Introduction
The scenarios functionality is one of the most powerful and unique capabilities of Contextal Platform, allowing defining and automating advanced actions based on the nature, characteristics, relations, and other features of the data being analyzed. Scenarios are written in the platform's custom language, ContexQL.
As part of the subscription plans, Contextal Platform automatically downloads and updates the scenarios database. Combined with local AI models and powerful processors, the scenarios detect hundreds of attack types and map them to MITRE ATT&CK® techniques wherever applicable. Unlike most black-box solutions, advanced users can adjust existing scenarios or create new ones to adjust detection to their specific workflows.
With scenarios, it's possible to:
- detect and respond to security threats based on their nature, and not just low level patterns
- trigger actions such as
BLOCK,ALLOW,QUARANTINE,ALERT, or other custom-defined responses when certain conditions are met - operate not only in the context of the local data, but take into account data historically processed by the platform (global context)
- turn Contextal Platform into a data firewall by only allowing specific data to pass through, enforcing strict governance and maximum security in mission critical applications
- chain signature detections across multiple objects and relationships - a scenario can trigger when patterns are detected in related objects, or when multiple conditions are satisfied across different data points, see Malware Scanning
Contextal Platform enhances the effectiveness of scenarios by integrating them deeply into the data flow. It performs real-time contextual analysis of each object and builds relation graphs further utilized by scenarios. This allows for advanced queries applied not only within individual objects but across a network of related entities.