Document Details

Normalization Develop Parsers
Home / Scan #48 / Normalization Develop Parsers
Sad Tux - Windows bias detected
This page contains Windows bias

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
GitHub View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Detected Bias Types
windows_first
windows_tools
powershell_heavy
Summary
The documentation demonstrates a Windows bias by referencing Windows-specific event sources (e.g., 'Microsoft-Windows-Sysmon'), using Windows-centric terminology and examples (such as EventID, ProcessName, and the Event table), and prioritizing Windows/PowerShell tools for deployment and management (e.g., recommending PowerShell scripts for deleting functions, and referencing Azure portal and PowerShell for ARM template deployment). There is a lack of explicit Linux or cross-platform deployment/testing instructions, and examples focus on Windows event sources or generic KQL, without showing Linux-specific log sources or command-line tools.
Recommendations
  • Include Linux-specific examples, such as parsing logs from common Linux sources (e.g., auth.log, messages, or Linux audit logs) and show how to map these to ASIM schemas.
  • Provide deployment and management instructions using cross-platform tools such as Azure CLI and/or REST API, not just PowerShell and Azure Portal.
  • When referencing event sources or tables, include both Windows and Linux examples (e.g., show Syslog and Windows Event Log side by side).
  • Explicitly mention and provide examples for Linux-based environments in sections discussing log collection, parser development, and testing.
  • If recommending scripts or tools, ensure that Linux-compatible alternatives (e.g., Bash scripts, Azure CLI) are documented alongside PowerShell.
  • Review terminology to ensure it is inclusive of both Windows and Linux environments, avoiding Windows-centric language where possible.
GitHub Create Pull Request

Scan History

Date Scan Status Result
2026-01-14 00:00 #250 in_progress Biased Biased
2026-01-13 00:00 #246 completed Biased Biased
2026-01-11 00:00 #240 completed Biased Biased
2026-01-10 00:00 #237 completed Biased Biased
2026-01-09 00:34 #234 completed Biased Biased
2026-01-08 00:53 #231 completed Biased Biased
2026-01-06 18:15 #225 cancelled Clean Clean
2025-08-17 00:01 #83 cancelled Clean Clean
2025-07-13 21:37 #48 completed Biased Biased
2025-07-12 23:44 #41 cancelled Biased Biased

Flagged Code Snippets

  | invoke _ASIM_ResolveSrcFQDN('Computer')