Bias Analysis
Detected Bias Types
windows_tools
windows_first
missing_linux_example
Summary
The documentation page demonstrates a Windows bias by referencing Windows-specific concepts and tools (e.g., NTDomain, NetBiosName, SID, RegistryKey/Hive, WindowsSecurityZoneType, AlternateDataStreamName) throughout the entity schemas. Windows terminology is consistently used first or exclusively, while Linux equivalents (such as UID/GID, /etc/passwd, Linux file attributes, or Linux registry alternatives) are not mentioned or described. There are no examples or schema attributes for Linux-specific entities, and fields like OSFamily and OSVersion only list Linux as an option without further detail or parity in examples.
Recommendations
- Add Linux-specific identifiers and examples for entities such as Account (e.g., UID, GID, /etc/passwd), Host (e.g., hostname, /etc/hostname, domain concepts in Linux), and File (e.g., inode, file permissions, SELinux context).
- Include Linux registry alternatives or clarify that RegistryKey/RegistryValue are Windows-only concepts.
- Provide parity in documentation by listing Linux attributes and patterns alongside Windows ones, especially in tables and schema definitions.
- Add examples of Linux-specific entity mapping and investigation, such as mapping Linux process attributes (e.g., /proc, systemd unit names) and Linux log sources.
- Clarify which fields are applicable to Windows, Linux, or both, and provide guidance for cross-platform environments.
Create Pull Request