Assessment
assessment
The Assessment object describes a point-in-time assessment, check, or evaluation of a specific configuration or signal against an asset, entity, person, or otherwise. For example, this can encapsulate os_signals from CrowdStrike Falcon Zero Trust Assessments, or account for Datastore configurations from Cyera, or capture details of Microsoft Intune configuration policies.
Attributes
| Caption | Name | Type | Description |
|---|---|---|---|
| Category | category | String | The category that the assessment is part of. For example: Prevention or Windows 10. |
| Description | desc | String | The description of the assessment criteria, or a description of the specific configuration or signal the assessment is targeting. |
| Meets Criteria | meets_criteria | Boolean | Determines whether the assessment against the specific configuration or signal meets the assessments criteria. For example, if the assessment checks if a Datastore is encrypted or not, having encryption would be evaluated as true. |
| Name | name | String | The name of the configuration or signal being assessed. For example: Kernel Mode Code Integrity (KMCI) or publicAccessibilityState. |
| Assessment Policy | policy | Policy[] | The details of any policy associated with an assessment. |
| Raw Data | raw_data | JSON | Group: |
| Record ID | record_id | String | Group: |
| Unique ID | uid | String | The unique identifier of the configuration or signal being assessed. For example: the signal_id. |
| Unmapped | unmapped | Unmapped[] | Data from the source that was not mapped into the schema. |
Relationships
Inbound Relationships
These objects and events reference Assessment in their attributes:
Outbound Relationships
Assessment references the following objects and events in its attributes:
This page describes qdm-1.5.1+ocsf-1.6.0
Updated 13 days ago