From b6a1bd52ca0edead0f52db410d82bbbf1c4deff6 Mon Sep 17 00:00:00 2001
From: John Pipkin <jpipkin@sumologic.com>
Date: Tue, 1 Jul 2025 13:16:21 -0500
Subject: [PATCH] Update

---
 .../search/search-query-language/search-operators/threatip.md | 4 ++--
 docs/security/threat-intelligence/find-threats.md             | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/search/search-query-language/search-operators/threatip.md b/docs/search/search-query-language/search-operators/threatip.md
index 36b43752e9..4f9b47808d 100644
--- a/docs/search/search-query-language/search-operators/threatip.md
+++ b/docs/search/search-query-language/search-operators/threatip.md
@@ -6,13 +6,13 @@ sidebar_label: threatip
 
 The `threatip` operator looks for suspicious IP addresses in your log data. Using the operator provides security analytics that help you to detect threats in your environment, while also protecting against sophisticated and persistent cyber-attacks.
 
-Behind the scenes, the `threatip` operator uses `sumo://threat/cs` in log search queries to correlate data in the `_sumo_global_feed_cs` [threat intelligence source](/docs/security/threat-intelligence/about-threat-intelligence/#sumo-logic-threat-intelligence-sources). The `threatip` operator uses the same lookup as the [Threat Intel Quick Analysis app](/docs/integrations/security-threat-detection/threat-intel-quick-analysis/#threat-intel-optimization) but is simplified for only IP threat lookups. 
+Behind the scenes, the `threatip` operator [uses `sumo://threat/cs` in log search queries](/docs/security/threat-intelligence/find-threats/#use-the-lookup-search-operator) to correlate data in the `_sumo_global_feed_cs` threat intelligence source. The `threatip` operator uses the same lookup as the [Threat Intel Quick Analysis app](/docs/integrations/security-threat-detection/threat-intel-quick-analysis/#threat-intel-optimization) but is simplified for only IP threat lookups. 
 
 <!-- Add this per DOCS-815:
 You can also use the [`threatlookup`](/docs/search/search-query-language/search-operators/threatlookup/) search operator to search threat intelligence indicators.
 -->
 
-The only Indicators of Compromise (IOC)] supported is IP address.
+The only Indicators of Compromise (IOC) supported is IP address.
 
 ## Syntax
 
diff --git a/docs/security/threat-intelligence/find-threats.md b/docs/security/threat-intelligence/find-threats.md
index 5c62225f43..09db035086 100644
--- a/docs/security/threat-intelligence/find-threats.md
+++ b/docs/security/threat-intelligence/find-threats.md
@@ -33,7 +33,7 @@ All the dashboards in the [Threat Intel Quick Analysis](/docs/integrations/secur
 
 ## Use the threatip search operator
 
-To find threats using IP addresses, use the `threatip` search operator. This operator uses `sumo://threat/cs` in log search queries to correlate data in the `_sumo_global_feed_cs` [threat intelligence source](/docs/security/threat-intelligence/about-threat-intelligence/#sumo-logic-threat-intelligence-sources).
+To find threats using IP addresses, use the `threatip` search operator. This operator [uses `sumo://threat/cs` in log search queries](#use-the-lookup-search-operator) to correlate data in the `_sumo_global_feed_cs` threat intelligence source.
 
 For more information, see [threatip Search Operator](/docs/search/search-query-language/search-operators/threatip/).