Setting up the VirusTotal integration will give automatic look up of certain observables (hashes, URLs, IPs). This will benefit the security team by providing updated threat intel and save time of them doing it manually. I would recommend configuring/customizing the integration to not look up internal observables such as usernames or MAC addresses as they will never yield anything worthwhile. 

It is also beneficial to enable the use of Direction when it comes to IP addresses as observable. An IP address’ source can either be incoming or outgoing, and in my experience this information is not automatically captured in the observable record, but the functionality is supported out of the box. I have edited some of the scripts previously to figure out if the IP address is incoming or outgoing and added that to IP address observables specifically. This also saves the security team time so they don’t have to figure this out manually. 

There is also a script include related to observables where the regex for identifying the type of observable is defined. I would recommend adding a regex check for identifying your company’s/customer’s usernames, so that they are categorised correctly. (I apologize for not being able to link the script includes, but am currently on vacation and only have my phone). I also previously added regex for MAC addresses as that was strangely missing. Have not checked within the last year if that still is true, though. 

Good luck!