That is a great point. To reduce the unnecessary intelligence you ingest you need to define your Intelligence Requirements, which will depend on the environment you are protecting. For instance, there are the obvious questions like what business sector and country do I operate in and what threats target this. Then there is the more granular questions like do I have macOS running? (if so I should ingest intel about Mac attacks). Do I let users download and install programs from the Internet? (if not then I don't need to worry about intel related to users downloading and installing programs, e.g. fake advertisements or crypto-miners).

Once you define your Intelligence Requirements you can begin creating a custom feed that filters out stuff you don't want to look at. You can do this using an open source tool like AlienVault OTX or RiskIQ Community Edition, but often to answer the granular questions you need a paid feed unfortunately. Then you can setup MISP to automatically ingest data from this feed.

Another option is to add intelligence manually using MISP Events. This gives you greater control of the intel you ingest, but at the cost of time and manpower.

If you're going the free route I would recommend setting up an feed using AlienVault OTX or RiskIQ Community Edition to filter out most of the traffic and also add some MISP Events in manually for specific things you want to focus on.

A little long, but I hope that helps.