From f55248953610b2516a6355df4324d880e291ca40 Mon Sep 17 00:00:00 2001
From: John Pipkin <jpipkin@sumologic.com>
Date: Wed, 17 Sep 2025 14:25:18 -0500
Subject: [PATCH] Update

---
 .../threat-intelligence/threat-indicators-in-cloud-siem.md      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/security/threat-intelligence/threat-indicators-in-cloud-siem.md b/docs/security/threat-intelligence/threat-indicators-in-cloud-siem.md
index 99b4096bd8..b0fa56a873 100644
--- a/docs/security/threat-intelligence/threat-indicators-in-cloud-siem.md
+++ b/docs/security/threat-intelligence/threat-indicators-in-cloud-siem.md
@@ -27,7 +27,7 @@ For more information, see [hasThreatMatch](/docs/cse/rules/cse-rules-syntax/#has
 
 ## View threat indicator labels in the Cloud SIEM UI
 
-Entities are automatically enriched with indicator data from [custom intelligence sources](/docs/cse/administration/create-custom-threat-intel-source/) and [sources that you add to the threat intelligence datastore](/docs/security/threat-intelligence/about-threat-intelligence/#threat-intelligence-sources). (However, entities are not enriched with indicator data from the [SumoLogic_ThreatIntel and _sumo_global_feed_cs](/docs/security/threat-intelligence/about-threat-intelligence/#sumo-logic-threat-intelligence-sources) threat intelligence sources.)
+Entities are automatically enriched with indicator data from all [threat intelligence sources](/docs/security/threat-intelligence/about-threat-intelligence/#threat-intelligence-sources) and the legacy [custom intelligence sources](/docs/cse/administration/create-custom-threat-intel-source/). (However, after initial enrichment, any subsequent changes to indicators in the default [Sumo Logic threat intelligence sources](/docs/security/threat-intelligence/about-threat-intelligence/#sumo-logic-threat-intelligence-sources) will not be reflected in the already-enriched entities.)
 
 When a match to a threat indicator in sources is found, labels showing the entity's "reputation" will be displayed throughout the Cloud SIEM UI: