mondoohq · tas50 · Mar 8, 2024 · Mar 8, 2024 · Mar 8, 2024 · Mar 8, 2024
diff --git a/docs/cnspec/cli/cnspec_scan.md b/docs/cnspec/cli/cnspec_scan.md
@@ -3,64 +3,172 @@ id: cnspec_scan
 title: cnspec scan
 ---
 
-Scan assets with one or more policies.
+Run a security scan on an asset based on one or more Mondoo policies.
+
+To learn more, read [Get Started with cnspec](/cnspec/).
 
 ### Synopsis
 
-This command triggers a new policy scan for an asset. By default, cnspec scans the local
-system with its pre-configured policies:
+This command triggers a new policy-based scan on an asset. By default, cnspec scans the local system with the default [policies](/cnspec/cnspec-policies/) built specifically for the platform. If you [register cnspec with Mondoo](/cnspec/cnspec-adv-install/registration/), this command scans using the applicable [enabled policies](/platform/security/posture/policies/).
 
-    $ cnspec scan local
+```bash
+cnspec scan local
+```
 
-You can also manually select a local policy to execute and run it without
-storing results in the server:
+You can also specify a local policy and run it without storing results in the server:
 
-    $ cnspec scan local --policy-bundle policyfile.yaml --incognito
+```bash
+cnspec scan local --policy-bundle POLICYFILE.yaml --incognito
+```
 
-In addition, cnspec can scan assets remotely via SSH. By default, cnspec uses the operating system
-SSH agent and SSH config to retrieve the credentials:
+In addition, cnspec can scan assets remotely using SSH. By default, cnspec uses the operating system's SSH agent and SSH config to retrieve the credentials:
 
-    $ cnspec scan ssh [email protected]
-    $ cnspec scan ssh [email protected]:2222
+```bash
+cnspec scan ssh [email protected]
+```
 
-cnspec supports scanning AWS, Azure, and GCP accounts and instances.
-Find out more in each sub-commands help menu. Here are a few examples:
+```bash
+cnspec scan ssh [email protected]:2222
+```
 
-    $ cnspec scan aws --region us-east-1
-    $ cnspec scan azure --subscription ID --group NAME
-    $ cnspec scan gcp project ID
+### Examples: cloud
 
-You can also access Docker containers and images. cnspec supports local containers
-and images as well as images in Docker registries:
+#### Scan AWS
 
-    $ cnspec scan docker container b62b276baab6
-    $ cnspec scan docker image ubuntu:latest
+```bash
+cnspec scan aws --region us-east-1
+```
 
-Additionally, you can quickly scan a container registry:
+To learn more, read [Assess AWS Security with cnspec](/cnspec/cnspec-aws/).
 
-    $ cnspec scan container registry harbor.lunalectric.com
-    $ cnspec scan container registry 123456789.dkr.ecr.us-east-1.amazonaws.com/repository
+#### Scan Azure
 
-cnspec also supports GCP's container registry, GCR:
+```bash
+cnspec scan azure --subscription SUBSCRIPTION_ID --group GROUP_NAME
+```
 
-    $ cnspec scan gcp gcr PROJECT_ID
+To learn more, read [Assess Azure Security with cnspec](/cnspec/cnspec-azure/).
 
-Vagrant is supported as well:
+#### Scan Google Cloud (GCP)
 
-    $ cnspec scan vagrant HOST
+```bash
+cnspec scan gcp project PROJECT_ID
+```
 
-You can also use an inventory file:
+To learn more, read [Assess Google Cloud Security with cnspec](/cnspec/cnspec-gcp/).
 
-    $ cnspec scan --inventory-file inventory.yml
+#### Scan Kubernetes
 
-This scan uses an existing Ansible inventory:
+```bash
+cnspec scan k8s
+```
+
+```bash
+cnspec scan k8s MANIFEST_FILE
+```
 
-    $ ansible-inventory -i hosts.ini --list | cnspec scan --inventory-ansible
+To learn more, read [Assess Kubernetes Security with cnspec](/cnspec/cnspec-k8s/).
 
-To learn more, read the [cnspec docs](/cnspec/home/).
+#### Scan Oracle Cloud Infrastructure (OCI)
 
+```bash
+cnspec scan oci
 ```
-cnspec scan [flags]
+
+To learn more, read [Assess Oracle Cloud Infrastructure (OCI) Security with cnspec](/cnspec/cnspec-oci/).
+
+### Examples: SaaS
+
+#### Scan GitHub
+
+```bash
+export GITHUB_TOKEN=YOUR_PERSONAL_ACCESS_TOKEN
+cnspec scan github repo ORG/REPO
+```
+
+To learn more, read [Assess GitHub Security with cnspec](/cnspec/saas/github/).
+
+#### Scan Google Workspace
+
+```bash
+export GOOGLEWORKSPACE_CLOUD_KEYFILE_JSON=/home/user/my-project-6646123456789.json
+cnspec scan google-workspace --customer-id 5amp13iD --impersonated-user-email [email protected]
+```
+
+To learn more, read [Assess Google Workspace Security with cnspec](/cnspec/saas/google_workspace/).
+
+#### Scan Microsoft 365 (MS 365)
+
+```bash
+cnspec scan ms365 --certificate-path certificate.combo.pem --tenant-id YOUR_TENANT_ID --client-id YOUR_CLIENT_ID
+```
+
+To learn more, read [Assess Microsoft 365 Security with cnspec](/cnspec/saas/ms365/).
+
+#### Scan Okta
+
+```bash
+cnspec scan okta --organization your_org.okta.com --token API_TOKEN
+```
+
+To learn more, read [Assess Okta Security with cnspec](/cnspec/saas/okta/).
+
+#### Scan Slack
+
+```bash
+cnspec shell slack --token API_TOKEN
+```
+
+To learn more, read [Assess Slack Security with cnspec](/cnspec/saas/slack/).
+
+### Examples: supply chain and containers
+
+cnspec supports local containers and images as well as images in Docker registries.
+
+#### Scan Docker
+
+```bash
+cnspec scan docker container b62b276baab6
+```
+
+```bash
+cnspec scan docker image ubuntu:latest
+```
+
+#### Scan Harbor
+
+```bash
+cnspec scan container registry harbor.lunalectric.com
+```
+
+#### Scan ECR
+
+```bash
+cnspec scan container registry 123456789.dkr.ecr.us-east-1.amazonaws.com/repository
+```
+
+#### Scan GCR
+
+```bash
+cnspec scan gcp gcr PROJECT_ID
+```
+
+#### Scan Vagrant
+
+```bash
+cnspec scan vagrant HOST
+```
+
+#### Scan an inventory file
+
+```bash
+cnspec scan --inventory-file inventory.yml
+```
+
+#### Scan Ansible
+
+```bash
+ansible-inventory -i hosts.ini --list | cnspec scan --inventory-ansible
 ```
 
 ### Options

diff --git a/docs/cnspec/cli/cnspec_shell.md b/docs/cnspec/cli/cnspec_shell.md
@@ -3,16 +3,104 @@ id: cnspec_shell
 title: cnspec shell
 ---
 
-Interactive query shell for MQL.
+Run an interactive shell to make easy queries and assertions.
+
+To learn more, read [Get Started with cnspec](/cnspec/).
 
 ### Synopsis
 
-Run an interactive shell in which you can explore MQL queries.
+Open an interactive shell in which you can explore [MQL](/mql/home/) queries and assertions. Auto-complete and help make it easy.
 
 ```
 cnspec shell [flags]
 ```
 
+### Examples: cloud
+
+#### Query AWS
+
+```bash
+cnspec shell aws
+```
+
+To learn more, read [Assess AWS Security with cnspec](/cnspec/cnspec-aws/).
+
+#### Query Azure
+
+```bash
+cnspec shell azure --subscription SUBSCRIPTION_ID --group GROUP_NAME
+```
+
+To learn more, read [Assess Azure Security with cnspec](/cnspec/cnspec-azure/).
+
+#### Query Google Cloud (GCP)
+
+```bash
+cnspec shell gcp project PROJECT_ID
+```
+
+To learn more, read [Assess Google Cloud Security with cnspec](/cnspec/cnspec-gcp/).
+
+#### Query Kubernetes
+
+```bash
+cnspec shell k8s
+```
+
+To learn more, read [Assess Kubernetes Security with cnspec](/cnspec/cnspec-k8s/).
+
+#### Query Oracle Cloud Infrastructure (OCI)
+
+```bash
+cnspec shell oci
+```
+
+To learn more, read [Assess Oracle Cloud Infrastructure (OCI) Security with cnspec](/cnspec/cnspec-oci/).
+
+### Examples: SaaS
+
+#### Query GitHub
+
+```bash
+export GITHUB_TOKEN=YOUR_PERSONAL_ACCESS_TOKEN
+cnspec shell github repo ORG/REPO
+```
+
+To learn more, read [Assess GitHub Security with cnspec](/cnspec/saas/github/).
+
+#### Query Google Workspace
+
+```bash
+export GOOGLEWORKSPACE_CLOUD_KEYFILE_JSON=/home/user/my-project-6646123456789.json
+cnspec shell google-workspace --customer-id 5amp13iD --impersonated-user-email [email protected]
+```
+
+To learn more, read [Assess Google Workspace Security with cnspec](/cnspec/saas/google_workspace/).
+
+#### Query Microsoft 365 (MS 365)
+
+```bash
+cnspec shell ms365 --certificate-path certificate.combo.pem --tenant-id YOUR_TENANT_ID --client-id YOUR_CLIENT_ID
+```
+
+To learn more, read [Assess Microsoft 365 Security with cnspec](/cnspec/saas/ms365/).
+
+#### Query Okta
+
+```bash
+cnspec shell okta --organization your_org.okta.com --token API_TOKEN
+```
+
+To learn more, read [Assess Okta Security with cnspec](/cnspec/saas/okta/).
+
+#### Query Slack
+
+```bash
+cnspec shell slack --token API_TOKEN
+```
+
+To learn more, read [Assess Slack Security with cnspec](/cnspec/saas/slack/).
+
 ### Options
 
 ```

diff --git a/docs/mql/home.md b/docs/mql/home.md
@@ -1,5 +1,5 @@
 ---
-title: "MQL Docs"
+title: MQL Docs
 sidebar_label: MQL Docs Home
 displayed_sidebar: MQL
 sidebar_position: 1