Knogin
[Developers]

Graph Creation and Management

An intelligence agency receives a data dump: 800,000 records from seized communications devices, financial disclosures, corporate registries, and border crossing logs. The records span four years, six countries, and doze

Back to All Modules
Category: InvestigationLast Updated: Feb 23, 2026
investigationreal-time

Overview#

An intelligence agency receives a data dump: 800,000 records from seized communications devices, financial disclosures, corporate registries, and border crossing logs. The records span four years, six countries, and dozens of entity types. Within hours, those records need to become a queryable graph where a suspect's phone contact maps to a company director who shares an address with a sanctioned individual. None of that is possible without foundational infrastructure that can ingest, validate, and maintain complex entity relationships at scale.

The Graph Creation and Management system provides exactly that infrastructure. It builds, maintains, and scales knowledge graphs that model complex relationships across millions of entities, following the POLE model (Person, Organisation, Location, Object, Event) used by law enforcement and intelligence professionals worldwide. The platform writes authoritative data to PostgreSQL first, with Neo4j serving as the analysis and relationship layer.

Key Features#

  • Single graph instance handling millions of nodes with tens of millions of edges
  • Bulk import processing millions of records per minute for rapid graph population
  • Graph-optimised storage delivering significantly faster relationship queries compared to traditional SQL joins
  • Automated validation ensuring graphs meet defined schema standards
  • Real-time node and edge CRUD operations with support for 40+ node types and custom property schemas
  • Dynamic schema management with versioning and migration support
  • Graph template libraries for common patterns across industries
  • Multi-tenant isolation for secure shared infrastructure
  • Horizontal scaling across distributed clusters while maintaining ACID guarantees for critical mutations
  • Flexible property schemas enabling rich semantic modelling

Use Cases#

  • Investigation Graph Construction: Law enforcement and intelligence agencies build comprehensive investigation graphs linking entities, transactions, communications, and evidence across the POLE model
  • Fraud Network Modelling: Financial institutions create and maintain graphs representing transaction flows, account relationships, and entity connections for fraud detection
  • Knowledge Graph Infrastructure: Organisations build enterprise knowledge graphs connecting disparate data sources, including feeds from 153 third-party integrations, into unified relationship models
  • Supply Chain Mapping: Companies model complex supplier relationships, logistics networks, and dependency chains for risk analysis

Integration#

  • Supports bulk import from CSV, JSON, and structured data sources for rapid graph population
  • Connects with investigation platforms and case management systems through typed APIs
  • Compatible with existing data warehouses and ETL pipelines for automated graph enrichment
  • Real-time streaming updates for dynamic graph maintenance
  • Role-based access controls with schema-level permission management
  • Multi-tenant data isolation ensuring organisational data separation

Open Standards#

  • POLE model (Person, Organisation, Location, Object, Event): The graph entity taxonomy strictly follows the POLE model, the intelligence and law enforcement community standard for structuring investigative entities and their relationships across all 40+ node types.
  • GraphQL (June 2018 Specification): All graph operations, node and edge CRUD, traversal, path-finding, community detection, provenance tracking, and real-time subscriptions, are exposed exclusively through a typed GraphQL API using queries, mutations, and subscriptions.
  • GEXF 1.3 (Graph Exchange XML Format): Graphs are exportable in GEXF 1.3 format, the open XML standard maintained by the GEXF Working Group, enabling interoperability with external analysis tools such as Gephi.
  • JSON (RFC 8259): Node and edge property schemas, bulk import payloads, graph view state, and provenance metadata are all encoded as JSON, the platform's canonical data exchange format.
  • ISO 8601: All temporal properties on edges (start and end dates), provenance operation timestamps, and graph view modification dates are encoded as ISO 8601 datetime strings to ensure unambiguous interchange.
  • RFC 4122 (UUID): Every node, edge, provenance record, and graph view is assigned a version-4 UUID as its stable, globally unique identifier.
  • RFC 7519 (JSON Web Token) / OAuth 2.0: All graph queries, mutations, and subscriptions enforce authentication via RS256-signed JWTs validated against a JWKS endpoint, with role-based access control applied per operation.
  • openCypher / Neo4j Bolt Protocol: The graph analysis layer interoperates with Neo4j via the openCypher query language and Bolt binary protocol, used for pre-computed PageRank centrality, Louvain community detection, and motif pattern storage.

Last Reviewed: 2026-02-23 Last Updated: 2026-04-14

Ready to Build?

Get started with our APIs or contact our integration team for support.