Available EDR signals for custom expressions

When you use the Okta Expression Language (EL) to create a custom expression for devices, you can use the trust signals Okta Verify can collect from select endpoint detection and response (EDR) vendors.

CrowdStrike

This table lists the device provider attributes (trust signals) that Okta Verify can collect from CrowdStrike.

Attribute

Description

Type

Example

device.provider.zta.os

Defined by CrowdStrike. Obtains an integer. The higher the number, the more trustworthy the device.

Integer

device.provider.zta.o <= 60

device.provider.zta.overall

Defined by CrowdStrike. Obtains an integer. The higher the number, the more trustworthy the device.

Integer

device.provider.zta.os >= 60

device.provider.zta.sensorConfig

Defined by CrowdStrike. Obtains a number that represents an enum.

Integer

device.provider.zta.sensorConfig == 2

See the following cloud-specific Zero Trust Assessment console user guides:

Windows Security Center

This table lists the device provider attributes (trust signals) that Okta Verify can collect from Windows Security Center.

Attribute

Description

Type Example
device.provider.wsc.antiVirus

Obtains the status of all anti-virus products on the device.

String

Returns one of the following:

  • GOOD: the status is good. User attention is not required.

  • NOT_MONITORED: the status is not monitored by Windows Security Center.

  • POOR: the status is not good. The device could be at risk.

  • SNOOZE: Windows Security Center is in a snooze state, so it is not actively protecting the device.

  • UNKNOWN: the status is not known. Okta Verify failed to collect the signal.

device.provider.wsc.fireWall

Obtains the status of the firewall on the device.

device.provider.wsc.autoUpdateSettings

Obtains the status of the auto-update settings on the device.

device.provider.wsc.internetSettings

Obtains the status of the internet settings on the device.

device.provider.wsc.userAccountControl

Obtains the status of the User Account Control on the device.

device.provider.wsc.securityCenterService

Obtains the status of the Windows Security Center service.

Related topics