6 files changed, 2 insertions, 177 deletions
diff --git a/doc/user/application_security/index.md b/doc/user/application_security/index.md
index 3a6aa8e3485..3de43ed40ea 100644
--- a/doc/user/application_security/index.md
+++ b/doc/user/application_security/index.md
@@ -19,9 +19,6 @@ GitLab also provides high-level statistics of vulnerabilities across projects an
 
 - The [Security Dashboard](security_dashboard/index.md) provides a
   high-level view of vulnerabilities detected in your projects, pipeline, and groups.
-- The [Threat Monitoring](threat_monitoring/index.md) page provides runtime security metrics
-  for application environments. With the information provided,
-  you can immediately begin risk analysis and remediation.
 
 <i class="fa fa-youtube-play youtube" aria-hidden="true"></i>
 For an overview of GitLab application security, see [Shifting Security Left](https://www.youtube.com/watch?v=XnYstHObqlA&t).
diff --git a/doc/user/application_security/policies/index.md b/doc/user/application_security/policies/index.md
index 81d24104340..214e5f955bc 100644
--- a/doc/user/application_security/policies/index.md
+++ b/doc/user/application_security/policies/index.md
@@ -19,7 +19,6 @@ GitLab supports the following security policies:
 
 - [Scan Execution Policy](scan-execution-policies.md)
 - [Scan Result Policy](scan-result-policies.md)
-- [Container Network Policy](#container-network-policy) (DEPRECATED)
 
 ## Security policy project
 
@@ -83,21 +82,6 @@ status), and create and edit deployed policies:
 
 ![Policies List Page](img/policies_list_v14_3.png)
 
-Network policies are fetched directly from the selected environment's
-deployment platform while other policies are fetched from the project's
-security policy project. Changes performed outside of this tab are
-reflected upon refresh.
-
-By default, the policy list contains predefined network policies in a
-disabled state. Once enabled, a predefined policy deploys to the
-selected environment's deployment platform and you can manage it like
-the regular policies.
-
-Note that if you're using [Auto DevOps](../../../topics/autodevops/index.md)
-and change a policy in this section, your `auto-deploy-values.yaml` file doesn't update. Auto DevOps
-users must make changes by following the
-[Container Network Policy documentation](../../../topics/autodevops/stages.md#network-policy).
-
 ## Policy editor
 
 > [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/3403) in GitLab 13.4.
@@ -144,111 +128,6 @@ See [Scan execution policies](scan-execution-policies.md).
 
 See [Scan result policies](scan-result-policies.md).
 
-## Container Network Policy
-
-> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/32365) in GitLab 12.9.
-> - [Deprecated](https://gitlab.com/groups/gitlab-org/-/epics/7476) in GitLab 14.8, and planned for [removal](https://gitlab.com/groups/gitlab-org/-/epics/7477) in GitLab 15.0.
-
-WARNING:
-Container Network Policy is in its end-of-life process. It's [deprecated](https://gitlab.com/groups/gitlab-org/-/epics/7476)
-in GitLab 14.8, and planned for [removal](https://gitlab.com/groups/gitlab-org/-/epics/7477)
-in GitLab 15.0.
-
-The **Container Network Policy** section provides packet flow metrics for
-your application's Kubernetes namespace. This section has the following
-prerequisites:
-
-- Your project contains at least one [environment](../../../ci/environments/index.md).
-- You've [installed Cilium](../../project/clusters/protect/container_network_security/quick_start_guide.md#use-the-cluster-management-template-to-install-cilium).
-- You've configured the [Prometheus service](../../project/integrations/prometheus.md#enabling-prometheus-integration).
-
-If you're using custom Helm values for Cilium, you must enable Hubble
-with flow metrics for each namespace by adding the following lines to
-your [Cilium values](../../project/clusters/protect/container_network_security/quick_start_guide.md#use-the-cluster-management-template-to-install-cilium):
-
-```yaml
-hubble:
-  enabled: true
-  metrics:
-    enabled:
-      - 'flow:sourceContext=namespace;destinationContext=namespace'
-```
-
-The **Container Network Policy** section displays the following information
-about your packet flow:
-
-- The total amount of the inbound and outbound packets
-- The proportion of packets dropped according to the configured
-  policies
-- The per-second average rate of the forwarded and dropped packets
-  accumulated over time window for the requested time interval
-
-If a significant percentage of packets is dropped, you should
-investigate it for potential threats by
-examining the Cilium logs:
-
-```shell
-kubectl -n gitlab-managed-apps logs -l k8s-app=cilium -c cilium-monitor
-```
-
-### Change the status
-
-To change a network policy's status:
-
-- Select the network policy you want to update.
-- Select **Edit policy**.
-- Select the **Policy status** toggle to update the selected policy.
-- Select **Save changes** to deploy network policy changes.
-
-Disabled network policies have the `network-policy.gitlab.com/disabled_by: gitlab` selector inside
-the `podSelector` block. This narrows the scope of such a policy and as a result it doesn't affect
-any pods. The policy itself is still deployed to the corresponding deployment namespace.
-
-### Container Network Policy editor
-
-The policy editor only supports the [CiliumNetworkPolicy](https://docs.cilium.io/en/v1.8/policy/)
-specification. Regular Kubernetes [NetworkPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#networkpolicy-v1-networking-k8s-io)
-resources aren't supported.
-
-Rule mode supports the following rule types:
-
-- [Labels](https://docs.cilium.io/en/v1.8/policy/language/#labels-based).
-- [Entities](https://docs.cilium.io/en/v1.8/policy/language/#entities-based).
-- [IP/CIDR](https://docs.cilium.io/en/v1.8/policy/language/#ip-cidr-based). Only
-  the `toCIDR` block without `except` is supported.
-- [DNS](https://docs.cilium.io/en/v1.8/policy/language/#dns-based).
-- [Level 4](https://docs.cilium.io/en/v1.8/policy/language/#layer-4-examples)
-  can be added to all other rules.
-
-Once your policy is complete, save it by selecting **Save policy**
-at the bottom of the editor. Existing policies can also be
-removed from the editor interface by selecting **Delete policy**
-at the bottom of the editor.
-
-### Configure a Network Policy Alert
-
-> - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/3438) and [enabled by default](https://gitlab.com/gitlab-org/gitlab/-/issues/287676) in GitLab 13.9.
-> - The feature flag was removed and the Threat Monitoring Alerts Project was [made generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/287676) in GitLab 14.0.
-
-You can use policy alerts to track your policy's impact. Alerts are only available if you've
-[installed](../../clusters/agent/repository.md)
-and [configured](../../clusters/agent/install/index.md#register-the-agent-with-gitlab)
-an agent for this project.
-
-There are two ways to create policy alerts:
-
-- In the [policy editor UI](#container-network-policy-editor),
-  by clicking **Add alert**.
-- In the policy editor's YAML mode, through the `metadata.annotations` property:
-
-  ```yaml
-  metadata:
-    annotations:
-      app.gitlab.com/alert: 'true'
-  ```
-
-Once added, the UI updates and displays a warning about the dangers of too many alerts.
-
 ## Roadmap
 
 See the [Category Direction page](https://about.gitlab.com/direction/protect/security_orchestration/)
diff --git a/doc/user/application_security/security_dashboard/index.md b/doc/user/application_security/security_dashboard/index.md
index 488ec336646..577606885ca 100644
--- a/doc/user/application_security/security_dashboard/index.md
+++ b/doc/user/application_security/security_dashboard/index.md
@@ -17,6 +17,7 @@ To use the Security Dashboards, you must:
 - Configure jobs to use the [`reports` syntax](../../../ci/yaml/index.md#artifactsreports).
 - Use [GitLab Runner](https://docs.gitlab.com/runner/) 11.5 or later. If you use the
   shared runners on GitLab.com, you are using the correct version.
+- Have the [correct role](../../permissions.md) for the project or group.
 
 ## When Security Dashboards are updated
 
diff --git a/doc/user/application_security/threat_monitoring/img/threat_monitoring_policy_alert_list_v14_3.png b/doc/user/application_security/threat_monitoring/img/threat_monitoring_policy_alert_list_v14_3.png
deleted file mode 100644
index a11a7fafc4a..00000000000
--- a/doc/user/application_security/threat_monitoring/img/threat_monitoring_policy_alert_list_v14_3.png
+++ /dev/null
diff --git a/doc/user/application_security/threat_monitoring/index.md b/doc/user/application_security/threat_monitoring/index.md
deleted file mode 100644
index 9b8dd2825ea..00000000000
--- a/doc/user/application_security/threat_monitoring/index.md
+++ /dev/null
@@ -1,52 +0,0 @@
----
-type: reference, howto
-stage: Protect
-group: Container Security
-info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
----
-
-# Threat Monitoring **(ULTIMATE)**
-
-> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/14707) in GitLab 12.9.
-> - [Deprecated](https://gitlab.com/groups/gitlab-org/-/epics/7476) in GitLab 14.8, and planned for [removal](https://gitlab.com/groups/gitlab-org/-/epics/7477) in GitLab 15.0.
-
-WARNING:
-Threat Monitoring is in its end-of-life process. It's [deprecated](https://gitlab.com/groups/gitlab-org/-/epics/7476)
-in GitLab 14.8, and planned for [removal](https://gitlab.com/groups/gitlab-org/-/epics/7477)
-in GitLab 15.0.
-
-The **Threat Monitoring** page provides alerts and metrics
-for the GitLab application runtime security features. You can access
-these by navigating to your project's **Security & Compliance > Threat
-Monitoring** page.
-
-GitLab supports statistics for the following security features:
-
-- [Container Network Policies](../../../topics/autodevops/stages.md#network-policy)
-
-## Container Network Policy Alert list
-
-> [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/3438) in GitLab 13.9.
-
-The policy alert list displays your policy's alert activity. You can sort the list by these columns:
-
-- Date and time
-- Events
-- Status
-
-You can filter the list with the **Policy Name** filter and the **Status** filter at the top. Use
-the selector menu in the **Status** column to set the status for each alert:
-
-- Unreviewed
-- In review
-- Resolved
-- Dismissed
-
-By default, the list doesn't display resolved or dismissed alerts.
-
-![Policy Alert List](img/threat_monitoring_policy_alert_list_v14_3.png)
-
-Clicking an alert's row opens the alert drawer, which shows more information about the alert. A user
-can also create an incident from the alert and update the alert status in the alert drawer.
-
-Clicking an alert's name takes the user to the [alert details page](../../../operations/incident_management/alerts.md#alert-details-page).
diff --git a/doc/user/application_security/vulnerability_report/index.md b/doc/user/application_security/vulnerability_report/index.md
index 1e390b1a319..7cadc73e8c3 100644
--- a/doc/user/application_security/vulnerability_report/index.md
+++ b/doc/user/application_security/vulnerability_report/index.md
@@ -11,7 +11,7 @@ The Vulnerability Report provides information about vulnerabilities from scans o
 
 The scan results from a pipeline are only ingested after all the jobs in the pipeline complete. Partial results for a pipeline with jobs in progress can be seen in the pipeline security tab.
 
-The report is available for projects, groups, and the Security Center.
+The report is available for users with the [correct role](../../permissions.md) on projects, groups, and the Security Center.
 
 At all levels, the Vulnerability Report contains: