Augur
Sign inStart free
Live demoPlatformHow it worksPricingStatusFAQSupply chainEnergy + infrastructureNewsroom OSINTAll integrationsSign inStart free

Operations · 6 min

Geofencing for Enterprise Risk: How Watch Zones Transform Operational Awareness

Why geofencing is the layer that turns OSINT firehoses into useful enterprise risk alerts. Patterns for refineries, ports, pipelines, country borders and what to avoid.

2026-05-26

Every operations team eventually hits the same wall: there's plenty of public information about what's happening in the world, but very little of it is about your operation specifically. A refinery operator doesn't care that there was an earthquake in Indonesia. They care that there was an earthquake within 50km of their refinery.

That's the gap geofencing closes. You define geographic zones around the assets that matter. The system filters every event in every connected feed against those zones. You only see the events that intersect.

This post is about how to design watch zones for operational risk monitoring — what shapes to use, where they break down, and how the layer above (severity, dwell time, channel routing) turns the geographic filter into something a human actually wants in their inbox.

Why geofencing beats every other filter

Most monitoring systems start with keyword filters. "Alert me when GDELT mentions 'pipeline rupture'." That works until the third week, when a Nigerian newspaper publishes a story about a pipeline rupture in Texas and your London ops desk gets paged at 3am.

Keywords are bad filters because language is fuzzy and geography is precise. A polygon around your specific pipeline corridor is unambiguous. Either the event is inside the polygon or it isn't.

The result is dramatically lower noise. We've seen teams move from 200 alerts a day on keyword-only filters to 4 alerts a day on geofencing-first filters, with no drop in the catch rate of actually-important events.

Four watch-zone patterns that work

1. Single-asset circles

For a refinery, a wellhead, a substation, a single building — a circle centred on the asset with a 5–25km radius is the right shape. Easy to draw, easy to tune.

Tuning question: what's the radius? Three rules of thumb:

  • 5km — immediate physical-threat zone (fires, chemical incidents)
  • 25km — operational-impact zone (severe weather, civil unrest)
  • 100km — strategic-awareness zone (regional sanctions, major disasters)

A single asset usually wants two or three concentric circles with different severity thresholds. The 5km zone fires on everything ≥40 severity. The 100km zone only fires on ≥80.

2. Polygon basins and ports

For a port basin, a city CBD, a specific district — circles get clumsy. The actual asset shape is irregular and a circle either misses the bits you care about or catches noise in adjacent water.

Polygons solve this. Most modern map libraries (Leaflet, Mapbox GL, Google Maps) ship a polygon-draw tool. The dispatcher uses ray-cast point-in-polygon at under 400μs per event comparison — fast enough that a hundred polygons make no measurable difference.

The polygon vs circle decision matrix is broken out in Polygons beat circles (most of the time).

3. Long corridors

For a pipeline, a subsea cable, a rail route, a trucking corridor — you want a long thin polygon hugging the path of the asset. Width is usually 5–25km depending on how broad the asset's vulnerability footprint is.

A pipeline corridor zone catches:

  • Earthquakes within the impact radius
  • Active fires from NASA FIRMS within the buffer
  • AIS vessels loitering above subsea cables (dwell-time alarm)
  • GDELT conflict events within the corridor

4. Country-level polygons

For sanctions exposure, geopolitical risk, foreign-desk monitoring — country borders are the right shape. Download the ISO 3166-1 country boundaries (Natural Earth, OpenStreetMap) and import them as ready-made polygons.

Use country zones with high severity thresholds (≥70) — these zones cover huge areas and lower thresholds drown you in chatter.

The severity layer

Geofencing alone is necessary but not sufficient. A polygon around Rotterdam catches every event in Rotterdam, including the local pub fire. You need a severity gate.

Every event in Augur gets normalised to a 0–100 score at ingest time. Each zone has its own min_severity threshold. The dispatcher only fires when an event lands inside the zone above the threshold.

Tuning the severity threshold is the single most impactful knob in geographic alerts. We recommend:

  • Default: 40 (everything above "weather advisory")
  • Operations Slack channel: 60 (filters routine chatter)
  • SOC / on-call: 70 (only events that move markets)
  • National-day exec digest: 80 (the truly bad stuff)

Tune until you get 1–2 alerts per day per channel. Then leave it alone.

Channel routing — who gets what

Geofencing + severity filters which events fire. The channel routing layer decides who gets paged.

Three patterns that scale:

Single Slack channel per zone: every event in this zone goes to this team. Simplest model. Works for single-team setups.

Severity-tiered channels: zone fires to #ops-low for severity 40–60, #ops-high for 60–80, #oncall for 80+. Works for 24/7 operations where you want page noise concentrated on one channel.

Per-source channels: maritime alerts go to one channel, conflict alerts to another, weather to a third. Useful when different teams own different signal categories.

Dwell-time alarms

For mobile assets (vessels, aircraft, vehicles), the geographic question is different. You don't care if a ship is in your zone — of course it is, that's the shipping lane. You care if a ship has been in your zone for too long.

Dwell-time alarms add a duration threshold: zone fires if the same asset has been inside for >N minutes. We covered this in AIS dwell-time alerts.

Patterns to avoid

A few common mistakes worth flagging:

Overlapping zones with conflicting severity. If three zones cover the same point with three different thresholds, the same event fires three times. The dispatcher should dedupe (it does in Augur), but the noise still confuses end users. Pick a primary zone per asset.

Country zones with low severity. Every country has a fire / quake / strike somewhere every day. Country zones at severity 40 will drown you.

Zone-per-employee anti-pattern. Don't define one zone per home address of every analyst. Define one zone for the office and route to a shared channel.

Static zones for moving assets. A trucking fleet is not a watch zone. AIS dwell + geofenced port zones model the infrastructure, not the moving asset.

What this looks like in production

A handful of customer setups that demonstrate the geofencing pattern at scale:

European LNG operator: 9 polygon zones around terminals + 4 corridor zones for cross-border pipelines + 1 country-level Caribbean polygon for storm season. Total: 14 zones, severity ≥60, single SOC Slack channel. 3-4 alerts a day, signal-to-noise excellent.

Mid-market freight forwarder: 14 polygon port zones + 30 circle supplier zones + 5 country zones for sanctioned jurisdictions. Total: 49 zones, severity 50 for ports + 70 for countries, severity-tiered Slack channels. 8-10 alerts a day, distributed across teams.

International wire-service: 25 country polygon zones + 50 city-centre circles + 10 conflict-zone polygons (Ukraine, Gaza, Sudan, Yemen). Total: 85 zones, severity tuned per-zone, three desk-specific Slack channels.

The pattern scales. The geofencing layer is what makes it usable.

Getting started

If you're standing up a geofenced monitoring system this quarter:

  1. Map your assets to one of the four zone patterns above
  2. Start with severity threshold 60 for everything — tune later
  3. Wire one Slack channel for the alert output (you can split later)
  4. Run for a week, count alerts, adjust thresholds
  5. Add dwell-time alarms only after the static zones are stable

Try the live demo to see what merged geofenced OSINT looks like, or start a free Augur account and draw your first watch zone in 3 minutes.

← Back to blog · Start free