Document Details
Fusion Scenario Reference
This page contains Windows bias
About This Page
This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
Bias Analysis
Detected Bias Types
powershell_heavy
windows_tools
Summary
The documentation is generally platform-neutral, focusing on cloud-based detection scenarios in Microsoft Sentinel. However, several sections reference Windows-specific tools and technologies, such as PowerShell and Windows Management Instrumentation (WMI), as examples of suspicious activity. These references are not accompanied by Linux/macOS equivalents or examples, which may create friction for organizations with non-Windows endpoints.
Recommendations
- Where PowerShell or WMI are mentioned as examples of suspicious activity, add notes or examples for Linux/macOS equivalents (e.g., suspicious Bash scripts, Python execution, or use of Linux-native credential dumping tools like 'gsecdump' or 'LaZagne').
- Clarify whether the detection scenarios apply to non-Windows endpoints and, if so, provide guidance or references for how similar malicious behaviors would be detected on Linux/macOS.
- In sections referencing Windows-specific attack techniques, briefly mention common cross-platform alternatives or note Sentinel's coverage for those platforms.
Create Pull Request
Scan History
| Date | Scan | Status | Result |
|---|---|---|---|
| 2026-01-14 00:00 | #250 | in_progress |
Biased
|
| 2026-01-13 00:00 | #246 | completed |
Biased
|
| 2026-01-11 00:00 | #240 | completed |
Biased
|
| 2026-01-10 00:00 | #237 | completed |
Biased
|
| 2026-01-09 00:34 | #234 | completed |
Biased
|
| 2026-01-08 00:53 | #231 | completed |
Biased
|
| 2026-01-06 18:15 | #225 | cancelled |
 Clean
|
| 2025-08-17 00:01 | #83 | cancelled |
Clean
|
| 2025-07-13 21:37 | #48 | completed |
Clean
|
| 2025-07-12 23:44 | #41 | cancelled |
Biased
|