This paper addresses the disconnection between natural language queries for network threats and structured knowledge graph reasoning. Methodologically, it proposes an executable graph reasoning framework that integrates a path-planning model with a graph executor, operating on the typed, bidirectional TITAN ontology—built upon MITRE—to enable reversible logical inference among threats, behaviors, and defenses. It introduces a large-scale TITAN dataset (88,209 samples) annotated with stepwise chain-of-thought traces, supporting end-to-end training and explainability verification. Key contributions include: (1) the first closed-loop, deterministic execution of natural language queries over knowledge graphs; (2) generation of syntactically correct, semantically coherent, and verifiable reasoning paths; and (3) empirical results demonstrating significant improvements in threat intelligence query accuracy, automation, and decision interpretability.

TITAN (Threat Intelligence Through Automated Navigation) is a framework that connects natural-language cyber threat queries with executable reasoning over a structured knowledge graph. It integrates a path planner model, which predicts logical relation chains from text, and a graph executor that traverses the TITAN Ontology to retrieve factual answers and supporting evidence. Unlike traditional retrieval systems, TITAN operates on a typed, bidirectional graph derived from MITRE, allowing reasoning to move clearly and reversibly between threats, behaviors, and defenses. To support training and evaluation, we introduce the TITAN Dataset, a corpus of 88209 examples (Train: 74258; Test: 13951) pairing natural language questions with executable reasoning paths and step by step Chain of Thought explanations. Empirical evaluations show that TITAN enables models to generate syntactically valid and semantically coherent reasoning paths that can be deterministically executed on the underlying graph.