Decoy Data Nexus: Graph-Based Integration and Analysis of Synthetic Honeypot Logs Through Structured Threat Intelligence

In the evolving cyber threat landscape, comprehensive understanding and timely analysis of attack vectors are critical for effective defense. This paper introduces a novel approach to simulate, transform, and integrate synthetic honeypot logs into a graph database using the Structured Threat Information Expression (STIX) data model. Leveraging Neo4j’s graph capabilities, we convert voluminous, complex attack data into interconnected threat intelligence objects, facilitating the visualization and exploration of intricate attack graphs. By employing Python-driven automation for log generation and STIX transformation, challenges concerning data compatibility, nested property flattening, and cybersecurity compliance are addressed. The resultant graph-based threat intelligence framework provides a scalable and standardized platform empowering Security Operations Centers (SOCs) with enhanced situational awareness and decision-making support, paving the way for improved cybersecurity posture and collaborative defense strategies.