diff --git a/docs/assets/operation_center/notebook.gif b/docs/assets/operation_center/notebook.gif
new file mode 100644
index 0000000000..3e72dc53ba
Binary files /dev/null and b/docs/assets/operation_center/notebook.gif differ
diff --git a/docs/assets/operation_center/notebook_case.png b/docs/assets/operation_center/notebook_case.png
new file mode 100644
index 0000000000..e18ffcd143
Binary files /dev/null and b/docs/assets/operation_center/notebook_case.png differ
diff --git a/docs/assets/operation_center/notebook_changes.png b/docs/assets/operation_center/notebook_changes.png
new file mode 100644
index 0000000000..fdfd59b7b0
Binary files /dev/null and b/docs/assets/operation_center/notebook_changes.png differ
diff --git a/docs/assets/operation_center/notebook_command.gif b/docs/assets/operation_center/notebook_command.gif
new file mode 100644
index 0000000000..0938a185bf
Binary files /dev/null and b/docs/assets/operation_center/notebook_command.gif differ
diff --git a/docs/assets/operation_center/notebook_convert_template.gif b/docs/assets/operation_center/notebook_convert_template.gif
new file mode 100644
index 0000000000..977c9634a2
Binary files /dev/null and b/docs/assets/operation_center/notebook_convert_template.gif differ
diff --git a/docs/assets/operation_center/notebook_delete.gif b/docs/assets/operation_center/notebook_delete.gif
new file mode 100644
index 0000000000..6cc0355ce4
Binary files /dev/null and b/docs/assets/operation_center/notebook_delete.gif differ
diff --git a/docs/assets/operation_center/notebook_menu.png b/docs/assets/operation_center/notebook_menu.png
new file mode 100644
index 0000000000..5283be92ff
Binary files /dev/null and b/docs/assets/operation_center/notebook_menu.png differ
diff --git a/docs/assets/operation_center/notebook_pdf.gif b/docs/assets/operation_center/notebook_pdf.gif
new file mode 100644
index 0000000000..50d7cc8cbb
Binary files /dev/null and b/docs/assets/operation_center/notebook_pdf.gif differ
diff --git a/docs/assets/operation_center/notebook_share.gif b/docs/assets/operation_center/notebook_share.gif
new file mode 100644
index 0000000000..c9b9167fc0
Binary files /dev/null and b/docs/assets/operation_center/notebook_share.gif differ
diff --git a/docs/assets/operation_center/notebook_template.gif b/docs/assets/operation_center/notebook_template.gif
new file mode 100644
index 0000000000..dae179f566
Binary files /dev/null and b/docs/assets/operation_center/notebook_template.gif differ
diff --git a/docs/assets/operation_center/notebook_viz.png b/docs/assets/operation_center/notebook_viz.png
new file mode 100644
index 0000000000..96613b596a
Binary files /dev/null and b/docs/assets/operation_center/notebook_viz.png differ
diff --git a/docs/xdr/features/investigate/ai_cases.md b/docs/xdr/features/investigate/ai_cases.md
index dff113179b..3feb09d5db 100644
--- a/docs/xdr/features/investigate/ai_cases.md
+++ b/docs/xdr/features/investigate/ai_cases.md
@@ -1,4 +1,4 @@
-# AI Cases
+# AI Cases (coming soon)
 
 ## Table of Contents
 1. [Overview](#overview)
diff --git a/docs/xdr/features/investigate/notebooks.md b/docs/xdr/features/investigate/notebooks.md
new file mode 100644
index 0000000000..4783ffafce
--- /dev/null
+++ b/docs/xdr/features/investigate/notebooks.md
@@ -0,0 +1,163 @@
+# Notebooks (coming soon)
+
+## Table of Contents
+1. [Overview](#overview)
+2. [Feature Benefits](#feature-benefits)
+3. [Getting Started with Notebooks](#getting-started-with-notebooks)
+4. [Creating and Managing Notebooks](#creating-and-managing-notebooks)
+5. [Notebook Templates](#notebook-templates)
+6. [Command Menu and Formatting](#command-menu-and-formatting)
+7. [Sharing Notebooks](#sharing-notebooks)
+8. [Notebook Management](#notebook-management)
+9. [Notebook Practices](#best-practices)
+
+## Overview
+Notebooks is a powerful incident response feature that allows SOC analysts to centralize their `investigation queries`, `automation actions`, and `reporting` in a single document. With support for markdown syntax and rich media, Notebooks streamlines the incident response process and facilitates team collaboration.
+
+![notebook](/assets/operation_center/notebook.gif){: style="max-width:100%"}
+
+## Feature Benefits
+* Centralized incident response
+* Embedded queries and automations
+* Customizable templates for different threat types
+* Rich text formatting with markdown support
+* Standardized response processes
+* PDF export
+* Multi-tenant sharing capabilities
+
+## Getting Started with Notebooks
+
+### Types of Notebooks
+**Standalone Notebooks**
+
+* Independent notebooks for general use (threat hunting, custom reporting)
+* Accessible from the `Notebooks menu`
+
+**Context-linked Notebooks**
+
+* Attached to specific `cases` or `alerts` for incident response
+* Directly accessible from the `Notebooks tab` within cases or alerts
+* Provides centralized investigation context
+
+## Creating and Managing Notebooks
+
+### Creating a New Notebook
+1. Navigate to the `Notebooks tab` within a case or an alert
+2. Click `New Notebook`
+3. Edit blank notebook or use an existing template
+
+![notebook_blank](/assets/operation_center/notebook_case.png){: style="max-width:100%"}
+
+!!! Warning
+    In a **multi-tenant** environment, notebooks are created in the **parent** workspace by default. They are not visible to child tenants unless you explicitly share the notebook with them.
+
+### Basic Features
+* Markdown syntax support
+* Image attachment for evidence collection
+* Multi datasources querying
+* Investigation findings documentation
+* Automations execution
+* Real-time modifications saving
+
+!!! Info
+    Currently, Markdown table syntax is not supported.
+
+### Tracking Changes
+* Last modification date
+* Last modification author
+
+![notebook_changes](/assets/operation_center/notebook_changes.png){: style="max-width:100%"}
+
+## Notebook Templates
+
+### Template Management
+Enhance incident response capabilities by creating template notebooks tailored to different threat types:
+
+* Phishing investigations
+* Malware analysis
+* Intrusion containment
+* Any custom threat responses
+
+### Template Features
+* Pre-defined investigation steps
+* Threat tailored query templates
+* Suggested remediation actions
+* Guidance for analysts
+
+### Setting Default Notebook Template For Cases/Alerts
+1. Navigate to Notebook templates
+2. Select desired template
+3. Set as `default` for cases and alerts
+
+The `default` notebook template will be suggested for use in cases and alerts, enabling the SOC team to standardize their response processes.
+
+![notebook_template](/assets/operation_center/notebook_template.gif){: style="max-width:100%"}
+
+### Template Creation Methods
+* Create notebook template from scratch
+* Convert existing notebook to template
+
+![notebook_convert_template](/assets/operation_center/notebook_convert_template.gif){: style="max-width:100%"}
+
+## Command Menu and Formatting
+
+### Accessing the Command Menu
+* Press the slash key (/) to open the Command menu
+* Access notebook capabilities
+
+![notebook_command](/assets/operation_center/notebook_command.gif){: style="max-width:100%"}
+
+!!! Tip
+    When the command menu is open, quickly search for an integration by typing its name.
+
+### Available Commands
+* Text formatting options
+* Query builder insertion
+* Automation insertion
+
+![notebook_menu](/assets/operation_center/notebook_menu.png){: style="max-width:100%"}
+
+### Query Builder Editor
+* Display data in tables
+* Create various data visualizations, including pie charts, line charts, bar charts, column charts, and numeric displays
+
+![notebook_viz](/assets/operation_center/notebook_viz.png){: style="max-width:100%"}
+
+## Sharing Notebooks
+
+### Export notebook as PDF
+
+Convert notebooks into PDF files to efficiently share incident, threat hunting, and KPI reports.
+
+![notebook_share](/assets/operation_center/notebook_pdf.gif){: style="max-width:100%"}
+
+### Multi-tenant support
+* Individual notebook sharing
+* Customer-specific reporting
+* Secure information distribution
+
+Share notebooks and templates directly with child tenants to ensure secure information distribution, provide incident reports, and share best practices with customers.
+
+![notebook_share](/assets/operation_center/notebook_share.gif){: style="max-width:100%"}
+
+## Notebook Management
+
+### Organization
+* Use the search bar to find notebooks by their titles
+
+### Deletion and Recovery
+* Soft delete notebooks to trash
+* 30-day recovery period
+* Permanent deletion after 30 days
+* Restore option available
+
+![notebook_share](/assets/operation_center/notebook_delete.gif){: style="max-width:100%"}
+
+## Best Practices
+1. Use templates for standardized investigations
+2. Document all investigation steps
+3. Include relevant screenshots and evidence
+4. Utilize data visualization for complex data
+5. Maintain consistent formatting
+6. Regular template updates
+7. Proper sharing permissions management
diff --git a/mkdocs.yml b/mkdocs.yml
index a5ba9330a9..c3caefc077 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -89,6 +89,7 @@ nav:
       - Events Query Language: xdr/features/investigate/events_query_language.md
       - Querying Events: xdr/features/investigate/querying_events.md
       - Query Builder (beta): xdr/features/investigate/query_builder.md
+      - Notebooks (coming soon): xdr/features/investigate/notebooks.md
     - Report:
       - Dashboards: xdr/features/report/dashboards.md
       - Threat Landscape: xdr/features/report/threat_landscape.md
@@ -616,6 +617,7 @@ plugins:
       operation_center/events.md: xdr/features/investigate/events.md
       operation_center/faq.md: xdr/FAQ.md
       operation_center/intakes.md: xdr/features/collect/intakes.md
+      operation_center/notebooks.md: xdr/features/investigate/notebooks.md
       operation_center/operators.md: xdr/features/automate/operators.md
       operation_center/playbook_overview.md: xdr/features/automate/index.md
       operation_center/rules.md: xdr/features/detect/rules_catalog.md