Document Details

Normalization Content
Home / Scan #48 / Normalization Content
Sad Tux - Windows bias detected
This page contains Windows bias

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
GitHub View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Detected Bias Types
windows_tools
powershell_heavy
missing_linux_example
windows_first
Summary
The documentation page demonstrates a Windows bias by focusing heavily on Windows-specific tools, commands, and attack techniques (such as rundll32.exe, PowerShell, Certutil, Exchange PowerShell Snapin, and Windows System Shutdown/Reboot). Many hunting queries and analytic rules reference Windows-centric binaries and behaviors, with little to no mention of Linux or cross-platform equivalents. There are no explicit Linux examples or references to Linux-specific threats, tools, or command-line patterns. This may leave Linux users without clear guidance or parity in threat detection and hunting.
Recommendations
  • Add Linux-specific examples and hunting queries, such as detections for common Linux persistence or privilege escalation techniques (e.g., cron jobs, systemd service abuse, SSH key misuse).
  • Include analytic rules and hunting queries that reference Linux-native tools and binaries (e.g., bash, systemctl, sudo, /etc/passwd modifications).
  • Balance the documentation by providing both Windows and Linux perspectives for each content area (process, file, registry, network, etc.), or explicitly state if a given rule is Windows-only.
  • Highlight cross-platform detection strategies where possible, and clarify which rules are applicable to Linux, macOS, or other operating systems.
  • Consider adding a section or table summarizing OS coverage for each analytic rule and hunting query.
GitHub Create Pull Request

Scan History

Date Scan Status Result
2026-01-14 00:00 #250 in_progress Biased Biased
2026-01-13 00:00 #246 completed Biased Biased
2026-01-11 00:00 #240 completed Biased Biased
2026-01-10 00:00 #237 completed Biased Biased
2026-01-09 00:34 #234 completed Clean Clean
2026-01-08 00:53 #231 completed Biased Biased
2026-01-06 18:15 #225 cancelled Clean Clean
2025-08-17 00:01 #83 cancelled Clean Clean
2025-07-13 21:37 #48 completed Biased Biased
2025-07-12 23:44 #41 cancelled Biased Biased