mattermost
diff --git a/‎extensions/sphinx_inline_tabs/events.py‎
Lines changed: 14 additions & 0 deletions b/‎extensions/sphinx_inline_tabs/events.py‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎source/about/integrated-security-operations.rst‎
Lines changed: 12 additions & 19 deletions b/‎source/about/integrated-security-operations.rst‎
Lines changed: 12 additions & 19 deletions
diff --git a/‎source/about/out-of-band-incident-response.rst‎
Lines changed: 20 additions & 27 deletions b/‎source/about/out-of-band-incident-response.rst‎
Lines changed: 20 additions & 27 deletions
@@ -82,10 +82,24 @@ def doctree_read(app: Sphinx, doctree: nodes.document):
         and len(app.env.sphinx_tabs[app.env.docname]) > 0
     ):
         logger.debug(f"{LOG_PREFIX} doctree_read: {app.env.docname} has tabs")
+        
+        # Store the original toctree structure before replacing it
+        original_toc = None
+        if (len(app.env.tocs[app.env.docname][0]) > 1 and 
+            app.env.tocs[app.env.docname][0][1] is not None):
+            original_toc = app.env.tocs[app.env.docname][0][1]
+            logger.debug(f"{LOG_PREFIX} doctree_read({app.env.docname}): preserving original toctree")
+        
         updated_tocs: nodes.list_item = sectiondata_to_toc(
             app.env.docname,
             collect_sections(app.env, doctree, app.env.docname, doctree),
         )
+        
+        # If we have an original toctree, use it instead of the tab-based one
+        if original_toc is not None:
+            logger.debug(f"{LOG_PREFIX} doctree_read({app.env.docname}): using original toctree instead of tab-based TOC")
+            updated_tocs = original_toc
+            
         logger.debug(
             f"{LOG_PREFIX} doctree_read({app.env.docname}): updated_tocs[0][1]={updated_tocs}"
         )
 
@@ -1,14 +1,16 @@
 Integrated Security Operations
 ==============================
 
-In today’s evolving threat landscape, fragmented workflows, isolated teams, and disjointed tools create delays and blind spots in organizational defense. As threats scale across geopolitical, cyber, and supply chain domains, security operations must become more integrated—unifying monitoring, simulation, response, and intelligence into a continuous, coordinated system.
+**Fragmented security operations create the blind spots attackers exploit. Deploy unified collaboration that coordinates your entire security ecosystem in real-time.**
 
-Mattermost provides a secure, extensible platform for integrated security operations—built to support real-time coordination, mission-specific tooling, and sensitive communications. Whether in Security Operations Centers (SOCs), red team engagements, CERT responses, or cross-organizational intelligence hubs, Mattermost empowers security teams to accelerate detection, decision-making, and coordinated response while maintaining full operational control.
+In today's evolving threat landscape, fragmented workflows, isolated teams, and disjointed tools create delays and blind spots in organizational defense. As threats scale across geopolitical, cyber, and supply chain domains, security operations must become more integrated,unifying monitoring, simulation, response, and intelligence into a continuous, coordinated system.
+
+Mattermost provides a secure, extensible platform for integrated security operations,built to support real-time coordination, mission-specific tooling, and sensitive communications. Whether deployed as a self-hosted Kubernetes instance, Linux server in your local data center, or in sovereign hosting environments, Mattermost empowers security teams to accelerate detection, decision-making, and coordinated response while maintaining full operational control. Built for security-conscious teams across commercial, government, and regulated industries, Mattermost supports integrated incident workflows and enterprise-level access control.
 
 .. image:: /images/Intelligent-RT-Incident-Response.png
     :alt: Augments security platform investments with collaborative, AI-powered security operations workflow.
 
-The following integrated SecOps capabilities are available:
+Mattermost supports security workflows across:
 
 Security Operations Centers (SOCs)
 ----------------------------------
@@ -20,19 +22,8 @@ SOCs are the front lines of real-time monitoring, triage, and escalation. Coordi
 - **Accelerate triage and response workflows** with :doc:`Collaborative Playbooks </guides/workflow-automation>` that automate escalations, task assignment, and ticket updates for consistent response execution.
 - **Integrate detection pipelines and observability tools** using the :doc:`Mattermost integrations platform </about/integrations>` to surface alerts from SIEM, SOAR, and log analysis systems into dedicated response channels.
 - **Maintain operational security and compliance** through :doc:`role-based permissions </onboard/advanced-permissions>` and :ref:`audit logging <manage/logging:audit logging>` to safeguard sensitive incident data.
-- **Operate in secure, classified, or hybrid environments** with :ref:`self-hosted deployment models <deploy/server/server-deployment-planning:deployment options>` that keep SOC operations inside compliant, sovereign infrastructure.
-
-Red Teams
----------
-
-Adversary simulation exercises require stealth, control, and segmented communications across tools and stakeholders.
-
-**Benefits**
-
-- **Coordinate covert engagements securely** using :ref:`private channels <collaborate/channel-types:private channels>` and :doc:`threaded messaging </collaborate/organize-conversations>` to maintain operational compartmentalization during offensive scenarios.
-- **Control exposure and data lineage** with :doc:`custom retention policies </comply/data-retention-policy>` and :ref:`channel-level access controls <manage/team-channel-members:advanced access controls>` that align with internal red team governance.
-- **Simulate real-world attacks across tools** using :doc:`custom integrations </about/integrations>` that connect Mattermost with infrastructure like C2 frameworks, vulnerability scanners, and operational support tools.
-- **Run red/blue postmortems and hotwash debriefs** in controlled collaboration spaces that preserve findings, artifacts, and replayable insights.
+- **Operate in secure, classified, or hybrid environments** using Kubernetes or Linux on the infrastructure of your choice: Public cloud, organization data center, or fully air-gapped. :ref:`Explore deployment options <deploy/server/server-deployment-planning:deployment options>`.
+- **Meet regulatory compliance requirements** with a solution that adapts to your organization's security posture and regulatory requirements, incl. GDPR, FedRAMP, ISO 27001, and more.
 
 Computer Emergency Response Teams (CERTs)
 -----------------------------------------
@@ -45,20 +36,22 @@ CERTs serve as rapid-response teams during high-risk events, requiring tight coo
 - **Centralize and structure communication** with :doc:`channel-based collaboration </guides/messaging-collaboration>`, including :doc:`file sharing </collaborate/share-files-in-messages>`, :doc:`threaded updates </collaborate/organize-conversations>`, and task-tracking across affected teams.
 - **Enable coordination across geographies** using :doc:`multi-device access </guides/deployment-guide>` and :doc:`mobile EMM support </deploy/mobile/deploy-mobile-apps-using-emm-provider>` for secure participation across locations and devices.
 - **Preserve evidentiary and compliance data** through :ref:`audit logs <manage/logging:audit logging>` and configurable :doc:`exports </manage/bulk-export-tool>` for legal review or forensic handoff.
+- **Ensure data sovereignty** with flexible hosting options including EU-resident infrastructure, on-premises deployments, and air-gapped environments that maintain full control over sensitive communications.
 
 Federated Threat Intelligence & Information Sharing
 ---------------------------------------------------
 
-Cross-organizational threat intelligence teams—spanning sectors, regions, and public-private partnerships—require secure, policy-driven platforms for sharing indicators, coordinating alerts, and supporting collective defense efforts.
+Cross-organizational threat intelligence teams,spanning sectors, regions, and public-private partnerships,require secure, policy-driven platforms for sharing indicators, coordinating alerts, and supporting collective defense efforts.
 
 **Benefits**
 
 - **Collaborate securely across agencies or organizations** using :doc:`Connected Workspaces </onboard/connected-workspaces>` to synchronize alerts, discussions, and file sharing with trusted external partners.
 - **Support multinational and sectoral collaboration** with :doc:`custom terms of service enforcement </comply/custom-terms-of-service>` and :ref:`localized UI settings <preferences/manage-your-display-options:language>` for global partner access.
 - **Preserve operational trust and compliance** through :doc:`role-based access controls </onboard/advanced-permissions>` and :ref:`channel-specific permissions <manage/team-channel-members:advanced access controls>` that enforce jurisdictional and information-sharing agreements.
 - **Operationalize shared threat intelligence** by integrating IOCs, threat actor profiles, and shared playbooks into your Mattermost instance via the :doc:`integrations platform </about/integrations>`.
+- **Scale communication globally** with Mattermost's :doc:`high availability and horizontal scalability architecture </scale/scaling-for-enterprise>`,supporting tens of thousands of users across enterprise, field, government, or classified environments.
 
 Get Started
 -----------
-
-`Talk to an Expert <https://mattermost.com/contact-sales/>`_ to unify your security operations. Whether you’re coordinating a global SOC, simulating threats, responding to incidents, or exchanging intelligence across borders, Mattermost ensures your teams are secure, synchronized, and mission-ready.
+Whether you're coordinating a global SOC, simulating threats, responding to incidents, or exchanging intelligence across borders, Mattermost ensures your teams are secure, synchronized, and mission-ready.
+Experience integrated security operations with pre-configured alerts, channels, and playbooks `in a live sandbox environment <https://mattermost.com/sign-up/?usecase=integrated-sec-ops>`_ or `talk to an expert <https://mattermost.com/contact-sales/>`_ to unify your security operations. 
@@ -1,61 +1,54 @@
 Out-of-Band Incident Response
 =============================
 
-When cyberattacks, infrastructure failures, or security breaches disrupt primary systems, organizations must maintain the ability to coordinate securely and act decisively. Traditional communication tools often become liabilities under these conditions—prone to compromise, unavailable during outages, or unable to support secure workflows. The operational and financial consequences of downtime can be catastrophic, underscoring the need for an independent collaboration environment.
+**Don't let attackers silence your incident response team. Deploy sovereign, encrypted collaboration that operates completely outside your compromised infrastructure.**
 
-Mattermost provides a secure, mission-resilient out-of-band (OOB) collaboration platform that operates outside your primary infrastructure. Whether deployed as a self-hosted Kubernetes instance or via Mattermost Cloud, the platform ensures real-time coordination remains available during network outages, security incidents, or critical decision windows. Built for security-conscious teams and regulated industries, Mattermost supports integrated incident workflows, and enterprise-level access control to enable business continuity—even under duress.
+When cyberattacks, infrastructure failures, or security breaches disrupt primary systems, organizations must maintain the ability to coordinate securely and act decisively. Traditional communication tools often become liabilities under these conditions, prone to compromise, unavailable during outages, or unable to support secure workflows. The operational and financial consequences of downtime can be catastrophic, underscoring the need for an independent collaboration environment.
 
-.. image:: /images/Intelligent-RT-Incident-Response.png
-    :alt: Augments security platform investments with collaborative, AI-powered security operations workflow.
+Mattermost provides a secure, mission-resilient out-of-band (OOB) collaboration platform that operates outside your primary infrastructure. Whether deployed as a self-hosted Kubernetes instance, Linux server in your local data center, or in sovereign hosting environments, the platform ensures real-time coordination remains available during network outages, security incidents, or critical decision windows. Built for security-conscious teams across commercial, government, and regulated industries, Mattermost supports integrated incident workflows and enterprise-level access control to enable business continuity, even under duress.
 
-The following mission-critical OOB collaboration capabilities are available:
+.. image:: /images/secure-out-of-band.png
+    :alt: Secure and sovereign out-of-band incident response communication operates independently from compromised enterprise infrastructure.
+
+Mattermost supports the following mission-critical OOB collaboration requirements: 
 
 Always-Available Backup Communications
 --------------------------------------
 
-Out-of-band collaboration provides a persistent, independent channel for coordinating during crises—separate from compromised or degraded primary systems.
+Out-of-band collaboration provides a persistent, independent channel for coordinating during crises, separate from compromised or degraded primary systems.
 
 **Benefits**
 
-- **Preserve communication during infrastructure failures** with secure, dedicated OOB deployments across private Kubernetes clusters or Azure Marketplace-hosted environments. :ref:`Explore deployment options <deploy/server/server-deployment-planning:deployment options>`.
-- **Safeguard sensitive communications** with FIPS 140-3 validated and STIG-hardened images, ensuring secure operation in classified or regulated environments.
-- **Maintain continuity across platforms** with :doc:`multi-device access </guides/deployment-guide>`—including web, desktop, and mobile experiences—even when primary tools are offline.
+- **Preserve communication during infrastructure failures** with secure, dedicated OOB deployments using Kubernetes Or Linux on the infrastructure of your choice: Public cloud, organization data center, or fully air-gapped. :ref:`Explore deployment options <deploy/server/server-deployment-planning:deployment options>`.
+- **Meet regulatory compliance requirements** with a solution that adapts to your organization's security posture and regulatory requirements, incl. GDPR, FedRAMP, ISO 27001, and more.
+- **Ensure data sovereignty** with flexible hosting options including EU-resident infrastructure, on-premises deployments, and air-gapped environments that maintain full control over sensitive communications.
+- **Maintain continuity across platforms** with :doc:`multi-device access </guides/deployment-guide>`, including web, desktop, and mobile experiences, even when primary tools are offline.
 - **Enforce strict access controls** using :doc:`role-based permissions </onboard/advanced-permissions>` and :ref:`audit logging <manage/logging:audit logging>` to limit risk exposure during high-stakes operations.
 
 Business Continuity at Scale
 ----------------------------
 
-Outages and downtime threaten both productivity and revenue. In large enterprises, the cost of silence can be measured in hundreds of thousands of dollars per minute.
+Outages and downtime threaten both productivity and revenue. In large enterprises, the cost of outages can be measured in hundreds of thousands of dollars per minute, while government operations face national security implications.
 
 **Benefits**
 
-- **Enable immediate coordination during outages** using :ref:`private cloud or hybrid deployment options <deploy/server/server-deployment-planning:deployment options>` to maintain operational continuity outside your primary infrastructure.
-- **Scale communication globally** with Mattermost’s :doc:`high availability and horizontal scalability architecture </scale/scaling-for-enterprise>`—supporting tens of thousands of users across enterprise, field, or classified environments.
-- **Accelerate outage recovery** using :doc:`Collaborative Playbooks </guides/workflow-automation>` that automate outage response steps and ensure team accountability during time-critical events.
+- **Scale communication globally** with Mattermost's :doc:`high availability and horizontal scalability architecture </scale/scaling-for-enterprise>`, supporting tens of thousands of users across enterprise, field, government, or classified environments.
+- **Accelerate outage recovery** using :doc:`Collaborative Playbooks </guides/workflow-automation>` that automate response steps and ensure team accountability during time-critical events, reducing mean time to recovery (MTTR) by up to 50%.
+- **Demonstrate ROI through measurable outcomes** with built-in metrics tracking incident response times, team coordination efficiency, and compliance audit trails.
 
 Incident Response in Crisis Conditions
 --------------------------------------
 
-Cyber breaches demand swift, coordinated action across affected teams. Every delay in communication heightens risk.
+Cyber breaches demand swift, coordinated action across affected teams. Every delay in communication heightens risk and potential regulatory penalties.
 
 **Benefits**
 
 - **Ensure secure response coordination** through :doc:`private 1:1 calling and screen sharing </collaborate/make-calls>` for uninterrupted incident discussions within an isolated Mattermost environment.
-- **Confirm alerts and share threat intelligence** with integrated tools like ServiceNow, Prometheus, and Grafana via the :doc:`Mattermost integrations platform </about/integrations>`.
+- **Integrate with your existing security stack** including ServiceNow, Grafana, Splunk, and other SOC tools via the :doc:`Mattermost integrations platform </about/integrations>`.
 - **Reduce mean time to resolution (MTTR)** by executing :doc:`structured incident playbooks </guides/workflow-automation>` that handle triage, task assignment, and escalation with full visibility and auditability.
-
-Sensitive or Classified Collaboration
---------------------------------------
-
-Not all communication is appropriate for general collaboration platforms. Teams managing high-value or sensitive data need secure, isolated spaces for sensitive strategic planning or response operations.
-
-**Benefits**
-
-- **Protect classified communications** with STIG-hardened, DISA-approved container images built for use in air-gapped or classified networks.
-- **Enable secure collaboration** through :doc:`threaded messaging </collaborate/organize-conversations>`, :doc:`file sharing </collaborate/share-files-in-messages>`, and :ref:`channel-level access controls <manage/team-channel-members:advanced access controls>` hosted in sovereign infrastructure.
-- **Maintain IP confidentiality** with end-to-end encrypted, :doc:`self-hosted deployments </deploy/server/server-deployment-planning>` that eliminate reliance on third-party SaaS and ensure data sovereignty.
+- **Support compliance reporting** with automated documentation and audit trails helping organizations to meet NIS2, HIPAA, PCI DSS, GDPR, and government security requirements.
 
 Get Started
 -----------
 
-`Talk to an Expert <https://mattermost.com/contact-sales/>`_ to build your out-of-band incident response environment. Whether protecting national security, managing global infrastructure, or recovering from outages, Mattermost ensures your teams remain connected, coordinated, and compliant—no matter the crisis.
+Whether protecting national security, managing global infrastructure, ensuring regulatory compliance, or recovering from outages, Mattermost ensures your teams remain connected, coordinated, and compliant, no matter the crisis. Experience out-of-band incident response with pre-configured alerts, channels, and playbooks in a `live sandbox environment <https://mattermost.com/sign-up/?usecase=out-of-band>`_ or `talk to an expert <https://mattermost.com/contact-sales/>`_ to build your out-of-band incident response environment.