Bias Analysis
Detected Bias Types
windows_first
windows_tools
missing_linux_example
Summary
The documentation lists a wide variety of ASIM parsers for both Windows and Linux sources, but Windows event types and tools (such as Windows Events, Sysmon for Windows, Windows Security Events, Windows Firewall, IIS) are consistently mentioned before their Linux equivalents. In several categories, Windows-specific parsers are described in more detail or are listed before Linux parsers, even when both exist. Some event types (e.g., Registry Events, File Events) have multiple Windows parser variants, while Linux coverage is more limited or less detailed. There are also categories (e.g., Registry Events) where Linux equivalents are missing entirely.
Recommendations
- Ensure Linux parsers are listed with equal prominence and detail as Windows parsers, including in table order and notes.
- Add Linux equivalents for event types that currently only have Windows coverage (e.g., Registry Events).
- Where multiple Windows parser variants are described, provide similar granularity for Linux if available.
- Include explicit examples and notes for Linux ingestion methods (e.g., Syslog, auditd, journald) alongside Windows tools.
- Review parser documentation for parity in technical depth and clarity between Windows and Linux sources.
Create Pull Request