Document Details
Fusion
This page contains Windows bias
About This Page
This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
Bias Analysis
Detected Bias Types
powershell_heavy
windows_first
Summary
The documentation page for Microsoft Sentinel's Fusion technology demonstrates a mild Windows bias. While the content is largely platform-neutral, several attack detection scenarios specifically reference Windows-centric technologies (such as PowerShell and WMI) and provide examples that are focused on Windows environments. These examples are listed before any Linux/macOS equivalents, and there is no mention of Linux-specific attack patterns, tools, or detection scenarios. The absence of Linux/macOS examples or references may make it harder for non-Windows users to relate the guidance to their environments.
Recommendations
- Include Linux/macOS-specific attack detection scenarios and examples, such as suspicious Bash commands, SSH brute force, or anomalous sudo usage.
- Add references to Linux/macOS data sources (e.g., syslog, auditd, OSSEC) in the scenario tables and descriptions.
- Provide parity in examples by listing Linux/macOS attack patterns alongside Windows ones, rather than focusing on PowerShell and WMI.
- Clarify that Fusion can correlate signals from Linux/macOS endpoints and provide guidance on connecting and configuring these data sources.
Create Pull Request
Scan History
| Date | Scan | Status | Result |
|---|---|---|---|
| 2026-01-14 00:00 | #250 | in_progress |
Biased
|
| 2026-01-13 00:00 | #246 | completed |
Biased
|
| 2026-01-11 00:00 | #240 | completed |
Biased
|
| 2026-01-10 00:00 | #237 | completed |
Biased
|
| 2026-01-09 00:34 | #234 | completed |
Biased
|
| 2026-01-08 00:53 | #231 | completed |
Biased
|
| 2026-01-06 18:15 | #225 | cancelled |
 Clean
|
| 2025-08-17 00:01 | #83 | cancelled |
Clean
|
| 2025-07-13 21:37 | #48 | completed |
Biased
|
| 2025-07-12 23:44 | #41 | cancelled |
Biased
|