Document Details
Normalization Parsers List
❌
This page contains Windows bias
About This Page
This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
Bias Analysis
Bias Types:
⚠️
windows_first
⚠️
windows_tools
⚠️
powershell_heavy
⚠️
missing_linux_example
Summary:
The documentation demonstrates a Windows bias by consistently listing Windows sources, tools, and event types first or in greater detail compared to Linux equivalents. Windows-specific connectors, event IDs, and collection methods are described in depth, while Linux sources are mentioned less frequently and often lack equivalent detail or examples. Windows event collection patterns (e.g., Security Events, Sysmon, WEF) and Microsoft-centric tooling are emphasized, with Linux and cross-platform alternatives sometimes only briefly referenced or omitted.
Recommendations:
- Ensure Linux and cross-platform sources are given equal prominence in tables and lists, not always after Windows sources.
- Provide detailed examples and collection patterns for Linux (e.g., Syslog, auditd, Linux Sysmon) equivalent to those given for Windows (event IDs, connectors, etc.).
- Include Linux-specific event IDs, log types, and connectors in all relevant sections, not just as afterthoughts.
- Where Windows tools (e.g., WEF, Event Viewer, Security Events) are mentioned, also mention and explain Linux tools (e.g., journalctl, auditd, syslog-ng) and how they integrate with Sentinel.
- Add explicit Linux usage and deployment examples, including sample log lines, configuration steps, and troubleshooting tips.
- Review all parser lists to ensure Linux and other non-Windows platforms are represented wherever possible, and not just under generic or Microsoft-centric headings.
Create pull request