Knogin
[Developers]

Unified Operational Events

A watch officer managing a complex overnight operation checks the drone mission interface, the acoustic sensor dashboard, and the COMINT workbench in sequence, trying to understand whether three separate alerts in the pa

Back to All Modules
Category: ModulesLast Updated: Apr 2, 2026
modulesreal-time

Overview#

A watch officer managing a complex overnight operation checks the drone mission interface, the acoustic sensor dashboard, and the COMINT workbench in sequence, trying to understand whether three separate alerts in the past thirty minutes are coincidental or connected. Each system shows its own slice of the picture. Unified Operational Events eliminates that fragmentation: every significant action across all platform modules flows into a single chronological timeline, giving the watch officer one queryable surface where an acoustic detection, a COMINT intercept, and a drone mission transition can be viewed side by side and their relationships traced.

With 24 event types from 21 source systems, the module serves commanders, watch officers, and analysts in defence operations, national security agencies, and critical infrastructure monitoring. The causal chain model is particularly valuable for after-action review: every engagement decision can be traced from its initial detection trigger through assessment and execution.

Key Features#

Single Queryable Timeline#

All operational events are stored in a common schema with consistent fields: event type, source system, timestamp, geographic location where applicable, associated entities, priority level, classification, and organizationId scope. The timeline supports filtering by any combination of these fields, enabling queries such as "all high-priority events in this area in the last hour" or "all events related to this entity across all source systems."

24 Event Types, 21 Source Systems#

The event taxonomy covers 24 distinct event types: sensor detection, track update, engagement proposal, engagement confirmation, engagement execution, battle damage assessment, drone mission transition, acoustic detection, COMINT intercept, COMINT threat assessment, video detection, high-value target alert, alert triggered, alert acknowledged, entity created, entity updated, entity linked, terrain analysis completed, communication pattern detected, geofence breach, mission status change, operator action, system health alert, and briefing published. Events flow from 21 source systems across the platform.

Causal Chain Tracking#

Events reference parent events, creating causal chains that trace how an initial detection led to analysis, engagement, and assessment. An acoustic detection links forward to the triangulation result, which links to the engagement proposal, confirmation, execution, and BDA assessment. Analysts can traverse chains in either direction, supporting both forward planning and after-action reconstruction.

Temporal and Spatial Auto-Correlation#

The system automatically identifies events related by time and location, even when no explicit causal link exists. When multiple events occur within configurable time and distance thresholds, the system proposes a correlation group for analyst review, surfacing connections that manual cross-system monitoring would miss.

Entity Activity Timelines#

Filter the event stream to show all events associated with a specific entity (person, unit, vehicle, equipment) to produce a complete activity timeline across all source systems. Entity timelines support intelligence analysis by revealing patterns of activity and correlating observations from different sensors.

Priority-Based Filtering with Classification Controls#

Events carry both operational priority (critical, high, medium, low, informational) and security classification levels. The interface filters events based on the operator's clearance level, ensuring classified events are visible only to appropriately cleared personnel. Priority filtering lets watch officers focus on critical events while retaining access to the full timeline when needed.

Geographic Event Heatmaps#

Aggregate event locations into geographic heatmaps showing activity density across the area of operations. Heatmaps filter by event type, time window, and priority to reveal patterns such as concentrations of acoustic detections or clusters of COMINT intercepts indicating command post locations.

Use Cases#

  • Watch Officer Situational Awareness: Monitor a real-time stream of all operational events filtered by area of responsibility and priority, identifying emerging situations without switching between individual module interfaces.
  • After-Action Review: Trace complete causal chains from initial detection through engagement and assessment, reconstructing the decision timeline for operational learning.
  • Intelligence Pattern Analysis: Use entity timelines and spatial correlation to identify activity patterns, track adversary routines, and detect anomalies.
  • Commander Briefing: Filter the timeline to produce a chronological summary of significant events for a defined period and area, supporting battle rhythm briefings.
  • Incident Investigation: Reconstruct a complete event sequence surrounding an incident by querying all events within a time and location window, regardless of source system.

Integration#

The module receives events from all platform modules including Acoustic Sensor Network, Effector Matching Engine, Drone Operations Management, COMINT Analysis Pipeline, Military Video Analytics, GMTI Radar Monitoring, Terrain Analytical Modelling, Stone Soup Sensor Fusion, Tactical Awareness (TAK), Alert System, and Entity Knowledge Graph.

GraphQL surface: operationalEvents, operationalEvent, operationalEventChain, operationalEventTimeline, operationalEventCorrelations, operationalEventHeatmap, operationalEventStats (queries); createOperationalEvent, assessOperationalEvent, correlateOperationalEvents (mutations). Subscriptions: operationalEventStream for real-time event streaming with organizationId scoping on all channels.

Open Standards#

  • GraphQL (June 2018 specification): the entire query, mutation, and real-time subscription API is implemented in GraphQL, including the operationalEventStream subscription that fans events to watch officers over WebSocket.
  • ISO 8601: all event timestamps, occurredAt, ingestedAt, assessedAt, are stored and exchanged as ISO 8601 datetime strings, ensuring unambiguous temporal ordering across 21 source systems.
  • STANAG 4774 / STANAG 4778: every event record carries a confidentiality label (UNCLASSIFIED, NATO_RESTRICTED, NATO_SECRET) conforming to the STANAG 4774 labelling policy; per-subscriber clearance enforcement on the live subscription channel follows the STANAG 4778 binding model.
  • WGS-84 (EPSG:4326): geographic coordinates (latitude, longitude, altitude) for event location, spatial auto-correlation, and heatmap grid aggregation all use the WGS-84 geodetic datum.
  • NATO Link-16 / MIL-STD-6016 (TADIL-J): Link-16 is one of the 21 named source systems; tactical air and surface tracks decoded from Link-16 J-series messages are ingested into the unified timeline as structured event records.
  • Cursor on Target (CoT): TAK/CoT is one of the 21 named source systems; SA events from ATAK, WinTAK, and OpenTAKServer flow through the CoT broker into the timeline as detection and track-update events.
  • JSON Web Token (RFC 7519) with RS256: every GraphQL resolver enforces an IsAuthenticated permission class that validates an RS256-signed JWT against a JWKS endpoint, binding all event access to an authenticated, organisation-scoped identity.

Last Reviewed: 2026-04-02 Last Updated: 2026-04-14

Ready to Build?

Get started with our APIs or contact our integration team for support.