Document Details

Fusion Scenario Reference
Home / Scan #41 / Fusion Scenario Reference
Sad Tux - Windows bias detected
This page contains Windows bias

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
GitHub View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Detected Bias Types
powershell_heavy
windows_tools
windows_first
missing_linux_example
Summary
The documentation demonstrates a Windows bias by focusing on Windows-specific tools and technologies such as PowerShell and WMI, referencing them in detection scenarios without mentioning Linux or cross-platform equivalents. Examples and threat detections are described in terms of Windows-centric activities (e.g., PowerShell command execution, WMI, Microsoft Defender for Endpoint), and there are no Linux-specific examples or references to Linux-native tools or attack patterns. The documentation assumes a Windows environment for endpoint detection and response, with no guidance for Linux-based systems.
Recommendations
  • Include examples and detection scenarios that reference Linux-based attack techniques and tools (e.g., bash scripts, cron jobs, SSH abuse, Linux credential dumping tools like 'gsecdump' or 'LaZagne').
  • When describing suspicious command execution, provide Linux equivalents alongside PowerShell and WMI (e.g., bash, python, perl, systemd misuse).
  • Reference cross-platform endpoint detection tools and data sources, such as Microsoft Defender for Endpoint for Linux, and clarify how these scenarios apply to Linux systems.
  • Add detection scenarios for Linux-specific threats (e.g., rootkit installation, unauthorized use of sudo, suspicious use of system binaries).
  • Balance the order of presentation so that Windows and Linux examples are given equal prominence, or explicitly state when a scenario is Windows-only.
  • Where possible, generalize descriptions of suspicious activity (e.g., 'suspicious script execution') and then provide both Windows and Linux examples.
GitHub Create Pull Request

Scan History

Date Scan Status Result
2026-01-14 00:00 #250 in_progress Biased Biased
2026-01-13 00:00 #246 completed Biased Biased
2026-01-11 00:00 #240 completed Biased Biased
2026-01-10 00:00 #237 completed Biased Biased
2026-01-09 00:34 #234 completed Biased Biased
2026-01-08 00:53 #231 completed Biased Biased
2026-01-06 18:15 #225 cancelled Clean Clean
2025-08-17 00:01 #83 cancelled Clean Clean
2025-07-13 21:37 #48 completed Clean Clean
2025-07-12 23:44 #41 cancelled Biased Biased