diff --git a/docs/en/siem/hosts/hosts-ui.asciidoc b/docs/en/siem/hosts/hosts-ui.asciidoc
deleted file mode 100644
index 1e4e4fbc5..000000000
--- a/docs/en/siem/hosts/hosts-ui.asciidoc
+++ /dev/null
@@ -1,14 +0,0 @@
-[[hosts-ui-overview]]
-[role="xpack"]
-== Hosts UI
-
-beta[]
-
-After you have security monitoring <<install-hosts-monitoring,up and
-running>> and data is streaming to {es}, use the Hosts UI in {kib} to monitor
-and identify security problems in real time.
-
-For more information about working with the Hosts UI, see the
-{kib} documentation.
-
-
diff --git a/docs/en/siem/hosts/index.asciidoc b/docs/en/siem/hosts/index.asciidoc
deleted file mode 100644
index 936263571..000000000
--- a/docs/en/siem/hosts/index.asciidoc
+++ /dev/null
@@ -1,17 +0,0 @@
-:doctype: book
-//:hosts-soln-cap: Hosts monitoring
-//:hosts-soln: hosts monitoring
-//:hosts-ui: Hosts UI
-
-= Hosts Monitoring Guide
-
-//include::{asciidoc-dir}/../../shared/versions.asciidoc[]
-
-include::{asciidoc-dir}/../../shared/attributes.asciidoc[]
-
-include::overview.asciidoc[]
-
-include::installation.asciidoc[]
-
-include::hosts-ui.asciidoc[]
-
diff --git a/docs/en/siem/hosts/images/hosts-security-architecture.png b/docs/en/siem/images/siem-architecture.png
similarity index 100%
rename from docs/en/siem/hosts/images/hosts-security-architecture.png
rename to docs/en/siem/images/siem-architecture.png
diff --git a/docs/en/siem/network/index.asciidoc b/docs/en/siem/index.asciidoc
similarity index 50%
rename from docs/en/siem/network/index.asciidoc
rename to docs/en/siem/index.asciidoc
index 4b3012ed4..2d866b6af 100644
--- a/docs/en/siem/network/index.asciidoc
+++ b/docs/en/siem/index.asciidoc
@@ -1,9 +1,9 @@
 :doctype: book
-//:sec: SecOps
-//:sec-soln: security monitoring
-//:sec-ui: SecOps
+:siem-soln-cap: SIEM Monitoring
+:siem-soln: SIEM monitoring
+:siem-ui: SIEM UI
 
-= Network Monitoring Guide
+= SIEM Solution Guide 
 
 //include::{asciidoc-dir}/../../shared/versions.asciidoc[]
 
@@ -11,7 +11,7 @@ include::{asciidoc-dir}/../../shared/attributes.asciidoc[]
 
 include::overview.asciidoc[]
 
-include::installation.asciidoc[]
+//include::installation.asciidoc[]
 
-include::network-ui.asciidoc[]
+//include::siem-ui.asciidoc[]
 
diff --git a/docs/en/siem/hosts/installation.asciidoc b/docs/en/siem/installation.asciidoc
similarity index 95%
rename from docs/en/siem/hosts/installation.asciidoc
rename to docs/en/siem/installation.asciidoc
index dd00695fa..036a07ea0 100644
--- a/docs/en/siem/hosts/installation.asciidoc
+++ b/docs/en/siem/installation.asciidoc
@@ -1,4 +1,4 @@
-[[install-hosts-monitoring]]
+[[install-siem]]
 [role="xpack"]
 == Get up and running
 
@@ -27,7 +27,7 @@ such as the index pattern used to query the data, and the timestamp field used
 for sorting. For more information, see {kib}.
 
 [float]
-[[install-beats-for-host-sec]]
+[[install-beats]]
 === Install {beats} shippers
 
 To populate the security UI with metrics and
diff --git a/docs/en/siem/network/images/network-security-architecture.png b/docs/en/siem/network/images/network-security-architecture.png
deleted file mode 100644
index b051cb379..000000000
Binary files a/docs/en/siem/network/images/network-security-architecture.png and /dev/null differ
diff --git a/docs/en/siem/network/installation.asciidoc b/docs/en/siem/network/installation.asciidoc
deleted file mode 100644
index 46a901c8e..000000000
--- a/docs/en/siem/network/installation.asciidoc
+++ /dev/null
@@ -1,42 +0,0 @@
-[[install-network-monitoring]]
-[role="xpack"]
-== Get up and running
-
-beta[]
-
-To get up and running with network monitoring, you need:
-
-* An Elasticsearch cluster and Kibana (version 6.x or later) with a basic
-license. To learn how to get started quickly, see
-{stack-gs}/get-started-elastic-stack.html[Getting started with the {stack}].
-+
-[TIP]
-==============
-You can skip installing {es} and {kib} by using our
-https://www.elastic.co/cloud/elasticsearch-service[hosted {es} Service] on
-Elastic Cloud. The {es} Service is available on both AWS and GCP.
-https://www.elastic.co/cloud/elasticsearch-service/signup[Try the {es}
-Service for free].
-==============
-
-* {beats} shippers (version 6.x or later) installed on each system you want to
-monitor
-
-You might need to modify UI settings in {kib} to change default behaviors,
-such as the index pattern used to query the data, and the timestamp field used
-for sorting. For more information, see {kib}.
-
-[float]
-[[install-beats-for-network-sec]]
-=== Install {beats} shippers
-
-To populate the Network UI with metrics and
-log data, you need to install and configure the following shippers:
-
-* https://www.elastic.co/products/beats/packetbeat[{packetbeat}] for analyzing
-network packets 
-* https://www.elastic.co/products/beats/filebeat[{filebeat}] for forwarding and
-centralizing logs and files
-* https://www.elastic.co/products/beats/auditbeat[{auditbeat}] for monitoring
-directories for file changes
-
diff --git a/docs/en/siem/network/network-ui.asciidoc b/docs/en/siem/network/network-ui.asciidoc
deleted file mode 100644
index 0b42f4794..000000000
--- a/docs/en/siem/network/network-ui.asciidoc
+++ /dev/null
@@ -1,14 +0,0 @@
-[[network-ui-overview]]
-[role="xpack"]
-== Network UI
-
-beta[]
-
-After you have network monitoring <<install-network-monitoring,up and
-running>> and data is streaming to {es}, use the Network UI in {kib} to monitor
-and identify security problems in real time.
-
-For more information about working with the Network UI, see the
-{kib} documentation.
-
-
diff --git a/docs/en/siem/network/overview.asciidoc b/docs/en/siem/network/overview.asciidoc
deleted file mode 100644
index 9a3c33211..000000000
--- a/docs/en/siem/network/overview.asciidoc
+++ /dev/null
@@ -1,36 +0,0 @@
-[[network-monitoring-overview]]
-[role="xpack"]
-== Overview
-
-beta[]
-
-Network monitoring gives you a comprehensive view into your network security
-operations.
-
-The Network UI in {kib} brings together data from a variety of sources, making
-it easier for you to identify and resolve security issues.
-
-[float]
-[[network-sec-components]]
-=== Network monitoring components
-
-Network monitoring requires the following {stack} components.
-
-image::images/network-security-architecture.png[]
-
-*https://www.elastic.co/products/beats[{beats}]* are open source data
-shippers that you install as agents on your servers to send operational data to
-{es}.
-
-*https://www.elastic.co/products/elasticsearch[{es}]* is a real-time,
-distributed storage, search, and analytics engine. {es} excels is indexing
-streams of semi-structured data, such as logs or metrics.
-
-*https://www.elastic.co/products/kibana[{kib}]* is an open source analytics and
-visualization platform designed to work with {es}. You use {kib} to search,
-view, and interact with data stored in {es} indices. You can easily perform
-advanced data analysis and visualize your data in a variety of charts, tables,
-and maps.
-
-{kib} Network UI provides a dedicated user interface for visualizing host security.
-
diff --git a/docs/en/siem/hosts/overview.asciidoc b/docs/en/siem/overview.asciidoc
similarity index 69%
rename from docs/en/siem/hosts/overview.asciidoc
rename to docs/en/siem/overview.asciidoc
index f885805c4..891c5e662 100644
--- a/docs/en/siem/hosts/overview.asciidoc
+++ b/docs/en/siem/overview.asciidoc
@@ -1,21 +1,28 @@
-[[hosts-monitoring-overview]]
-[role="xpack"]
-== Overview
+[[siem-overview]]
+//[role="xpack"]
+//== Overview
 
+
+== Coming soon
+
+Won't be long now!
+
+////
 beta[]
 
-Host monitoring gives you a comprehensive view into your security operations.
+{siem-soln-cap} gives you a comprehensive view into your security operations,
+and helps make those insights actionable.
 
 The UI in {kib} brings together data from a variety of sources, making it easier
 for you to identify and resolve security issues.
 
 [float]
-[[hosts-components]]
-=== Hosts monitoring components
+[[siem-components]]
+=== SIEM monitoring components
 
 Security monitoring requires the following {stack} components.
 
-image::images/hosts-security-architecture.png[]
+image::images/siem-architecture.png[]
 
 *https://www.elastic.co/products/beats[{beats}]* are open source data
 shippers that you install as agents on your servers to send operational data to
@@ -31,4 +38,5 @@ view, and interact with data stored in {es} indices. You can easily perform
 advanced data analysis and visualize your data in a variety of charts, tables,
 and maps.
 
-{kib} Hosts UI provides a dedicated user interface for visualizing host security.
+{kib} {siem-ui} provides a dedicated user interface for visualizing host security.
+////
diff --git a/docs/en/siem/siem-ui.asciidoc b/docs/en/siem/siem-ui.asciidoc
new file mode 100644
index 000000000..f473227b4
--- /dev/null
+++ b/docs/en/siem/siem-ui.asciidoc
@@ -0,0 +1,14 @@
+[[siem-ui-overview]]
+[role="xpack"]
+== SIEM UI
+
+beta[]
+
+After you have security monitoring <<install-siem,up and
+running>> and data is streaming to {es}, use the {siem-ui} in {kib} to monitor
+and identify security problems in real time.
+
+For more information about working with the {siem-ui}, see the
+{kib} documentation.
+
+