Document Details

Normalization Content
Home / Scan #250 / Normalization Content
Sad Tux - Windows bias detected
This page contains Windows bias

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
GitHub View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Detected Bias Types
powershell_heavy
windows_tools
windows_first
Summary
The documentation page for ASIM security content in Microsoft Sentinel demonstrates a moderate Windows bias. Many examples and hunting queries focus on Windows-specific tools (e.g., rundll32.exe, PowerShell, Certutil, Exchange PowerShell Snapin, Windows System Shutdown/Reboot), and several analytic rules and queries are tailored to Windows attack techniques and binaries. There is little to no mention of Linux/macOS equivalents, and Windows-centric examples are presented first or exclusively in several sections.
Recommendations
  • Add Linux/macOS-specific examples and hunting queries where relevant, such as detection rules for common Linux attack tools (e.g., bash scripts, cron jobs, SSH brute force, Linux-specific malware).
  • Include analytic rules and queries for Linux/macOS process and file activity, such as suspicious sudo usage, modifications to /etc/passwd, or use of common Linux persistence techniques.
  • Balance the presentation order by alternating Windows and Linux/macOS examples, or clearly label which examples apply to which platforms.
  • Where Windows-specific tools are mentioned (e.g., PowerShell, rundll32.exe), provide Linux/macOS analogs (e.g., bash, python, systemd) if applicable.
  • Explicitly state platform applicability for each rule/query to help users understand coverage.
GitHub Create Pull Request

Scan History

Date Scan Status Result
2026-01-14 00:00 #250 in_progress Biased Biased
2026-01-13 00:00 #246 completed Biased Biased
2026-01-11 00:00 #240 completed Biased Biased
2026-01-10 00:00 #237 completed Biased Biased
2026-01-09 00:34 #234 completed Clean Clean
2026-01-08 00:53 #231 completed Biased Biased
2026-01-06 18:15 #225 cancelled Clean Clean
2025-08-17 00:01 #83 cancelled Clean Clean
2025-07-13 21:37 #48 completed Biased Biased
2025-07-12 23:44 #41 cancelled Biased Biased