Current network monitoring technologies do not keep up with increasing size and complexity of log data being monitored due to the ever-quickening evolution of adversary tactics. Network monitoring architectures and tactics must adapt to accommodate the increasing complexities and volumes of network data. Efficiencies can be realized by using graph databases to fuse data from the increasing data sources by generating network graphs modeling host behaviors while preserving relationships of hosts behaviors across various locations in a network. Challenges to solving this problem are fusing relevant data to construct the network graph when working with data requiring intensive relationship handling and defining the data structure of the network graph given the end goal of applying analytics. This dissertation supplies a framework to fuse data from multiple security log sources utilizing graph databases.