Cyber indicators are the 'new-er' detection strategy to help dismantle adversarial assaults and the volume of crowdsourced and private community malicious IOCs grows exponentially every day forcing the security industry to create a new must have tool - a threat library. The effectiveness of every SOC is based on their ability to discover, ingest, analyze, respond to, and pivot off threat intelligence and, historically, an ad-hoc spreadsheet combined with a day of analyst muscle was manageable to maintain and chase IOCs. However, over the past several years, as crowdsourcing intelligence has become mainstream, the volume of IOCs released by cyber intelligence providers (commercial and public do-gooders), industry blogs, malware repositories, vendor whitepapers, and open source intelligence (OSINT) has turned the spreadsheet firedrill into a bottleneck of operational inefficiencies amongst the typical workflows within an adversary hunting SOC. This discussion will provide a first-hand operational look from within a large 30+ team DIB SOC and explore the evolution of IOCs, associated SOC workflows, assess IOC overlap by Source, discuss several tools that help manage threat intelligence, and finally some hindsight implementation lessons learned.