Document Details

Normalization Parsers List
Home / Scan #246 / Normalization Parsers List
Sad Tux - Windows bias detected
This page contains Windows bias

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
GitHub View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Detected Bias Types
windows_first
windows_tools
windows_heavy
Summary
The documentation lists ASIM parsers for a wide variety of sources, including both Windows and Linux systems. However, Windows-specific sources (e.g., Windows Events, Sysmon for Windows, Microsoft Defender XDR, Windows Security Events, IIS) are consistently listed and described in detail, often with explicit mention of Windows event IDs and collection methods (Azure Monitor Agent, Log Analytics Agent). Linux sources are present but less emphasized, and Windows tools and patterns (event IDs, connectors) are referenced more frequently and in greater detail than their Linux equivalents. In some sections, Windows examples or tools are listed before Linux ones, suggesting a subtle ordering bias.
Recommendations
  • Ensure Linux sources and parsers are described with equal detail, including collection methods and event types (e.g., Syslog, auditd, etc.).
  • Where Windows event IDs and connectors are mentioned, provide equivalent Linux log/event references and collection patterns.
  • Consider alternating the order of Windows and Linux sources in tables or lists, or group by OS type for parity.
  • Add more explicit examples and guidance for Linux/macOS users, especially regarding ingestion and normalization.
  • Review for any missing Linux/macOS sources that could be supported and document them.
GitHub Create Pull Request

Scan History

Date Scan Status Result
2026-01-14 00:00 #250 in_progress Clean Clean
2026-01-13 00:00 #246 completed Biased Biased
2026-01-11 00:00 #240 completed Biased Biased
2026-01-10 00:00 #237 completed Biased Biased
2026-01-09 00:34 #234 completed Biased Biased
2026-01-08 00:53 #231 completed Biased Biased
2026-01-06 18:15 #225 cancelled Clean Clean
2025-08-17 00:01 #83 cancelled Clean Clean
2025-07-13 21:37 #48 completed Clean Clean
2025-07-12 23:44 #41 cancelled Biased Biased