I was hoping for information on the ACCURACY of these sources.

My team has had issues where SIEM alerts are difficult to investigate because Microsoft inaccurately declares an IP geographically distant, then fires a second alert for "Atypical travel" since they seem to have traversed a vast distance between logging in on say, one's laptop and mobile.

(For whatever reason, mobile IPs, specifically IPv6 IPs, are the worst)

For me it's not an issue of cost, it's that if the data is inaccurate it is worse than useless -- it eats up my time chasing bad SIEM alerts.