Document Details
Normalization About Schemas
This page contains Windows bias
About This Page
This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
Bias Analysis
Detected Bias Types
windows_first
missing_linux_example
Summary
The documentation page provides a detailed overview of ASIM schemas but demonstrates bias by using only a Windows event (event 4624) as the sole normalization example. There are no Linux or macOS event examples, nor is there mention of how to normalize common Linux audit logs or syslog events. This 'Windows-first' approach may make it harder for Linux/macOS users to relate the guidance to their environments.
Recommendations
- Add normalization examples using common Linux event sources, such as auditd, syslog, or SSH authentication logs.
- Include a table or section mapping typical Linux/macOS event fields to ASIM schema fields, similar to the Windows event 4624 example.
- When referencing event sources, ensure parity by alternating or including both Windows and Linux/macOS examples.
- Explicitly mention that ASIM is designed for cross-platform data and provide links or references to Linux/macOS-specific normalization guides if available.
Create Pull Request
Scan History
| Date | Scan | Status | Result |
|---|---|---|---|
| 2026-01-14 00:00 | #250 | in_progress |
Biased
|
| 2026-01-13 00:00 | #246 | completed |
Biased
|
| 2026-01-11 00:00 | #240 | completed |
Biased
|
| 2026-01-10 00:00 | #237 | completed |
Biased
|
| 2026-01-09 00:34 | #234 | completed |
Biased
|
| 2026-01-08 00:53 | #231 | completed |
Biased
|
| 2026-01-06 18:15 | #225 | cancelled |
 Clean
|
| 2025-08-17 00:01 | #83 | cancelled |
Clean
|
| 2025-07-13 21:37 | #48 | completed |
Clean
|
| 2025-07-12 23:44 | #41 | cancelled |
Biased
|