Purely Domestic IP Threat Intelligence 'Senda-Nexus' Utilizing NICT Observation Data and Proprietary Honeypots Strengthens OpenCTI Integration and AI for Security Utilization
Rainforest Co., Ltd. has enhanced 'Senda-Nexus' with OpenCTI integration and MCP-based data integration for AI agents, enabling advanced threat analysis utilizing NICT data and proprietary honeypots.
📋 Article Processing Timeline
- 📰 Published: April 14, 2026 at 17:50
- 🔍 Collected: April 14, 2026 at 09:31
- 🤖 AI Analyzed: April 19, 2026 at 18:45 (129h 14m after Collected)
Rainforest Co., Ltd. has strengthened data integration based on MCP (Model Context Protocol) anticipating the utilization of AI for Security, in addition to OpenCTI integration, in "Senda-Nexus", a purely domestic IP threat intelligence that utilizes observation data from the National Institute of Information and Communications Technology (NICT) and observation data from its proprietary honeypots.
Senda-Nexus is an intelligence platform that matches Darknet observation data with honeypot observation data, providing observational sources and behavioral context to IP addresses. With this update, Senda-Nexus observation results can be integrated as Feeds and Enrichment for existing IoCs and Observables on OpenCTI, allowing for practical threat analysis based on domestic and proprietary observation data. Furthermore, it has been expanded into an architecture where AI agents can directly reference Senda-Nexus observation data via MCP, supporting everything from threat investigation and analysis to report generation.
About Senda-Nexus
Senda-Nexus is an intelligence platform designed to visualize and utilize the threat context of IP addresses by combining NICT observation data and observation results from proprietary honeypots. Rather than just accumulating single IoC information, its key feature is the ability to grasp the presence or absence of appearances and related behaviors across multiple observational sources. By correlatively grasping aspects such as TCP SYN scan behavior on the Darknet, high-speed scanning and sequence observations, relationships with Mirai-type behaviors, and observation statuses in proprietary honeypots, it provides more concrete materials for judging target IPs.
https://nexus.senda-lab.jp/
Features of Senda-Nexus
- Utilizes NICT observation data and proprietary honeypot observation results
- Contextual IP evaluation through the cross-matching of multiple observation sources
- Provides a visualization UI for Darknet and honeypot observations
- Supports Feed / Enrichment integration for OpenCTI
- Practical operational support by adding additional context to external IoCs
- Supports MCP integration for AI agents
- Supports investigation, analysis, and report generation by multi-agents
This realizes deep analysis based on domestic and proprietary observation data, rather than just confirming IoCs acquired externally. Additionally, it enables next-generation operational support, including AI-driven triage, automated investigation, and report creation.
About the Visualization UI
The web UI of Senda-Nexus allows users to visualize Darknet and honeypot observation results alongside geographic information, ASN information, and time-series trends. This enables analysts to grasp not only the evaluation of individual IP addresses but also continuous appearance trends and biases on a network-by-network basis. Going beyond checking isolated indicators to conducting trend analysis based on continuous observation is one of the distinct features of Senda-Nexus.
Furthermore, Senda-Nexus assumes an architecture where not only do humans verify on screens, but AI agents can access the same observation data via MCP. This links human comprehension on the visualization screen with automatic analysis and reporting by AI, supporting analysts' judgments more rapidly and efficiently.
Black IP information observed in the honeypot
Live monitor of access to the honeypot
About OpenCTI Integration
In this OpenCTI integration, Senda-Nexus information can be utilized in two forms: Feed and Enrichment.
The IP threat information maintained by Senda-Nexus can be continuously ingested into OpenCTI, integrating it into existing threat intelligence platforms. It adds supplementary information to existing IPv4-Addrs on OpenCTI based on Senda-Nexus observation results, making it easier to understand which observation system confirmed the target IP and what kind of behavior it is associated with. The original release explains that in addition to the presence/absence of observation in the proprietary honeypot, TCP SYN observations on the Darknet, high-speed scan observations, and Mirai-type observations, supplementary attributes such as product name, port, path, command, number of observations, country, and ASN can be added.
As a result, even for IoCs imported from external sources like AlienVault OTX, Senda-Nexus can...
Senda-Nexus is an intelligence platform that matches Darknet observation data with honeypot observation data, providing observational sources and behavioral context to IP addresses. With this update, Senda-Nexus observation results can be integrated as Feeds and Enrichment for existing IoCs and Observables on OpenCTI, allowing for practical threat analysis based on domestic and proprietary observation data. Furthermore, it has been expanded into an architecture where AI agents can directly reference Senda-Nexus observation data via MCP, supporting everything from threat investigation and analysis to report generation.
About Senda-Nexus
Senda-Nexus is an intelligence platform designed to visualize and utilize the threat context of IP addresses by combining NICT observation data and observation results from proprietary honeypots. Rather than just accumulating single IoC information, its key feature is the ability to grasp the presence or absence of appearances and related behaviors across multiple observational sources. By correlatively grasping aspects such as TCP SYN scan behavior on the Darknet, high-speed scanning and sequence observations, relationships with Mirai-type behaviors, and observation statuses in proprietary honeypots, it provides more concrete materials for judging target IPs.
https://nexus.senda-lab.jp/
Features of Senda-Nexus
- Utilizes NICT observation data and proprietary honeypot observation results
- Contextual IP evaluation through the cross-matching of multiple observation sources
- Provides a visualization UI for Darknet and honeypot observations
- Supports Feed / Enrichment integration for OpenCTI
- Practical operational support by adding additional context to external IoCs
- Supports MCP integration for AI agents
- Supports investigation, analysis, and report generation by multi-agents
This realizes deep analysis based on domestic and proprietary observation data, rather than just confirming IoCs acquired externally. Additionally, it enables next-generation operational support, including AI-driven triage, automated investigation, and report creation.
About the Visualization UI
The web UI of Senda-Nexus allows users to visualize Darknet and honeypot observation results alongside geographic information, ASN information, and time-series trends. This enables analysts to grasp not only the evaluation of individual IP addresses but also continuous appearance trends and biases on a network-by-network basis. Going beyond checking isolated indicators to conducting trend analysis based on continuous observation is one of the distinct features of Senda-Nexus.
Furthermore, Senda-Nexus assumes an architecture where not only do humans verify on screens, but AI agents can access the same observation data via MCP. This links human comprehension on the visualization screen with automatic analysis and reporting by AI, supporting analysts' judgments more rapidly and efficiently.
Black IP information observed in the honeypot
Live monitor of access to the honeypot
About OpenCTI Integration
In this OpenCTI integration, Senda-Nexus information can be utilized in two forms: Feed and Enrichment.
The IP threat information maintained by Senda-Nexus can be continuously ingested into OpenCTI, integrating it into existing threat intelligence platforms. It adds supplementary information to existing IPv4-Addrs on OpenCTI based on Senda-Nexus observation results, making it easier to understand which observation system confirmed the target IP and what kind of behavior it is associated with. The original release explains that in addition to the presence/absence of observation in the proprietary honeypot, TCP SYN observations on the Darknet, high-speed scan observations, and Mirai-type observations, supplementary attributes such as product name, port, path, command, number of observations, country, and ASN can be added.
As a result, even for IoCs imported from external sources like AlienVault OTX, Senda-Nexus can...