When used in a Palo Alto Networks custom threat signature, an integer context allows administrators to trigger a signature based on specific numerical values found within a protocol’s metadata or header fields rather than a text string. These contexts are typically used to evaluate lengths, counts, or numeric flags—such as the size of an HTTP body (http-rsp-body-len), the number of files in a compressed archive, or the specific error code returned by a server. By applying relational operators (such as greater than, less than, or equal to) to these values, you can detect anomalous behavior that text-based signatures might miss, such as unusually large DNS queries or suspicious HTTP response sizes that could indicate data exfiltration.