Document Details

Normalization Schema Authentication
Home / Scan #41 / Normalization Schema Authentication
Sad Tux - Windows bias detected
This page contains Windows bias

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
GitHub View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Detected Bias Types
windows_first
windows_tools
missing_linux_example
Summary
The documentation page exhibits a mild Windows bias. Windows is the only OS mentioned explicitly in introductory and example contexts (e.g., 'Windows sends several authentication events', 'C:\Windows\System32\svchost.exe', 'Windows 10'). Device and field examples use Windows-centric naming conventions (e.g., 'DESKTOP-1282V4D', 'Contoso\DESKTOP-1282V4D'), and protocols like NTLM are referenced without Linux/Unix equivalents. There are no Linux or Unix-specific examples, tools, or field values, and no mention of Linux authentication protocols (e.g., PAM, Kerberos as used in Linux, SSH logins, etc.).
Recommendations
  • Include Linux/Unix-specific examples alongside Windows ones, such as sample hostnames (e.g., 'ubuntu-server', 'centos7'), file paths (e.g., '/usr/bin/sshd'), and OS names (e.g., 'Ubuntu 22.04').
  • Mention Linux/Unix authentication protocols (e.g., PAM, SSH, Kerberos as used in Linux) in the relevant fields (LogonProtocol, LogonMethod) and provide example values.
  • Balance field value examples to include both Windows and Linux/Unix conventions (e.g., show both 'DOMAIN\user' and 'user@domain' or just 'user').
  • Explicitly state that the schema is intended to normalize authentication events from both Windows and Linux/Unix systems, and provide guidance or links for Linux data sources.
  • Where device types or OS fields are discussed, include Linux/Unix as example values (e.g., 'Windows 10', 'Ubuntu 22.04', 'Red Hat Enterprise Linux 8').
GitHub Create Pull Request

Scan History

Date Scan Status Result
2026-01-22 01:38 #286 completed Biased Biased
2026-01-21 00:00 #278 completed Clean Clean
2026-01-18 00:00 #266 completed Biased Biased
2026-01-14 00:00 #250 in_progress Biased Biased
2026-01-13 00:00 #246 completed Biased Biased
2026-01-11 00:00 #240 completed Biased Biased
2026-01-10 00:00 #237 completed Biased Biased
2026-01-09 00:34 #234 completed Biased Biased
2026-01-08 00:53 #231 completed Biased Biased
2026-01-06 18:15 #225 cancelled Clean Clean
2025-08-17 00:01 #83 cancelled Clean Clean
2025-07-13 21:37 #48 completed Clean Clean
2025-07-12 23:44 #41 cancelled Biased Biased

Flagged Code Snippets