Document Details

Normalization Schema Dns
Home / Scan #237 / Normalization Schema Dns
Sad Tux - Windows bias detected
This page contains Windows bias

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
GitHub View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Detected Bias Types
windows_first
windows_tools
windows_heavy_examples
Summary
The documentation demonstrates a moderate Windows bias. Windows terminology, examples, and formats (such as domain\hostname, SIDs, and file paths like C:\Windows\explorer.exe) are frequently used and often appear before or instead of Linux equivalents. Fields and examples often reference Windows-specific concepts (domain, SID, process paths), and guidance for Linux is limited to brief mentions (e.g., 'on Windows and Linux this value must be numeric'). There are no Linux-specific examples, tools, or patterns, and the schema field descriptions and sample values are overwhelmingly Windows-centric.
Recommendations
  • Add Linux-specific examples for fields such as SrcProcessName (e.g., /usr/bin/bash), SrcHostname (e.g., ubuntu-server), and SrcUserId (e.g., UID/GID formats).
  • Document Linux domain and hostname conventions alongside Windows formats, especially in fields like SrcDomainType and SrcFQDN.
  • Include Linux-specific process ID formats and conversion notes, such as hexadecimal PID representations in Linux.
  • Provide guidance or examples for common Linux DNS servers (e.g., BIND, dnsmasq, Unbound) and their event formats.
  • Ensure that field descriptions and sample values alternate or balance between Windows and Linux, rather than defaulting to Windows first.
  • Reference Linux authentication and user identification schemes (e.g., PAM, /etc/passwd) where relevant in user fields.
  • Explicitly mention Linux logging tools and patterns (e.g., syslog, journald) in sections about event collection.
GitHub Create Pull Request

Scan History

Date Scan Status Result
2026-01-22 01:38 #286 completed Clean Clean
2026-01-14 00:00 #250 in_progress Biased Biased
2026-01-13 00:00 #246 completed Biased Biased
2026-01-11 00:00 #240 completed Biased Biased
2026-01-10 00:00 #237 completed Biased Biased
2026-01-09 00:34 #234 completed Biased Biased
2026-01-08 00:53 #231 completed Biased Biased
2026-01-06 18:15 #225 cancelled Clean Clean
2025-08-17 00:01 #83 cancelled Clean Clean
2025-07-13 21:37 #48 completed Clean Clean
2025-07-12 23:44 #41 cancelled Clean Clean

Flagged Code Snippets