Normalization About Schemas - Document Details

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.

View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Detected Bias Types

windows_first

missing_linux_example

Summary

The documentation page demonstrates Windows bias primarily by providing a detailed normalization example based solely on a Windows event (event 4624), with no equivalent example for Linux or other platforms. Windows terminology and event fields are mapped first and exclusively, while Linux audit logs or syslog sources are not mentioned or exemplified. This may lead to the perception that ASIM schemas are primarily designed for Windows data sources, despite their cross-platform intent.

Recommendations

Add equivalent normalization examples for common Linux audit events (e.g., SSH login from /var/log/auth.log or auditd events), showing how Linux fields map to ASIM schema fields.
Include references to Linux-specific sources and terminology alongside Windows examples, such as syslog, auditd, or journald fields.
Explicitly state cross-platform applicability in the sample mapping section and provide parity in examples for macOS or other platforms if relevant.
Where Windows event IDs or field names are mentioned, provide a corresponding Linux (or other OS) field mapping table for comparison.
Encourage contributions or feedback from users of non-Windows platforms to ensure the documentation remains inclusive and representative.

Create Pull Request

Scan History

Date	Scan	Status	Result
2026-01-14 00:00	#250	in_progress	Biased
2026-01-13 00:00	#246	completed	Biased
2026-01-11 00:00	#240	completed	Biased
2026-01-10 00:00	#237	completed	Biased
2026-01-09 00:34	#234	completed	Biased
2026-01-08 00:53	#231	completed	Biased
2026-01-06 18:15	#225	cancelled	Clean
2025-08-17 00:01	#83	cancelled	Clean
2025-07-13 21:37	#48	completed	Clean
2025-07-12 23:44	#41	cancelled	Biased