Where do you stand in the threat-hunting maturity model?

I've just started gathering security data. But I'm not sure if I'm collecting all the necessary data.
I have set up the basic alerts to detect attacks.
Occasionally (or accidentally), I come across suspicious events and flag them as threats.
I've pretty much consolidated all the security data in a central location.
I've incorporated open source threat feeds to spot known malicious threats.
I've automated the security data collection process.
I've reconfigured the threat intelligence platforms to suit my organization's business requirements.
I'm still looking for known malicious threats. But I'm being effective about it.
Whoa! I've automated the entire security data collection process.
I've implemented new data analysis techniques to hunt threats (pattern-based and/or behavior-based data analysis).
detecting-insider-threat-and-attacks-for-dummies