Update threat intel source step

docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-threat-intel-source.md

@@ -79,7 +79,7 @@ To configure the CrowdStrike Threat Intel Source:
 1. In **Region**, choose the region as per your Base URL. See [Region](#region) section to know your region.
 1. In **Client ID**, enter the Client ID you generated and secured from the [API Client](#api-client-and-api-secret) section.
 1. In **Client Secret**, enter the Client Secret you generated and secured from the [API Secret](#api-client-and-api-secret) section.
-1. In **Sumo Logic Threat Intel Source ID**, enter the Sumo Logic namespace in which the indicators are stored.
+1. In **Sumo Logic Threat Intel Source ID**, enter the name you want to use for the CrowdStrike source that will be created in the [Threat Intelligence](/docs/security/threat-intelligence/about-threat-intelligence/) tab in Sumo Logic. The CrowdStrike threat intelligence indicators will be stored in this source. Do not use spaces in the name.
 1. (Optional) In **Mallicious Confidence**, enter the type of confidence to collect data from. Possible values: `high`, `medium`,`low`, or `unverified`.
 1. The **Polling Interval** is set for one hour by default, you can adjust it based on your needs. This sets how often the integration will fetch complete vulnerability instance data that has been updated within most recent polling interval duration.
 1. When you are finished configuring the Source, click **Save**.

docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/intel-471-threat-intel-source.md

@@ -51,7 +51,7 @@ To configure an Intel471 Threat Intel source:
    * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. 
 1. **Username**. Enter your login ID or email address.
 1. **API Key**. Enter the API key of the user account collected from the [Intel471 Threat Intel platform](#vendor-configuration).
-1. **Sumo Logic Threat Intel Source ID**. Enter the Sumo Logic namespace where the indicators will be stored.
+1. **Sumo Logic Threat Intel Source ID**. Enter the name you want to use for the Intel 471 source that will be created in the [Threat Intelligence](/docs/security/threat-intelligence/about-threat-intelligence/) tab in Sumo Logic. The Intel 471 threat intelligence indicators will be stored in this source. Do not use spaces in the name.
 1. **Polling Interval**. The polling interval is set for one hour by default. You can adjust it based on your needs. This sets how often the source checks for new data.
 1. **Processing Rules for Logs**. Configure any desired filters, such as allowlist, denylist, hash, or mask, as described in [Create a Processing Rule](/docs/send-data/collection/processing-rules/create-processing-rule).
 1. When you are finished configuring the source, click **Save**.

docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/mandiant-threat-intel-source.md

@@ -50,7 +50,7 @@ To configure a Mandiant Threat Intel source:
    * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
 1. **API Key ID**. Enter the API key ID collected from the Mandiant Threat Intel platform.
 1. **API Secret**. Enter the API secret collected from the from the Mandiant Threat Intel platform.
-1. **Sumo Logic Threat Intel Source ID**. Enter your Sumo Logic namespace ID in which the indicators will be stored.
+1. **Sumo Logic Threat Intel Source ID**. Enter the name you want to use for the Mandiant source that will be created in the [Threat Intelligence](/docs/security/threat-intelligence/about-threat-intelligence/) tab in Sumo Logic. The Mandiant threat intelligence indicators will be stored in this source. Do not use spaces in the name.
 1. **Polling Interval**. The polling interval is set for 5 minutes by default. You can adjust it based on your needs. This sets how often the source checks for new data.
 1. **Processing Rules for Logs**. Configure any desired filters, such as allowlist, denylist, hash, or mask, as described in [Create a Processing Rule](/docs/send-data/collection/processing-rules/create-processing-rule).
 1. When you are finished configuring the source, click **Save**.

docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/stix-taxii-1-client-source.md

@@ -54,7 +54,7 @@ To configure a TAXII 1 Client Source:
 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value.
    * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema.
    * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
-1. **Sumo Logic Threat Intel Source ID**. Provide your own threat intelligence source ID. This is useful for organizing multiple sources.
+1. **Sumo Logic Threat Intel Source ID**. Enter the name you want to use for the source that will be created in the [Threat Intelligence](/docs/security/threat-intelligence/about-threat-intelligence/) tab in Sumo Logic. The threat intelligence indicators will be stored in this source. Do not use spaces in the name.
 1. **STIX/TAXII Configuration**:
    * **Discovery URL**. Enter the TAXII Discovery URL provided by the vendor (optional).
 1. **Collection Names**. Enter the collections to fetch, using the poll URL.

docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/stix-taxii-2-client-source.md

@@ -53,7 +53,7 @@ To configure a TAXII 2 Client Source:
 1. (Optional) **Fields**. Click the **+Add** button to define the fields you want to associate. Each field needs a name (key) and value.
    * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema.
    * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
-1. **Sumo Logic Threat Intel Source ID**. Provide your own threat intelligence source ID. This is useful for organizing multiple sources.
+1. **Sumo Logic Threat Intel Source ID**. Enter the name you want to use for the source that will be created in the [Threat Intelligence](/docs/security/threat-intelligence/about-threat-intelligence/) tab in Sumo Logic. The threat intelligence indicators will be stored in this source. Do not use spaces in the name.
 1. **Authentication**. Select the authentication type:
    * **Basic**. Provide your vendor username and password.
    * **API Key**. Provide:

docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zerofox-intel-source.md

@@ -52,7 +52,7 @@ To configure an ZeroFox Threat Intel source:
    * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped. 
 1. **Username**. Enter your ZeroFox username.
 1. **Password**. Enter your Zerofox password.
-1. **Sumo Logic Threat Intel Source ID**. Enter the Sumo Logic namespace where the indicators will be stored.
+1. **Sumo Logic Threat Intel Source ID**. Enter the name you want to use for the ZeroFox source that will be created in the [Threat Intelligence](/docs/security/threat-intelligence/about-threat-intelligence/) tab in Sumo Logic. The ZeroFox threat intelligence indicators will be stored in this source. Do not use spaces in the name.
 1. **Polling Interval**. The polling interval is set for one hour by default. You can adjust it based on your needs. This sets how often the source checks for new data.
 1. **Processing Rules for Logs**. Configure any desired filters, such as allowlist, denylist, hash, or mask, as described in [Create a Processing Rule](/docs/send-data/collection/processing-rules/create-processing-rule).
 1. When you are finished configuring the source, click **Save**.