Assessment

assessment

The Assessment object describes a point-in-time assessment, check, or evaluation of a specific configuration or signal against an asset, entity, person, or otherwise. For example, this can encapsulate os_signals from CrowdStrike Falcon Zero Trust Assessments, or account for Datastore configurations from Cyera, or capture details of Microsoft Intune configuration policies.

Attributes

Caption	Name	Type	Description
Category	`category`	String	The category that the assessment is part of. For example: `Prevention` or `Windows 10`.
Description	`desc`	String	The description of the assessment criteria, or a description of the specific configuration or signal the assessment is targeting.
Meets Criteria	`meets_criteria`	Boolean	Determines whether the assessment against the specific configuration or signal meets the assessments criteria. For example, if the assessment checks if a `Datastore` is encrypted or not, having encryption would be evaluated as `true`.
Name	`name`	String	The name of the configuration or signal being assessed. For example: `Kernel Mode Code Integrity (KMCI)` or `publicAccessibilityState`.
Assessment Policy	`policy`	Policy[]	The details of any policy associated with an assessment.
Raw Data	`raw_data`	JSON	Group:`context` The event data as received from the event source.
Record ID	`record_id`	String	Group:`primary` Unique identifier for the object
Unique ID	`uid`	String	The unique identifier of the configuration or signal being assessed. For example: the `signal_id`.
Unmapped	`unmapped`	Unmapped[]	Data from the source that was not mapped into the schema.

Relationships

Inbound Relationships

These objects and events reference Assessment in their attributes:

Outbound Relationships

Assessment references the following objects and events in its attributes:

This page describes ocsf-1.4.0