Interact and layer threat intelligence / geo location information and user / application data on to events in real-time. This brings context and enables better decision making.
After threats are detected, they need to be validated with multiple sources and cross correlated with internal resources. This is the validation process, validating a malware hash with a third party data source uses an integration from the validation family.
As threats get identified and validated, automation needs to extend towards response as well. Response integrations help you take mitigative action and sometimes also integrate with other tools in the chain.