Assessment

assessment

The Assessment object describes a point-in-time assessment, check, or evaluation of a specific configuration or signal against an asset, entity, person, or otherwise. For example, this can encapsulate os_signals from CrowdStrike Falcon Zero Trust Assessments, or account for Datastore configurations from Cyera, or capture details of Microsoft Intune configuration policies.

Attributes

CaptionNameTypeDescription
CategorycategoryStringThe category that the assessment is part of. For example: Prevention or Windows 10.
DescriptiondescStringThe description of the assessment criteria, or a description of the specific configuration or signal the assessment is targeting.
Meets Criteriameets_criteriaBooleanDetermines whether the assessment against the specific configuration or signal meets the assessments criteria. For example, if the assessment checks if a Datastore is encrypted or not, having encryption would be evaluated as true.
NamenameStringThe name of the configuration or signal being assessed. For example: Kernel Mode Code Integrity (KMCI) or publicAccessibilityState.
Assessment PolicypolicyPolicy[]The details of any policy associated with an assessment.
Raw Dataraw_dataJSONGroup:context

The event data as received from the event source.
Record IDrecord_idStringGroup:primary

Unique identifier for the object
Unique IDuidStringThe unique identifier of the configuration or signal being assessed. For example: the signal_id.
UnmappedunmappedUnmapped[]Data from the source that was not mapped into the schema.

Relationships

Assessment shown in context

Inbound Relationships

These objects and events reference Assessment in their attributes:

Outbound Relationships

Assessment references the following objects and events in its attributes:

This page describes qdm-1.5.1+ocsf-1.6.0