Knogin
[Developers]

Entity Domain

When a financial crime analyst starts a new investigation, she imports a spreadsheet of transaction records alongside a PDF intelligence report. The platform extracts names, addresses, phone numbers, and account identifi

Back to All Modules
Category: Api DomainsLast Updated: Feb 5, 2026
api-domainsaigeospatial

Overview#

When a financial crime analyst starts a new investigation, she imports a spreadsheet of transaction records alongside a PDF intelligence report. The platform extracts names, addresses, phone numbers, and account identifiers automatically and surfaces them as entity suggestions. She confirms the relevant ones, links them to the investigation, and within minutes has a structured set of persons, organisations, and accounts, all with provenance back to their source documents. That workflow is the Entity domain in practice.

Entity management sits at the centre of all investigative activity. The POLE model, Person, Organisation, Location, Object, Event, provides the structural foundation. Every subject, witness, address, vehicle, and significant event in a case becomes a typed entity with metadata, relationships, and a timeline. Ten entity types cover the full range of investigative subjects, from individual persons through financial accounts and digital assets.

Key Features#

  • Support for 10 entity types with extensible metadata schemas, aligned to the POLE model
  • Entity aggregation across multiple data sources with source provenance tracking
  • AI-powered field suggestions for entity enrichment from structured and unstructured sources
  • Entity resolution for duplicate detection and merging across data sources
  • Graph-based relationship tracking and visualisation
  • Cross-investigation entity correlation: one person can appear across multiple active cases
  • Entity timeline and activity history
  • Organisation-scoped access control with secrecy level enforcement

Use Cases#

  1. Managing investigation entities with structured profiles, relationships, and full provenance metadata
  2. Detecting and resolving duplicate entity records across multiple imported data sources
  3. AI-assisted entity enrichment: field suggestions drawn from ingested documents and OSINT sources reduce manual data entry
  4. Visualising entity relationship graphs to identify hidden connections within complex investigations

Industry Context#

Serious organised crime units build entity profiles spanning dozens of associated persons, companies, and locations across multi-year investigations. Immigration enforcement agencies track persons, travel documents, and border crossing locations as related entities. Financial intelligence units maintain organisation and account entity networks to map fund flows. Defence analysts correlate person and organisation entities across classified and open-source datasets using secrecy level controls.

Integration#

Integrates with investigation, OSINT, and graph analysis domains for entity lifecycle management. Supports async processing for computationally expensive enrichment and resolution operations. PostgreSQL stores the master entity records; Neo4j maintains the relationship graph for traversal queries.

Open Standards#

  • POLE Model (UK Home Office / ACPO): The entity taxonomy is structured around the Person, Organisation, Location, and Object/Event categories, which form the named POLE model adopted across UK and Irish law enforcement, and the platform uses these categories as the authoritative type system for all investigative entities.
  • OASIS STIX 2.1: External threat intelligence sources are ingested through a STIX 2.1 connector layer that validates objects against the OASIS JSON schema before mapping them to Argus entity records, meaning identity, location, and threat-actor objects flow in as structured STIX bundles.
  • W3C PROV-DM / PROV-O (W3C Recommendation 2013): Every entity creation and merge operation is recorded as a W3C PROV-DM provenance record, serialised as PROV-O JSON-LD, giving each entity a standards-compliant, auditable lineage chain.
  • FIRST Traffic Light Protocol (TLP): Entity secrecy levels are expressed as TLP WHITE, GREEN, AMBER, and RED markings, which govern which analysts and organisations can view a given entity record, with STIX marking-definition UUIDs used for cross-system interoperability.
  • Privacy-Preserving Record Linkage (PPRL) via Bloom-filter encoding: Duplicate entity detection uses Cryptographic Long-term Key Bloom filters with Dice-coefficient similarity scoring, as specified by Schnell et al. (2009, DOI 10.1186/1472-6947-9-41), ensuring that personally identifiable attribute comparison is performed without exposing raw field values.
  • GraphQL (June 2018 specification): All entity queries, mutations, and relationship traversals are exposed through a GraphQL API, providing a typed, introspectable interface for client applications to read and write entity profiles.
  • RFC 4122 (UUID): Every entity record is assigned a version-4 UUID as its primary identifier, ensuring globally unique, collision-resistant identifiers that are safe for use across federated investigative environments.

Last Reviewed: 2026-02-05 Last Updated: 2026-04-14

Ready to Build?

Get started with our APIs or contact our integration team for support.