Document Details

Normalization Parsers List
Home / Scan #240 / Normalization Parsers List
Sad Tux - Windows bias detected
This page contains Windows bias

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
GitHub View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Detected Bias Types
windows_first
windows_tools
windows_heavy
Summary
The documentation lists a wide array of ASIM parsers for both Windows and Linux sources, but Windows-centric tools, event types, and connectors (such as Windows Events, Sysmon for Windows, Windows Security Events, and Microsoft Defender XDR) are consistently mentioned before or more prominently than their Linux equivalents. Windows-specific event IDs and connectors are described in detail, while Linux sources are fewer and often grouped or described more generically (e.g., 'reported using Syslog'). There are more parser types and examples for Windows than for Linux, and Windows event collection methods (Azure Monitor Agent, Log Analytics Agent) are referenced frequently, with less detail on Linux ingestion patterns.
Recommendations
  • Ensure Linux parsers are described with equal detail, including specific event IDs, log sources, and collection methods (e.g., auditd, journald, rsyslog, etc.).
  • Add more Linux-specific examples and expand coverage to include common Linux tools and patterns (such as audit logs, systemd journal, and other security-relevant sources).
  • Where Windows and Linux equivalents exist, present them side-by-side or in parallel sections to avoid implicit prioritization.
  • Clarify ingestion and normalization steps for Linux sources, matching the specificity given to Windows connectors.
  • Consider adding tables or lists that explicitly compare Windows and Linux event types, connectors, and parser coverage for transparency.
GitHub Create Pull Request

Scan History

Date Scan Status Result
2026-01-14 00:00 #250 in_progress Clean Clean
2026-01-13 00:00 #246 completed Biased Biased
2026-01-11 00:00 #240 completed Biased Biased
2026-01-10 00:00 #237 completed Biased Biased
2026-01-09 00:34 #234 completed Biased Biased
2026-01-08 00:53 #231 completed Biased Biased
2026-01-06 18:15 #225 cancelled Clean Clean
2025-08-17 00:01 #83 cancelled Clean Clean
2025-07-13 21:37 #48 completed Clean Clean
2025-07-12 23:44 #41 cancelled Biased Biased