Obsidian for Intelligence Analysis

# Obsidian for Intelligence Analysis ## BLUF **Obsidian** is a local-first, plain-text-markdown knowledge management application that has become the dominant platform for intelligence analysts, OSINT researchers, and investigative journalists who require a sovereign, extensible, and graph-aware personal knowledge base. Unlike cloud-dependent tools (Notion, Roam Research), Obsidian stores files as standard markdown on the local filesystem — which means the analyst retains full control, portability, and OPSEC integrity. This guide covers the analytical workflow patterns that matter for intelligence work specifically: vault structure, bidirectional linking as relational analysis, Dataview for programmatic queries, Templater for structured analytical products, and plugin ecosystem choices that preserve or compromise operational security. --- ## Why Obsidian for Intelligence Work ### Local-First Architecture Every note is a `.md` file on the local filesystem. This has specific operational consequences: - **Sovereignty:** No vendor can revoke access, modify content, or surveil the knowledge base - **Backup:** Standard filesystem backup tools work (rsync, Git, Proton Drive with encryption) - **Portability:** Moving to another tool requires no export — the files already are the format - **Offline:** Works without internet; no dependency on remote services - **Version control:** Git-native (each note is a text file Git can diff) For analysts handling sensitive subjects, local-first architecture is not a preference — it is an OPSEC requirement. Cloud-dependent note-taking creates adversary-accessible data concentrations. ### Bidirectional Linking Obsidian's `[[wikilink]]` syntax creates bidirectional graph edges between notes. This matches how intelligence analysis actually works: - An actor is connected to operations, locations, related actors, sources - A concept is connected to historical cases, theoretical antecedents, contemporary applications - A piece of evidence is connected to the hypotheses it supports or refutes The **knowledge graph** that emerges is directly analogous to the link analysis graphs used in intelligence work — but built from analytical content rather than imposed as a separate tool. ### Graph-Aware Queries (Dataview) The Dataview plugin enables SQL-like queries over note metadata and content. Practical uses: - Auto-generated dashboards of recent activity across the vault - Tag-based navigation and content aggregation - Status tracking (draft → review → publish-ready) - Filtered views of specific content types (all active investigations; all publish-ready conflict notes) This programmability transforms the vault from a passive archive into an operational knowledge base. --- ## Recommended Vault Structure The 10-section analytical structure used in this vault: ``` 01 Actors & Entities/ ├── 11_State_Actors/ ├── 12_Non-State_Actors/ ├── 13_Agencies_&_Departments/ ├── 14_Corporations_&_Tech/ ├── 15_International_Organizations/ ├── 16_Leaders_&_Figures/ ├── 17_Stateless_Peoples_&_Territories/ └── 18_Geopolitical_Regions/ 02 Concepts & Tactics/ 03 Weapons & Systems/ 04 Current Crises/ 05 Historical Events/ 06 Authors & Thinkers/ 07 Current Investigations/ 08 Guides & Manuals/ 09 Repository/ 10 Library/ ``` **Design rationale:** - Section 01 provides actors (who) - Section 02 provides concepts (what, doctrinally) - Section 03 provides tools and systems (what, concretely) - Section 04 provides active situations (when/where, current) - Section 05 provides historical precedent (when/where, past) - Section 06 provides intellectual genealogy (whose framework) - Section 07 provides ongoing investigations (analytical work in progress) - Sections 08–10 provide operational infrastructure Every analytical note cross-links across these dimensions, producing the relational graph essential for hybrid threat and cognitive warfare analysis. --- ## Frontmatter Standards Every analytical note begins with YAML frontmatter: ```yaml --- title: "Note Title" type: "actor | concept | weapon | conflict | historical-event | author | publication | framework | methodology | investigation | guide" section: "01 | 02 | 03 | 04 | 05 | 06 | 07 | 08 | 09 | 10" subsection: "[optional]" tags: [list, of, canonical, tags] status: "publish-ready | draft | stub | archive" created: "YYYY-MM-DD" updated: "YYYY-MM-DD" aliases: ["Alias 1", "Alias 2"] --- ``` **Critical fields:** - `title` — used by Obsidian Publish for URL generation - `status` — enables Dataview filtering; essential for production management - `aliases` — ensures `[[Alias]]` wikilinks resolve to the canonical note See: [[09 Repository/Tag Index]] for the canonical tag vocabulary. --- ## Essential Plugins ### Core Plugin Set (OPSEC-Safe) | Plugin | Function | OPSEC assessment | |---|---|---| | **Dataview** | SQL-like queries | Local-only; safe | | **Templater** | Template-based note creation | Local-only; safe | | **Breadcrumbs** | Hierarchy visualization | Local-only; safe | | **Local REST API** | HTTP access to vault (for n8n integration) | Local-only; safe but exposes vault via localhost | | **Obsidian Git** | Version control integration | Syncs to chosen Git remote — choose carefully | | **Excalidraw** | In-vault diagrams | Local-only; safe | ### Plugins to Avoid (OPSEC Concerns) - **Any plugin requiring cloud services** for core functionality (some AI integrations) - **Sync plugins that send content outside your chosen sync path** — verify before installing - **Analytics plugins** that phone home to developer servers ### AI Integration Considerations Plugins that send note content to LLM APIs (Claude, GPT, Gemini) create external-data-transfer paths. For sensitive content: - **Default to no:** Sensitive analytical content should not leave the local environment - **If using:** Use API providers with data retention guarantees; never include classified or sensitive information in prompts; prefer self-hosted models for sensitive workflows - **Audit trail:** Know which notes have been processed by external AI and reassess periodically --- ## Analytical Workflow Patterns ### Daily Intake 1. New information (article, document, observation) → `00_Inbox/YYYY-MM-DD_SourceTitle.md` 2. Brief captures go to a daily note: `Daily/YYYY-MM-DD.md` 3. Later: process inbox into appropriate section folders with proper frontmatter ### Note Creation from Template Using Templater, structured templates for each content type: - Actor profile template (BLUF, Grand Strategy, Capabilities, Network, Leadership, Key Connections) - Conflict note template (BLUF, Actors, Timeline, Analytical Dimensions, Intelligence Gaps, Key Connections) - Investigation note template (BLUF, Key Findings, Open Threads, Source Record, Key Connections) ### Analysis Workflow For a new analytical question: 1. Create note in Section 07 (Current Investigations) with the question and initial hypothesis 2. Apply [[08 Guides & Manuals/Analytical Frameworks/Analysis of Competing Hypotheses|ACH]] structure to the note 3. Cross-link to relevant actors (Section 01), concepts (Section 02), systems (Section 03), historical precedent (Section 05) 4. As evidence accumulates, update ACH matrix 5. When conclusion reaches sufficient confidence: publish-ready note; Signal Brief draft; Quartz article draft ### Publication Workflow Obsidian Publish (for intelligencenotes.com) or self-hosted Quartz: - `publish.json` controls which folders publish - `status: publish-ready` frontmatter gates individual notes - **OPSEC critical:** PIA/, Automation/, Publish/Beehiiv drafts must be in the `excluded` list - Regular audit of what is actually published vs. what should be --- ## Dataview Query Examples ### Recent Publish-Ready Notes ```dataview TABLE file.mtime AS "Updated" FROM "" WHERE status = "publish-ready" AND file.mtime >= date(today) - dur(30 days) SORT file.mtime DESC ``` ### All Active Investigations ```dataview LIST FROM "07 Current Investigations/Active Investigations" WHERE status = "active" ``` ### Notes Citing a Specific Concept ```dataview LIST FROM [[02 Concepts & Tactics/Algorithmic Warfare]] SORT file.name ``` ### Stale Notes (Not Updated in 180 Days) ```dataview TABLE file.mtime AS "Last Updated", status FROM "" WHERE file.mtime <= date(today) - dur(180 days) AND status != "archive" SORT file.mtime ASC ``` --- ## OPSEC Considerations ### What Goes in the Vault - Open-source research and analysis - Structured frameworks and methodologies - Historical analysis - Published intelligence products ### What Does NOT Go in the Vault - Classified information (where applicable by jurisdiction) - Privileged source identities that would be compromised by inadvertent disclosure - Operational details that would compromise ongoing investigations if leaked - Any material covered by NDAs or confidentiality agreements ### Publication Gate Discipline Every analyst operating a public-facing vault (e.g., via Obsidian Publish) must maintain rigorous discipline: - `publish.json` audited quarterly - `status` field applied intentionally to every note - New sections' publish status explicitly set, not defaulted - Signal Brief drafts and other staging content kept in explicitly excluded folders --- ## Key Connections - [[09 Repository/Tag Index]] — canonical tag vocabulary - [[08 Guides & Manuals/Operational Manuals/Open-Source Intelligence Manual]] — OSINT methodology - [[08 Guides & Manuals/Analytical Frameworks/Analysis of Competing Hypotheses]] — analytical method applied in the vault - [[08 Guides & Manuals/OSINT Methodologies/Source Verification Framework]] — verification discipline - [[02 Concepts & Tactics/OSINT]] — the discipline this vault supports