Use Matching Analytics To Detect Threats

Bias Analysis

Bias Types:

⚠️ windows_first

⚠️ windows_tools

⚠️ missing_linux_example

Summary:

The documentation page demonstrates a Windows bias by listing Windows-specific solutions (e.g., Windows DNS, Windows Firewall) before or more prominently than their Linux equivalents, and by referencing Windows tools and patterns (such as Windows DNS logs and Windows Firewall) without providing equivalent Linux examples or guidance. While Syslog and CEF are mentioned (which are cross-platform), there is a lack of parity in examples or detailed steps for Linux environments, and no Linux-specific tools (such as iptables, nftables, or Linux DNS logs) are referenced.

Recommendations:

Add explicit Linux-focused examples, such as how to ingest and match Linux DNS logs (e.g., from BIND or systemd-resolved) and Linux firewall logs (e.g., iptables, nftables) into Sentinel.
Provide parity in the solution and connector tables by including Linux-specific sources and connectors alongside Windows ones.
When listing data sources or connectors, avoid always listing Windows sources first; alternate or group by platform.
Include screenshots or walkthroughs that show Linux log ingestion and matching analytics, not just Windows-centric examples.
Reference Linux-native tools and patterns where appropriate, and provide guidance for both Windows and Linux environments.

Create pull request

Scan History

Date	Scan ID	Status	Bias Status
2025-09-16 00:00	#113	completed	✅ Clean
2025-09-15 00:00	#112	completed	✅ Clean
2025-09-14 00:00	#111	completed	✅ Clean
2025-09-13 00:00	#110	completed	✅ Clean
2025-09-12 00:00	#109	completed	✅ Clean
2025-09-11 00:00	#108	completed	✅ Clean
2025-08-17 00:01	#83	in_progress	✅ Clean
2025-07-13 21:37	#48	completed	✅ Clean
2025-07-12 23:44	#41	in_progress	❌ Biased

Document Details

About This Page

Bias Analysis

Scan History