diff --git a/docs/cse/get-started-with-cloud-siem/insight-generation-process.md b/docs/cse/get-started-with-cloud-siem/insight-generation-process.md
index fc52b4c94d..a75d3523c7 100644
--- a/docs/cse/get-started-with-cloud-siem/insight-generation-process.md
+++ b/docs/cse/get-started-with-cloud-siem/insight-generation-process.md
@@ -64,7 +64,7 @@ During the next step of the [record processing flow](/docs/cse/schema/record-pro
 Which particular attribute an entity gets mapped to depends on the [field mappings](/docs/cse/schema/create-structured-log-mapping) in the log mapper for the message source. Given the example message above, “thedude” might be mapped to `user_username` and "185.35.135.245"
 to `srcDevice_ip`. 
 
-## Rules have one or more On entity attributes
+## Rules have one or more On Entity attributes
 
 When you write a rule, you select one or more *On Entity* attributes in the **Then Create a Signal** area of the **Rules Editor**. Here is an example of an existing rule that has two On Entity attributes: `srcDevice_ip` and `dstDevice_ip`.
 
diff --git a/docs/security/threat-intelligence/threat-indicators-in-cloud-siem.md b/docs/security/threat-intelligence/threat-indicators-in-cloud-siem.md
index 922c0b48ae..18210c4723 100644
--- a/docs/security/threat-intelligence/threat-indicators-in-cloud-siem.md
+++ b/docs/security/threat-intelligence/threat-indicators-in-cloud-siem.md
@@ -27,7 +27,7 @@ For more information, see [hasThreatMatch](/docs/cse/rules/cse-rules-syntax/#has
 
 ## View threat indicator labels in the Cloud SIEM UI
 
-Entities are automatically enriched with indicator data from [custom intelligence sources](/docs/cse/administration/create-custom-threat-intel-source/) and [sources in the threat intelligence datastore](/docs/security/threat-intelligence/about-threat-intelligence/). (Entity enrichment doesn't make use of the [Sumo Logic threat intelligence sources](/docs/security/threat-intelligence/about-threat-intelligence/#sumo-logic-threat-intelligence-sources).)
+Entities are automatically enriched with indicator data from [custom intelligence sources](/docs/cse/administration/create-custom-threat-intel-source/) and [sources that you add to the threat intelligence datastore](/docs/security/threat-intelligence/about-threat-intelligence/#threat-intelligence-sources). (However, entities are not enriched with indicator data from the [SumoLogic_ThreatIntel and _sumo_global_feed_cs](/docs/security/threat-intelligence/about-threat-intelligence/#sumo-logic-threat-intelligence-sources) threat intelligence sources.)
 
 When a match to a threat indicator in sources is found, labels showing the entity's "reputation" will be displayed throughout the Cloud SIEM UI: