polwarden

What is polwarden?

A single URL you can send someone instead of arguing about whether a threat is real.

polwarden collects open-source intelligence from 20+ feeds โ€” satellite imagery, military flight tracking, vessel positions, GPS jamming data, media narratives, economic indicators โ€” and structures it into a daily threat assessment with source links you can verify yourself. Every number traces back to a public source. No classified data, no editorial opinion, no paywalls.

It runs on one VPS, checks 38 Russian military sites from space every day at 08:00 EET, and produces a composite threat score from 0 to 100.

polwarden augments, not replaces, professional intelligence analysis. Indicators may contain errors. Use as a starting point, not a sole source of truth.

Data sources

Every data point is verified, enriched, and classified before display. We never use LLM-generated data for factual claims โ€” all numbers come from official published sources.

Intelligence map โ€” real-time layers

LayerSource & methodFrequency
AircraftOpenSky Network ADS-B. Russian and Belarusian military and government aircraft. Each enriched with registration, model, operator from metadata API. Civilian traffic filtered. NATO/allied aircraft never tracked.Every 15 min
VesselsFinnish Digitraffic AIS. All Baltic Sea vessel positions enriched with name, IMO, type. Tracks Russian Navy, EU/UK-sanctioned shadow fleet tankers, and vessels near critical undersea infrastructure (Estlink, Balticconnector, C-Lion1, NordBalt).Every 15 min
ThermalNASA FIRMS VIIRS satellite detections at 38 monitored military sites. 375m resolution, ~2 passes/day. Detects vehicle fires, live-fire exercises, equipment testing.2ร— daily
GPS jamminggpsjam.org โ€” ADS-B-derived GPS interference zones from commercial aircraft navigation reports. Covers Kaliningrad, Pskov border, Belarus, St. Petersburg regions.Daily
RadiosondesSondeHub โ€” weather balloon tracking within 600 km of Baltic states. Known sonde types (RS41, DFM, M20) classified as routine; non-standard types flagged.Every 30 min
Satellite imageryCopernicus Sentinel-2 optical (10 m) + Sentinel-1 SAR radar (all-weather). ESRI World Imagery (~1 m) for base maps. AI analysis via Gemini 2.5 Flash for change detection at each site.Daily
Military OSINT17 defense analysis feeds: ICDS, CEPA, MilitaryLand.net, Oryx, Jamestown, War on the Rocks, Breaking Defense, Nordic Defence Review, Baltic defense ministries (EE, LV), Belarus MOD, NATO News.Every 4 hours
FrontlineDeepState โ€” daily frontline positions, occupied territory polygons, active combat zones, and attack direction vectors for the Russia-Ukraine war.Every 6 hours

Economy โ€” official sources only

MetricSourceTable
CPI / HICPStatistics Estonia PxWeb APIIA001, IA022
Average wagesStatistics EstoniaPA111
UnemploymentStatistics EstoniaTT065
GDP estimateStatistics EstoniaRAA0015
ElectricityElering NPS APIEE spot

Russia intelligence

SourceDescriptionFrequency
War lossesrussianwarship.rip โ€” Ukrainian General Staff daily reports. Personnel, tanks, IFVs, artillery, aviation, naval, UAVs.Daily
OryxOryx visually confirmed equipment losses. 19,000+ items with photographic evidence.Weekly
SBS killboardSBS Group independently verified destruction data.Daily
FrontlineDeepState active combat zones, attack directions, defensive positions.Every 6 hours
EconomyCentral Bank of Russia key rate, Rosstat CPI, RUB/USD via ECB. Estimated war cost model ($455/day per soldier).Daily
Public opinionLevada Center independent polling โ€” Putin approval, war support, trust in institutions, economic sentiment.Monthly

Narrative monitoring

SourceDescriptionVolume
RSS feeds26 feeds: Estonian/Latvian/Lithuanian media (RU & EN), Russian state media, counter-disinfo (EUvsDisinfo, Propastop, Bellingcat), defense analysis.~200/day
TelegramPublic channels tracked for narrative classification (5 codebook categories: N1โ€“N5).~150/week
FacebookPublic pages of tracked influence actors.~30/day
SanctionsOpenSanctions โ€” EU/US/UK sanctions cross-referenced with vessel and entity tracking.Weekly

Monitored military sites (38)

Each site is monitored via Sentinel-2 optical imagery, Sentinel-1 SAR radar (all-weather), ESRI high-resolution base maps, NASA FIRMS thermal detections, and daily AI-powered change analysis.

  • Tier 1 โ€” Direct border threat (<200 km from NATO): Kaliningrad (Chkalovsk, Baltiysk, Chernyakhovsk, Gusev, Donskoye), Pskov (76th VDV, Ostrov, Strugi Krasnye), Leningrad (Luga 6th CAA, Kamenka 138th MRB, Levashovo, Kronstadt), Belarus (Machulishchy, Baranovichi, Grodno, Brest, Osipovichi)
  • Tier 2 โ€” Staging and reserves: Klintsy, Smolensk, Bryansk, Tver Migalovo, Yelnya, Pogonovo, Mulino, Alabino, Nizhny Tagil UVZ
  • Tier 3 โ€” Strategic depth: Severomorsk (Northern Fleet), Olenya (Tu-22M3/MiG-31K), Shaykovka, Engels 2 (strategic bombers)
  • Tier 4 โ€” Southern/occupied: Morozovsk, Rostov Southern HQ, Saki, Sevastopol, Kursk Khalino, Millerovo, Voronezh Malshevo

Data quality

  • No LLM-generated numbers. Economy metrics come directly from government statistical APIs.
  • Every vessel has a name. AIS data enriched from Digitraffic metadata. No anonymous MMSI stubs.
  • Every aircraft has a registration. ADS-B enriched from OpenSky metadata. Civilian flights filtered.
  • NATO/allied forces never tracked. The public dashboard does not expose friendly force movements.
  • Zero false positives. Weather radiosondes classified as routine, commercial shipping filtered, civilian aircraft dropped.
  • Satellite analysis is AI-assisted. Gemini 2.5 Flash processes Sentinel-2 optical and Sentinel-1 SAR imagery daily. Human review for significant changes.

Integrations

TelegramDaily briefing โ€” zero setup
Bash + CronShell script polling the API
GrafanaJSON datasource for dashboards
Home AssistantREST sensor with automations
Audio PodcastDaily AI-generated briefing via TTS
API ReferenceAll public endpoints

Telegram

Join the public channel for a daily briefing at 08:00 EET with the composite threat index, active indicators, and a one-paragraph summary. No API keys, no setup.

โ†’ @estonia_safety_monitor

Bash + Cron

Poll the API and act on the result. This script sends a notification when the threat level is not GREEN.

polwarden-check.sh
#!/bin/bash
# 0 9 * * * /usr/local/bin/polwarden-check.sh
API="https://polwarden.eu/api/latest"
DATA=$(curl -sf "$API") || exit 1
LEVEL=$(echo "$DATA" | jq -r '.threat_level')
if [ "$LEVEL" != "GREEN" ]; then
  DATE=$(echo "$DATA" | jq -r '.date')
  echo "$DATA" | jq -r '.indicators[] | select(.status != "GREEN") |
    "  \(.status) [\(.category)] \(.label): \(.finding)"' |
    mail -s "polwarden: $LEVEL ($DATE)" [email protected]
fi

Grafana

Use the Infinity datasource plugin (JSON/REST) to add polwarden to your monitoring stack.

Install
grafana-cli plugins install yesoreyeram-infinity-datasource
systemctl restart grafana-server

Add datasource: Connections โ†’ Data sources โ†’ Infinity. Name it polwarden. No authentication required.

Stat panel โ€” threat level
Type:    JSON
URL:     https://polwarden.eu/api/latest
Root:    (blank)
Columns: threat_level โ†’ String, date โ†’ String
Table โ€” indicators
Type:    JSON
URL:     https://polwarden.eu/api/latest
Root:    indicators
Columns: status, category, label, finding โ†’ String

Home Assistant

configuration.yaml
rest:
  - resource: https://polwarden.eu/api/latest
    scan_interval: 3600
    sensor:
      - name: "Baltic Threat Level"
        value_template: "{{ value_json.threat_level }}"
        icon: mdi:shield-alert
        json_attributes: [date, summary]

Audio Podcast

A daily AI-generated audio briefing synthesized via ElevenLabs TTS. Covers the threat index, active indicators, satellite analysis highlights, and a narrative summary โ€” in a conversational tone.

โ†’ Listen to latest episode ยท Metadata JSON

API Reference

All endpoints return JSON. No authentication. CORS open.

Core

GET/api/latestMost recent report with all indicators
GET/api/todayToday's report (404 if not yet collected)
GET/api/report/{date}Report for a specific date
GET/api/history?days=90Threat level history
GET/api/datesAll available report dates
GET/api/threat-indexComposite Threat Index (0โ€“100) with sub-scores
GET/api/threat-index/history?days=30CTI time series
GET/api/metricsLatest socioeconomic metrics
GET/api/categories?days=90Per-category breakdown over time
GET/healthService health check

Satellite & Intelligence

GET/api/satellite/preview/{site_id}ESRI high-res preview image
GET/api/satellite/sentinel2/{site_id}Latest Sentinel-2 acquisition metadata
GET/api/satellite/analysis/{site_id}AI analysis for a site (optical + SAR)
GET/api/satellite/analysis-summaryAll sites summary with activity levels
GET/api/russia/intelRussia dashboard data (losses, economy, opinion)
GET/api/russia/mapMilitary sites with coordinates and analysis

Exports

GET/api/stix/report/{date}STIX 2.1 bundle
GET/api/stix/person/{id}Person entity as STIX
GET/api/briefing/{date}.htmlHTML intelligence briefing
GET/api/briefing/{date}.pdfPDF intelligence briefing
GET/api/podcast/latest.mp3Latest audio briefing
GET/api/podcast/metaPodcast episode metadata

Example

/api/latest
{
  "date": "2026-03-09",
  "threat_level": "YELLOW",
  "summary": "GPS jamming elevated near Kaliningrad...",
  "indicators": [
    {
      "status": "YELLOW",
      "category": "HYBRID",
      "label": "GPS Interference",
      "finding": "21.4% disruption rate in Baltic Sea corridor",
      "confidence": "HIGH",
      "source_url": "https://gpsjam.org"
    }
  ]
}