Cef Name Mapping - Document Details

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.

View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Detected Bias Types

windows_terms

windows_examples

windows_fields

Summary

The documentation is largely platform-neutral, focusing on field mappings between CEF and Microsoft Sentinel's CommonSecurityLog. However, there are minor instances of Windows bias: several field descriptions reference Windows-specific concepts (e.g., 'Windows domain', 'C:\ProgramFiles\WindowsNT\Accessories\wordpad.exe'), and some field names include 'NTDomain' or reference Windows domains. Linux/UNIX equivalents are mentioned in a few places (e.g., process names like 'sshd', file paths like '/usr/bin/zip'), but Windows terminology and examples are slightly more prevalent.

Recommendations

Where Windows-specific terms are used (e.g., 'Windows domain'), add Linux/UNIX equivalents or clarify applicability (e.g., 'Active Directory domain (Windows) or NIS domain (UNIX)').
When giving file path examples, always provide both Windows and Linux/UNIX examples, and list them in parallel (e.g., 'C:\... (Windows)' and '/usr/... (Linux)').
For fields like 'deviceNtDomain' and 'dntdom', clarify that these are only relevant for Windows environments, and mention what Linux/UNIX users should expect (e.g., field may be empty or not applicable).
Review all field descriptions for implicit Windows assumptions and add Linux/UNIX context where appropriate.

Create Pull Request

Scan History

Date	Scan	Status	Result
2026-01-14 00:00	#250	in_progress	Biased
2026-01-13 00:00	#246	completed	Biased
2026-01-11 00:00	#240	completed	Biased
2026-01-10 00:00	#237	completed	Biased
2026-01-09 00:34	#234	completed	Biased
2026-01-08 00:53	#231	completed	Biased
2026-01-06 18:15	#225	cancelled	Clean
2025-08-17 00:01	#83	cancelled	Clean
2025-07-13 21:37	#48	completed	Biased
2025-07-12 23:44	#41	cancelled	Biased