Overview#
A counter-terrorism analyst is building a timeline of a suspect network's activities over eighteen months. Three individuals met at a hotel in Brussels on a specific date. Two weeks later, two of them made concurrent bank transfers. A month after that, one of them crossed a border. Each of those occurrences is a discrete event: a time-stamped, location-linked, participant-tagged record that can be placed on a timeline and associated with an investigation. The Event domain provides the structure to record, classify, and query exactly these kinds of significant moments.
Events in the POLE model sit alongside Persons, Organisations, Locations, and Objects as first-class investigative entities. They give temporal structure to what would otherwise be a flat collection of facts.
Key Features#
- Event profile creation and management with detailed metadata
- Support for multiple event types: meetings, transactions, communications, travel, incidents, and custom
- Date, location, and participant tracking per event
- Threat level and secrecy level classification
- Tag-based organisation and filtering
- Association with investigations and linked profiles
Use Cases#
- Tracking meetings and gatherings between subjects of interest with participant records and location data
- Recording financial transaction events with participant details and amounts for financial crime investigations
- Documenting communication events and travel activities in counter-terrorism and organised crime cases
- Building incident timelines that place events in chronological context across complex multi-strand investigations
Industry Context#
Financial crime investigators record transaction events and associate them with the persons and accounts involved, building a temporal picture of fund movement. Counter-terrorism analysts document known meetings, travel events, and communication intercepts as timestamped events linked to subject profiles. Defence intelligence teams track significant events in adversary activity timelines. Courts expect investigators to present evidence in chronological order; the Event domain structures the underlying data to make that straightforward.
Integration#
The Event domain integrates with Investigation for case context, Person for event participants, and Timeline for chronological event visualisation. Events are stored in PostgreSQL with organisation-scoped isolation.
Open Standards#
- POLE Ontology: Events are modelled as first-class entities within the Persons, Objects, Locations, and Events (POLE) data model, giving each event record temporal and relational parity with the other core investigative entities.
- GraphQL (June 2018 Specification): All event profile operations, creation, retrieval, and update, are exposed through a strongly typed GraphQL API using camelCase field names and structured response wrappers as required by the specification.
- Traffic Light Protocol (TLP): Every event record carries a secrecy classification drawn from TLP:WHITE, TLP:GREEN, TLP:AMBER, and TLP:RED, controlling permissible information sharing between organisations and individuals.
- NATO Security Policy C-M(2002)49: The classification hierarchy extends to COSMIC CONFIDENTIAL, COSMIC SECRET, and COSMIC TOP SECRET alongside EU and national equivalents, enabling event records to be held at the correct NATO clearance tier.
- ISO 8601 / RFC 3339: All event timestamps, including event date, creation time, and last-updated time, are stored as timezone-aware datetimes in UTC and serialised to ISO 8601 format throughout the API.
- OASIS STIX 2.1 / TAXII 2.1: The platform can ingest and export event-related intelligence objects (indicators, sightings, reports) via the STIX 2.1 bundle format and TAXII 2.1 collections, enabling interoperability with external threat-intelligence feeds.
- RFC 7519 (JSON Web Token): All GraphQL queries and mutations against the Event domain are gated behind JWT bearer-token authentication, with token verification enforced at the middleware layer before any event data is accessed.
Last Reviewed: 2026-02-05 Last Updated: 2026-04-14