Document Details

Fusion
Home / Scan #41 / Fusion
Sad Tux - Windows bias detected
This page contains Windows bias

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
GitHub View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Detected Bias Types
powershell_heavy
windows_tools
windows_first
Summary
The documentation demonstrates a moderate Windows bias. Several detection scenarios and examples reference Windows-specific tools and technologies, such as PowerShell and Windows event logs, without providing Linux or cross-platform equivalents. The ransomware detection example lists only Windows malware and Windows event sources. Scenario descriptions highlight PowerShell and WMI (both Windows-centric) as suspicious activity vectors, and 'Windows Error and Warning Events' are used as an example alert source. There are no explicit Linux or Unix examples, nor are Linux-specific tools or attack patterns discussed. While the documentation is focused on Microsoft Sentinel (which is itself a Microsoft/Azure product), the lack of Linux parity in examples and scenario coverage may limit its usefulness for organizations with heterogeneous environments.
Recommendations
  • Include Linux-specific detection scenarios, such as suspicious Bash or shell script execution, anomalous sudo activity, or Linux-specific malware/ransomware alerts.
  • Provide examples of alerts generated from Linux event sources (e.g., syslog, auditd, or Linux security logs) alongside Windows event examples.
  • When referencing suspicious command-line activity, include both PowerShell (Windows) and Bash (Linux) examples.
  • Highlight support for cross-platform data connectors and analytics rules, and clarify how Fusion handles signals from Linux-based systems.
  • In scenario tables and examples, balance Windows and Linux sources/tools to reflect real-world, mixed-environment deployments.
GitHub Create Pull Request

Scan History

Date Scan Status Result
2026-01-14 00:00 #250 in_progress Biased Biased
2026-01-13 00:00 #246 completed Biased Biased
2026-01-11 00:00 #240 completed Biased Biased
2026-01-10 00:00 #237 completed Biased Biased
2026-01-09 00:34 #234 completed Biased Biased
2026-01-08 00:53 #231 completed Biased Biased
2026-01-06 18:15 #225 cancelled Clean Clean
2025-08-17 00:01 #83 cancelled Clean Clean
2025-07-13 21:37 #48 completed Biased Biased
2025-07-12 23:44 #41 cancelled Biased Biased