Global Context
When using the local ContexQL query in a scenario, operations are applied within the context of the graph generated for the currently processed input object. For instance, if the platform is processing an object of Email type, the graph will contain information about all extracted texts, attachments, and metadata from the email message. This setup already allows for complex relationship and metadata queries. However, Contextal Platform extends its capabilities even further with the global context concept to manage more advanced cases.
The global context feature introduces two additional elements to scenarios (which are part of the optional context structure):
global_querymin_matches
The global_query is a ContexQL query that runs outside the scope of the current input object's graph. Instead, it operates on graphs generated from other input objects processed globally by the platform, providing a broader perspective. This allows you to identify whether characteristics spotted across multiple objects in the system are relevant to the currently processed data. The min_matches defines the minimum number of graphs that must satisfy the global query for it to be considered successful.
Use Cases
The global context query is a powerful tool, enabling you to ask broad questions like "Have you seen specific characteristics in recently processed objects, and in how many?" This technique is useful for validating local queries before triggering actions or for detecting large-scale phishing, malware, or spam campaigns, allowing for smarter and more effective responses to threats based on global data awareness. For more examples and creative uses, check out the Scenarios Examples section.