docs: Finish FAQ and update messaging

Author: Chris Lo

Diff for: README.md

@@ -1,26 +1,26 @@
-<h1 align="center">
-  <img src="img/banner.svg" alt="tracecat">
-</h1>
-
 <div align="center">
-  <p>
-    The open source + AI-native Tines alternative.
-  </p>
+  <h2>
+    Open source AI-native Tines alternative
+  </h2>
+  <img src="img/banner.svg" alt="tracecat">
 </div>
 
-[Tracecat](https://tracecat.com) is an open-source workflow automation and case management platform. We are building the features of Tines / Torq / Palo Alto XSOAR using:
+</br>
+
+[Tracecat](https://tracecat.com) is an open source automation platform for security teams. We're building the features of Tines / Torq / Palo Alto XSOAR with:
 
 - Enterprise-grade open source tools
 - Open source AI infra and GPT models
+- Event-driven data transforms
 - [Practioner-obsessed UI/UX](#faq)
 
-It's designed to be simple but powerful. Try out our [tutorial](https://docs.tracecat.com) and build your first SOAR automation with AI analysts *in minutes*.
+It's designed to be simple but powerful. Try out our [tutorial](https://docs.tracecat.com) and deploy your first AI workflow in 15 minutes.
 
-Tracecat is also Cloud agnostic and deploys anywhere that supports Docker.
+Build AI-assisted workflows, enrich alerts, and close cases fast.
 
-## Get started
+## Getting started
 
-Help Mario automate away false positives from his pizza shop.
+Help Mario, the L1 analyst and part-time pizza chef, automatically flag malicious pizza orders (e.g. pineapple pizza).
 
 ## Features
 
@@ -56,6 +56,8 @@ Tracecat is **not** a 1-to-1 mapping of Tines. Our aim is to give technical team
 
 ## Installation
 
+Tracecat is Cloud agnostic and deploys anywhere that supports Docker. 
+
 - [x] Authentication
   - [x] Supabase
   - [ ] Auth.js
@@ -68,20 +70,27 @@ Tracecat is **not** a 1-to-1 mapping of Tines. Our aim is to give technical team
 
 ## Is Tracecat enterprise ready?
 
-Yes and no.
-
-Can already scale beyond Tines' free tier, but for enterprise (100+ employees).
+Yes and no. Tracecat comes in two versions:
+- Embedded: runs on a single instance and scales vertically
+- Distributed: scales horizontally with self-healing / resillience
 
 - [x] Embedded architecture (single instance)
   - [x] Flunk: homegrown workflow engine based on Flink
   - [x] LanceDB
-  - [x] Tantivy
   - [x] Polars
+  - [x] Tantivy
 - [ ] Distributed architecture
   - [ ] Apache Flink
   - [ ] LanceDB / Lantern
   - [ ] Quickwit
 
+Tracacat embedded already offers more than Tines' free tier (3 workflows, 500 workflow runs daily).
+It is designed to run automation workflows, store event logs, and run search queries with *extreme* efficiency on a single instance (e.g. EC2, laptop).
+You can theorically build and run as many workflows as your RAM, CPU, and network capacity allows.
+We don't recommend using Tracecat for enterprise use-cases until Tracecat distributed is released.
+
+If you'd like to stress test Tracecat, please ping us on [Discord](https://discord.gg/n3GF4qxFU8) and we can help you get started!
+
 ## Status
 
 - [x] Public Alpha: Anyone can sign up over at [tracecat.com](https://tracecat.com) but go easy on us, there are kinks and we are just getting started.
@@ -92,18 +101,16 @@ We're currently in Public Alpha.
 
 ## Community & Support
 
-Join us in building a new, more open kind of automation platform.
+Join us in building a newer, more open, kind of automation platform.
 
 - [Tracecat Discord](https://discord.gg/n3GF4qxFU8) for hanging out with the community
 - [GitHub issues](https://github.com/TracecatHQ/tracecat/issues)
 
 ## Integrations
 
-We are working hard to reach core feature parity with Tines. In the meantime, integrations and OOTB automations will be prioritized according to user feedback.
-
-If you've got suggestions, please let us know on Discord! Any help is welcome :)
+We are working hard to reach core feature parity with Tines. Integrations and out-of-the-box automations will be prioritized according to user feedback. If you've got any suggestions, please let us know on Discord 🦾.
 
-Here are just a few integrations we have planned:
+Here are just a few integrations on our roadmap:
 
 - [ ] Slack
 - [ ] Microsoft Teams
@@ -121,15 +128,11 @@ Looking to report a security vulnerability? Please don't post about it in GitHub
 
 ### What does it mean to be "practioner-obsessed"?
 
-Core features, user-interfaces, and day-to-day workflows are based on existing best-practices from [best-in-class security teams](https://medium.com/brexeng/elevating-security-alert-management-using-automation-828004ad596c).
-
-We won't throw in a Clippy chatbot just for the sake of it.
+Core features, user-interfaces, and day-to-day workflows are based on existing best-practices from [best-in-class security teams](https://medium.com/brexeng/elevating-security-alert-management-using-automation-828004ad596c). We won't throw in a Clippy chatbot just for the sake of it.
 
 ### What does AI-native mean?
 
-AI isn't magic.
-
-At Tracecat we want to build boring AI that integrates with existing workflows, but with a modern UI/UX and robust data engineering.
+We believe the most useful AI is "boring AI" (e.g. summarization, semantic search, data enrichment, labelling) that integrates with existing workflows, but with modern UI/UX and robust data engineering. Here are a few ways we are doing this:
 
 ### Does the world really need another SOAR?
 
@@ -139,15 +142,28 @@ At Tracecat we want to build boring AI that integrates with existing workflows,
 
 ### Tracecat is a venture-backed start up. Why build open source?
 
-We believe LLMs are a **must-have** technology for defenders.
+- We love using and building open source tools.
+- Existing "AI" security products hide behind demo-ware, sales calls, and white papers. We want to build in the open: open community, open tutorials, and open vision.
+- Create safe space for practioners to experiment with open source AI models in their own isolated environments.
 
 ## Contributing
 
-## Open source vs paid
+Whether it's big or small, we love contributions.
+There's plenty of opportunity for new integrations and bug fixes.
+The best way to get started is to ping us on Discord!
 
-Like our favorite data orchestration platforms Apache Airflow and Prefect, we plan to keep our codebase open source. This includes enterprise features such as SSO and multi-tenancy.
+<!-- ALL-CONTRIBUTORS-LIST:START - Do not remove or modify this section -->
+<!-- prettier-ignore-start -->
+<!-- markdownlint-disable -->
+
+<!-- markdownlint-restore -->
+<!-- prettier-ignore-end -->
+
+<!-- ALL-CONTRIBUTORS-LIST:END -->
+
+## Open source vs paid
 
-We plan to grow through Tracecat Cloud for small-to-mid sized teams. Moreover, deploying, maintaining, and debugging a self-hosted distributed system for >1,000 person enteprises is not easy. We plan to charge a good sum for that service 💸.
+The Tracecat codebase is 100% open source under Apache-2.0. This includes (soon-to-be-built) enterprise features such as SSO and multi-tenancy. We offer a paid Cloud version for small-to-mid sized teams. Moreover, we plan to charge service fees to enterprises that want to deploy and maintain a self-hosted distributed version of Tracecat.
 
 ## License