Document Details
Normalization Schema Audit
This page contains Windows bias
About This Page
This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
Bias Analysis
Detected Bias Types
windows_first
windows_examples
windows_terms
Summary
The documentation demonstrates a mild Windows bias. Windows-specific terms, formats, and examples (e.g., domain\hostname, Windows username types, Windows 10 OS, svchost.exe) are used throughout, and Windows conventions are often mentioned before or instead of Linux equivalents. Linux-specific examples, terms, or patterns are generally missing, and the documentation does not provide parity in illustrating Linux audit event scenarios or field values.
Recommendations
- Add Linux-specific examples for fields such as ActorUsername, TargetHostname, ActingAppName, and TargetDvcOs (e.g., 'root', 'ubuntu-server', '/usr/bin/sshd', 'Ubuntu 22.04').
- Explicitly mention Linux/Unix domain and hostname formats (e.g., FQDN as 'host.example.com') alongside Windows formats.
- Include Linux audit event scenarios and sample values (e.g., SELinux policy changes, systemd service modifications) in field descriptions and examples.
- Reference Linux/Unix user types and ID formats (e.g., UID/GID, /etc/passwd) in relevant fields.
- Balance the mention of Windows and Linux tools, processes, and conventions throughout the schema documentation.
Create Pull Request
Scan History
| Date | Scan | Status | Result |
|---|---|---|---|
| 2026-01-14 00:00 | #250 | in_progress |
 Clean
|
| 2026-01-13 00:00 | #246 | completed |
Biased
|
| 2026-01-11 00:00 | #240 | completed |
Biased
|
| 2026-01-10 00:00 | #237 | completed |
Biased
|
| 2026-01-09 00:34 | #234 | completed |
Biased
|
| 2026-01-08 00:53 | #231 | completed |
Biased
|
| 2026-01-06 18:15 | #225 | cancelled |
Clean
|
| 2025-08-17 00:01 | #83 | cancelled |
Clean
|
| 2025-07-13 21:37 | #48 | completed |
Clean
|
| 2025-07-12 23:44 | #41 | cancelled |
Biased
|