Merge branch 'main' into Docs-update-for-OTEL-CDN

Author: Gourav2906

docs/integrations/sumo-apps/data-volume.md

@@ -62,7 +62,7 @@ Use this dashboard to:
 The **Data Volume - Metrics** dashboard allows you to view your metrics ingested, identifies ingest outliers/spikes, and helps predict what ingestion is going to be.
 
 Use this dashboard to:
-* Determine the ingested DPM by various dimensions their
+* Determine the ingested DPM by various dimensions.
 * Examine trends over time.
 * Identify the spikes where current hour ingestion is above 50% from the last hour.
 * Identify ingestion outliers and forecast data ingestion, analyze the comparison of your current ingestion to your capacity, and review any overages. You must configure the “Metric_DPM_Ingest_Capacity”  variable that needs to be configured based on Account Subscription. If you have a Credit-based plan, please check with your account executive to determine these values for your account. Otherwise, see the [**Account Overview**](/docs/manage/manage-subscription/sumo-logic-credits-accounts/#account-overview) page to see your Capacity Values.

docs/platform-services/automation-service/playbooks/create-playbooks.md

@@ -168,10 +168,22 @@ When a user choice node is encountered, the execution will pause until a user se
 1. Select **Expires** if you want the user choice to expire after a set amount of time so that the playbook can proceed when no choice is made. If you do not select **Expires**, the playbook does not proceed until the user makes a choice. If you select **Expires**, fill out additional fields for the amount of time to pass before expiration, and the **Default answer** to automatically be chosen at the end of the expiration period.
 1. Click **Create**.
 
-Following is an example of a user choice node. Note the the node branches to the next node depending on the user's answer.
+#### Example user choice node
+
+Following is an example of a user choice node. Note the node branches to the next node depending on the user's answer. In this example, if the user selects **Yes**, then the IP is blocked, but if the user selects **No**, an email is sent to the SOC.
 
 <img src={useBaseUrl('img/cse/automations-example-user-choice-node.png')} style={{border:'1px solid gray'}} alt="Example user choice node" width="500"/>
 
+#### User choice nodes in out-of-the-box playbooks
+
+Here are just a few of the [out-of-the-box playbooks](/docs/platform-services/automation-service/playbooks-in-app-central/) that contain user choice nodes. Look at the user choice nodes in these playbooks to get an idea of how to structure them: 
+* 18 - DDoS
+* 21 - DLP Alert
+* 24 - DoS with Decision Tree
+* 59 - Outbound Network Investigation
+* 87 - Unauthorized Access w/ Privilege Escalation
+* 88 - User Account Investigation Active Directory
+
 ### Add a playbook node to a playbook
 
 Define a playbook to run inside another playbook. For example, you may want to call another playbook in response to a [condition](#add-a-condition-node-to-a-playbook) statement.

docs/security/threat-intelligence/threat-indicators-in-cloud-siem.md

@@ -27,7 +27,7 @@ For more information, see [hasThreatMatch](/docs/cse/rules/cse-rules-syntax/#has
 
 ## View threat indicator labels in the Cloud SIEM UI
 
-Entities are automatically enriched with indicator data from [custom intelligence sources](/docs/cse/administration/create-custom-threat-intel-source/) and [sources that you add to the threat intelligence datastore](/docs/security/threat-intelligence/about-threat-intelligence/#threat-intelligence-sources). (However, entities are not enriched with indicator data from the [SumoLogic_ThreatIntel and _sumo_global_feed_cs](/docs/security/threat-intelligence/about-threat-intelligence/#sumo-logic-threat-intelligence-sources) threat intelligence sources.)
+Entities are automatically enriched with indicator data from all [threat intelligence sources](/docs/security/threat-intelligence/about-threat-intelligence/#threat-intelligence-sources) and the legacy [custom intelligence sources](/docs/cse/administration/create-custom-threat-intel-source/). (However, after initial enrichment, any subsequent changes to indicators in the default [Sumo Logic threat intelligence sources](/docs/security/threat-intelligence/about-threat-intelligence/#sumo-logic-threat-intelligence-sources) will not be reflected in the already-enriched entities.)
 
 When a match to a threat indicator in sources is found, labels showing the entity's "reputation" will be displayed throughout the Cloud SIEM UI: