diff --git a/crowdsec-docs/sidebarsUnversioned.js b/crowdsec-docs/sidebarsUnversioned.js
index a491b96a5..feafd123d 100644
--- a/crowdsec-docs/sidebarsUnversioned.js
+++ b/crowdsec-docs/sidebarsUnversioned.js
@@ -178,11 +178,6 @@ module.exports = {
             type: "category",
             label: "CTI",
             items: [
-                {
-                    type: "doc",
-                    label: "Introduction",
-                    id: "console/cti/intro",
-                },
                 {
                     type: "doc",
                     label: "Getting started",
@@ -198,6 +193,11 @@ module.exports = {
                     label: "Advanced search",
                     id: "console/cti/advanced_search",
                 },
+                {
+                    type: "doc",
+                    label: "FAQ",
+                    id: "console/cti/faq",
+                },
             ],
         },
         {
diff --git a/crowdsec-docs/static/img/console/cti/home.jpeg b/crowdsec-docs/static/img/console/cti/home.jpeg
deleted file mode 100644
index 1a019f787..000000000
Binary files a/crowdsec-docs/static/img/console/cti/home.jpeg and /dev/null differ
diff --git a/crowdsec-docs/static/img/console/cti/home.png b/crowdsec-docs/static/img/console/cti/home.png
new file mode 100644
index 000000000..cecd7f266
Binary files /dev/null and b/crowdsec-docs/static/img/console/cti/home.png differ
diff --git a/crowdsec-docs/static/img/console/cti/report/page.jpeg b/crowdsec-docs/static/img/console/cti/report/page.jpeg
deleted file mode 100644
index af785b14a..000000000
Binary files a/crowdsec-docs/static/img/console/cti/report/page.jpeg and /dev/null differ
diff --git a/crowdsec-docs/static/img/console/cti/report/page.png b/crowdsec-docs/static/img/console/cti/report/page.png
new file mode 100644
index 000000000..7c754f830
Binary files /dev/null and b/crowdsec-docs/static/img/console/cti/report/page.png differ
diff --git a/crowdsec-docs/unversioned/console/cti/intro.md b/crowdsec-docs/unversioned/console/cti/faq.md
similarity index 87%
rename from crowdsec-docs/unversioned/console/cti/intro.md
rename to crowdsec-docs/unversioned/console/cti/faq.md
index f0aef1506..81f6a6e80 100644
--- a/crowdsec-docs/unversioned/console/cti/intro.md
+++ b/crowdsec-docs/unversioned/console/cti/faq.md
@@ -1,13 +1,13 @@
 ---
-title: Introduction
-description: Introduction to CrowdSec's Cyber Threat Intelligence (CTI) platform.
+title: FAQ
+description: CrowdSec's Cyber Threat Intelligence (CTI) FAQ.
 ---
 
 **CrowdSec’s Cyber Threat Intelligence (CTI)** is a cutting-edge platform that enhances your cybersecurity defenses through community-driven insights and advanced threat intelligence. This introduction provides an overview of CTI’s purpose, benefits, competitive advantages and including a search page with filters and IP detail pages.
 
 Investigate your first IP [there](https://app.crowdsec.net/cti).
 
-![Alerts](/img/console/cti/home.jpeg)
+![Alerts](/img/console/cti/home.png)
 
 # What Is Cyber Threat Intelligence (CTI)?
 
@@ -44,19 +44,6 @@ With CTI’s advanced search and filtering capabilities, finding relevant inform
 
 CTI integrates seamlessly into your existing CrowdSec setup, making it an invaluable part of your defense strategy without requiring additional complexity. Use the [Free CrowdSec CTI API](https://app.crowdsec.net/settings/cti-api-keys) to access threat data programmatically and enhance your security operations.
 
-# What to Expect Next
-
-In this documentation, you’ll discover:
-
-### IP Details Pages
-
-Dive deep into individual IP profiles to uncover:
-
--   Risk assessment scores
--   Threat patterns
--   Timeline of malicious activity
--   Geographical distribution of attacks
-
 ### Faceted Research for Analysts
 
 Understand how CTI enables analysts to uncover trends, identify repeat offenders, and map out potential attack vectors using advanced research tools. [(You can check this example)](<https://app.crowdsec.net/cti?q=classifications.classifications.name:%22crowdsec:ai_vpn_proxy%22+AND+(reputation:malicious+OR+reputation:suspicious)&page=1>)
diff --git a/crowdsec-docs/unversioned/console/cti/getting_started.md b/crowdsec-docs/unversioned/console/cti/getting_started.md
index 3b4449a8a..20e18bb45 100644
--- a/crowdsec-docs/unversioned/console/cti/getting_started.md
+++ b/crowdsec-docs/unversioned/console/cti/getting_started.md
@@ -5,7 +5,7 @@ description: Get started with CrowdSec's Cyber Threat Intelligence (CTI) platfor
 
 Welcome to CrowdSec’s Cyber Threat Intelligence (CTI)! This guide will help you navigate the home page and make the most of its features, from searching for IP details to exploring real-time threat insights. Let’s get started!
 
-> You can access the CTI home page [here](https://app.crowdsec.net/cti).
+> You can access the [CTI Home page](https://app.crowdsec.net/cti) or directly call our [API](https://docs.crowdsec.net/u/cti_api/getting_started).
 
 ## What Can You Find on the Home Page?
 
diff --git a/crowdsec-docs/unversioned/console/cti/ip_report.mdx b/crowdsec-docs/unversioned/console/cti/ip_report.mdx
index 7896397b2..03141b191 100644
--- a/crowdsec-docs/unversioned/console/cti/ip_report.mdx
+++ b/crowdsec-docs/unversioned/console/cti/ip_report.mdx
@@ -7,7 +7,7 @@ description: Learn how to investigate an IP address in CrowdSec's Cyber Threat I
 
 CrowdSec’s Cyber Threat Intelligence (CTI) platform provides detailed insights into IP addresses, enabling you to assess their risk levels, threat types, and historical activities.
 
-![CTI Report](/img/console/cti/report/page.jpeg)
+![CTI Report](/img/console/cti/report/page.png)
 
 ### IP Title and Status
 
@@ -85,10 +85,12 @@ A summary of the IP’s recent activity, showing its aggressiveness over time:
 
 ### Blocklists
 
-Indicates the **blocklists** where the IP is currently listed. These are provided by CrowdSec to users for preemptive blocking. Users can:
+Indicates the **blocklists** where the IP is currently listed. These are provided by CrowdSec to community for preemptive blocking.
 
 ![CTI Report blocklists](/img/console/cti/report/blocklists.png)
 
+It allows to:
+
 -   View whether the IP is on free or premium blocklists.
 -   Click through to explore the relevant blocklists.
 
@@ -121,7 +123,7 @@ Breaks down specific types of attacks linked to the IP, such as:
 
 ### Feedbacks
 
-CrowdSec invites users to participate in improving threat intelligence by:
+CrowdSec invites community to participate in improving threat intelligence by:
 
 ![CTI Report share opinion](/img/console/cti/report/share_opinion.png)
 
@@ -137,7 +139,7 @@ This section provides a detailed **Security Engine Report** for the IP, showing
 
 ![CTI Report security engines report](/img/console/cti/report/security_engines_report.png)
 
--   Allows users to add **comments** to the report, share insights, or annotate findings.
+-   Allows organization's users to add **comments** to the report, share insights, or annotate findings.
 -   Shared comments are visible across all members of the user’s organization, fostering collaboration.
 
 ### Conclusion