Normalization Parsers List - Document Details

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.

View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Detected Bias Types

windows_first

windows_tools

missing_linux_example

Summary

The documentation lists a wide variety of ASIM parsers for both Windows and Linux sources, but Windows event types and tools (such as Windows Events, Sysmon for Windows, Windows Security Events, Windows Firewall, IIS) are consistently mentioned before their Linux equivalents. In several categories, Windows-specific parsers are described in more detail or are listed before Linux parsers, even when both exist. Some event types (e.g., Registry Events, File Events) have multiple Windows parser variants, while Linux coverage is more limited or less detailed. There are also categories (e.g., Registry Events) where Linux equivalents are missing entirely.

Recommendations

Ensure Linux parsers are listed with equal prominence and detail as Windows parsers, including in table order and notes.
Add Linux equivalents for event types that currently only have Windows coverage (e.g., Registry Events).
Where multiple Windows parser variants are described, provide similar granularity for Linux if available.
Include explicit examples and notes for Linux ingestion methods (e.g., Syslog, auditd, journald) alongside Windows tools.
Review parser documentation for parity in technical depth and clarity between Windows and Linux sources.

Create Pull Request

Scan History

Date	Scan	Status	Result
2026-01-14 00:00	#250	in_progress	Clean
2026-01-13 00:00	#246	completed	Biased
2026-01-11 00:00	#240	completed	Biased
2026-01-10 00:00	#237	completed	Biased
2026-01-09 00:34	#234	completed	Biased
2026-01-08 00:53	#231	completed	Biased
2026-01-06 18:15	#225	cancelled	Clean
2025-08-17 00:01	#83	cancelled	Clean
2025-07-13 21:37	#48	completed	Clean
2025-07-12 23:44	#41	cancelled	Biased