Document Details

Normalization About Schemas
Home / Scan #41 / Normalization About Schemas
Sad Tux - Windows bias detected
This page contains Windows bias

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
GitHub View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Detected Bias Types
windows_first
missing_linux_example
windows_tools
Summary
The documentation demonstrates a Windows bias by providing detailed normalization examples and mappings exclusively for Windows event 4624, referencing Windows-specific concepts (such as SIDs and Windows usernames) before or instead of Linux equivalents. While Linux user IDs (UID) are mentioned in field type tables, there are no concrete Linux event examples or mappings, and Windows-centric terminology and tools (e.g., Windows event fields, SIDs, Windows domain\username format) are prioritized throughout. Linux tools, event types, or normalization scenarios are not given parity in examples or guidance.
Recommendations
  • Add parallel Linux event normalization examples (e.g., mapping a Linux authentication log event to ASIM fields) alongside the Windows event 4624 example.
  • Include Linux-specific field mapping tables and sample values (e.g., mapping /var/log/auth.log fields, Linux UIDs, and usernames).
  • Reference Linux event types and tools (such as auditd, syslog, or journald) in schema mapping and normalization guidance.
  • Ensure that field type tables and entity descriptions provide Linux examples with equal prominence to Windows examples.
  • Where possible, provide cross-platform comparison tables or diagrams to illustrate normalization from both Windows and Linux sources.
GitHub Create Pull Request

Scan History

Date Scan Status Result
2026-01-14 00:00 #250 in_progress Biased Biased
2026-01-13 00:00 #246 completed Biased Biased
2026-01-11 00:00 #240 completed Biased Biased
2026-01-10 00:00 #237 completed Biased Biased
2026-01-09 00:34 #234 completed Biased Biased
2026-01-08 00:53 #231 completed Biased Biased
2026-01-06 18:15 #225 cancelled Clean Clean
2025-08-17 00:01 #83 cancelled Clean Clean
2025-07-13 21:37 #48 completed Clean Clean
2025-07-12 23:44 #41 cancelled Biased Biased