Document Details

Hunting With Rest Api
Home / Scan #41 / Hunting With Rest Api
Sad Tux - Windows bias detected
This page contains Windows bias

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
GitHub View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Detected Bias Types
missing_linux_example
Summary
The documentation provides only HTTP REST API examples and does not include any platform-specific command-line examples (such as PowerShell, curl, or CLI). However, it also does not provide any Linux-specific guidance or examples (e.g., using curl or bash), which may disadvantage Linux users who are accustomed to such tools. There is no explicit Windows bias in the form of PowerShell or Windows tool references, but the lack of Linux-oriented examples is a subtle bias.
Recommendations
  • Add example commands using curl for Linux/macOS users to demonstrate how to make the REST API calls from a Linux shell.
  • If providing command-line examples, ensure parity by including both PowerShell (for Windows) and bash/curl (for Linux/macOS) examples.
  • Explicitly mention that the REST API can be accessed from any platform and provide guidance or links for common tools on both Windows and Linux.
  • Consider including sample scripts or one-liners for both Windows and Linux environments to illustrate cross-platform usage.
GitHub Create Pull Request

Scan History

Date Scan Status Result
2026-01-14 00:00 #250 in_progress Clean Clean
2026-01-13 00:00 #246 completed Clean Clean
2026-01-11 00:00 #240 completed Clean Clean
2026-01-10 00:00 #237 completed Clean Clean
2026-01-09 00:34 #234 completed Clean Clean
2026-01-08 00:53 #231 completed Clean Clean
2026-01-06 18:15 #225 cancelled Clean Clean
2025-08-17 00:01 #83 cancelled Clean Clean
2025-07-13 21:37 #48 completed Clean Clean
2025-07-12 23:44 #41 cancelled Biased Biased

Flagged Code Snippets

PUT https://management.azure.com/subscriptions/{subscriptionId} _
    /resourcegroups/{resourceGroupName} _
    /providers/Microsoft.OperationalInsights/workspaces/{workspaceName} _
    /savedSearches/{savedSearchId}?api-version=2020-03-01-preview

DELETE https://management.azure.com/subscriptions/{subscriptionId} _
       /resourcegroups/{resourceGroupName} _
       /providers/Microsoft.OperationalInsights/workspaces/{workspaceName} _
       /savedSearches/{savedSearchId}?api-version=2020-03-01-preview

{
"properties": {
    “Category”: “Hunting Queries”,
    "DisplayName": "HuntingRule02",
    "Query": "SecurityEvent | where EventID == \"4688\" | where CommandLine contains \"-noni -ep bypass $\"",
    “Tags”: [
        { 
        “Name”: “Description”,
        “Value”: “Test Hunting Query”
        },
        { 
        “Name”: “Tactics”,
        “Value”: “Execution, Discovery”
        }
        ]        
    }
}

GET https://management.azure.com/subscriptions/{subscriptionId} _
    /resourcegroups/{resourceGroupName} _
    /providers/Microsoft.OperationalInsights/workspaces/{workspaceName} _
    /savedSearches/{savedSearchId}?api-version=2020-03-01-preview