Security operations teams are increasingly challenged by the complexity of cloud-native applications and the resulting flood of logs and events, which traditional security tools often fail to efficiently analyze due to their isolated approach. Graph analytics, exemplified by the PuppyGraph tool, offers a solution by modeling security data as interconnected nodes, allowing real-time analysis of AWS CloudTrail data within MongoDB without the need for data movement. By utilizing MongoDB's flexible schema for high-throughput ingestion of unstructured security logs, PuppyGraph enhances threat detection by revealing complex relationships and attack patterns that static alerts may miss. Through the integration of MongoDB and PuppyGraph, teams can conduct sophisticated investigations into privilege escalation, user behavior, and access patterns, transforming log collections into interactive graphs that provide a comprehensive view of security incidents as they unfold. This approach not only makes security data more accessible and interpretable but also allows for a seamless and scalable implementation of graph analytics without altering existing infrastructure.