You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/security/threat-intelligence/notice-about-taxii2.md
+3-5Lines changed: 3 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -12,17 +12,15 @@ description: This article is a product defect notification for missing indicator
12
12
13
13
## Summary of the issue
14
14
15
-
We are notifying you of a recently identified issue that affects Sumo Logic’s Threat Intelligence feeds using the TAXII 2.0 protocol. Specifically, URL, domain, and email Indicators of Compromise (IOCs) were not processed and displayed as expected. A customer first reported the issue on June 11, 2025.
16
-
17
-
Our investigation determined that a processing error in certain non-hash IOCs led to a breakdown in the normalization process, preventing these critical data types from appearing correctly in customer environments.
15
+
We are notifying you of a recently identified issue that affects Sumo Logic’s Threat Intelligence feeds using the TAXII 2.0 protocol. Specifically, URL, domain, and email Indicators of Compromise (IOCs) were not processed and displayed as expected. Our investigation determined that a processing error in certain non-hash IOCs led to a breakdown in the normalization process, preventing these critical data types from appearing correctly in customer environments.
18
16
19
17
If your environment relies on TAXII 2.0-based Threat Intelligence feeds, you may have experienced the following:
20
18
* Missing URL, domain, and email IOCs in your threat feeds
21
19
* Incomplete detection logic, resulting in gaps in dashboards, threat hunting, and alerting mechanisms that depend on these data types
22
20
23
21
Our engineering team has traced the issue to a normalization defect in the data processing pipeline, occurring after collection but prior to feed availability.
24
22
25
-
A fix has been developed and is scheduled for deployment on July 9, 2025. There is no action you or your team needs to take in order to correct this.
23
+
A fix has been developed and is scheduled for a rolling deployment starting on July 9, 2025. There is no action you or your team needs to take in order to correct this.
26
24
27
25
## Important to note
28
26
@@ -35,7 +33,7 @@ A fix has been developed and is scheduled for deployment on July 9, 2025. There
35
33
To mitigate the risk of future issues, we are implementing the following changes:
36
34
* Expanded automated and manual test coverage across all supported threat feed protocols.
37
35
* Strengthened validation and normalization processes across the pipeline.
38
-
* Continuous monitoring and alerting enhancements to detect processing anomalies earlier
36
+
* Continuous monitoring and alerting enhancements to detect processing anomalies earlier.
0 commit comments