Docs · Live signals
No single feed tells you whether an event is safe. A weather alert alone misses the protest. A protest alone misses the wildfire smoke. SignalGuard pulls from twenty-three independent live sources across four classes — Chatter, Environment, Movement, Context — scores each one against the same severity scale, and consolidates the picture for the people running the event.
This page is a plain-English tour of every signal grouped the same way they're grouped in the dashboard, the per-signal alert mute list on /notifications, and the executive PDF brief — so the taxonomy you learn here is the taxonomy you run the product against.
People talk about events before, during, and after they happen. Eight different platforms, eight different communities, eight different vantage points — from open-platform shouting to allowlist-curated channels and the global news cycle. We pull from all of them so the read isn't dominated by any one platform's tone.
The fastest pulse. Threats, complaints, and on-the-ground reports surface here first. Each post is read by the AI classifier and tagged Critical, High, Medium, or Low — with a written reason you can challenge.
Why we use it: speed. By the time something hits the news, X has already been posting about it for an hour.
Long-form context. Local subreddits ("r/LasVegas", "r/Coachella") are where attendees vent about logistics, organize meetups, and post warnings. Threat-coded keywords are scored the same way as X posts.
Why we use it: depth. Reddit threads explain *why* something is happening, not just that it is.
Smaller user base, but disproportionately journalists, civic organizers, and infrastructure-watchers. Catches stories X misses or buries.
Why we use it: signal where the noise hasn't caught up yet.
Decentralized — many independent servers. Strong overlap with international and activist communities. Useful for events with cross-border attendance or political dimension.
Why we use it: it surfaces conversation that platforms with heavy moderation actively suppress.
Allowlisted public channels — protest coordination, resale rings, counter-demo callouts, and football-firm chatter. Channel set is operator-curated, not crawled.
Why we use it: the protest organizing that no longer lives on open platforms still lives here. Real-data path activates when a gateway is configured.
Short-form video chatter — flash-mob style mobilization, ticket-plug accounts, walkout planning. Severity weights views-per-hour velocity, not raw view count.
Why we use it: virality cycles here are 24–48h, fast enough to matter for event-day staffing. Real-data path activates when Research API credentials land.
Video uploads about the venue, recent incidents, or recurring event franchises. Comment threads on those videos often contain protest plans, ticket-fraud warnings, and rumors that don't appear in text-only feeds.
Why we use it: a meaningful share of organizing happens in video comments now, not on text platforms.
A 24-hour-refreshed global news index that reads thousands of news outlets and flags articles mentioning protest, violence, terror, unrest, and security around the event, venue, or location. Tone-scored — a wave of negative coverage is itself a signal, even if no single headline is alarming.
Why we use it: the news cycle catches things social misses, and vice versa. Together they're stronger than either alone.
What's happening in the physical environment around the venue — weather, air, severe-weather outlooks, active fires, recent ground motion. These don't lie and don't trend. When the environment is the threat, every other signal is downstream.
Authoritative US government forecast plus active warnings (heat, severe storms, flood, wildfire smoke, hurricane, tornado). Includes the day-of-event high/low, wind, and rain probability for the venue.
Why we use it: weather is the single most common reason outdoor events get delayed, modified, or cancelled.
Live US AQI plus per-pollutant readings (PM2.5, PM10, ozone, NO₂, SO₂, CO) and a 24-hour forecast. Covers wildfire smoke, ozone alerts, dust, and inversion smog — anything that makes the air harder to breathe.
Why we use it: weather can be sunny and pleasant while the AQI is in the red. For outdoor events the air is the event.
NOAA Storm Prediction Center categorical outlooks for today and tomorrow — checks whether the venue's location falls inside an SPC risk polygon (TSTM through HIGH risk for tornadoes, hail, and damaging wind).
Why we use it: weather alerts tell you what's happening *now*. SPC tells you what to plan around tomorrow.
Satellite-detected active fire hotspots within a configurable radius of the venue, with distance, fire radiative power, and detection confidence. Pairs with the Air Quality card — FIRMS sees the fire, AQI sees the smoke.
Why we use it: a 25-mile-distant wildfire isn't an evacuation problem, but it's a smoke problem. And smoke shuts down outdoor events at AQI 150+.
Seismic events from the last 7 days within range of the venue, with magnitude, depth, and distance. Severity escalates with both magnitude and proximity — a M5 quake 10 km away reads very differently from a M6 quake 200 km away.
Why we use it: structures, stages, and crowd-loaded venues respond to ground motion poorly. Worth flagging anything recent.
What's actually moving in the physical space around the venue — aircraft overhead, traffic on access roads, flight restrictions and notices from the FAA, and live emergency-services chatter. These are the leading indicators that something has changed on the ground while the world was still posting about it.
Live aircraft positions over the venue — helicopters circling, low-altitude overflights, aircraft squawking emergency codes, persistent loitering. We don't see consumer drones (those broadcast a different signal), but everything with a transponder shows up.
Why we use it: a media helicopter circling at 1,500 ft over a music festival is not a routine event. It's a signal that *something* just happened.
Active Temporary Flight Restrictions issued by the FAA near the venue. These get issued for VIP visits, protests, wildfires, hazards, and major sporting events. Often the first formal acknowledgement that an area is sensitive.
Why we use it: TFRs are leading indicators. When one appears near your venue, the FAA already knows something we should know too.
Notices to Airmen — the official FAA advisory layer that covers VIP movement notices (often issued BEFORE a TFR drops), drone / UAS activity, airshows, parachute ops, airspace restrictions, and runway closures. Every TFR is a NOTAM, but most NOTAMs aren't TFRs.
Why we use it: NOTAMs catch the planned-but-not-yet- restricted layer. A drone NOTAM for the same day as your event is the strongest early warning you get for airspace activity OpenSky won't show, and a VIP-movement NOTAM is your tip that a TFR is coming.
Live road incidents in a tight ring around the venue — accidents, road closures, jams, lane closures, road work, weather hazards. Filterable by category so you can isolate "just road closures" or "just accidents."
Why we use it: most event-day operational headaches are traffic problems before they're security problems. A closure on the only access road affects every person trying to get in and every emergency vehicle trying to get out.
Public police / fire / EMS scanner feeds for the venue's county, sourced from Broadcastify. By default the card surfaces a click-through to the county feed listing — with an API key it enriches to a live feed list with listener counts.
Why we use it: real-time radio chatter is 20-40 minutes ahead of GDELT news and X. SignalGuard does not stream, cache, or transcribe audio — when you click a feed, playback happens on Broadcastify's hosted player. We surface the pointer; the human analyst listens.
The backdrop the rest of the signals get read against — federal advisories, baseline crime, active disaster declarations, and what else is happening around the venue commercially. Same chatter, same airspace, same weather reads differently in front of a different backdrop.
The current advisory from the Department of Homeland Security's National Terrorism Advisory System — the modern successor to the old color-coded threat level. Three tiers: Bulletin (informational), Elevated Alert, Imminent Alert. Most of the year there's no active advisory; when one is in effect we surface it as a banner above every brief.
Why we use it: when DHS issues an advisory, every event in the country needs to know. National in scope, but never national in attention until it appears.
Annual violent and property crime rates for the venue's city compared to the national average. Not a real-time signal — a backdrop. Tells you whether you're operating in a low- or high-risk environment by default.
Why we use it: same chatter reads differently in a sleepy suburb vs. a high-crime metro. This is the calibration.
Federally-declared disasters currently in effect for the venue's state — Major Disaster, Emergency, and Fire Management Assistance declarations. Authoritative, county-deduplicated, and grouped by incident.
Why we use it: when FEMA has declared something, the operational picture has already changed. Resource deployments, mass-care activations, evacuation routes — all of it stems from this list.
Counter-event detection — every ticketed concert, sports game, theater show, or family event within 10 miles of the venue in the days around your event. Includes sold-out status, venue capacity tier (large / medium / small), distance, and same-day overlap flag.
Why we use it: a sold-out 18K-capacity NBA game two blocks away on the same night completely reshapes ingress, transit, and adjacent-area policing demand. None of the other 22 signals see that — Ticketmaster does.
Points of interest within 500 m of the venue — bars, clubs, transit hubs, hotels, hospitals, police precincts, adjacent crowd magnets. Categorized so you can read crowd flow at a glance: lots of bars within 300 m = pre-event drinking cluster; transit hub within 200 m = ingress chokepoint.
Why we use it: severity here isn't threat, it's operational complexity. A venue in a dense bar district with a major transit station next door demands a different staffing plan than a suburban arena. The POI map tells you which one you're walking into.
The 23 signals above are raw data — what's true, where, and how recently. Two AI-generated panels sit on top of them and do something the data alone can't: tell you the story across the sources, and what to do about it. Both are produced in a single Claude Haiku 4.5 call after the scan finishes. The model sees a compacted version of every signal at once, with its severity scores and key metrics.
A 3–4 sentence narrative that reads all 23 signals together and explains what's actually happening. It identifies the genuine concerns, the false alarms, and the connections between sources — for example, the active FEMA fire declaration plus a forecast wind shift plus a current AQI reading combining into one operational risk. Sits at the top of every brief and as the lead block on the PDF cover.
Why it matters: 17 facts on a page is not a story. The synthesis is the story.
Two to four concrete next steps, each starting with a verb and referencing specific data from the brief. On a quiet day this collapses to a single line: "Continue routine monitoring; no action required." On a busy day it's a checklist a security lead can hand to the team. Sits below the Mastodon card on the FE and at the top of the Intelligence Summary section in the PDF.
Why it matters: a brief that doesn't end with "do this next" is a passive read. This makes it operational.
The model sees a compact summary (severity scores, headline metrics, top items per source) — not the full payload. It is asked to use only the data given and never to invent specifics. If the AI service is unavailable or the API key is missing, both panels degrade silently — the rest of the brief still renders fine.
Any one of these signals lies if you read it alone. Social chatter is noisy. Crime baseline is stale. Weather can be a quiet day on a high-tension week. News lags. Aircraft circle for ordinary reasons. A single TFR could be a routine presidential-visit notice with no bearing on your event.
Together, they triangulate. Three of these flagging at the same time is a real signal. One flagging is something to watch. None flagging is what an actual quiet day looks like — and knowing the difference is the whole point.
Each scan rolls all twenty-one signals into a single overall score, alongside the per-source detail so you can see exactly what's driving the number. If you disagree with the call, the reasoning is on the page; you can override it on the spot.