Knogin
[Developers]

Briefing Package

An analyst investigating a cross-border financial crime network has assembled evidence about three corporate entities and two individuals. They need to share a concise intelligence summary with a partner agency without g

Back to All Modules
Category: IntelligenceLast Updated: Apr 14, 2026
intelligencecompliance

Overview#

An analyst investigating a cross-border financial crime network has assembled evidence about three corporate entities and two individuals. They need to share a concise intelligence summary with a partner agency without giving the partner access to the live investigation graph, without applying in-graph redaction, and without exporting the graph itself. The Briefing Package module solves this by letting the analyst compose a new, purpose-built document, a distinct object assembled from selected identifiers, that is published as a first-class artifact and shared on its own terms.

A BriefingPackage is a distinct, purpose-built data artifact assembled from selected entities and relationship references and published as a new document object encoded in W3C JSON-LD. It is never a "redacted version" of an existing graph. The analyst chooses which entity identifiers to include; the service fetches the corresponding records from PostgreSQL, constructs a new JSON-LD document, and stores that document as a first-class object with its own lifecycle (DRAFT → PUBLISHED → ARCHIVED). The live graph is never modified. No in-graph redaction is applied at any stage.

Last Reviewed: 2026-04-14 Last Updated: 2026-04-14

Key Features#

  • Assembled Artifact, Not Redacted Graph: The analyst selects entity and relation identifiers; the system assembles a new W3C JSON-LD document from those references. The live graph is never modified, filtered, or exported. There is no in-graph redaction step.

  • W3C JSON-LD Export Format: Every BriefingPackage is encoded as a W3C JSON-LD document using the https://knogin.com/ns/argus# vocabulary. Each selected entity becomes a typed @graph node. Partners can consume the artifact with any standards-compliant JSON-LD processor without requiring Argus tooling.

  • Lifecycle Management: Packages progress through a defined lifecycle: DRAFT (assembled, not yet shared) → PUBLISHED (available to permitted parties) → ARCHIVED (retired). Only DRAFT packages can be published. Lifecycle transitions are recorded with timestamps and logged to the immutable audit trail.

  • Visibility Controls: Each package carries a visibility setting, PRIVATE (creator only), INTERNAL (organisation members), or SHARED (explicitly permitted external parties). Visibility is distinct from lifecycle status and can be set at creation.

  • Full Organization Isolation: Every database query, service method, and GraphQL resolver is scoped to organization_id. Cross-organisation access is not possible through this module. All resolvers require object-level permission checks on the briefing package type.

  • Audit Trail: Every read and write operation, create, publish, archive, list, view, is logged to the Argus audit trail with userId, organizationId, action, resourceId, and timestamp. This satisfies EDF and PESCO compliance requirements for multi-national data sharing audit trails.

  • Progressive Disclosure UI: The BriefingPackageCreator presents a task-first guided form: title and description first, then entity identifiers, then a live JSON-LD preview that updates as the analyst types. The analyst sees exactly what will be published before committing.

Use Cases#

  • Partner Agency Briefing: Share a curated intelligence summary with a partner agency encoded in a portable, standards-compliant JSON-LD document, without granting access to the live investigation.
  • Command-Level Summary: Assemble a strategic briefing from key entities for a commander who requires a read-only snapshot rather than live graph access.
  • Evidence Export for Legal Proceedings: Package selected entity records as a structured, auditable artifact for use in legal or regulatory proceedings.
  • Cross-Domain Intelligence Sharing: Publish a SHARED-visibility package for consumption by coalition partners operating in separate Argus tenants under a Community of Interest arrangement.
  • Archival Record: Produce a point-in-time artifact that records which entities were assessed as significant at a given moment in an investigation, preserving the analytical judgment independently of future graph changes.

Integration#

  • Investigation Domain: Analysts navigate from an active investigation to the Briefing Packages module to compose a package from investigation-linked entity IDs.
  • Entity Profiles: Entity IDs passed to createBriefingPackage are resolved against the entity store (scoped to organization_id) to populate the JSON-LD @graph nodes.
  • Audit Trail: All BriefingPackage operations are logged to the platform-wide immutable audit trail for EDF/PESCO compliance.
  • Sharing Domain: A published BriefingPackage can be referenced in a cross-agency share record to deliver it to a partner tenant via the cross-agency sharing workflow.
  • GraphQL API: Full CRUD exposure via three queries (briefingPackage, listBriefingPackages) and three mutations (createBriefingPackage, publishBriefingPackage, archiveBriefingPackage).

Open Standards#

  • W3C JSON-LD (JSON-LD 1.1): The export format for every briefing package; a W3C Recommendation providing a standardised, self-describing, machine-readable serialisation of linked data using JSON, consumable by any conformant processor without platform-specific tooling.
  • W3C PROV-O (Provenance Ontology): A W3C Recommendation for representing provenance information; underpins the audit trail model by expressing who performed which action on which resource and when.
  • OASIS STIX 2.1 (Structured Threat Intelligence eXpression): An OASIS standard for representing cyber and criminal threat intelligence in a structured, portable format; informs the entity and relationship vocabulary used in briefing package payloads shared with partner agencies.
  • OASIS TAXII 2.1 (Trusted Automated eXchange of Intelligence Information): An OASIS standard defining the transport protocol for exchanging STIX bundles between organisations; relevant to the cross-agency delivery workflow for published packages.
  • ISO 8601: The international standard for date and time representations; all lifecycle transition timestamps and audit log entries are recorded in ISO 8601 format.
  • NATO STANAG 4774 (Confidentiality Metadata Label Syntax): Defines a structured syntax for confidentiality and handling metadata labels on information objects; relevant to the visibility and handling controls applied to published briefing packages shared under EDF and PESCO arrangements.

Ready to Build?

Get started with our APIs or contact our integration team for support.