Knogin
[Developers]

Graph Query Language

An AML investigator needs to find every account that received funds from a sanctioned entity within three hops, where the intermediate transfers happened within 24 hours of each other, and at least one intermediate accou

Back to All Modules
Category: InvestigationLast Updated: Feb 23, 2026
investigationreal-time

Overview#

An AML investigator needs to find every account that received funds from a sanctioned entity within three hops, where the intermediate transfers happened within 24 hours of each other, and at least one intermediate account is registered in a high-risk jurisdiction. In a relational database, that query requires multiple self-joins, window functions, and a subquery that most BI tools will time out on. In graph query language, it is a single pattern-matching statement that runs in seconds across millions of nodes.

The Graph Query Language system provides a powerful query interface for exploring relationships, detecting patterns, and analysing network structures across massive graphs. Analysts, data scientists, and investigators can extract insights from interconnected data using intuitive pattern-matching syntax with automatic query optimisation, without needing to understand the underlying graph traversal mechanics.

Key Features#

  • Industry-standard graph query language with full support for pattern matching, filtering, aggregation, and write operations
  • Automatic query optimisation achieving high optimisation rates without manual tuning through cost-based planning
  • Support for variable-length path queries enabling multi-hop relationship discovery across complex networks
  • Rich filtering expressions including numeric comparisons, string matching, date arithmetic, list operations, and spatial predicates
  • Comprehensive aggregation functions for statistical analysis, grouping, and reporting directly within queries
  • 15+ built-in graph algorithms including centrality measures, community detection, shortest path, and connectivity analysis
  • Advanced pattern detection capabilities for cycles, triangles, cliques, star patterns, and hub identification
  • Optional pattern matching providing left-join-style queries for comprehensive data retrieval
  • Negation patterns enabling exclusion-based searches to identify entities lacking specific relationships
  • Distributed query execution partitioning large queries across multiple compute nodes for horizontal scaling
  • Query result caching with configurable time-to-live and intelligent invalidation strategies
  • Index-aware query planning automatically using available indexes for accelerated lookups
  • Filter pushdown optimising traversal by applying constraints during graph exploration rather than after
  • Real-time streaming queries enabling continuous monitoring of evolving graph data

Use Cases#

  • Anti-Money Laundering: Financial institutions detect circular transaction patterns, layering schemes, and suspicious flows through variable-length path queries with cycle detection
  • Threat Intelligence Correlation: Cybersecurity teams correlate indicators of compromise across large-scale networks to identify attack campaigns through pattern matching and community detection
  • Supply Chain Analysis: Organisations model supplier dependencies, identify single points of failure, and detect bottlenecks through centrality analysis and shortest path queries
  • Criminal Network Investigation: Law enforcement agencies analyse network structures, rank targets by influence, and discover hidden connections through graph algorithms integrated into query workflows

Integration#

  • Connects with the Neo4j graph analysis layer through typed API interfaces with query translation capabilities
  • Compatible with investigation platforms for real-time query execution and result visualisation
  • Supports distributed execution across multiple compute nodes for horizontal throughput scaling
  • Query result caching reduces repeated computation with configurable invalidation strategies
  • Role-based access controls with node-level security ensuring queries respect permission boundaries
  • Multi-tenant query isolation with automatic tenant scoping for shared infrastructure deployments

Open Standards#

  • GraphQL (October 2021 Specification): All graph queries, mutations, and real-time updates are exposed through a GraphQL API, with typed schemas, introspection, and tenant-scoped subscriptions implemented via the Strawberry library.
  • openCypher / ISO/IEC 39075 (GQL): Pattern matching, variable-length path traversal, cycle detection, and write operations against the Neo4j layer are expressed in Cypher, the industry-standard declarative property-graph query language now standardised as ISO/IEC 39075.
  • Neo4j Bolt Protocol: Connections to the Neo4j graph database use the Bolt binary wire protocol, with bolt://, bolt+s://, neo4j://, and neo4j+s:// URI schemes validated and routed by the database configuration layer.
  • GEXF 1.3 (Graph Exchange XML Format): Graph data can be exported in GEXF 1.3 for interoperability with external graph analysis and visualisation tools such as Gephi; the export service generates well-formed GEXF 1.3 XML with namespace-qualified visualisation attributes.
  • WebSocket (RFC 6455): Real-time graph and node-update subscriptions are delivered over persistent WebSocket connections, with periodic re-authorisation enforced at the subscription level.
  • OAuth 2.0 / JSON Web Tokens (RFC 6749 / RFC 7519): All graph query endpoints require a valid bearer JWT; role-based access control checks are applied on every resolver and subscription to enforce per-investigation and per-tenant boundaries.
  • JSON (RFC 8259): Graph node and edge properties, query results, and algorithm outputs are serialised as JSON; a JSON scalar type is exposed in the GraphQL schema for arbitrary property payloads.

Last Reviewed: 2026-02-23 Last Updated: 2026-04-14

Ready to Build?

Get started with our APIs or contact our integration team for support.