DOCS-1010 - Update threat intel enrichment section

docs/security/threat-intelligence/threat-indicators-in-cloud-siem.md

@@ -27,7 +27,7 @@ For more information, see [hasThreatMatch](/docs/cse/rules/cse-rules-syntax/#has
 
 ## View threat indicator labels in the Cloud SIEM UI
 
-Entities are automatically enriched with indicator data from [custom intelligence sources](/docs/cse/administration/create-custom-threat-intel-source/) and [sources that you add to the threat intelligence datastore](/docs/security/threat-intelligence/about-threat-intelligence/#threat-intelligence-sources). (However, entities are not enriched with indicator data from the [SumoLogic_ThreatIntel and _sumo_global_feed_cs](/docs/security/threat-intelligence/about-threat-intelligence/#sumo-logic-threat-intelligence-sources) threat intelligence sources.)
+Entities are automatically enriched with indicator data from all [threat intelligence sources](/docs/security/threat-intelligence/about-threat-intelligence/#threat-intelligence-sources) and the legacy [custom intelligence sources](/docs/cse/administration/create-custom-threat-intel-source/). (However, after initial enrichment, any subsequent changes to indicators in the default [Sumo Logic threat intelligence sources](/docs/security/threat-intelligence/about-threat-intelligence/#sumo-logic-threat-intelligence-sources) will not be reflected in the already-enriched entities.)
 
 When a match to a threat indicator in sources is found, labels showing the entity's "reputation" will be displayed throughout the Cloud SIEM UI: