By correlating security log data from security devices with other security-related information, SIEM provides means to discover blended threats. But the systems do not provide sensors to observe attackers “hacking humans”. As a solution, we suggest the development of a human attack vector interface allowing employees to report security-related observations directly to a SIEM system.