Security information and event management (SIEM) systems collect and aggregate log data from multiple sources within an organization, making them an invaluable source for internal threat intelligence. The relevance is high because the data is specific to the organization’s own environment. Networking equipment logs are also internal, but they may not provide the aggregation and correlation that a SIEM system offers. External threat reports provide useful information about threats in the wild but may lack direct applicability to the organization's specific context. Staff surveys can reflect perceptions or experiences of security threats but do not provide the actionable technical details typically found in SIEM logs.