If you just focus on indicators, you're not doing Threat Intelligence.
The general perception of Cyber Threat Intelligence (CTI) is threat data. While data is the foundation of CTI, sometimes so-called threat intelligence is nothing more than an untargeted stream of data, often deployed as yet another dashboard “feature” that overloaded Security Operation Center (SOC) employees are required to monitor.
IT security teams spend hours upon hours, and even days upon days, sifting and sorting through raw data, blocking IPs at the firewall and generally worrying about something that could never become an actual threat to the organization. Meanwhile, the overworked analysts are still blind to critical threats that might be targeting them at that very moment.
Modern approaches see CTI as much more than data, but a holistic process to enable companies to make CTI their own.
Threat Intelligence Engineer, Central Europe