Knogin
[Developers]

Conflict OSINT, Multi-Source Event Intelligence

An analyst watching an active conflict zone should not spend the morning reconciling six incompatible data feeds before any analysis can begin. Conflict OSINT ingests geolocated events and territorial-control snapshots f

Back to All Modules
Category: IntelligenceLast Updated: May 26, 2026
intelligencegeospatial

Overview#

An analyst watching an active conflict zone should not spend the morning reconciling six incompatible data feeds before any analysis can begin. Conflict OSINT ingests geolocated events and territorial-control snapshots from four named external sources and unifies them into one tenant-scoped, spatially indexed picture, queryable through a single authenticated API.

Battles, explosions, violence against civilians, protests, equipment losses, and daily front-line shifts arrive from independently maintained open-source databases, each in its own format. This capability normalises every record into one consistent geospatial schema, de-duplicates overlapping reports, and stores all geometries in a standard coordinate reference system so they overlay cleanly on any compatible map. Security analysts, defence customers, and investigative teams get a continuously refreshed operational picture rather than a pile of feeds to merge by hand.

The territorial-control history is preserved day by day, so a team can replay how a front line moved across any date range they choose, turning raw open-source reporting into an after-action review (AAR) of the campaign.

Key Features#

  • Four named source connectors: Data is drawn from ACLED (Armed Conflict Location and Event Data Project), WarSpotting (ukr.warspotting.net), five OSINT sub-sources resolved through the osint-geo-extractor library, and DeepState Map daily GeoJSON. Each connector handles its source on that source's own terms, then hands a normalised record to a shared persistence layer.

  • Five OSINT databases unified: The osint-geo-extractor connector folds in GeoConfirmed, Bellingcat, Cen4InfoRes (Eyes on Russia), DefMon3, and Texty.org.ua. Records that describe the same incident across these independently maintained databases are de-duplicated on ingest, so analysts review one consolidated event rather than five overlapping reports.

  • Unified geospatial schema: Battles, explosions, violence against civilians, protests, equipment losses, and generic geolocated events all land in one event table with consistent fields for actor, equipment type, fatalities, location name, and source links. A single query shape works across every source.

  • Standards-compliant spatial output: Every point geometry is stored as a true spatial type in WGS-84 and returned as a standard GeoJSON FeatureCollection, ready to drop straight onto any compatible map without reprojection or reshaping.

  • Bounding-box and date-range filters: Events can be narrowed by source, event type, date window, and a geographic bounding box evaluated server-side against the spatial index, so a request returns only what falls inside the area and period an analyst cares about.

  • Daily territorial-control history: DeepState Map polygons are stored one snapshot per day, letting a team reconstruct the front line for any single date or animate its movement across a chosen range.

  • Incremental cursor-based refresh: Each source keeps its own sync cursor, so routine refreshes pull only what is new since the last run rather than re-ingesting the full corpus. An administrator can also kick off a refresh for one named source on demand.

  • Tenant-scoped and authenticated: Every read and write is bound to the calling organisation, and every field requires an authenticated caller, so one customer's operational picture never bleeds into another's.

Use Cases#

Defence and military intelligence#

  • Front-line tracking: Overlay the latest geolocated battles and explosions on the current territorial-control polygon to understand where contact is happening relative to the line of control.
  • Equipment-loss attrition: Filter to equipment-loss events from WarSpotting to follow documented vehicle and system losses over a chosen period and area.
  • After-action review: Use the territorial timeline to replay how the front moved across a campaign window, with event density layered on top for context.

Security analysis and risk monitoring#

  • Area-of-interest watch: Set a bounding box around a city, corridor, or facility and pull all conflict events inside it for a rolling date window.
  • Civilian-harm monitoring: Filter to violence-against-civilians and explosion event types to track incidents affecting non-combatants.
  • Protest and unrest tracking: Surface protest events from ACLED to monitor civil-unrest activity in a region.

Investigative and OSINT teams#

  • Cross-source corroboration: Compare how GeoConfirmed, Bellingcat, Cen4InfoRes, DefMon3, and Texty.org.ua reported the same incident, with source links carried through on every record.
  • Map-ready exports: Pull a GeoJSON FeatureCollection for a verified set of events and load it directly into QGIS or a web map for publication or further analysis.
  • Trend dashboards: Use aggregated breakdowns by source, by type, and by date to quantify reporting volume and shape over time.

Integration#

Conflict OSINT is reached over an authenticated GraphQL API secured with OAuth2 and JWT. Four read operations are exposed: a paginated event list with full filter support, a GeoJSON FeatureCollection for map rendering, a territorial-control timeline for replay, and an aggregated statistics breakdown by source, type, and date. A single administrator-only operation lets an authorised operator refresh one named source on demand; routine refreshes otherwise run incrementally on their own cursors.

Because the spatial output is a standards-compliant GeoJSON FeatureCollection, it feeds directly into any RFC 7946-compatible renderer. Customers plug the GeoJSON response straight into CesiumJS, MapLibre GL JS, or QGIS for immediate visual overlay, with no custom adapter to write. The benefit is concrete: a team points an existing map at the endpoint and sees unified multi-source events the same afternoon.

Inbound, each source is integrated against its own published interface, ACLED and WarSpotting over their respective HTTP feeds, the five OSINT sub-sources through the osint-geo-extractor library, and DeepState Map over its daily GeoJSON files. All four are normalised behind one consistent event model, so a customer consuming the API never needs to know which upstream a given record came from beyond the source label carried on it.

Open Standards#

  • GeoJSON (IETF RFC 7946): All spatial output is a standards-compliant FeatureCollection, so it loads unchanged into any RFC 7946 map renderer such as CesiumJS, MapLibre GL JS, or QGIS.
  • PostGIS / OGC geometry types (EPSG:4326, WGS-84): Geometries are held as OGC-standard spatial types in the WGS-84 reference frame, built and served with the standard spatial functions ST_SetSRID, ST_MakePoint, ST_GeomFromGeoJSON, ST_AsGeoJSON, ST_Within, and ST_MakeEnvelope.
  • GraphQL (June 2018 specification): The API is a schema-first, strongly typed GraphQL service, giving callers introspectable types and precise field selection over a single endpoint.
  • OAuth2 and JWT: Access is authenticated with bearer tokens, so the capability slots into an existing identity provider rather than requiring a separate credential store.
  • ISO 8601 dates: Event dates and date-range filters use ISO 8601 strings, keeping temporal filtering unambiguous across clients and time zones.

Security & Compliance#

Every operation is bound to the calling organisation, so a tenant only ever sees its own ingested events and territorial snapshots, and one customer's data is never visible to another. All fields require an authenticated caller, and the source-refresh operation is restricted to administrator-level actors. Each record carries a secrecy-level marking and a defaulted unclassified value, supporting downstream handling controls. Refresh activity is recorded for audit, giving a defensible trail of when each source was last brought current and by whom.

Last Reviewed: 2026-05-26 Last Updated: 2026-05-26

Ready to Build?

Get started with our APIs or contact our integration team for support.