Document Details

Ueba Reference
Home / Scan #41 / Ueba Reference
Sad Tux - Windows bias detected
This page contains Windows bias

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
GitHub View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Detected Bias Types
windows_first
windows_tools
missing_linux_example
Summary
The documentation displays a Windows bias by focusing on Windows Security events as the only explicit OS event source, referencing Windows-specific event IDs, and listing 'Windows' as the only device family and OS in enrichment examples. There are no examples or mentions of Linux or macOS event sources, device types, or OSes, and no guidance for integrating non-Windows data. This may lead readers to believe that UEBA is primarily or exclusively for Windows environments.
Recommendations
  • Add explicit mention of Linux and macOS as potential data sources for UEBA, if supported.
  • Provide examples of Linux (e.g., syslog, auditd) and macOS event sources and how to onboard them to Microsoft Sentinel.
  • Include Linux/macOS device types and operating systems in enrichment sample values and tables.
  • Clarify whether non-Windows events are supported or not, and provide guidance for customers with heterogeneous environments.
  • If Linux/macOS are not supported, state this explicitly to set expectations.
GitHub Create Pull Request

Scan History

Date Scan Status Result
2026-01-14 00:00 #250 in_progress Biased Biased
2026-01-13 00:00 #246 completed Biased Biased
2026-01-11 00:00 #240 completed Biased Biased
2026-01-10 00:00 #237 completed Biased Biased
2026-01-09 00:34 #234 completed Biased Biased
2026-01-08 00:53 #231 completed Biased Biased
2026-01-06 18:15 #225 cancelled Clean Clean
2025-09-16 00:00 #113 completed Clean Clean
2025-09-15 00:00 #112 completed Clean Clean
2025-09-14 00:00 #111 completed Clean Clean
2025-09-13 00:00 #110 completed Clean Clean
2025-09-12 00:00 #109 completed Clean Clean
2025-09-11 00:00 #108 completed Clean Clean
2025-09-10 00:00 #107 completed Clean Clean
2025-09-09 00:00 #106 completed Clean Clean
2025-08-17 00:01 #83 cancelled Clean Clean
2025-07-13 21:37 #48 completed Clean Clean
2025-07-12 23:44 #41 cancelled Biased Biased