Overview#
A signals intelligence cell monitoring an area of operations intercepts a burst of radio traffic. The communications are in a regional dialect, reference unfamiliar callsigns, and mention grid coordinates that need correlating with the known order of battle. Processing that intercept manually, translating it, extracting the tactical entities, and cross-referencing against existing profiles takes an analyst thirty minutes. The COMINT Analysis Pipeline does it in seconds and flags the result as a high-threat offensive intent with coordinates already linked to a known unit.
The pipeline processes intercepted communications from multiple collection sources, applying automated translation, entity extraction, intent classification, and threat assessment to produce actionable intelligence. It supports multi-language communications, extracts military-relevant entities (unit designators, grid references, equipment codes, callsigns), classifies intent across eight tactical categories, and cross-references extracted entities against the platform knowledge graph to build and enrich the intelligence picture.
Open Standards#
- MGRS (Military Grid Reference System, NGA.STND.0037): The entity extraction engine parses MGRS grid references directly from intercepted text, converts them to WGS-84 coordinates, and links them to the operational picture.
- NATO STANAG 5500 / ADatP-3: Intelligence summaries derived from COMINT analysis are serialised as INTSUM messages in the ADatP-3 Military Message Text Format, enabling direct exchange with allied C2 systems.
- ISO 639-1 (Language Codes): Language detection returns ISO 639-1 two-letter codes (for example,
uk,ar,zh) to tag each intercept, driving translation routing and analyst display. - OASIS STIX 2.1 / TAXII 2.1: High-threat intelligence extractions and entity profiles derived from the pipeline can be published as STIX 2.1 Report objects and disseminated over TAXII 2.1 collection feeds to partner organisations.
- NATO STANAG 4774 / STANAG 4778: Every intercept and extraction record carries a NATO classification label (up to NATO_SECRET); access is enforced at query time using the STANAG 4774 confidentiality metadata model with STANAG 4778 cryptographic binding on outbound messages.
- GraphQL (June 2018 Specification): All pipeline operations, ingestion, reprocessing, session management, pattern detection, and real-time high-threat subscriptions, are exposed exclusively through a GraphQL API.
- WGS-84 (World Geodetic System 1984): Geographic coordinates extracted from intercepts are stored and resolved in WGS-84 decimal degrees, the reference frame used for cross-referencing with the operational map and effector matching engine.
Last Reviewed: 2026-04-02 Last Updated: 2026-04-14
Key Features#
Multi-Source Ingestion#
Ingest communications intelligence from multiple collection platforms and formats. The pipeline accepts transcribed voice intercepts, digital message captures, and text-based communications. Each ingested item retains source metadata including collection platform identifier, timestamp, frequency or channel, and classification level.
Multi-Language Translation#
Automatically detect and translate communications in supported languages. The translation pipeline preserves the original text alongside the translated version so analysts can verify translations and identify nuances. Language detection confidence scores are provided, and analysts can flag translations for specialist review.
Military Entity Extraction#
Extract structured military entities from communication text using specialised extraction models. The extractor identifies: unit designators (brigade, battalion, company identifiers), grid references (MGRS and geographic coordinates), equipment and platform codes (NATO designation codes), callsigns (radio callsigns and unit identifiers), personnel names and ranks, and temporal references (H-hour, phase lines, timings). Extracted entities are linked to the platform knowledge graph when a match exists.
Intent Classification#
Classify each communication into one of eight tactical intent categories: Offensive (attack planning, fire missions, assault coordination), Defensive (withdrawal, fortification, obstacle emplacement), Logistics (supply requests, ammunition resupply, fuel status), Reconnaissance (observation reports, patrol taskings, surveillance coordination), Command (orders, situation reports, battle rhythm events), Medical (casualty reports, medical evacuation requests), Movement (convoy coordination, route clearance, displacement), and Communications (frequency changes, authentication procedures, signal plans). Classification confidence scores enable priority filtering.
Threat Assessment#
Assess threat levels from analysed communications using configurable thresholds. The assessment considers intent classification, entity proximity to friendly forces, temporal urgency indicators, and historical patterns from the same source. Threat levels (critical, high, medium, low, informational) drive alert prioritisation and notification routing.
Communication Pattern Detection#
Detect patterns across multiple communications including: frequency of transmission (activity spikes), communication network structure (who talks to whom), temporal patterns (regular reporting cycles, pre-attack communication surges), and silence patterns (communications discipline before operations). Pattern changes trigger alerts for analyst review.
Knowledge Graph Cross-Reference#
Extracted entities are automatically cross-referenced against the platform entity knowledge graph. When a unit designator, callsign, or equipment code matches a known entity, the communication is linked to that entity's profile, enriching the entity timeline. New entities discovered through COMINT are flagged for analyst confirmation before being added to the knowledge graph.
Use Cases#
- Order of Battle Development: Build and maintain enemy order of battle through systematic analysis of intercepted communications, tracking unit identifiers, locations, and command relationships.
- Indications and Warnings: Detect pre-attack communication patterns, intent shifts toward offensive operations, and logistics build-up indicators to provide early warning of enemy action.
- Targeting Support: Extract grid references and location data from intercepted communications to develop target nominations, feeding coordinates to the effector matching engine.
- Force Tracking: Track enemy unit movements through communications analysis, updating the operational picture with COMINT-derived position estimates.
- Counter-Intelligence: Monitor for references to friendly force positions, capabilities, or intentions in intercepted communications, identifying potential intelligence compromises.
Integration#
- Unified Operational Events: COMINT analysis results generate events in the unified timeline, including high-threat assessments as priority alerts.
- Entity Knowledge Graph: Extracted entities are cross-referenced and linked to the Neo4j knowledge graph, enriching entity profiles with COMINT-derived intelligence.
- Effector Matching Engine: Grid references extracted from communications can be submitted as target locations for engagement option generation.
- Briefing Intelligence: COMINT summaries and threat assessments feed into the briefing generation pipeline for commander updates.
- Alert System: Critical and high threat assessments trigger platform alerts routed to designated analyst teams.
GraphQL: comintIntercepts, comintIntercept, comintExtractions, comintSessions, comintPatterns, comintStats, comintHighThreatExtractions (queries); ingestComintIntercept, batchIngestComintIntercepts, reprocessComintIntercept, createComintSession, detectComintPatterns (mutations).