Add IOC Explorer doc; small edits

[janine-c]

What does this PR do? What is the motivation?

This PR does a few things:

• Adds a new page documenting the IOC Explorer
• Renames a "Threat Intelligence" page to "Bring Your Own Threat Intelligence" to be more specific
• Includes some edits for consistency and readability, like consistent case, or formatting Markdown tables to make them easier to read

Merge instructions

Please don't merge until I've gotten PM approval. Aiming for release December 19. Thank you!

Merge readiness:

• Ready for merge

For Datadog employees:

Your branch name MUST follow the <name>/<description> convention and include the forward slash (/). Without this format, your pull request will not pass CI, the GitLab pipeline will not run, and you won't get a branch preview. Getting a branch preview makes it easier for us to check any issues with your PR, such as broken links.

If your branch doesn't follow this format, rename it or create a new branch and PR.

[6/5/2025] Merge queue has been disabled on the documentation repo. If you have write access to the repo, the PR has been reviewed by a Documentation team member, and all of the required checks have passed, you can use the Squash and Merge button to merge the PR. If you don't have write access, or you need help, reach out in the #documentation channel in Slack.

Additional notes

[github-actions]

Preview links (active after the build_preview check completes)

New or renamed files

• https://docs-staging.datadoghq.com/janine.chan/docs-12913-ioc-explorer/security/cloud_siem/triage_and_investigate/ioc_explorer

Modified Files

• https://docs-staging.datadoghq.com/janine.chan/docs-12913-ioc-explorer/security/cloud_siem/ingest_and_enrich/threat_intelligence
• https://docs-staging.datadoghq.com/janine.chan/docs-12913-ioc-explorer/security/threat_intelligence

[janine-c]

Created DOCS-12930 for docs team review.

[jeff-morgan-dd]

Mostly suggestions/food for thought! Plus a few small cleanup items.

[jeff-morgan-dd]

I can't find a guideline around capitalizing Preview/preview in our SG or Tech Content's, and i don't think we've been especially consistent (i just looked back at a few pages i knew were in preview). Lowercase seems preferable and somewhat more prevalent to me (i would also say the same for its counterpart "general availability"), and while I don't think this is a primary source of truth, it's all lowercase on this D4D page: https://datadoghq.atlassian.net/wiki/x/e4rliw.

I realize it's entirely possible and even likely that you've found precedent for capitalizing, so just calling out as a suggestion.

[janine-c]

Thanks for calling this out, Jeff! It's funny, when I started, it was really drilled into me that we always need to capitalize Preview, but now I can't find guidance about it either. Maybe it changed! I know the terminology around beta/preview/limited availability/etc. has changed quite a bit over time.

[jeff-morgan-dd]

If this is a fixed, uneditable time frame, is it more straightforward to say something like "The log must be from the last 30 days."?

(if it's not a fixed time frame, this bullet point is a bit unclear)

[jeff-morgan-dd]

I do think "Using the IOC Explorer" reads a bit more naturally. Non-critical suggestion. I know we're pretty scattered consistency-wise across the docs for using the participle form or not in these types of headings.

[jeff-morgan-dd]

"intel" is a bit informal here - I think it's fine if we're comfortable with the slight bit of vernacular since it's pretty standard usage, but just something to think about.

[jeff-morgan-dd]

Actually also a bit of a potential localization concern with the shortened version, so I'd probably recommend writing out in full

[jeff-morgan-dd]

Recommend capitalizing the first word after each colon in this and the next few headings.

TC style guide reference: https://datadoghq.atlassian.net/wiki/spaces/WRITING/pages/5341577434/Capitalization#Capitalization-for-titles-and-headings