Document Details

Fusion Scenario Reference
Home / Scan #234 / Fusion Scenario Reference
Sad Tux - Windows bias detected
This page contains Windows bias

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
GitHub View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Detected Bias Types
powershell_heavy
windows_tools
windows_first
missing_linux_example
Summary
The documentation page demonstrates a Windows bias through frequent references to Windows-specific technologies (PowerShell, WMI), tools (Microsoft Defender for Endpoint, formerly MDATP), and patterns (remote WMI execution, PowerShell command line). Examples and scenarios focus on Windows endpoints and do not mention or provide parity for Linux equivalents (e.g., Bash, SSH, Linux endpoint telemetry). Linux-specific attack patterns, tools, or detection methods are absent, and Windows-centric terminology is used throughout, with no corresponding Linux guidance or examples.
Recommendations
  • Add scenarios and detection patterns for Linux endpoints, including common Linux attack techniques (e.g., SSH brute force, Bash script execution, Linux credential dumping tools like 'LaZagne' or 'John the Ripper').
  • Provide examples of malicious activity using Linux-native tools (e.g., suspicious Bash commands, cron job abuse, systemd manipulation) alongside PowerShell and WMI examples.
  • Reference Linux-compatible security solutions (e.g., Microsoft Defender for Endpoint for Linux, auditd, syslog, Linux firewall logs) in data connector sources and scenario descriptions.
  • Ensure parity in threat detection coverage by describing how Fusion correlates signals from Linux systems and cloud-native Linux resources, not just Windows VMs and services.
  • Explicitly mention Linux attack frameworks (e.g., Metasploit, Cobalt Strike on Linux, custom Python scripts) and how their activity would be detected.
  • Balance the use of Windows-specific terminology with Linux equivalents, and avoid presenting Windows tools/patterns first or exclusively.
GitHub Create Pull Request

Scan History

Date Scan Status Result
2026-01-14 00:00 #250 in_progress Biased Biased
2026-01-13 00:00 #246 completed Biased Biased
2026-01-11 00:00 #240 completed Biased Biased
2026-01-10 00:00 #237 completed Biased Biased
2026-01-09 00:34 #234 completed Biased Biased
2026-01-08 00:53 #231 completed Biased Biased
2026-01-06 18:15 #225 cancelled Clean Clean
2025-08-17 00:01 #83 cancelled Clean Clean
2025-07-13 21:37 #48 completed Clean Clean
2025-07-12 23:44 #41 cancelled Biased Biased