docs: change directory structure, overview content in each section an…

docs/docs/data-sources/containers.md

@@ -1,6 +1,6 @@
 # Containers Data Source
 
-The [container enrichment](../integrating/container-engines.md) feature gives Tracee the ability to extract details about active containers and link this information to the events it captures.
+The [container enrichment](../install/container-engines.md) feature gives Tracee the ability to extract details about active containers and link this information to the events it captures.
 
 The [data source](./overview.md) feature makes the information gathered from active containers accessible to signatures. When an event is captured and triggers a signature, that signature can retrieve information about the container using its container ID, which is bundled with the event being analyzed by the signature.
 

docs/docs/deep-dive/caching-events.md

@@ -8,13 +8,8 @@ caching options you may execute:
 man tracee-cache
 ``` -->
 
-!!! Read Important
-    Before continuing, please read the [architecture page], in order to
-    understand the [tracee pipeline] concept, AND the [performance page], to
-    understand possible pain points.
 
-[architecture page]: ../../contributing/architecture.md
-[tracee pipeline]: ../../contributing/architecture.md#tracee-pipeline-concept
+<!-- TODO: reference the architecture page again-->
 
 ![Tracee Cache](../../images/tracee-cache.png)
 

docs/docs/deep-dive/ksyms.md

@@ -1,6 +1,6 @@
 # About Kernel symbols
 
-As explained in the [prerequisites](./install/prerequisites.md) doc, Tracee 
+As explained in the [prerequisites](../install/prerequisites.md) doc, Tracee 
 needs the kernel symbol table for some operations.
 
 A Linux kernel might lack the `/proc/kallsyms` file due to:

docs/docs/events/index.md

@@ -0,0 +1,64 @@
+# Events
+
+Events refer to the system activity that tracee monitors. There are two types of events, built-in events that are part of Tracee and custom events, which are user defined events. 
+
+As part of built-in events, there are six types of events:
+
+* syscalls 
+* network 
+* security 
+* lsm 
+* containers 
+* misc
+
+This section documents all of the different events that Tracee exposes.
+
+## Configuring Tracee Events
+
+Events are defined in the [Policy](../policies/index.md) YAML manifest. 
+
+Tracing the `execve` events in a [policy](../policies/index.md):
+
+```
+apiVersion: tracee.aquasec.com/v1beta1
+kind: Policy
+metadata:
+	name: sample-policy
+	annotations:
+		description: traces execve events
+spec:
+	scope:
+	  - global
+	rules:
+	  - event: execve
+```
+
+If no event is passed with [filters] or [policies], tracee will start with a set of default events.
+
+Please head over to the [Tracee usage](../policies/usage/kubernetes.md) documentation for more information on configuring events.
+
+### Event Sets
+
+Events can be part of a set. For example, `default`, `network_events`, `syscalls`. 
+We can ask Tracee to trace a full set, or sets, instead of passing event by event, for example:
+
+```
+apiVersion: tracee.aquasec.com/v1beta1
+kind: Policy
+metadata:
+	name: sample-policy
+	annotations:
+		description: traces execve events
+spec:
+	scope:
+	  - global
+	rules:
+	  - event: syscalls
+```
+
+## Video Content
+
+If you are curious to learn more about the Tracee Events architecture and related decision making, then have a look at the following video Q&A:
+
+Everything is an Event in Tracee 
+  [![Watch the video](../../images/liveqa.png)](https://www.youtube.com/live/keqVe4d71uk?si=OTbVxgWsFBtdqEMW)