Augur
Sign inStart free
Live demoPlatformHow it worksPricingStatusFAQSupply chainEnergy + infrastructureNewsroom OSINTAll integrationsSign inStart free

Supply chain · 5 min

How to Monitor Supply Chain Disruptions with Open-Source Intelligence

Build a real-time OSINT supply-chain monitoring stack with public feeds — AIS for vessels, GDELT for strikes and sanctions, NOAA + NWS for severe weather. Practical patterns plus a free starter setup.

2026-05-26

Supply chains break in public before they break in your ERP. The blocked container at Long Beach showed up in AIS vessel tracking 36 hours before the first delivery slipped. The Suez closure trended on Twitter four hours before the first official notice went out. The Niger Delta pipeline rupture had three Reuters stringers filing within 90 minutes of detonation.

The signal is out there. Most procurement and logistics teams just have no system to read it.

This post lays out a practical OSINT supply-chain monitoring stack — what to plug in, how to filter, and how to avoid the alert fatigue that kills every monitoring project by week two.

The four feed categories that actually matter

Skip the temptation to wire ten dashboards. Supply chain risk management runs on four signal categories. Everything else is noise to escalate later.

1. Maritime — AIS and port congestion

Every commercial vessel over 300 GT broadcasts AIS (Automatic Identification System) every few seconds. Aggregators (AIS-receiving stations, satellite networks, the IMO MSW) merge those broadcasts into a global feed. The valuable signal is not the ship's position — it's the ship's dwell time at a port.

  • A container vessel parked at LA/Long Beach for >12 hours flags congestion
  • A tanker idling outside Hormuz for >4 hours flags a chokepoint event
  • A research vessel hovering over a subsea cable for >30 minutes flags suspicious activity

Read more in the AIS vessel tracking deep-dive.

2. Geophysical — earthquakes, fires, severe weather

USGS publishes every M2.5+ earthquake within seconds. NOAA's National Hurricane Center publishes every advisory on every named storm. The National Weather Service publishes severe-weather alerts the moment they're issued. NASA FIRMS publishes active fire detections from MODIS + VIIRS satellites every 3 hours.

None of these feeds cost money. All of them are documented. Wire them into a 50km radius around every supplier facility and you'll catch every event that physically threatens your shipments.

3. Conflict + civil unrest

GDELT (Global Database of Events, Language and Tone) ingests every major-language news article worldwide and geocodes it. ACLED (Armed Conflict Location & Event Data) maintains a curated dataset of battles, riots and protests across 100+ countries with severity scoring.

These are the feeds that catch the strike at the supplier's factory two days before procurement hears about it through the customer success team.

4. Sanctions + trade

OFAC publishes the Specially Designated Nationals list. The EU publishes its consolidated financial sanctions list. UK's OFSI publishes the UK consolidated list. New listings hit those feeds within hours of being effective.

Wire a daily diff and you'll catch every new sanctions exposure across your supplier base.

The geofencing layer is what makes it usable

A naïve OSINT monitoring system fires on every event in every feed. That's hundreds of alerts a day. The on-call lead mutes the channel by Friday.

The pattern that works: define geographic watch zones around every asset that matters, set per-zone severity thresholds, and fire only when an event lands inside a zone above the threshold.

For a freight forwarder:

  • Polygon zones around each of your 14 container ports
  • 50km circle zones around each of your top-30 supplier factories
  • Wide-corridor polygons along your land routes (rail, trucking)
  • Country-level polygons for jurisdictions you depend on

Plus per-zone tuning:

  • Port zones: AIS dwell-time threshold of 4 hours
  • Supplier zones: severity ≥ 60 (filters out weather chatter)
  • Route corridors: any severity (these are thin enough that any hit matters)

Severity scoring — the one knob that actually matters

Every feed has its own idea of how serious an event is. USGS uses magnitude. NHC uses category. GDELT uses Goldstein tone. ACLED uses event type and fatality count.

Normalise every event to a 0–100 score at ingest time. The dispatch layer only ever compares against that one number.

Read more on how we built the scoring model in Killing alert fatigue with severity thresholds.

Free starter stack

You don't need a budget to wire this. The minimum viable supply-chain OSINT monitor:

  1. AIS feed — Use AISHub's free WebSocket or AISStream.io's free tier (rate-limited but enough for a few dozen zones)
  2. USGS earthquakes — https://earthquake.usgs.gov/earthquakes/feed/v1.0/geojson.php, polled every 30 seconds, no key required
  3. NOAA NHC — https://www.nhc.noaa.gov/CurrentStorms.json, polled every 5 minutes, no key required
  4. GDELT — Query https://api.gdeltproject.org/api/v2/doc/doc with a country code filter, 15-minute refresh
  5. NASA FIRMShttps://firms.modaps.eosdis.nasa.gov/api/area/csv/MAP_KEY/VIIRS_SNPP_NRT/BBOX (free map-key on registration)

Pipe the matches through a 0–100 severity score, filter to zones above threshold, fire to a Slack channel. That's the entire pipeline.

When DIY breaks

DIY works fine for one freight team watching 20 zones. It breaks the moment any of these become true:

  • You have more than ~50 zones (the noise tuning becomes a part-time job)
  • You need polygon zones (not just circles)
  • You want LLM-generated event explainers attached to each alert
  • You want shared zones across a team (RLS gets non-trivial)
  • You need an audit log (regulated industries)
  • You want the alerts to dedupe on event ID across multiple zones

That's where you'd want a proper geofenced OSINT platform to take over. Augur is one option — there are others. The decision tree is the same: how much engineer time vs how much subscription cost.

What this looks like working

Three customer outcomes from teams running supply-chain OSINT in production:

Mid-market freight forwarder: cut port-disruption response time from 6 hours to 12 minutes by wiring AIS dwell-time alerts to the duty supervisor's Slack.

European LNG operator: replaced four separate paid news services with a single OSINT feed and SOC's signal-to-noise ratio doubled.

Wire-service newsroom: beat AP to a major quake by 90 seconds — long enough to publish a holding paragraph before the wires moved.

These aren't moonshots. The data was already public. The teams just stopped doing it by hand.

Start small

The mistake every supply-chain OSINT project makes is wiring twenty feeds before tuning a single watch zone. Start with one feed, one zone, one Slack channel. Tune the severity threshold until you get 1–2 alerts a day. Then add the second feed.

If you'd rather skip the wiring step, try the live demo to see what the merged feed looks like, or start a free Augur account — 3 zones, every public feed, no card required.

← Back to blog · Start free