Welcome to Contextal Platform Documentation
Welcome to the official documentation for Contextal Platform - an advanced, open-source technology designed for threat detection and contextual data processing. Our goal was to develop a solution that offers users full control over how it operates and what actions it takes.
You can use Contextal Platform to create advanced proactive detections, enforce custom data policies in your organization, explore contextual details, conduct threat research, and more!
Key Features of Contextal Platform
Contextual Detection
Contextal Platform goes beyond conventional detection methods by employing contextual threat analysis. While traditional systems often rely on static signatures or isolated rule sets, our platform allows creating generic situational scenarios, which take into account global context, relations, metadata, time, anomalies, content, and other factors to trigger specific actions.
Custom Scenarios with ContexQL
One of the most powerful and unique features of Contextal Platform is the ability to write and deploy custom detection scenarios using the ContexQL query language. You can customize every aspect of your data processing pipeline, from threat detection to advanced data analysis.
Open Source Transparency
As an Open Source, GPLv3 licensed project, every aspect of the platform's architecture and code is visible and available for audit, modification, and extension by the users. You avoid both vendor lock-in and hidden processes running behind the scenes.
AI Powered & Optimized
Contextal Platform makes use of AI in its data processors, utilizing neural networks and machine learning techniques to perform advanced tasks like natural language processing and image classification. Importantly, all AI operations happen locally on your infrastructure - no data is ever exposed to third-party providers, ensuring that your sensitive information stays private at all times. Additionally, the platform's powerful data extraction capabilities provide a rich set of features that can be directly utilized for training your own machine learning models.
Robust Design
Created by the original authors of ClamAV, Contextal Platform is built upon decades of cybersecurity expertise. We designed the platform to address weaknesses and limitations in existing solutions, and make it possible to easily and effectively deal with complex threats.
Real-Time Processing and Analysis
Contextal Platform provides a real-time processing pipeline that ingests data from multiple sources and runs it through a network of specialized data processors. These processors are designed to analyze and extract metadata from various file formats and other data sources. The results of the processing are immediately available for querying, correlation, and visualization.
Security and Scalability
We’ve gone the extra mile to ensure that sensitive operations are entirely isolated, workers containerized, and our backend and data processors are written in Rust – a language renowned for its security features. Contextal Platform can detect its own malfunctions, and yes - you can write scenarios for such situations!
The modular architecture at the same time allows you to scale the system horizontally by adding more processing nodes as needed, making Contextal Platform handle massive data loads with ease.
Use Cases
Proactive Threat Detection
Contextal Platform has been designed with advanced and proactive threat detection in mind. Using contextual scenarios it's possible to describe the nature of attacks in a more abstract way, avoiding reliance on specific content details that would limit their use to a single instance, as it's often the case with legacy security software. Additionally, the scenarios can incorporate a global context, enabling the analysis to consider information beyond just the currently processed data, which makes it easy to detect entire malware and spam campaigns more effectively. See our scenarios section for some good examples!
Data Governance
Contextal Platform supports a wide range of data formats, can extract text from various sources, perform Optical Character Recognition (OCR), identify natural and programming languages, analyze text sentiment, detect sensitive data such as passwords or credit card numbers, and even classify images using neural networks to detect NSFW content. This combination of features provides unparalleled control and visibility over the data flowing through your organization, enabling you to implement sophisticated data policies and Data Leak Prevention (DLP) strategies.
Critical Infrastructure Protection
Due to Contextal Platform's secure design and transparency, it's the ideal choice for mission-critical applications, such as the protection of critical infrastructure. In addition to its advanced threat detection capabilities, you can configure the platform to operate in data firewall mode - only allowing data that conforms to strict scenarios while blocking anything undefined. This ensures a highest level of control and protection in the most sensitive environments.
Threat Intelligence
Contextal Platform, combined with Contextal Console, offers an outstanding threat intelligence toolkit. You can easily upload files directly from your browser, visually analyze the resulting graphs, and explore produced artifacts in a highly interactive environment. With the ability to search, compare, and share results with other users, the platform supports collaborative threat analysis. The beautiful, polished interface of Contextal Console, along with the built-in ContexQL code editor, makes it a real joy to work with!
How to Get Started
Explore this documentation to understand how to set up, configure, and fully utilize the Contextal Platform. We first recommend taking the tutorial, playing with example scenarios and Contextal Console, to get a better feel of the platform, before digging into details!
Need Help?
We are here to help! We have set up our community forum to assist Contextal users and provide a place, where users can help each other.