EDR signals for custom expressions

When you use the Okta Expression Language (EL) to create custom expressions for devices, you can use the trust signals collected by Okta Verify from endpoint detection and response (EDR) vendors. Okta calculates a risk score based on multiple device properties such as account activity or inactivity, account metadata, or password strength. All these factors provide a comprehensive view of your device security.

CrowdStrike

This table lists the device provider attributes (trust signals) that Okta Verify can collect from CrowdStrike.

Attribute

Description

Type

Example

device.provider.zta.os

Defined by CrowdStrike. Obtains an integer. The higher the number, the more trustworthy the device.

Integer

device.provider.zta.o <= 60

device.provider.zta.overall

Defined by CrowdStrike. Obtains an integer. The higher the number, the more trustworthy the device.

Integer

device.provider.zta.os >= 60

device.provider.zta.sensorConfig

Defined by CrowdStrike. Obtains a number that represents an enum.

Integer

device.provider.zta.sensorConfig == 2

If you use CrowdStrike, sign in to your account and read these Zero Trust Assessment user guides:

Windows Security Center

This table lists the device provider attributes (trust signals) that Okta Verify can collect from Windows Security Center.

Attribute

Description

Type Example
device.provider.wsc.antiVirus

Obtains the status of all anti-virus products on the device.

String

Returns one of the following signals:

  • GOOD: There’s no action required.

  • NOT_MONITORED: Windows Security Center doesn't monitor the firewall status.

  • POOR: The device could be at risk.

  • SNOOZE: Windows Security Center is in a snooze state, so it doesn't protect the device.

  • UNKNOWN: Okta Verify didn't collect the signal.

device.provider.wsc.fireWall

Obtains the status of the firewall on the device.

device.provider.wsc.autoUpdateSettings

Obtains the status of the auto-update settings on the device.

device.provider.wsc.internetSettings

Obtains the status of the internet settings on the device.

device.provider.wsc.userAccountControl

Obtains the status of the User Account Control on the device.

device.provider.wsc.securityCenterService

Obtains the status of the Windows Security Center service.

Related topics