Document Details

Anomalies Reference
Home / Scan #240 / Anomalies Reference
Sad Tux - Windows bias detected
This page contains Windows bias

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
GitHub View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Detected Bias Types
windows_first
missing_linux_example
windows_tools
Summary
The documentation page demonstrates a Windows bias in several ways: anomaly detection examples and algorithms are heavily focused on Windows Security logs (with repeated references to Windows event IDs such as 4624 and 4625), and there is no mention of equivalent Linux audit logs or syslog sources for similar anomaly types. Windows-specific terminology and tools (such as PowerShell in MITRE sub-techniques, Windows Security logs, and event IDs) are used throughout, while Linux equivalents (e.g., auditd, /var/log/auth.log, journald) are absent. This creates a perception that anomaly detection is primarily for Windows environments, with limited guidance for Linux users.
Recommendations
  • Add Linux-specific anomaly detection examples, such as monitoring for suspicious account creation, login failures, and privilege escalation using Linux audit logs, syslog, or journald.
  • Include references to Linux log sources (e.g., /var/log/auth.log, /var/log/secure, auditd logs) alongside Windows Security logs in relevant anomaly types.
  • Provide MITRE ATT&CK sub-techniques and activities relevant to Linux (e.g., Bash, Python, SSH, sudo) in addition to PowerShell.
  • Where event IDs are referenced for Windows, include equivalent Linux log patterns or audit rules.
  • Ensure that anomaly detection coverage and guidance is presented in a cross-platform manner, with parity between Windows and Linux environments.
GitHub Create Pull Request

Scan History

Date Scan Status Result
2026-01-22 01:38 #286 completed Biased Biased
2026-01-14 00:00 #250 in_progress Biased Biased
2026-01-13 00:00 #246 completed Biased Biased
2026-01-11 00:00 #240 completed Biased Biased
2026-01-10 00:00 #237 completed Biased Biased
2026-01-09 00:34 #234 completed Biased Biased
2026-01-08 00:53 #231 completed Biased Biased
2026-01-06 18:15 #225 cancelled Clean Clean
2025-09-09 00:00 #106 completed Clean Clean
2025-08-17 00:01 #83 cancelled Clean Clean
2025-07-13 21:37 #48 completed Clean Clean
2025-07-12 23:44 #41 cancelled Clean Clean