Document Details

Normalization Parsers List
Home / Scan #234 / Normalization Parsers List
Sad Tux - Windows bias detected
This page contains Windows bias

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
GitHub View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Detected Bias Types
windows_first
windows_tools
windows_event_heavy
Summary
The documentation page lists ASIM parsers for a wide range of sources, including both Windows and Linux systems. However, Windows-specific sources (such as Windows Events, Sysmon for Windows, Microsoft Defender XDR, and Windows Security Events) are consistently listed before their Linux equivalents in most categories. There is a heavy emphasis on Windows event types and connectors (e.g., Azure Monitor Agent, Log Analytics Agent, Security Events connector), while Linux sources are present but less prominently featured and sometimes grouped together at the end. Windows tools and patterns (Sysmon, Windows Events, Defender XDR) are mentioned more frequently and with more detail than Linux equivalents.
Recommendations
  • Ensure Linux sources (e.g., Sysmon for Linux, Linux audit logs, SSHD/Sudo/Su events) are listed alongside or before Windows sources in each parser category to provide parity.
  • Provide equal detail for Linux event collection methods (e.g., Syslog, auditd, NXlog for Linux) as is given for Windows connectors and agents.
  • Add explicit examples or notes for Linux event ingestion, normalization, and connector configuration, similar to the Windows documentation.
  • Consider grouping sources by platform (Windows, Linux, Cloud, Network, etc.) or alphabetically to avoid implicit prioritization.
  • Review parser notes to ensure Linux tools and patterns are described with the same specificity as Windows tools.
GitHub Create Pull Request

Scan History

Date Scan Status Result
2026-01-14 00:00 #250 in_progress Clean Clean
2026-01-13 00:00 #246 completed Biased Biased
2026-01-11 00:00 #240 completed Biased Biased
2026-01-10 00:00 #237 completed Biased Biased
2026-01-09 00:34 #234 completed Biased Biased
2026-01-08 00:53 #231 completed Biased Biased
2026-01-06 18:15 #225 cancelled Clean Clean
2025-08-17 00:01 #83 cancelled Clean Clean
2025-07-13 21:37 #48 completed Clean Clean
2025-07-12 23:44 #41 cancelled Biased Biased