/unversioned/console/premium_upgrade/optimal_setup.mdx b/crowdsec-docs/unversioned/console/premium_upgrade/optimal_setup.mdx
index df430001c..f92ed742c 100644
--- a/crowdsec-docs/unversioned/console/premium_upgrade/optimal_setup.mdx
+++ b/crowdsec-docs/unversioned/console/premium_upgrade/optimal_setup.mdx
@@ -11,7 +11,7 @@ import { FeatureCard } from '@site/src/components/premium-upgrade/feature-card';
 
 ## 💡 Why Organize Before Upgrading?
 
-Premium upgrades apply to an **entire Organization**. You may not want Premium features for all environments—typically only **Production** needs extended retention, higher quotas, and advanced protection.
+Premium upgrades apply to an **entire Organization**. You may not want Premium features for all environments. Typically only **Production** needs extended retention, higher quotas, and advanced protection.
 
 By organizing your Security Engines **before** upgrading, you save costs and keep your infrastructure organized.
 
diff --git a/crowdsec-docs/unversioned/cti_api/api_integration/integration_intro.mdx b/crowdsec-docs/unversioned/cti_api/api_integration/integration_intro.mdx
index f04f9c4da..6fda16012 100644
--- a/crowdsec-docs/unversioned/cti_api/api_integration/integration_intro.mdx
+++ b/crowdsec-docs/unversioned/cti_api/api_integration/integration_intro.mdx
@@ -5,7 +5,7 @@ title: Integrations
 
 import CtiIntegrationTile, { ctiIntegrations } from '@site/src/components/cti-integration-tile';
 
-CrowdSec has native integrations for the most common security platforms — enrich your workflows with IP reputation data without writing any code.
+CrowdSec has native integrations for the most common security platforms. Enrich your workflows with IP reputation data without writing any code.
 
 If your platform isn't listed, the API is a standard REST interface you can query directly:
 
diff --git a/crowdsec-docs/unversioned/cti_api/api_integration/integration_ipdex.md b/crowdsec-docs/unversioned/cti_api/api_integration/integration_ipdex.md
index 83b58b648..7f0ad3050 100644
--- a/crowdsec-docs/unversioned/cti_api/api_integration/integration_ipdex.md
+++ b/crowdsec-docs/unversioned/cti_api/api_integration/integration_ipdex.md
@@ -8,7 +8,7 @@ sidebar_position: 1
 
 ## Web UI
 
-The [ipdex web app](https://ipdex.crowdsec.net/) lets you upload a list of IPs or a log file and instantly get a reputation report — no installation required.
+The [ipdex web app](https://ipdex.crowdsec.net/) lets you upload a list of IPs or a log file and instantly get a reputation report: no installation required.
 
 ![ipdex web UI](/img/ipdex_demo.png)
 
diff --git a/crowdsec-docs/unversioned/cti_api/api_introduction.md b/crowdsec-docs/unversioned/cti_api/api_introduction.md
index 7fa5e5ba5..b5eb97736 100644
--- a/crowdsec-docs/unversioned/cti_api/api_introduction.md
+++ b/crowdsec-docs/unversioned/cti_api/api_introduction.md
@@ -4,7 +4,7 @@ title: API Introduction
 sidebar_position: 1
 ---
 
-The CrowdSec CTI API gives you programmatic access to IP reputation data collected from CrowdSec deployments worldwide. Use it to enrich your own security workflows — whether that's a quick manual lookup, a script that checks IPs at ingestion, or a fully automated enrichment pipeline inside a SIEM, SOAR, or TIP.
+The CrowdSec CTI API gives you programmatic access to IP reputation data collected from CrowdSec deployments worldwide. Use it to enrich your own security workflows, whether that's a quick manual lookup, a script that checks IPs at ingestion, or a fully automated enrichment pipeline inside a SIEM, SOAR, or TIP.
 
 ## Authentication
 
@@ -17,7 +17,7 @@ Keys are created and managed in the Console under **Settings → CTI API Keys**.
 
 ### Integrations
 
-CrowdSec maintains ready-made integrations for common security platforms — Splunk, QRadar, Microsoft Sentinel, MISP, OpenCTI, Palo Alto XSOAR, TheHive, and more. If you use one of these, it's the fastest path to enrichment.
+CrowdSec maintains ready-made integrations for common security platforms: Splunk, QRadar, Microsoft Sentinel, MISP, OpenCTI, Palo Alto XSOAR, TheHive, and more. If you use one of these, it's the fastest path to enrichment.
 
 [Browse all integrations →](/u/cti_api/api_integration/integration_intro)
 
diff --git a/crowdsec-docs/unversioned/cti_api/intro.mdx b/crowdsec-docs/unversioned/cti_api/intro.mdx
index 0fad953ea..c3cff06b7 100644
--- a/crowdsec-docs/unversioned/cti_api/intro.mdx
+++ b/crowdsec-docs/unversioned/cti_api/intro.mdx
@@ -20,10 +20,10 @@ export const GREEN = "#22d3a0";
 </h1>
 <p style={{ fontSize: "14px", color: "var(--ifm-color-emphasis-600)", marginBottom: "1.25rem" }}>
   <p>CrowdSec tracks malicious IPs across hundreds of thousands of real deployments worldwide.
-  <br />Every lookup gives you <strong>behavioral context</strong> — what the IP was doing, where, and when.</p>
+  <br />Every lookup gives you <strong>behavioral context</strong>: what the IP was doing, where, and when.</p>
 </p>
 
-{/* Quick access strip — same pattern as "Already running CrowdSec?" on the homepage */}
+{/* Quick access strip - same pattern as "Already running CrowdSec?" on the homepage */}
 <div className="doc-quick-strip">
   <span className="doc-quick-strip__label">Quick access</span>
   <div className="doc-quick-strip__pills">
@@ -43,7 +43,7 @@ export const GREEN = "#22d3a0";
       {
         badge: "🔍 No setup needed", icon: "🖥️", accent: BLUE,
         title: "Web UI investigation - in the Console",
-        desc: "Search any IP instantly. Explore threat history and the top aggressive IPs in the last 24h — no API key needed.",
+        desc: "Search any IP instantly. Explore threat history and the top aggressive IPs in the last 24h. No API key needed.",
         links: [{ label: "Web UI guide →", href: "/u/console/ip_reputation/intro" }, { label: "IP Report →", href: "/u/console/ip_reputation/ip_report" }],
       },
       {
@@ -55,7 +55,7 @@ export const GREEN = "#22d3a0";
       {
         badge: "🎯 Threat hunter", icon: "🚨", accent: PURPLE,
         title: "Hunt active threats",
-        desc: "Advanced Search with live faceted filters — behavior, country, AS, CVE — to find campaigns or build blocklists.",
+        desc: "Advanced Search with live faceted filters (behavior, country, AS, CVE) to find campaigns or build blocklists.",
         links: [{ label: "Advanced search →", href: "/u/console/ip_reputation/search_ui_advanced" }, { label: "Live Exploit Tracker →", href: "/u/tracker_api/intro" }],
       },
     ].map(({ badge, icon, accent, title, desc, links }) => (
@@ -79,19 +79,19 @@ export const GREEN = "#22d3a0";
 <div style={{ borderLeft: "3px solid var(--ifm-color-emphasis-200)", paddingLeft: "16px", marginBottom: "2.5rem" }}>
   <div className="doc-eyebrow" style={{ marginBottom: "6px" }}>Why CrowdSec CTI</div>
   <p style={{ fontSize: "12.5px", color: "var(--ifm-color-emphasis-600)", marginBottom: "10px", fontStyle: "italic" }}>
-    Most IP reputation services tell you an IP is "bad." CrowdSec tells you <strong style={{ color: "var(--ifm-color-emphasis-600)" }}>what it was doing</strong> — from real deployments, not honeypots.
+    Most IP reputation services tell you an IP is "bad." CrowdSec tells you <strong style={{ color: "var(--ifm-color-emphasis-600)" }}>what it was doing</strong>. From real deployments, not honeypots.
   </p>
   <div style={{ display: "flex", flexDirection: "column", gap: "6px" }}>
     {[
       { icon: "🌍", title: "Real-world attack signals", desc: "CrowdSec intelligence is built from signals shared by real deployments across the Internet." },
-      { icon: "🧠", title: "Behavioral, not just reputation", desc: "Brute-force, CVE exploitation, scan, credential stuffing — mapped to MITRE ATT&CK." },
+      { icon: "🧠", title: "Behavioral, not just reputation", desc: "Brute-force, CVE exploitation, scan, credential stuffing, mapped to MITRE ATT&CK." },
       { icon: "⚡", title: "Real-time, not cached lists", desc: "Continuously updated with time-windowed scores showing if a threat is rising, stable, or decaying." },
       { icon: "🔬", title: "CVE-level exploit tracking", desc: "Live Exploit Tracker shows which CVEs are actively exploited, with momentum, opportunity, and malicious IP context." },
     ].map(({ icon, title, desc }) => (
       <div key={title} style={{ display: "flex", gap: "10px", alignItems: "baseline" }}>
         <span style={{ fontSize: "14px", flexShrink: 0 }}>{icon}</span>
         <span style={{ fontSize: "12.5px", color: "var(--ifm-color-emphasis-600)", lineHeight: 1.5 }}>
-          <strong style={{ color: "var(--ifm-color-emphasis-700)", fontWeight: 600 }}>{title}</strong> — {desc}
+          <strong style={{ color: "var(--ifm-color-emphasis-700)", fontWeight: 600 }}>{title}</strong>: {desc}
         </span>
       </div>
     ))}
@@ -104,7 +104,7 @@ export const GREEN = "#22d3a0";
   <div className="doc-eyebrow">Integrations</div>
   <div className="doc-section-title">Already using one of these?</div>
   <p style={{ fontSize: "13px", color: "var(--ifm-color-emphasis-600)", marginBottom: "1rem" }}>
-    Jump straight to the integration guide — no need to read the full API docs first.
+    Jump straight to the integration guide, no need to read the full API docs first.
   </p>
   <div style={{ display: "grid", gridTemplateColumns: "repeat(3, 1fr)", gap: "0.5rem", marginBottom: "1.5rem" }}>
     {ctiIntegrations.map(({ name, slug, href, plugin, desc, color }) => (
@@ -116,11 +116,11 @@ export const GREEN = "#22d3a0";
   {[
     { label: "Community Plan Free Key", quota: "40 / month", desc: "Testing integrations, personal servers, ad-hoc lookups", color: GREEN },
     { label: "Premium Plan Free Key", quota: "120 / month", desc: "Regular enrichment, small SOC teams, recurring automation", color: BLUE },
-    { label: "Premium Keys Options", quota: "5K · 25K · 100K / month", desc: "Production SIEMs, SOARs, high-volume pipelines — requires Premium", color: PURPLE },
+    { label: "Premium Keys Options", quota: "5K · 25K · 100K / month", desc: "Production SIEMs, SOARs, high-volume pipelines (requires Premium)", color: PURPLE },
   ].map(({ label, quota, desc, color }) => (
     <div key={label} style={{ fontSize: "12.5px", color: "var(--ifm-color-emphasis-600)", lineHeight: 1.6 }}>
       <strong style={{ color, fontWeight: 600 }}>{label}</strong>
-      {" — "}
+      {" : "}
       <span style={{ fontFamily: "var(--ifm-font-family-monospace)", fontSize: "11.5px" }}>{quota}</span>
       {" · "}
       <span style={{ color: "var(--ifm-color-emphasis-600)" }}>{desc}</span>
diff --git a/crowdsec-docs/unversioned/getting_started/health_check.mdx b/crowdsec-docs/unversioned/getting_started/health_check.mdx
index 82aad52c4..6e87ffaef 100644
--- a/crowdsec-docs/unversioned/getting_started/health_check.mdx
+++ b/crowdsec-docs/unversioned/getting_started/health_check.mdx
@@ -571,7 +571,7 @@ Were all the tests related to your setup successful?
 Now that detection and connectivity are working, let’s verify that your bouncers are correctly applying remediation on malicious IPs.  
 
 **Prerequisite:**  
-To apply remediation with CrowdSec, you’ll need a bouncer — available for firewalls, web servers, reverse proxies, CDNs, cloud WAFs, edge appliances, [and more](https://doc.crowdsec.net/u/bouncers/intro).  
+To apply remediation with CrowdSec, you’ll need a bouncer. Available for firewalls, web servers, reverse proxies, CDNs, cloud WAFs, edge appliances, [and more](https://doc.crowdsec.net/u/bouncers/intro).  
 
 <details>
   <summary>✋🏻 Bouncer Remediation test</summary>
diff --git a/crowdsec-docs/unversioned/integrations/intro.mdx b/crowdsec-docs/unversioned/integrations/intro.mdx
index 6a5db6d36..8cf28182e 100644
--- a/crowdsec-docs/unversioned/integrations/intro.mdx
+++ b/crowdsec-docs/unversioned/integrations/intro.mdx
@@ -14,7 +14,7 @@ import UnderlineTooltip from '@site/src/components/underline-tooltip';
 import IntegrationTile, { firewallIntegrations } from '@site/src/components/integration-tile';
 
 
-CrowdSec Blocklist Integrations — also known as **Blocklist as a Service** — give you a secure, hosted HTTPS endpoint serving live blocklists that you configure your firewall or security tool to pull from.   
+CrowdSec Blocklist Integrations (also known as **Blocklist as a Service**) give you a secure, hosted HTTPS endpoint serving live blocklists that you configure your firewall or security tool to pull from.   
 You don't host anything: CrowdSec updates the blocklists multiple times per day, and your device fetches them on a schedule you control.
 
 Each integration represents a unique endpoint protected by Basic Authentication (username + password), consumable by any HTTP-capable device or software.
@@ -24,8 +24,8 @@ Each integration represents a unique endpoint protected by Basic Authentication
 | Your situation | Recommended integration |
 |---|---|
 | Your firewall supports external IP list ingestion | Use the dedicated page for your vendor in the [table below](#firewall-integrations) |
-| Any HTTP-capable device not listed | [Raw IP List](integrations/rawiplist.mdx) — one IP per line, works in the vast majority of cases |
-| Platforms without native IP list ingestion (Cloudflare, AWS WAF, etc.) | [Remediation Component](integrations/remediationcomponent.mdx) — CrowdSec's own integration layer |
+| Any HTTP-capable device not listed | [Raw IP List](integrations/rawiplist.mdx) (one IP per line), works in the vast majority of cases |
+| Platforms without native IP list ingestion (Cloudflare, AWS WAF, etc.) | [Remediation Component](integrations/remediationcomponent.mdx) (CrowdSec's own integration layer) |
 
 ## Refresh frequency
 
@@ -67,7 +67,7 @@ Each vendor page explains how to create the integration in the CrowdSec Console
   margin: '1.5rem 0',
 }}>
   <IntegrationTile name="Raw IP List" slug="rawiplist" href="/u/integrations/rawiplist" color="#6c757d">
-    One IP per line — compatible with virtually any firewall, router, or HTTP-capable device
+    One IP per line: compatible with virtually any firewall, router, or HTTP-capable device
   </IntegrationTile>
   <IntegrationTile name="Remediation Component" slug="remediationcomponent" href="/u/integrations/remediationcomponent" color="#f97316">
     Integrate blocklists to platforms without native ingestion (Cloudflare, AWS WAF, …) via Remediation Components
@@ -89,7 +89,7 @@ Each vendor page explains how to create the integration in the CrowdSec Console
 <div style={{display: 'flex', gap: '2rem', alignItems: 'flex-start'}}>
 <div style={{flex: '1'}}>
 
-### Step 1 — Create an integration in the CrowdSec Console
+### Step 1 - Create an integration in the CrowdSec Console
 
 In your CrowdSec Console account, navigate to the **Blocklist** tab in the top menu bar, then select the **Integrations** sub-menu.
 Choose the integration type you need, then click **Connect**.
@@ -118,7 +118,7 @@ On mobile, use the menu icon in the top-right corner, tap **Blocklist**, then **
 <div style={{display: 'flex', gap: '2rem', alignItems: 'flex-start'}}>
 <div style={{flex: '1'}}>
 
-### Step 2 — Fill in integration details
+### Step 2 - Fill in integration details
 
 Name the integration *(must be unique to your account)*
 Optionally, add a description and tags to help you identify it later.
@@ -139,7 +139,7 @@ Then click **Create**.
 
     <TabItem value="step3">
 
-### Step 3 — Copy your credentials
+### Step 3 - Copy your credentials
 
 :::warning
 The credentials shown next are displayed **only once**. Copy them before closing this screen.
@@ -200,7 +200,7 @@ The Remediation Component integration provides you with an API key to copy into
 <div style={{display: 'flex', gap: '2rem', alignItems: 'flex-start'}}>
 <div style={{flex: '1'}}>
 
-### Step 4 — Subscribe to Blocklists
+### Step 4 - Subscribe to Blocklists
 
 The integration endpoint will serve the deduplicated blocklists it's subscribed to.
 After creation, a subscription pop-up appears automatically.
diff --git a/crowdsec-docs/unversioned/integrations/rawiplist.mdx b/crowdsec-docs/unversioned/integrations/rawiplist.mdx
index fe29f40c4..aa0bef39e 100644
--- a/crowdsec-docs/unversioned/integrations/rawiplist.mdx
+++ b/crowdsec-docs/unversioned/integrations/rawiplist.mdx
@@ -22,7 +22,7 @@ import UnderlineTooltip from '@site/src/components/underline-tooltip';
 />
 </div>
 <div style={{flex: '1'}}>
-The **Raw IP List** integration is a generic HTTPS endpoint serving Blocklists as plain text — one IP address per line.   
+The **Raw IP List** integration is a generic HTTPS endpoint serving Blocklists as plain text: one IP address per line.   
 It works with any HTTP-capable devices or software that supports ingesting IP lists from a URL.  
 It can be used as the default choice or when no vendor-specific integration exists.
 </div>
@@ -44,7 +44,7 @@ It can be used as the default choice or when no vendor-specific integration exis
 <div style={{display: 'flex', gap: '2rem', alignItems: 'flex-start'}}>
 <div style={{flex: '1'}}>
 
-### Step 1 — Create an integration in the CrowdSec Console
+### Step 1 - Create an integration in the CrowdSec Console
 
 In your CrowdSec Console account, navigate to the **Blocklist** tab in the top menu bar, then select the **Integrations** sub-menu.
 Choose the integration type you need, then click **Connect**.
@@ -73,7 +73,7 @@ On mobile, use the menu icon in the top-right corner, tap **Blocklist**, then **
 <div style={{display: 'flex', gap: '2rem', alignItems: 'flex-start'}}>
 <div style={{flex: '1'}}>
 
-### Step 2 — Fill in integration details
+### Step 2 - Fill in integration details
 
 Name the integration *(must be unique to your account)*
 Optionally, add a description and tags to help you identify it later.
@@ -94,7 +94,7 @@ Then click **Create**.
 
     <TabItem value="step3">
 
-### Step 3 — Copy your credentials
+### Step 3 - Copy your credentials
 
 :::warning
 The credentials shown next are displayed **only once**. Copy them before closing this screen.
@@ -126,7 +126,7 @@ With this HTTPS endpoint and Basic Auth credentials, you can verify the endpoint
 <div style={{display: 'flex', gap: '2rem', alignItems: 'flex-start'}}>
 <div style={{flex: '1'}}>
 
-### Step 4 — Subscribe to Blocklists
+### Step 4 - Subscribe to Blocklists
 
 The integration endpoint will serve the deduplicated blocklists it's subscribed to.
 After creation, a subscription pop-up appears automatically.
diff --git a/crowdsec-docs/unversioned/integrations/remediationcomponent.mdx b/crowdsec-docs/unversioned/integrations/remediationcomponent.mdx
index c01698c58..bffaca842 100644
--- a/crowdsec-docs/unversioned/integrations/remediationcomponent.mdx
+++ b/crowdsec-docs/unversioned/integrations/remediationcomponent.mdx
@@ -23,7 +23,7 @@ import UnderlineTooltip from '@site/src/components/underline-tooltip';
 <div style={{flex: '1'}}>
 The CrowdSec [Remediation Component](bouncers/intro.md) integration allows you to feed a Remediation Component directly from a CrowdSec blocklist, without requiring a local [Security Engine](blocklists/security_engine.mdx).
 
-This is the integration to use for platforms that do not support native IP list ingestion from an external URL — such as Cloudflare, AWS WAF, and others. Remediation Components act as the bridge between CrowdSec's blocklist endpoint and those platforms. See the [full list of available Remediation Components](bouncers/intro.md) to find the one matching your platform.
+This is the integration to use for platforms that do not support native IP list ingestion from an external URL. Such as Cloudflare, AWS WAF, and others. Remediation Components act as the bridge between CrowdSec's blocklist endpoint and those platforms. See the [full list of available Remediation Components](bouncers/intro.md) to find the one matching your platform.
 </div>
 </div>
 
@@ -41,7 +41,7 @@ This is the integration to use for platforms that do not support native IP list
 <div style={{display: 'flex', gap: '2rem', alignItems: 'flex-start'}}>
 <div style={{flex: '1'}}>
 
-### Step 1 — Create an integration in the CrowdSec Console
+### Step 1 - Create an integration in the CrowdSec Console
 
 In your CrowdSec Console account, navigate to the **Blocklist** tab in the top menu bar, then select the **Integrations** sub-menu.
 Choose the integration type you need, then click **Connect**.
@@ -70,7 +70,7 @@ On mobile, use the menu icon in the top-right corner, tap **Blocklist**, then **
 <div style={{display: 'flex', gap: '2rem', alignItems: 'flex-start'}}>
 <div style={{flex: '1'}}>
 
-### Step 2 — Fill in integration details
+### Step 2 - Fill in integration details
 
 Name the integration *(must be unique to your account)*
 Optionally, add a description and tags to help you identify it later.
@@ -91,7 +91,7 @@ Then click **Create**.
 
     <TabItem value="step3">
 
-### Step 3 — Copy your credentials
+### Step 3 - Copy your credentials
 
 :::warning
 The credentials shown next are displayed **only once**. Copy them before closing this screen.
@@ -121,7 +121,7 @@ The Remediation Component integration provides you with an API key to copy into
 <div style={{display: 'flex', gap: '2rem', alignItems: 'flex-start'}}>
 <div style={{flex: '1'}}>
 
-### Step 4 — Subscribe to Blocklists
+### Step 4 - Subscribe to Blocklists
 
 The integration endpoint will serve the deduplicated blocklists it's subscribed to.
 After creation, a subscription pop-up appears automatically.
diff --git a/crowdsec-docs/unversioned/integrations/sophos.mdx b/crowdsec-docs/unversioned/integrations/sophos.mdx
index bf4ef9ce5..a84af0646 100644
--- a/crowdsec-docs/unversioned/integrations/sophos.mdx
+++ b/crowdsec-docs/unversioned/integrations/sophos.mdx
@@ -41,8 +41,8 @@ If you want to learn how to manage integration size limits with pagination, plea
 
 ## References
 
-- [Sophos — Third-Party Threat Feeds documentation](https://docs.sophos.com/nsg/sophos-firewall/latest/Help/en-us/webhelp/onlinehelp/AdministratorHelp/ActiveThreatResponse/ConfigureFeeds/ThirdPartyThreatFeeds/index.html)
-- [Video — Sophos & CrowdSec integration walkthrough](https://techvids.sophos.com/share/watch/2yEPSmMGQdhH4HnSXK9teU?autoplay=2&second=226.41)
+- [Sophos: Third-Party Threat Feeds documentation](https://docs.sophos.com/nsg/sophos-firewall/latest/Help/en-us/webhelp/onlinehelp/AdministratorHelp/ActiveThreatResponse/ConfigureFeeds/ThirdPartyThreatFeeds/index.html)
+- [Video: Sophos & CrowdSec integration walkthrough](https://techvids.sophos.com/share/watch/2yEPSmMGQdhH4HnSXK9teU?autoplay=2&second=226.41)
 
 ## Next Steps
 

From cd56e7875032ae978106d9f2203e0b130ed7ff86 Mon Sep 17 00:00:00 2001
From: jdv <julien@crowdsec.net>
Date: Tue, 5 May 2026 18:44:08 +0200
Subject: [PATCH 2/2] biome fix

---
 crowdsec-docs/src/css/colors.css | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/crowdsec-docs/src/css/colors.css b/crowdsec-docs/src/css/colors.css
index 274eb7eb7..6b201dfec 100644
--- a/crowdsec-docs/src/css/colors.css
+++ b/crowdsec-docs/src/css/colors.css
@@ -192,7 +192,8 @@ html[data-theme="dark"],
 	--ifm-global-shadow-md: 0px;
 	--ifm-code-font-size: 95%;
 	--ifm-font-family-base: "Instrument Sans", sans-serif; /* For body text */
-	--ifm-font-family-monospace: "Roboto Mono", ui-monospace, "SF Mono", "Cascadia Mono", "Segoe UI Mono", Menlo, Consolas, monospace; /* For code blocks */
+	--ifm-font-family-monospace:
+		"Roboto Mono", ui-monospace, "SF Mono", "Cascadia Mono", "Segoe UI Mono", Menlo, Consolas, monospace; /* For code blocks */
 	--ifm-dropdown-background-color: rgb(var(--card));
 
 	/* Algolia global search colors */