Normalization Schema Alert - Document Details

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.

View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Detected Bias Types

windows_first

windows_tools

missing_linux_example

Summary

The documentation page demonstrates a Windows bias in several ways: field examples and descriptions frequently use Windows-centric paths, tools, and concepts (e.g., C:\Windows\explorer.exe, Registry keys, PsExec), and there are no Linux or cross-platform examples provided. Windows terminology and artifacts are referenced exclusively, and Linux equivalents are not mentioned or illustrated.

Recommendations

Add Linux-based examples alongside Windows ones for fields such as FilePath (e.g., /usr/bin/sshd), ProcessName, and Registry (or note the absence of a Linux equivalent).
Include cross-platform or Linux-specific tools (e.g., SSH, systemd, auditd) in rule and threat examples, not just Windows tools like PsExec.
Clarify in field descriptions when a concept is Windows-specific (e.g., Registry fields), and suggest how to handle or map similar data from Linux or macOS systems.
Provide at least one end-to-end example for a Linux-originating alert event, showing how fields would be populated.
Review enumerated values and examples for user and process fields to ensure they are not solely Windows-centric (e.g., include Linux username formats, UIDs, and process paths).

Create Pull Request

Scan History

Date	Scan	Status	Result
2026-01-22 01:38	#286	completed	Clean
2026-01-15 00:00	#254	completed	Clean
2026-01-14 00:00	#250	in_progress	Biased
2026-01-13 00:00	#246	completed	Clean
2026-01-11 00:00	#240	completed	Biased
2026-01-10 00:00	#237	completed	Biased
2026-01-09 00:34	#234	completed	Biased
2026-01-08 00:53	#231	completed	Biased
2026-01-06 18:15	#225	cancelled	Clean
2025-08-17 00:01	#83	cancelled	Clean
2025-07-13 21:37	#48	completed	Biased
2025-07-12 23:44	#41	cancelled	Biased