feat(docs): Docs revamping

README.md

@@ -1,6 +1,6 @@
 <p align="center" >
-  <a href="https://www.fibratus.io" >
-    <img src="logo.png" alt="Fibratus">
+  <a href="https://fibratus.io" >
+    <img src="logo.svg" alt="Fibratus">
   </a>
 </p>
 
@@ -9,63 +9,37 @@
 <p align="center">
   Adversary tradecraft detection, protection, and hunting
   <br>
-  <a href="https://www.fibratus.io/#/setup/installation"><strong>Get Started »</strong></a>
+  <a href="https://fibratus.io/docs/setup/installation"><strong>Get Started »</strong></a>
   <br>
   <br>
   <strong>
-    <a href="https://www.fibratus.io">Docs</a>
+    <a href="https://fibratus.io/docs">Docs</a>
     &nbsp;&nbsp;&bull;&nbsp;&nbsp;
-    <a href="https://github.com/rabbitstack/fibratus/tree/master/rules">Rules</a>
+    <a href="https://fibratus.io/rules">Rules</a>
     &nbsp;&nbsp;&bull;&nbsp;&nbsp;
     <a href="https://github.com/rabbitstack/fibratus/tree/master/filaments">Filaments</a>
     &nbsp;&nbsp;&bull;&nbsp;&nbsp;
-    <a href="https://github.com/rabbitstack/fibratus/releases">Download</a>
+    <a href="https://fibratus.io/downloads">Download</a>
     &nbsp;&nbsp;&bull;&nbsp;&nbsp;
     <a href="https://github.com/rabbitstack/fibratus/discussions">Discussions</a>
   </strong>
 </p>
 
-Fibratus detects, protects, and eradicates advanced adversary tradecraft by scrutinizing
-and asserting a wide spectrum of system events against a behavior-driven [rule engine](https://www.fibratus.io/#/filters/rules) and [YARA](https://www.fibratus.io/#/yara/introduction) memory scanner.
+Fibratus detects and eradicates advanced attacker tradecraft by scrutinizing and asserting a wide spectrum of [system events](https://fibratus.io/docs/telemetry/events) against a behavior-driven [rule engine](https://fibratus.io/docs/rules) and [YARA](https://fibratus.io/docs/yara) memory scanner.
 
-Events can also be shipped to a wide array of [output sinks](https://www.fibratus.io/#/outputs/introduction) or dumped to [capture](https://www.fibratus.io/#/captures/introduction) files for local inspection and forensics analysis. You can use [filaments](https://www.fibratus.io/#/filaments/introduction) to extend Fibratus with your own arsenal of tools and so leverage the power of the Python ecosystem. 
+Events can be routed to a wide range of [output sinks](https://fibratus.io/docs/telemetry/outputs) or written to [capture](https://fibratus.io/docs/captures) files for local inspection and forensic analysis. With [filaments](https://fibratus.io/docs/filaments), you can extend Fibratus with your own tooling and tap into the full power of the Python ecosystem.
 
-In a nutshell, the Fibratus mantra is defined by the pillars of **realtime behavior detection**, **memory scanning**, and **forensics** capabilities.
+In a nutshell, the Fibratus mantra is built on three pillars: **realtime behavior detection**, **memory scanning**, and **forensics**.
 
+<p align="center" >
+  <a href="https://fibratus.io" >
+    <img src="docs/images/architecture.png" alt="Fibratus">
+  </a>
+</p>
 
-### Installation
-
-- Download the latest [MSI package](https://github.com/rabbitstack/fibratus/releases) and follow the [UI](https://www.fibratus.io/#/setup/installation) wizard or
-alternatively install via `msiexec` in silent mode
-
-```
-$ msiexec /i fibratus-2.4.0-amd64.msi /qn
-```
-
-### Quick start
-
----
-
-- spin up a command line prompt
-- list credentials from the vault by using the `VaultCmd` tool
-
-```
-$ VaultCmd.exe /listcreds:"Windows Credentials" /all
-```
-
-`Credential discovery via VaultCmd tool` rule should trigger and emit the alert to the [Eventlog](https://www.fibratus.io/#/alerts/senders/eventlog). Check the short demo [here](https://www.fibratus.io/alerts/senders/images/eventlog.gif).
-
-### Documentation
-
-To fully exploit and learn about Fibratus capabilities, read the [docs](https://www.fibratus.io).
-
-### Rules
-
-Detection rules live in the [`rules`](/rules) directory of this repository. The CLI provides a set of
-commands to explore the rule catalog, validate the rules, or [create a new rule](https://github.com/rabbitstack/fibratus/tree/master/rules#structure) from the template.
+### Installation and Quick start
 
-To describe all rules in the catalog, use the `fibratus rules list` command. It is possible to pass the
-`-s` flag to show rules summary by MITRE tactics and techniques.
+For installation and [quick start](https://www.fibratus.io/docs/setup/quick-start) instructions, go [here](https://www.fibratus.io/docs/setup/installation).
 
 ### Contributing
 

docs/README.md

@@ -1,8 +1,32 @@
-# Welcome to Fibratus Docs!
+# Documentation
 
-Fibratus documentation is built with [docsify](https://docsify.js.org/#/) site generator. docsify generates the documentation website on the fly by parsing the Markdown files. To preview the docs while you're editing, you can use the `docsify` CLI tool.
+The **`docs/` directory** serves as the canonical source of all user-facing documentation. It contains Markdown files that are not merely static content, but structured inputs consumed by Fibratus’ custom [documentation](https://fibratus.io/docs) engine, which powers the website experience.
 
-- download [Node.JS](https://nodejs.org/en/download/)
-- `npm install -g docsify`
-- go to the `docs` directory and run `docsify serve`
-- browse the docs on `http://localhost:3000`
+At a high level, this directory is designed to balance **readability for contributors** with **rich rendering capabilities** on the site. While everything is written in Markdown, the files follow conventions and include custom extensions that the rendering engine interprets to produce a more dynamic and navigable documentation UI.
+
+### Purpose and Structure
+
+The `docs/` directory organizes documentation into logical sections such as:
+
+* **Getting started** (installation, quickstart guides)
+* **Core concepts** (filaments, telemetry, rules engine)
+* **Configuration** (YAML/CLI flags, environment setup)
+* **Reference material** (field descriptions, functions, operators)
+
+Each section is typically represented as a subdirectory, with Markdown files forming individual pages. File names and folder hierarchy directly map to the website’s routing and sidebar navigation.
+
+### Custom Markdown Extensions
+
+Although the files use standard Markdown syntax, they also leverage custom directives and components understood by the Fibratus documentation engine. These may include:
+
+* **Admonitions** (e.g., notes, warnings, tips)
+* **Code block enhancements** with syntax highlighting tailored to Fibratus DSLs
+* **Cross-references** that resolve to internal documentation links
+
+### Linking and Navigation
+
+Internal links between documents are written using relative paths, but the engine resolves and validates them at build time. It also:
+
+* Builds the **sidebar tree** from directory structure
+* Generates **breadcrumbs and navigation controls**
+* Ensures **consistent URL routing** across the site

docs/_sidebar.md

@@ -1,73 +1,53 @@
-* <ion-icon name="infinite-outline"></ion-icon> Overview
-  * [What is Fibratus?](overview/what-is-fibratus.md)
-* <ion-icon name="rocket-outline"></ion-icon> Setup
+* Setup
   * [Installation](setup/installation.md)
   * [Quick Start](setup/quick-start.md)
   * [Configuration](setup/configuration.md)
-  * [CLI](setup/cli.md)
-* <ion-icon name="apps-outline"></ion-icon> Events
-  * [Anatomy Of An Event](kevents/anatomy.md)
-  * [Process](kevents/process.md)
-  * [Thread](kevents/thread.md)
-  * [Image](kevents/image.md)
-  * [File](kevents/file.md)
-  * [Registry](kevents/registry.md)
-  * [Network](kevents/network.md)
-  * [Handle](kevents/handle.md)
-  * [Object](kevents/object.md)
-  * [Driver](kevents/driver.md)
-  * [Memory](kevents/mem.md)
-* <ion-icon name="filter-outline"></ion-icon> Filters and Rules
-  * [Needle In The Haystack](filters/introduction.md)
-  * [Prefiltering](filters/prefiltering.md)
-  * [Filtering](filters/filtering.md)
-  * [Operators](filters/operators.md)
-  * [Iterators](filters/iterators.md)
-  * [Functions](filters/functions.md)
-  * [Rules](filters/rules.md)
-  * [Fields](filters/fields.md)
-* <ion-icon name="server-outline"></ion-icon> Captures
-  * [Immortalizing The Event Flux](captures/introduction.md)
-  * [Capturing](captures/capturing.md)
-  * [Replaying](captures/replaying.md)
-* <ion-icon name="flash-outline"></ion-icon> Filaments
-  * [Python Meets Kernel Events](filaments/introduction.md)
-  * [Executing](filaments/executing.md)
-  * [Internals](filaments/internals.md)
-  * [Writing Filaments](filaments/writing.md)
-* <ion-icon name="send-outline"></ion-icon> Outputs
-  * [Transporting Events](outputs/introduction.md)
-  * [Console](outputs/console.md)
-  * [Null](outputs/null.md)
-  * [RabbitMQ](outputs/rabbitmq.md)
-  * [Elasticsearch](outputs/elasticsearch.md)
-  * [HTTP](outputs/http.md)
-  * [Eventlog](outputs/eventlog.md)
-* <ion-icon name="color-wand-outline"></ion-icon> Transformers
-  * [Parsing, Enriching, Transforming](transformers/introduction.md)
-  * <ion-icon name="remove-circle-outline"></ion-icon> [Remove](transformers/remove.md)
-  * <ion-icon name="reload-circle-outline"></ion-icon> [Rename](transformers/rename.md)
-  * <ion-icon name="sync-circle-outline"></ion-icon> [Replace](transformers/replace.md)
-  * <ion-icon name="pricetags-outline"></ion-icon> [Tags](transformers/tags.md)
-  * <ion-icon name="cut-outline"></ion-icon> [Trim](transformers/trim.md)
-* <ion-icon name="locate-outline"></ion-icon> Alerts
-  * [Firing Alerts](alerts/introduction.md)
-  * [Alert Senders](alerts/senders.md)
-    * <ion-icon name="mail-unread-outline"></ion-icon> [Mail](alerts/senders/mail.md)
-    * <ion-icon name="logo-slack"></ion-icon> [Slack](alerts/senders/slack.md)
-    * <ion-icon name="chatbubble"></ion-icon> [Systray](alerts/senders/systray.md)
-    * <ion-icon name="server"></ion-icon> [Eventlog](alerts/senders/eventlog.md)
-  * [Filament Alerting](alerts/filaments.md)
-* <ion-icon name="terminal-outline"></ion-icon> PE
-  * [Portable Executable Introspection](/pe/introduction.md)
-  * [Sections](/pe/sections.md)
-  * [Symbols](/pe/symbols.md)
-  * [Resources](/pe/resources.md)
-* <ion-icon name="bug-outline"></ion-icon> Yara
-  * [Pattern Matching Swiss Knife](/yara/introduction.md)
-  * [Scanning Processes](/yara/scanning.md)
-  * [Alerts](/yara/alerts.md)
-* <ion-icon name="help-buoy-outline"></ion-icon> Troubleshooting
-  * [Logs](troubleshooting/logs.md)
-  * [Stats](troubleshooting/stats.md)
-  * [Profiling](troubleshooting/pprof.md)
+* ---
+* [Architecture](architecture.md)
+* ---
+* Telemetry
+  * [Events](telemetry/events.md)
+    * [Process](telemetry/events/process.md)
+    * [Thread](telemetry/events/thread.md)
+    * [Module](telemetry/events/module.md)
+    * [File](telemetry/events/file.md)
+    * [Registry](telemetry/events/registry.md)
+    * [Memory](telemetry/events/memory.md)
+    * [Network](telemetry/events/network.md)
+    * [Handle](telemetry/events/handle.md)
+    * [Object](telemetry/events/object.md)
+  * [Callstacks](telemetry/callstacks.md)
+  * [Evasions](telemetry/evasions.md)
+  * [Filtering](telemetry/filtering.md)
+  * [Outputs](telemetry/outputs.md)
+    * [Console](telemetry/outputs/console.md)
+    * [Null](telemetry/outputs/null.md)
+    * [RabbitMQ](telemetry/outputs/rabbitmq.md)
+    * [Elasticsearch](telemetry/outputs/elasticsearch.md)
+    * [HTTP](telemetry/outputs/http.md)
+    * [Eventlog](telemetry/outputs/eventlog.md)
+  * [Transformers](telemetry/transformers.md)
+    * [Remove](telemetry/transformers/remove.md)
+    * [Rename](telemetry/transformers/rename.md)
+    * [Replace](telemetry/transformers/replace.md)
+    * [Trim](telemetry/transformers/trim.md)
+    * [Tags](telemetry/transformers/tags.md)
+* [Rule Language](rules.md)
+  * [Macros](rules/macros.md)
+  * [Operators](rules/operators.md)
+  * [Iterators](rules/iterators.md)
+  * [Sequences](rules/sequences.md)
+  * [Functions](rules/functions.md)
+  * [Fields](rules/fields.md)
+  * [Actions](rules/actions.md)
+    * [Alert](rules/actions/alert.md)
+    * [Kill](rules/actions/kill.md)
+    * [Isolate](rules/actions/isolate.md)
+* ---
+* [Captures](captures.md)
+* [Filaments](filaments.md)
+* [YARA](yara.md)
+* ---
+* [Troubleshooting](troubleshooting.md)
+* ---
+* [CLI](cli.md)