Knogin
[Developers]

Observability Domain

A platform supporting multi-agency emergency operations must stay online and auditable under exactly the conditions most likely to stress it: major incidents, jurisdiction handovers, and compliance reviews. The Observabi

Back to All Modules
Category: Api DomainsLast Updated: Feb 5, 2026
api-domainsaicompliance

Overview#

A platform supporting multi-agency emergency operations must stay online and auditable under exactly the conditions most likely to stress it: major incidents, jurisdiction handovers, and compliance reviews. The Observability domain provides the operational visibility needed to keep the platform healthy, manage incidents from detection through resolution, and maintain the audit trails required for regulatory and legal scrutiny.

Key Features#

  • Event tracking across system, user activity, investigation, security, and compliance categories
  • Incident creation, acknowledgement, escalation, and resolution workflows
  • System health monitoring with component status and health score calculation
  • Compliance tracking with regulatory audit trails and risk assessment
  • Multi-agency incident coordination for cross-jurisdiction operations
  • Law enforcement context support including emergency response and court integration
  • System overview dashboard with health, component, and event summaries

Use Cases#

Relevant sectors include law enforcement, critical infrastructure, and intelligence agencies.

  • Monitoring platform health and component status in real time for proactive issue detection
  • Managing operational incidents from creation through escalation and resolution
  • Tracking compliance status and maintaining regulatory audit trails
  • Coordinating multi-agency incidents across jurisdictions during emergency operations

Integration#

The Observability domain integrates with Monitor for AI-orchestrated monitoring, Performance for metrics tracking, Investigation for case context, Evidence Object for chain of custody, and SIEM Connector for security event integration.

Open Standards#

  • OpenTelemetry (OTLP): The domain integrates with OpenTelemetry-compatible backends (Tempo, Jaeger) to collect and query distributed traces, using the OTLP-aligned trace query API with tenant-scoped span filtering and service metadata synchronisation.
  • W3C Trace Context: Every inbound request is processed by a dedicated middleware that parses and emits traceparent and tracestate headers in strict conformance with the W3C Trace Context specification, propagating 32-hex trace identifiers to all downstream calls and audit records.
  • GraphQL (June 2018 specification): All observability queries and mutations (events, incidents, health metrics, compliance events, system overview) are exposed through a GraphQL API, enabling flexible, typed access for clients.
  • OWASP Application Security Verification Standard (ASVS) v4, V7.1.1 and V7.1.2: Audit-log creation enforces the ASVS logging controls; caller-supplied event metadata undergoes PII redaction before persistence, as explicitly annotated in the service code.
  • Common Event Format (CEF) / Log Event Extended Format (LEEF) / Syslog (RFC 5424): The SIEM Connector integration consumed by the Observability domain supports CEF, LEEF, and syslog as ingest source formats, enabling interoperability with ArcSight, QRadar, and standard syslog pipelines.
  • OAuth 2.0 (RFC 6749) / Bearer Token (RFC 6750): Access to observability trace endpoints is gated on bearer JWT tokens with explicit scope checks (argus:observability:read), following the OAuth 2.0 bearer token framework.
  • ISO 8601 / RFC 3339: All event, incident, metric, and compliance timestamps are serialised as ISO 8601-compliant strings, ensuring interoperability with external audit and reporting tools.

Last Reviewed: 2026-02-05 Last Updated: 2026-04-14

Ready to Build?

Get started with our APIs or contact our integration team for support.