Class: Assessment
The Assessment object describes a point-in-time assessment, check, or
evaluation of a specific configuration or signal against an asset, entity,
person, or otherwise. For example, this can encapsulate os_signals
from CrowdStrike Falcon Zero Trust Assessments, or account for
Datastore configurations from Cyera, or capture details of
Microsoft Intune configuration policies.
URI: ocsf:Assessment
classDiagram
class Assessment
click Assessment href "../Assessment/"
Entity <|-- Assessment
click Entity href "../Entity/"
Assessment : category
Assessment : desc
Assessment : meets_criteria
Assessment : name
Assessment : policy
Assessment --> "0..1" Policy : policy
click Policy href "../Policy/"
Assessment : uid
Inheritance
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| category | 0..1 String |
The category that the assessment is part of | direct |
| desc | 0..1 recommended String |
The description of the assessment criteria, or a description of the specific | direct |
| meets_criteria | 1 Boolean |
Determines whether the assessment against the specific configuration or signa... | direct |
| name | 0..1 recommended String |
The name of the configuration or signal being assessed | direct |
| policy | 0..1 Policy |
The details of any policy associated with an assessment | direct |
| uid | 0..1 recommended String |
The unique identifier of the configuration or signal being assessed | direct |
Usages
| used by | used in | type | used |
|---|---|---|---|
| Compliance | assessments | range | Assessment |
| ConfigState | assessments | range | Assessment |
In Subsets
Aliases
- Assessment
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | ocsf:Assessment |
| native | ocsf:Assessment |
LinkML Source
Direct
name: Assessment
description: 'The Assessment object describes a point-in-time assessment, check, or
evaluation of a specific configuration or signal against an asset, entity,
person, or otherwise. For example, this can encapsulate <code>os_signals</code>
from CrowdStrike Falcon Zero Trust Assessments, or account for
<code>Datastore</code> configurations from Cyera, or capture details of
Microsoft Intune configuration policies.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Assessment
is_a: Entity
slots:
- category
- desc
- meets_criteria
- name
- policy
- uid
slot_usage:
category:
name: category
description: 'The category that the assessment is part of. For example:
<code>Prevention</code> or <code>Windows 10</code>.'
desc:
name: desc
description: 'The description of the assessment criteria, or a description of
the specific
configuration or signal the assessment is targeting.'
recommended: true
meets_criteria:
name: meets_criteria
description: 'Determines whether the assessment against the specific configuration
or signal
meets the assessments criteria. For example, if the assessment checks if a
<code>Datastore</code> is encrypted or not, having encryption would be
evaluated as <code>true</code>.'
required: true
name:
name: name
description: 'The name of the configuration or signal being assessed. For example:
<code>Kernel Mode Code Integrity (KMCI)</code> or
<code>publicAccessibilityState</code>.'
recommended: true
policy:
name: policy
description: The details of any policy associated with an assessment.
uid:
name: uid
description: 'The unique identifier of the configuration or signal being assessed.
For
example: the <code>signal_id</code>.'
Induced
name: Assessment
description: 'The Assessment object describes a point-in-time assessment, check, or
evaluation of a specific configuration or signal against an asset, entity,
person, or otherwise. For example, this can encapsulate <code>os_signals</code>
from CrowdStrike Falcon Zero Trust Assessments, or account for
<code>Datastore</code> configurations from Cyera, or capture details of
Microsoft Intune configuration policies.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Assessment
is_a: Entity
slot_usage:
category:
name: category
description: 'The category that the assessment is part of. For example:
<code>Prevention</code> or <code>Windows 10</code>.'
desc:
name: desc
description: 'The description of the assessment criteria, or a description of
the specific
configuration or signal the assessment is targeting.'
recommended: true
meets_criteria:
name: meets_criteria
description: 'Determines whether the assessment against the specific configuration
or signal
meets the assessments criteria. For example, if the assessment checks if a
<code>Datastore</code> is encrypted or not, having encryption would be
evaluated as <code>true</code>.'
required: true
name:
name: name
description: 'The name of the configuration or signal being assessed. For example:
<code>Kernel Mode Code Integrity (KMCI)</code> or
<code>publicAccessibilityState</code>.'
recommended: true
policy:
name: policy
description: The details of any policy associated with an assessment.
uid:
name: uid
description: 'The unique identifier of the configuration or signal being assessed.
For
example: the <code>signal_id</code>.'
attributes:
category:
name: category
description: 'The category that the assessment is part of. For example:
<code>Prevention</code> or <code>Windows 10</code>.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Category
rank: 1000
alias: category
owner: Assessment
domain_of:
- Osint
- Vulnerability
- Analytic
- Assessment
- Compliance
- DataClassification
- Rule
- Trait
range: string
desc:
name: desc
description: 'The description of the assessment criteria, or a description of
the specific
configuration or signal the assessment is targeting.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Description
rank: 1000
alias: desc
owner: Assessment
domain_of:
- Osint
- RelatedEvent
- Remediation
- Vulnerability
- Advisory
- Analytic
- ApplicationObject
- Assessment
- Check
- CisBenchmark
- CisBenchmarkResult
- CisControl
- Compliance
- Cve
- Database
- Databucket
- Enrichment
- File
- FindingObject
- FindingInfo
- Graph
- Group
- Job
- Location
- Node
- Policy
- Rule
- Table
- WebResource
- Device
- IncidentFinding
range: string
recommended: true
meets_criteria:
name: meets_criteria
description: 'Determines whether the assessment against the specific configuration
or signal
meets the assessments criteria. For example, if the assessment checks if a
<code>Datastore</code> is encrypted or not, having encryption would be
evaluated as <code>true</code>.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Meets Criteria
rank: 1000
alias: meets_criteria
owner: Assessment
domain_of:
- Assessment
range: boolean
required: true
name:
name: name
description: 'The name of the configuration or signal being assessed. For example:
<code>Kernel Mode Code Integrity (KMCI)</code> or
<code>publicAccessibilityState</code>.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Name
rank: 1000
alias: name
owner: Assessment
domain_of:
- AnalysisTarget
- Observable
- Os
- Osint
- Package
- Parameter
- PrivilegeInfo
- San
- Scim
- Script
- ServicePrivilegeAnalysis
- SoftwareComponent
- Sso
- StartupItem
- ThreatActor
- Token
- Entity
- Resource
- Account
- Agent
- AiModel
- Aircraft
- Analytic
- ApplicationObject
- Assessment
- AutonomousSystem
- Campaign
- Check
- CisBenchmark
- CisBenchmarkResult
- CisControl
- ClassifierDetails
- Container
- D3fTactic
- D3fTechnique
- Database
- Databucket
- DomainContact
- Edge
- Endpoint
- Enrichment
- EnvironmentVariable
- Evidences
- Extension
- Feature
- File
- Graph
- Group
- HttpCookie
- HttpHeader
- Idp
- Image
- Job
- Kernel
- KeyValueObject
- LoadBalancer
- Logger
- Malware
- ManagedEntity
- MessageContext
- Metric
- Mitigation
- NetworkInterface
- Node
- Organization
- PeripheralDevice
- Policy
- ProcessEntity
- Product
- QueryInfo
- Reporter
- ResourceDetails
- Rule
- Scan
- Service
- SubTechnique
- Table
- Tactic
- Technique
- Trait
- TransformationInfo
- UnmannedAerialSystem
- User
- WebResource
- Device
- FtpActivity
- RegValue
- WinResource
- WinService
- PrefetchQuery
range: string
recommended: true
policy:
name: policy
description: The details of any policy associated with an assessment.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Policy
rank: 1000
alias: policy
owner: Assessment
domain_of:
- PermissionAnalysisResult
- AdditionalRestriction
- Assessment
- Authorization
- DataClassification
- DataSecurity
- ManagedEntity
- SecurityControlProfile
- ScanActivity
- AccountChange
range: Policy
uid:
name: uid
description: 'The unique identifier of the configuration or signal being assessed.
For
example: the <code>signal_id</code>.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Unique ID
rank: 1000
alias: uid
owner: Assessment
domain_of:
- Osint
- Package
- ProgrammaticCredential
- RelatedEvent
- Request
- Sbom
- Scim
- Script
- Session
- Span
- Sso
- Ticket
- Token
- Trace
- Entity
- Resource
- Account
- Advisory
- Agent
- AiModel
- Aircraft
- Analytic
- ApplicationObject
- Assessment
- Certificate
- Check
- ClassifierDetails
- Container
- Cve
- Cwe
- D3fTactic
- D3fTechnique
- DataClassification
- Database
- Databucket
- DomainContact
- Edge
- Email
- Endpoint
- Evidences
- Extension
- Feature
- File
- FindingObject
- FindingInfo
- Graph
- Group
- HttpRequest
- Idp
- Image
- KbArticle
- LoadBalancer
- Logger
- Malware
- ManagedEntity
- MessageContext
- Metadata
- Mitigation
- NetworkConnectionInfo
- NetworkEndpoint
- NetworkInterface
- Node
- Organization
- PeripheralDevice
- Policy
- ProcessEntity
- Product
- QueryInfo
- Reporter
- Rule
- Scan
- Service
- SubTechnique
- Table
- Tactic
- Technique
- Trait
- TransformationInfo
- UnmannedAerialSystem
- User
- WebResource
- Device
- WinResource
range: string
recommended: true