Document Details
Normalization Schema Alert
❌
This page contains Windows bias
About This Page
This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
Bias Analysis
Bias Types:
⚠️
windows_first
⚠️
windows_tools
⚠️
missing_linux_example
Summary:
The documentation page demonstrates a Windows bias in several ways: field examples and descriptions frequently use Windows-centric paths, tools, and concepts (e.g., C:\Windows\explorer.exe, Registry keys, PsExec), and there are no Linux or cross-platform examples provided. Windows terminology and artifacts are referenced exclusively, and Linux equivalents are not mentioned or illustrated.
Recommendations:
- Add Linux-based examples alongside Windows ones for fields such as FilePath (e.g., /usr/bin/sshd), ProcessName, and Registry (or note the absence of a Linux equivalent).
- Include cross-platform or Linux-specific tools (e.g., SSH, systemd, auditd) in rule and threat examples, not just Windows tools like PsExec.
- Clarify in field descriptions when a concept is Windows-specific (e.g., Registry fields), and suggest how to handle or map similar data from Linux or macOS systems.
- Provide at least one end-to-end example for a Linux-originating alert event, showing how fields would be populated.
- Review enumerated values and examples for user and process fields to ensure they are not solely Windows-centric (e.g., include Linux username formats, UIDs, and process paths).
Create pull request