Document Details

Anomalies Reference
Home / Scan #234 / Anomalies Reference
Sad Tux - Windows bias detected
This page contains Windows bias

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
GitHub View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Detected Bias Types
windows_first
missing_linux_example
windows_tools
Summary
The documentation page exhibits a Windows bias by focusing heavily on Windows-specific data sources (e.g., Windows Security logs, Event IDs 4624/4625) for anomaly detection, especially in the machine learning-based anomalies section. There is a lack of equivalent examples or references for Linux systems (such as Linux audit logs or syslog), and Windows tools and patterns (like PowerShell and Windows event IDs) are mentioned exclusively or before any Linux alternatives. No Linux-specific anomaly rules, log sources, or event patterns are discussed, and no Linux-centric guidance is provided.
Recommendations
  • Add Linux-specific anomaly detection examples, such as using Linux audit logs, syslog, or SSH authentication logs.
  • Include equivalent Linux event patterns (e.g., failed SSH logins, suspicious sudo activity) alongside Windows event IDs.
  • Mention Linux tools and log sources (e.g., /var/log/auth.log, auditd, journald) in anomaly rule descriptions.
  • Provide guidance or links for configuring Linux log collection and anomaly detection in Sentinel.
  • Ensure parity in documentation by presenting both Windows and Linux scenarios for common attack techniques (e.g., brute force, privilege escalation, code execution).
GitHub Create Pull Request

Scan History

Date Scan Status Result
2026-01-22 01:38 #286 completed Biased Biased
2026-01-14 00:00 #250 in_progress Biased Biased
2026-01-13 00:00 #246 completed Biased Biased
2026-01-11 00:00 #240 completed Biased Biased
2026-01-10 00:00 #237 completed Biased Biased
2026-01-09 00:34 #234 completed Biased Biased
2026-01-08 00:53 #231 completed Biased Biased
2026-01-06 18:15 #225 cancelled Clean Clean
2025-09-09 00:00 #106 completed Clean Clean
2025-08-17 00:01 #83 cancelled Clean Clean
2025-07-13 21:37 #48 completed Clean Clean
2025-07-12 23:44 #41 cancelled Clean Clean