diff --git a/docs/content/usage/scenarios/_index.md b/docs/content/usage/scenarios/_index.md
new file mode 100644
index 000000000..dedaf554c
--- /dev/null
+++ b/docs/content/usage/scenarios/_index.md
@@ -0,0 +1,29 @@
++++
+title = "Scenarios"
+date = 2020-08-12T12:52:59+03:00
+weight = 3
+chapter = true
+pre = " "
++++
+
+# Scenarios
+
+This section describes the different attack scenarios that the Infection Monkey can simulate.
+
+{{% notice note %}}
+Don't worry! The Infection Monkey uses safe exploiters and does not cause any permanent system modifications that could impact security or operations.
+{{% /notice %}}
+
+The Infection Monkey has pre-built scenarios to simulate common types of attacks that take place. These scenarios, when selected, manipulate the configuration to only show you what you need to see for that scenario. This makes it possible for you to quickly run the Monkey on your network in order to accomplish a specific objective.
+
+Choosing the "Custom" scenario will allow you to fine-tune your simulation and access all available features. [Read more about configuring a custom simulation.](/custom-scenario/_index.md)
+
+![Choose scenario](/images/usage/scenarios/choose-scenario.png "Choose a scenario")
+
+To exit a scenario and select another one, click on "Start Over".
+
+![Start over](/images/usage/scenarios/start-over.png "Start over")
+
+## Section contents
+
+{{% children description=True style="p"%}}
diff --git a/docs/content/usage/scenarios/custom-scenario/_index.md b/docs/content/usage/scenarios/custom-scenario/_index.md
new file mode 100644
index 000000000..43d79c9c4
--- /dev/null
+++ b/docs/content/usage/scenarios/custom-scenario/_index.md
@@ -0,0 +1,18 @@
+---
+title: " Custom"
+date: 2021-07-28T14:36:02+05:30
+description: "Configure a custom scenario to test your network's defenses."
+weight: 100
+pre: ""
+chapter: true
+---
+
+# Custom
+
+The Infection Monkey is a versatile breach and attack simulation tool. Choosing the "Custom" scenario will allow you to access all of its capabilities and configure the simulation exactly according to your needs. You can enhance, optimize, and fine-tune the Monkey's behavior.
+
+![Custom scenario](/images/usage/scenarios/custom-scenario.png "Custom scenario")
+
+Below are some examples with instructions on how to configure them.
+
+{{% children description=True style="p"%}}
diff --git a/docs/content/usage/use-cases/attack.md b/docs/content/usage/scenarios/custom-scenario/attack.md
similarity index 98%
rename from docs/content/usage/use-cases/attack.md
rename to docs/content/usage/scenarios/custom-scenario/attack.md
index bc13181cc..476a8183e 100644
--- a/docs/content/usage/use-cases/attack.md
+++ b/docs/content/usage/scenarios/custom-scenario/attack.md
@@ -6,14 +6,14 @@ description: "Assess your network security detection and prevention capabilities
weight: 2
---
-## Overview
+## Overview
The Infection Monkey can simulate various [ATT&CK](https://attack.mitre.org/matrices/enterprise/) techniques on the network. Use it to assess your security solutions' detection and prevention capabilities. The Infection Monkey will help you find which ATT&CK techniques go unnoticed and provide specific details along with suggested mitigations.
## Configuration
-- **ATT&CK matrix** You can use the ATT&CK configuration section to select which techniques you want the Infection Monkey to simulate.
+- **ATT&CK matrix** You can use the ATT&CK configuration section to select which techniques you want the Infection Monkey to simulate.
For the full simulation, use the default settings.
- **Exploits -> Credentials** This configuration value will be used for brute-forcing. The Infection Monkey uses the most popular default passwords and usernames, but feel free to adjust it according to the default passwords common in your network. Keep in mind a longer list means longer scanning times.
- **Network -> Scope** Disable “Local network scan” and instead provide specific network ranges in the “Scan target list”.
diff --git a/docs/content/usage/use-cases/credential-leak.md b/docs/content/usage/scenarios/custom-scenario/credential-leak.md
similarity index 91%
rename from docs/content/usage/use-cases/credential-leak.md
rename to docs/content/usage/scenarios/custom-scenario/credential-leak.md
index fa740b3a9..a2cc0b8ce 100644
--- a/docs/content/usage/use-cases/credential-leak.md
+++ b/docs/content/usage/scenarios/custom-scenario/credential-leak.md
@@ -6,30 +6,30 @@ description: "Assess the impact of a successful phishing attack, insider threat,
weight: 5
---
-## Overview
+## Overview
-Numerous attack techniques (from phishing to dumpster diving) might result in a credential leak,
+Numerous attack techniques (from phishing to dumpster diving) might result in a credential leak,
which can be **extremely costly** as demonstrated in our report [IResponse to IEncrypt](https://www.guardicore.com/2019/04/iresponse-to-iencrypt/).
-The Infection Monkey can help you assess the impact of stolen credentials by automatically searching
+The Infection Monkey can help you assess the impact of stolen credentials by automatically searching
where bad actors can reuse these credentials in your network.
## Configuration
-- **Exploits -> Credentials** After setting up the Monkey Island, add your users' **real** credentials
+- **Exploits -> Credentials** After setting up the Monkey Island, add your users' **real** credentials
(usernames and passwords) here. Don't worry; this sensitive data is not accessible, distributed or used in any way other than being sent to the Infection Monkey agents. You can easily eliminate it by resetting the configuration of your Monkey Island.
-- **Internal -> Exploits -> SSH keypair list** When enabled, the Infection Monkey automatically gathers SSH keys on the current system.
+- **Internal -> Exploits -> SSH keypair list** When enabled, the Infection Monkey automatically gathers SSH keys on the current system.
For this to work, the Monkey Island or initial agent needs to access SSH key files.
To make sure SSH keys were gathered successfully, refresh the page and check this configuration value after you run the Infection Monkey
(content of keys will not be displayed, it will appear as `