Document Details

Hunting With Rest Api
Home / Scan 41 / Hunting With Rest Api
This page contains Windows bias

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
GitHub View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Bias Types:
⚠️ missing_linux_example
Summary:
The documentation provides only HTTP REST API examples and does not include any platform-specific command-line examples (such as PowerShell, curl, or CLI). However, it also does not provide any Linux-specific guidance or examples (e.g., using curl or bash), which may disadvantage Linux users who are accustomed to such tools. There is no explicit Windows bias in the form of PowerShell or Windows tool references, but the lack of Linux-oriented examples is a subtle bias.
Recommendations:
  • Add example commands using curl for Linux/macOS users to demonstrate how to make the REST API calls from a Linux shell.
  • If providing command-line examples, ensure parity by including both PowerShell (for Windows) and bash/curl (for Linux/macOS) examples.
  • Explicitly mention that the REST API can be accessed from any platform and provide guidance or links for common tools on both Windows and Linux.
  • Consider including sample scripts or one-liners for both Windows and Linux environments to illustrate cross-platform usage.
GitHub Create pull request

Scan History

Date Scan ID Status Bias Status
2025-08-17 00:01 #83 in_progress ✅ Clean
2025-07-13 21:37 #48 completed ✅ Clean
2025-07-12 23:44 #41 in_progress ❌ Biased

Flagged Code Snippets

PUT https://management.azure.com/subscriptions/{subscriptionId} _ /resourcegroups/{resourceGroupName} _ /providers/Microsoft.OperationalInsights/workspaces/{workspaceName} _ /savedSearches/{savedSearchId}?api-version=2020-03-01-preview
DELETE https://management.azure.com/subscriptions/{subscriptionId} _ /resourcegroups/{resourceGroupName} _ /providers/Microsoft.OperationalInsights/workspaces/{workspaceName} _ /savedSearches/{savedSearchId}?api-version=2020-03-01-preview
{ "properties": { “Category”: “Hunting Queries”, "DisplayName": "HuntingRule02", "Query": "SecurityEvent | where EventID == \"4688\" | where CommandLine contains \"-noni -ep bypass $\"", “Tags”: [ { “Name”: “Description”, “Value”: “Test Hunting Query” }, { “Name”: “Tactics”, “Value”: “Execution, Discovery” } ] } }
GET https://management.azure.com/subscriptions/{subscriptionId} _ /resourcegroups/{resourceGroupName} _ /providers/Microsoft.OperationalInsights/workspaces/{workspaceName} _ /savedSearches/{savedSearchId}?api-version=2020-03-01-preview