Skip to content

DOCS-970 - Fix typo in threatip article #5539

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jul 1, 2025
Merged

DOCS-970 - Fix typo in threatip article #5539

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions docs/search/search-query-language/search-operators/threatip.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,13 @@ sidebar_label: threatip

The `threatip` operator looks for suspicious IP addresses in your log data. Using the operator provides security analytics that help you to detect threats in your environment, while also protecting against sophisticated and persistent cyber-attacks.

Behind the scenes, the `threatip` operator uses `sumo://threat/cs` in log search queries to correlate data in the `_sumo_global_feed_cs` [threat intelligence source](/docs/security/threat-intelligence/about-threat-intelligence/#sumo-logic-threat-intelligence-sources). The `threatip` operator uses the same lookup as the [Threat Intel Quick Analysis app](/docs/integrations/security-threat-detection/threat-intel-quick-analysis/#threat-intel-optimization) but is simplified for only IP threat lookups.
Behind the scenes, the `threatip` operator [uses `sumo://threat/cs` in log search queries](/docs/security/threat-intelligence/find-threats/#use-the-lookup-search-operator) to correlate data in the `_sumo_global_feed_cs` threat intelligence source. The `threatip` operator uses the same lookup as the [Threat Intel Quick Analysis app](/docs/integrations/security-threat-detection/threat-intel-quick-analysis/#threat-intel-optimization) but is simplified for only IP threat lookups.

<!-- Add this per DOCS-815:
You can also use the [`threatlookup`](/docs/search/search-query-language/search-operators/threatlookup/) search operator to search threat intelligence indicators.
-->

The only Indicators of Compromise (IOC)] supported is IP address.
The only Indicators of Compromise (IOC) supported is IP address.

## Syntax

Expand Down
2 changes: 1 addition & 1 deletion docs/security/threat-intelligence/find-threats.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ All the dashboards in the [Threat Intel Quick Analysis](/docs/integrations/secur

## Use the threatip search operator

To find threats using IP addresses, use the `threatip` search operator. This operator uses `sumo://threat/cs` in log search queries to correlate data in the `_sumo_global_feed_cs` [threat intelligence source](/docs/security/threat-intelligence/about-threat-intelligence/#sumo-logic-threat-intelligence-sources).
To find threats using IP addresses, use the `threatip` search operator. This operator [uses `sumo://threat/cs` in log search queries](#use-the-lookup-search-operator) to correlate data in the `_sumo_global_feed_cs` threat intelligence source.

For more information, see [threatip Search Operator](/docs/search/search-query-language/search-operators/threatip/).

Expand Down