Knogin
[Developers]

Graph Domain

A financial crime analyst is three weeks into an investigation and has built up a network of 40 entities: persons, companies, accounts, and addresses. She suspects there is a connection between two individuals who appear

Back to All Modules
Category: Api DomainsLast Updated: Feb 5, 2026
api-domainsreal-time

Overview#

A financial crime analyst is three weeks into an investigation and has built up a network of 40 entities: persons, companies, accounts, and addresses. She suspects there is a connection between two individuals who appear in separate parts of the investigation but whose link is not immediately obvious. She runs a shortest-path query between them. The graph returns a four-hop chain through a dormant shell company neither analyst had focused on. That discovery, made in seconds on a graph that would take hours to trace manually, is what the Graph domain provides.

Relationship analysis at scale requires a dedicated graph layer. The platform maintains a dual-database architecture: PostgreSQL stores the authoritative entity records, and Neo4j holds the relationship graph optimised for traversal. The Graph domain exposes this through path analysis, community detection, and real-time collaboration subscriptions that keep multiple analysts in sync as they work on the same investigation.

Key Features#

  • Graph visualisation with support for multiple node types: person, organisation, location, wallet, vehicle, document, and more
  • Multiple relationship types connecting entities: knows, works_with, sent_to, owns, located_at, and others
  • Path analysis including shortest path (Dijkstra) and all-paths enumeration with weight-based calculations
  • Community detection using Louvain modularity optimisation, label propagation, and weakly connected components
  • Motif detection for identifying triangle, star, and clique patterns in investigation networks
  • Entity merge and split operations with full provenance tracking and reversibility
  • Real-time WebSocket subscriptions for investigation graph and individual node updates, keeping collaborative sessions in sync
  • Bookmarks and layout position caching for saved graph views
  • Connection analytics with type distribution and strength analysis
  • Admin-level graph statistics including node and edge counts, degree analysis, and tenant breakdowns
  • Viewport-based progressive loading for large graphs with many thousands of nodes

Use Cases#

  • Visualising entity relationships within investigations to discover hidden connections not visible in tabular data
  • Finding shortest or safest paths between entities for link analysis, surfacing indirect associations through intermediate nodes
  • Detecting communities and clusters within investigation networks to identify sub-groups and coordination structures
  • Merging or splitting entities with a full audit trail and the ability to undo incorrect merges

Industry Context#

Serious organised crime units map criminal networks across multiple investigations, using community detection to identify subgroups operating independently within a larger organisation. Counter-terrorism analysts find paths between known subjects and new persons of interest to assess degree of association. Financial intelligence units trace fund flows through chains of transactions and accounts to identify the ultimate source or destination. Defence intelligence analysts map adversary command structures and identify key nodes whose removal would fragment the network. Fraud investigators use clique detection to find tight groups of accounts with shared transaction patterns.

Integration#

The Graph domain integrates with Investigation for case context, Entity for node management, User for authentication, Frontend for visualisation, Analytics for metrics, and Export for graph data packaging. Neo4j handles traversal queries; PostgreSQL holds the authoritative entity records and audit trail.

Open Standards#

  • GraphQL (June 2018 specification): all graph queries, mutations, and real-time subscriptions are exposed through a Strawberry-backed GraphQL API, following the GraphQL specification for typed schema, resolver execution, and subscription protocol.
  • GEXF 1.3 (Graph Exchange XML Format): graph data is exported in the GEXF 1.3 open XML format, allowing investigation networks to be loaded directly into tools such as Gephi and Sigma.js for external analysis.
  • RFC 6455 (WebSocket Protocol): real-time graph and node update subscriptions are delivered over persistent WebSocket connections, enabling collaborative analyst sessions to receive live graph changes without polling.
  • RFC 4122 (UUID): all node, edge, provenance record, and operation identifiers are version-4 UUIDs, ensuring globally unique, collision-resistant identity across distributed tenants.
  • ISO 8601 / RFC 3339 (Date and Time): all timestamps in provenance records, merge and split operations, and graph view bookmarks are serialised in ISO 8601 format, supporting unambiguous interchange across time zones.
  • JSON (ECMA-404 / RFC 8259): node and edge properties, provenance metadata, layout positions, and bookmark view state are stored and transmitted as JSON, the native wire format for the GraphQL API.
  • JSON Web Token / RS256 (RFC 7519 / RFC 7518): every graph API request is authenticated via a JWT verified against a JWKS endpoint using RS256; access to queries, mutations, and subscriptions is refused unless the bearer token is valid and the caller's tenant scope matches.

Last Reviewed: 2026-02-05 Last Updated: 2026-04-14

Ready to Build?

Get started with our APIs or contact our integration team for support.