Document Details

Anomalies Reference
Home / Scan #237 / Anomalies Reference
Sad Tux - Windows bias detected
This page contains Windows bias

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
GitHub View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Detected Bias Types
windows_first
windows_tools
missing_linux_example
Summary
The documentation page exhibits a Windows bias in several ways: anomaly detections and machine learning models are heavily focused on Windows Security logs (e.g., event IDs 4624 and 4625), with no equivalent coverage or examples for Linux systems. Windows-specific terminology and tools (such as Windows Security logs and PowerShell as a sub-technique) are referenced, while Linux audit logs, syslog, or other Linux-native mechanisms are absent. There are no examples or descriptions of anomaly detection for Linux account creation, logins, or brute force attempts, nor is there mention of Linux-specific event sources or patterns.
Recommendations
  • Add equivalent anomaly detection rules and descriptions for Linux systems, such as monitoring /var/log/auth.log, /var/log/secure, or auditd logs for account creation, deletion, and login events.
  • Include Linux-specific event IDs, syslog patterns, or audit rules alongside Windows Security log references.
  • Provide examples of anomaly detection for Linux brute force attempts, privilege escalation, and code execution (e.g., monitoring sudo, su, or shell activity).
  • Reference Linux tools and mechanisms (such as auditd, syslog, journald, or systemd) in parallel with Windows tools.
  • Ensure that anomaly detection coverage and documentation are platform-agnostic, or clearly indicate parity between Windows and Linux where possible.
GitHub Create Pull Request

Scan History

Date Scan Status Result
2026-01-22 01:38 #286 completed Biased Biased
2026-01-14 00:00 #250 in_progress Biased Biased
2026-01-13 00:00 #246 completed Biased Biased
2026-01-11 00:00 #240 completed Biased Biased
2026-01-10 00:00 #237 completed Biased Biased
2026-01-09 00:34 #234 completed Biased Biased
2026-01-08 00:53 #231 completed Biased Biased
2026-01-06 18:15 #225 cancelled Clean Clean
2025-09-09 00:00 #106 completed Clean Clean
2025-08-17 00:01 #83 cancelled Clean Clean
2025-07-13 21:37 #48 completed Clean Clean
2025-07-12 23:44 #41 cancelled Clean Clean