Assessment
assessment
The Assessment object describes a point-in-time assessment, check, or evaluation of a specific configuration or signal against an asset, entity, person, or otherwise. For example, this can encapsulate os_signals from CrowdStrike Falcon Zero Trust Assessments, or account for Datastore configurations from Cyera, or capture details of Microsoft Intune configuration policies.
Attributes
| Caption | Name | Type | Description |
|---|---|---|---|
| Category | category |
String |
The category that the assessment is part of. For example: Prevention or Windows 10.
|
| Description | desc |
String | The description of the assessment criteria, or a description of the specific configuration or signal the assessment is targeting. |
| Meets Criteria | meets_criteria |
Boolean |
Determines whether the assessment against the specific configuration or signal meets the assessments criteria. For example, if the assessment checks if a Datastore is encrypted or not, having encryption would be evaluated as true.
|
| Name | name |
String |
The name of the configuration or signal being assessed. For example: Kernel Mode Code Integrity (KMCI) or publicAccessibilityState.
|
| Assessment Policy | policy |
Policy[] | The details of any policy associated with an assessment. |
| Raw Data | raw_data |
JSON |
Group:contextThe event data as received from the event source. |
| Record ID | record_id |
String |
Group:primaryUnique identifier for the object |
| Unique ID | uid |
String |
The unique identifier of the configuration or signal being assessed. For example: the signal_id.
|
| Unmapped | unmapped |
Unmapped[] | Data from the source that was not mapped into the schema. |
Relationships
Inbound Relationships
These objects and events reference Assessment in their attributes:
Outbound Relationships
Assessment references the following objects and events in its attributes:
This page describes ocsf-1.4.0
Updated 10 days ago