Document Details

Normalization Content
Home / Scan #231 / Normalization Content
Sad Tux - Windows bias detected
This page contains Windows bias

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
GitHub View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Detected Bias Types
powershell_heavy
windows_tools
missing_linux_example
windows_first
Summary
The documentation page exhibits a notable Windows bias. Many of the process activity hunting queries and analytics rules focus on Windows-specific tools (e.g., PowerShell, rundll32.exe, certutil, Exchange PowerShell Snapin, cscript, AdFind, Powercat, Nishang), and several queries explicitly reference Windows system events (e.g., Windows System Shutdown/Reboot). There are no equivalent Linux or cross-platform examples provided, nor is there mention of Linux-specific tools or attack patterns. The documentation consistently prioritizes Windows-centric scenarios and tools, with little to no consideration for Linux environments.
Recommendations
  • Add Linux-specific examples for process activity, such as detection of suspicious bash scripts, cron job persistence, or use of common Linux attack tools (e.g., netcat, bash reverse shells, python one-liners).
  • Include analytics rules and hunting queries that target Linux system events (e.g., unauthorized sudo usage, suspicious modifications to /etc/passwd or /etc/shadow, abnormal SSH activity).
  • Provide parity for registry and file activity by referencing Linux equivalents (e.g., monitoring changes to important configuration files, detection of rootkit installation attempts).
  • Balance PowerShell and Windows tool coverage with Linux shell and utility coverage (e.g., grep, awk, sed, systemctl, journalctl).
  • Explicitly state cross-platform applicability where possible, and clarify which content is Windows-only versus platform-agnostic.
  • Consider adding a section or table that maps Windows-centric detections to their Linux equivalents to help users adapt content for non-Windows environments.
GitHub Create Pull Request

Scan History

Date Scan Status Result
2026-01-14 00:00 #250 in_progress Biased Biased
2026-01-13 00:00 #246 completed Biased Biased
2026-01-11 00:00 #240 completed Biased Biased
2026-01-10 00:00 #237 completed Biased Biased
2026-01-09 00:34 #234 completed Clean Clean
2026-01-08 00:53 #231 completed Biased Biased
2026-01-06 18:15 #225 cancelled Clean Clean
2025-08-17 00:01 #83 cancelled Clean Clean
2025-07-13 21:37 #48 completed Biased Biased
2025-07-12 23:44 #41 cancelled Biased Biased