This paper explores the integration of Intrusion Detection System (IDS) incidents into attack graphs to enhance threat analysis and incident response. By combining real-time alerts from IDS/IPS systems with the visual representation of attack paths, security teams can gain deeper insights into the nature and progression of attacks. Suricata was chosen for its robust detection capabilities and ability to generate detailed alerts. These alerts were converted into STIX objects and integrated into a graph database for analysis.The methodology involves setting up Suricata, generating alerts, and converting these alerts into STIX objects, including Incident, Indicator, and various Cyber-observable Objects. Duplicate handling was implemented to ensure unique representation of alerts. The converted alerts were then integrated into the Neo4j graph database, enabling visualization and analysis of attack paths.The results demonstrate that the generated graphs accurately represent the alerts and their relationships, providing valuable context for security teams. Future work includes integrating additional alert types, incorporating geolocation data, developing modules for modifying graph elements, and profiling attackers based on alerts. This approach offers a powerful tool for improving the overall security posture of organizations.