Thought of some additional ways to use the already existing data which would help with cyber intel shops.

1. A panel which shows if there is a unique sample of malware which hit one honeypot but not the rest.
2. A panel which shows a timeline vs geography of a particular IP.. maybe under Attacker Profile. So if it's a bot let's say, a panel which shows that it hits all of your honeypots from east to west.
3. An additional panel that shows the above but not restricted to a single IP. Have it show the pattern for all source IPs. (if pattern exists but I would bet it does).