Knogin
[Developers]

Intelligence Reports Management

When a watch officer starts a shift, the first question is always the same: has anything new been published since the last handover? Intelligence Reports Management answers that question in seconds. The module surfaces r

Back to All Modules
Category: IntelligenceLast Updated: Mar 24, 2026
intelligence

Overview#

When a watch officer starts a shift, the first question is always the same: has anything new been published since the last handover? Intelligence Reports Management answers that question in seconds. The module surfaces report volume, active source count, and time-since-last-publication so supervisors and analysts can assess reporting posture at a glance without opening individual records one by one.

The capability suits intelligence teams in law enforcement, defence, and financial crime sectors that produce recurring analytical products and need source health and report cadence visible at the dashboard level. A fusion center team, for instance, can see immediately if a critical source has gone quiet or if the overnight reporting cycle produced fewer products than expected, and pivot directly into the full workspace to investigate.

Key Features#

  • Report Repository Summary: Displays the volume of intelligence reports available to the organisation so teams know the size and completeness of the active product base.
  • Source Inventory Awareness: Surfaces total and active source counts used to support intelligence reporting, making it easy to spot when source inputs drop below operational thresholds.
  • Recency Tracking: Highlights how recently a new report was created, so operators can detect stale reporting cycles and act before a coverage gap affects operations.
  • Classification-Friendly Workflow: Supports structured intelligence reporting where report metadata and source posture matter as much as the report body itself. Secrecy level controls align with RBAC and multi-tenant isolation.
  • Direct Workflow Pivot: Provides a fast route into the full intelligence-reporting workspace when analysts need to create, review, or revise content, keeping context intact across the navigation.

Use Cases#

  • Watch Officer Reporting: Intelligence teams confirm whether fresh reporting has been produced within the expected window before beginning shift activities.
  • Source Management Oversight: Supervisors track whether source inputs are active and sufficient to support current intelligence production, catching silent source failures early.
  • Product Publication Monitoring: Reporting leads use the module to maintain awareness of reporting cadence and quickly identify lulls or accumulating backlogs.
  • Operational Briefing Preparation: Analysts review report availability and recent output before preparing shift handovers or leadership briefings.

Integration#

  • Intelligence-report and intelligence-source queries backed by PostgreSQL as the primary data store
  • Source-management and report-production workflows
  • Search, collaboration, and briefing systems
  • Cyber and intelligence-oriented workbenches across all 153 platform integrations

Open Standards#

  • OASIS STIX 2.1: Intelligence reports are serialised as STIX 2.1 Report SDOs, with bidirectional conversion between internal report records and spec-compliant bundles including object_refs, report_types, and published timestamps.
  • OASIS TAXII 2.1: Reports and associated indicators are pushed to and pulled from external collections via a TAXII 2.1 client, enabling automated sharing with partner organisations and threat-intelligence platforms.
  • FIRST Traffic Light Protocol (TLP): Every report carries a TLP marking drawn from the full STIX 2.1 marking-definition registry (TLP:CLEAR, TLP:WHITE, TLP:GREEN, TLP:AMBER, TLP:AMBER+STRICT, TLP:RED), governing dissemination boundaries at the object level.
  • MITRE ATT&CK: Threat-intelligence reports reference ATT&CK technique identifiers and kill-chain phases, enabling analysts to align report content with the MITRE ATT&CK Enterprise and ICS knowledge bases during triage and attribution.
  • GraphQL (June 2018 Specification): Report queries, secrecy-level filtering, and workspace navigation are exposed through a strongly typed GraphQL API with IsAuthenticated permission enforcement on all report resolvers.
  • RFC 7519 / JSON Web Token (JWT): All access to intelligence reports is gated on RS256-signed JWTs verified against a JWKS endpoint, with role and tenant claims enforced before any report data is returned.
  • ISO 8601: Report timestamps (created_at, updated_at, published_date) are stored and serialised as UTC-aware ISO 8601 datetime strings, ensuring interoperability with external consumers and audit systems.

Last Reviewed: 2026-03-24 Last Updated: 2026-04-14

Ready to Build?

Get started with our APIs or contact our integration team for support.