Knogin
[Developers]

STANAG 4676 Track Ingest and Multi-Feed Track Registry

Feed STANAG 4676 track messages and a dozen other tactical and threat feeds into one endpoint, and receive a single deduplicated common operational picture with full source provenance on every track.

Back to All Modules
Category: ModulesLast Updated: May 26, 2026
modulesaiblockchain

Overview#

Feed STANAG 4676 track messages and a dozen other tactical and threat feeds into one endpoint, and receive a single deduplicated common operational picture with full source provenance on every track.

A joint task force rarely sees the world through one sensor. Air tracks arrive over Link-16 terminals, civil and military air picture over ADS-B ground stations, the maritime picture over AIS receivers, ground force positions over a TAK server, and cyber-threat signals over threat-intelligence feeds. Each feed speaks its own dialect, and the same contact frequently appears on several of them at once. The track registry ingests all of these, normalises them into a unified track store, and runs deterministic association scoring so that overlapping reports collapse into one well-evidenced track rather than a cluttered screen of duplicates.

The result replaces fragile point-to-point integrations and manual track correlation. Analysts stop reconciling feeds by hand during time-sensitive operations and instead work from a single picture where every track carries a recorded chain of where its evidence came from, how confident the association is, and which clearance level is permitted to see it.

Key Features#

  • STANAG 4676 ingest and export. Submit NATO STANAG 4676 track messages in JSON or XML through a single ingest operation, and export any selected set of tracks back out as a standards-compliant STANAG 4676 track message for sharing with NATO command systems and partner gateways.
  • Multi-feed normalisation. Position reports from Link-16, ADS-B, AIS, Cursor-on-Target (CoT 2.0 / TAK / ATAK), STIX 2.1, TAXII 2.1, MISP, Suricata, DIS, and HLA are mapped onto one unified track model, so every downstream consumer reads tracks the same way regardless of origin.
  • Deterministic association scoring. Each incoming assertion is scored against existing tracks on time proximity, geographic distance, and identity agreement, with a fixed weighting and a published association threshold, giving repeatable, auditable deduplication rather than opaque guesswork.
  • GOSPA and OSPA quality metrics. Tracks and their association hypotheses carry Generalized Optimal Sub-Pattern Assignment and Optimal Sub-Pattern Assignment scores alongside a filter-confidence value, so analysts can judge track quality and prioritise the cleanest evidence.
  • Full provenance chain. Every track records each contributing source: source identifier, source type, originating standard, collection time, original classification, processor chain, and per-source confidence, providing complete lineage from raw feed to fused track.
  • Secrecy-level clearance gating. All reads are filtered against the requesting user's clearance before any record is returned, so a single deployment can serve analysts at different classification levels from one track store without cross-domain leakage.
  • Real-time fusion-run updates. Each association run is published through the operational picture publisher, pushing fresh fused tracks to live displays as soon as they settle rather than on a polling delay.
  • Organisation scoping and audit. Every ingest, export, read, and registry update is scoped to the authenticated organisation and written to the interoperability audit trail for accountability and replay.

Use Cases#

Joint and Coalition Air Defence#

A combined air-defence cell fuses STANAG 4676 tracks from a NATO-compliant sensor gateway with Link-16 air tracks and ADS-B contacts. Overlapping reports of the same aircraft collapse into a single track, and the recognised air picture stays clean even as more feeds come online during an exercise or operation.

Maritime Domain Awareness#

AIS receivers and STANAG 4676 maritime tracks are merged into one surface picture. Duplicate vessel reports from overlapping coastal receivers are associated automatically, and each surviving track shows which receivers contributed and how confident the merge was.

Ground Force Common Operational Picture#

Cursor-on-Target events from a TAK server, including ATAK end-user devices, are normalised into the same registry as air and maritime tracks. Command staff without direct access to every tactical terminal still see all force positions on one map with provenance attached.

Cyber and Kinetic Cross-Domain Fusion#

Cyber-threat signals from STIX, TAXII, MISP, and Suricata are normalised as operational entities and surfaced beside kinetic tracks, letting watch teams correlate a network indicator with a physical contact in the same workspace.

Live-Virtual-Constructive Exercises#

Entities from DIS and HLA simulation federations are ingested alongside live tracks, so synthetic and real forces appear on one picture during training, with simulation provenance clearly distinguished from operational sources.

Integration#

The capability is reached through a GraphQL API over standard HTTP. The read surface returns tracks, a single track by identifier, associated registry entities, and a single registry entity with its provenance entries. The write surface accepts STANAG 4676 JSON ingest, STANAG 4676 export of selected tracks, and batched cross-feed registry updates. All access uses OAuth 2.0 bearer tokens in JSON Web Token (JWT) format and is scoped to the authenticated organisation.

Customers plug in NATO-compliant sensor gateways, Link-16 terminals, ADS-B ground stations, AIS receivers, TAK servers, and cyber-threat feeds without writing bespoke correlation logic. The platform handles normalisation, deduplication, scoring, and provenance, so each new feed becomes one more contributor to the same picture rather than another integration to maintain. Tracks flow onward to map displays, alerting rules, and reporting through the operational picture publisher, and the same normalised model is shared with the wider interoperability layer, so connectors built for one feed type behave identically across all of them.

Open Standards#

  • STANAG 4676, the NATO standardisation agreement for track data exchange; the registry ingests and exports STANAG 4676 track messages in both JSON and XML so tracks remain interoperable with NATO command systems.
  • Link-16 / TADIL-J, the primary secure tactical data link across NATO and allied forces; Link-16 track reports are normalised into the unified track store.
  • ADS-B (Automatic Dependent Surveillance-Broadcast), the position-reporting standard broadcast by aircraft transponders; ADS-B contacts are ingested and defaulted to the air domain.
  • AIS (Automatic Identification System), the IMO maritime position-reporting standard; AIS reports are ingested and defaulted to the maritime domain.
  • Cursor-on-Target (CoT) 2.0 / TAK / ATAK, the XML event format used across the TAK ecosystem for position reporting; CoT events from TAK servers and ATAK devices are normalised into the registry.
  • OASIS STIX 2.1 (Structured Threat Information Expression), the structured cyber-threat representation; STIX objects are normalised as operational entities for cross-domain fusion.
  • OASIS TAXII 2.1 (Trusted Automated eXchange of Intelligence Information), the transport for sharing STIX intelligence; TAXII-sourced objects are ingested with full provenance.
  • MISP (Malware Information Sharing Platform), the open threat-sharing standard; MISP events are normalised as threat entities in the registry.
  • Suricata, the open intrusion-detection event format; Suricata alerts are ingested as cyber signals and fused alongside kinetic tracks.
  • DIS / IEEE 1278.1 (Distributed Interactive Simulation), the simulation entity-state protocol; DIS entities are ingested for live-virtual-constructive fusion.
  • HLA / IEEE 1516 (High Level Architecture, RTI), the simulation federation standard; HLA Run-Time Infrastructure entities are normalised into the same track store.
  • GOSPA (Generalized Optimal Sub-Pattern Assignment), the multi-target track quality metric; carried on tracks and association hypotheses to express fusion quality.
  • OSPA (Optimal Sub-Pattern Assignment), the track quality metric; recorded alongside GOSPA for per-track quality assessment.
  • OAuth 2.0 / JWT, all API access is authenticated using OAuth 2.0 bearer tokens in JSON Web Token format, consistent with the platform's identity and authorisation layer.

Security and Compliance#

Every track carries a secrecy level, and all reads are filtered against the requesting user's clearance before any record is returned, so analysts in a multi-classification environment never receive tracks above their permitted level. Tracks, registry entities, and provenance records are scoped to the authenticated organisation, preventing cross-tenant exposure.

Each contributing source is preserved in the provenance chain with its original classification and processor history, giving auditors a complete account of how a fused track was assembled. Every ingest, export, read, and registry update is written to the interoperability audit trail, supporting accountability, incident review, and post-operation replay. Network-layer separation of classified feeds remains the responsibility of the operator; the platform enforces classification policy on stored and queried data and does not substitute for cryptographic or physical network isolation.

Last Reviewed: 2026-05-26 / Last Updated: 2026-05-26

Ready to Build?

Get started with our APIs or contact our integration team for support.