Document Details
Normalization Common Fields
❌
This page contains Windows bias
About This Page
This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
Bias Analysis
Bias Types:
⚠️
windows_first
⚠️
windows_tools
⚠️
missing_linux_example
Summary:
The documentation page demonstrates a Windows bias by providing examples and references that prioritize Windows concepts and tools. For instance, the only concrete event table example is 'WindowsEvent', and original event type/subtype examples are Windows-specific (e.g., Windows event ID 4624, Windows logon type 2). The FQDN example uses the Windows domain\hostname format, and the device hostname example is 'ContosoDc', a typical Windows naming convention. While Linux is mentioned in the vendor/product list, there are no Linux-specific field examples or event references, and Windows-related fields and formats are described first or exclusively.
Recommendations:
- Add Linux-specific examples alongside Windows ones, such as Linux event IDs, syslog formats, or Linux hostnames.
- When describing fields like EventOriginalType or EventOriginalSubType, include Linux-originated event examples (e.g., auditd event types, sudo event IDs).
- In FQDN and hostname examples, provide both Windows and Linux naming conventions (e.g., 'host.example.com' for Linux/Unix).
- For device fields, use a mix of Windows and Linux hostnames (e.g., 'ContosoDc' and 'webserver01').
- Ensure that Linux tools and event sources are referenced with equal prominence to Windows equivalents throughout the documentation.
Create pull request