Document Details
Normalization
❌
This page contains Windows bias
About This Page
This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
Bias Analysis
Bias Types:
⚠️
windows_first
⚠️
windows_tools
⚠️
missing_linux_example
Summary:
The documentation demonstrates a subtle Windows bias by referencing Windows-specific tools and data sources (e.g., Windows Events, Sysmon, Microsoft Defender for Endpoint) as primary examples when discussing normalized data and analytics. There are no explicit Linux or cross-platform examples, nor are Linux-native tools or event sources mentioned, which may give the impression that ASIM is primarily for Windows environments.
Recommendations:
- Include explicit examples of Linux event sources (e.g., auditd, syslog, journald) alongside Windows examples when discussing supported data sources and schemas.
- Mention Linux-native tools and logs (such as Linux audit logs, syslog, or cloud-native sources) in lists and examples to demonstrate cross-platform applicability.
- Provide sample queries or use cases that involve Linux data sources to illustrate parity.
- Ensure that when listing supported sources or schemas, both Windows and Linux examples are presented, ideally alternating or grouping by platform rather than defaulting to Windows-first.
- Add a section or note clarifying ASIM's support for Linux and other non-Windows platforms, including any limitations or special considerations.
Create pull request