Document Details
Normalization Schema Authentication
❌
This page contains Windows bias
About This Page
This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
Bias Analysis
Bias Types:
⚠️
windows_first
⚠️
windows_tools
⚠️
missing_linux_example
Summary:
The documentation page exhibits a mild Windows bias. Windows is the only OS mentioned explicitly in introductory and example contexts (e.g., 'Windows sends several authentication events', 'C:\Windows\System32\svchost.exe', 'Windows 10'). Device and field examples use Windows-centric naming conventions (e.g., 'DESKTOP-1282V4D', 'Contoso\DESKTOP-1282V4D'), and protocols like NTLM are referenced without Linux/Unix equivalents. There are no Linux or Unix-specific examples, tools, or field values, and no mention of Linux authentication protocols (e.g., PAM, Kerberos as used in Linux, SSH logins, etc.).
Recommendations:
- Include Linux/Unix-specific examples alongside Windows ones, such as sample hostnames (e.g., 'ubuntu-server', 'centos7'), file paths (e.g., '/usr/bin/sshd'), and OS names (e.g., 'Ubuntu 22.04').
- Mention Linux/Unix authentication protocols (e.g., PAM, SSH, Kerberos as used in Linux) in the relevant fields (LogonProtocol, LogonMethod) and provide example values.
- Balance field value examples to include both Windows and Linux/Unix conventions (e.g., show both 'DOMAIN\user' and 'user@domain' or just 'user').
- Explicitly state that the schema is intended to normalize authentication events from both Windows and Linux/Unix systems, and provide guidance or links for Linux data sources.
- Where device types or OS fields are discussed, include Linux/Unix as example values (e.g., 'Windows 10', 'Ubuntu 22.04', 'Red Hat Enterprise Linux 8').
Create pull request
Scan History
| Date | Scan ID | Status | Bias Status |
|---|---|---|---|
| 2025-08-17 00:01 | #83 | in_progress | ✅ Clean |
| 2025-07-13 21:37 | #48 | completed | ✅ Clean |
| 2025-07-12 23:44 | #41 | in_progress | ❌ Biased |