Document Details

Normalization Schema Process Event
Home / Scan #250 / Normalization Schema Process Event
Sad Tux - Windows bias detected
This page contains Windows bias

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
GitHub View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Detected Bias Types
windows_first
windows_examples
windows_terms
Summary
The documentation for the ASIM Process Event normalization schema is intended to be cross-platform, but exhibits a mild Windows bias. Most field examples use Windows-style paths (e.g., 'C:\Windows\explorer.exe'), Windows usernames/domains, and Windows-specific terminology (such as integrity levels and UAC). References to process integrity levels and token elevation are described only in terms of Windows, with links to Windows documentation. Linux is mentioned in a few places (e.g., PID conversion), but there are no Linux/macOS-specific examples or terminology, and the examples and explanations default to Windows conventions.
Recommendations
  • Add Linux/macOS-specific examples for fields such as process names, command lines, and directories (e.g., '/usr/bin/bash', '/home/user').
  • Clarify which fields and concepts are Windows-specific (e.g., integrity levels, UAC) and provide equivalent or 'N/A' guidance for Linux/macOS where appropriate.
  • Include notes or examples for Linux/macOS process events, such as typical process paths, user formats, and session IDs.
  • Where possible, link to Linux/macOS documentation for process concepts, not only Windows.
  • Ensure that terminology and examples are balanced between platforms, or explicitly state when a concept is Windows-only.
GitHub Create Pull Request

Scan History

Date Scan Status Result
2026-01-22 01:38 #286 completed Biased Biased
2026-01-14 00:00 #250 in_progress Biased Biased
2026-01-13 00:00 #246 completed Biased Biased
2026-01-11 00:00 #240 completed Biased Biased
2026-01-10 00:00 #237 completed Biased Biased
2026-01-09 00:34 #234 completed Biased Biased
2026-01-08 00:53 #231 completed Biased Biased
2026-01-06 18:15 #225 cancelled Clean Clean
2025-08-17 00:01 #83 cancelled Clean Clean
2025-07-13 21:37 #48 completed Biased Biased
2025-07-12 23:44 #41 cancelled Clean Clean

Flagged Code Snippets