Forum Discussion
Azure Activity Data Connector
Hi All,
My organization is currently working to stand up Sentinel and we are implementing our data connectors. However, we are unable to enable the Azure Activity data connector. All policies are written correctly and should be sending to Sentinel, but it is saying not connected.
Any recommendations?
8 Replies
- Hi All,
I am looking to get away from the legacy method and connect via the new method. Does anyone know what permissions are needed for the policy to take affect? I have written the policy, but the logs are not being sent over and ingested by Sentinel. You can manually export the Activity Log to Log Analytics. This is what the remediate task does.
https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log?tabs=powershell#send-to-log-analytics-workspace
tungdra I've noticed that during deployment Azure have created Remediation task for Azure Activity connector along with service principal and rights in log analytics + subscription right in IAM.
Do you think it can be removed? Or data ingestion will stop after removal?
How long have you waited so far, it can sometimes take an hour or more?
Have you actually checked to see if data is being sent - I've seen cases where its shown as "not connected" but you do get data?
- We've attempted to do this a few times over the past few weeks with no success. We've put the policy in place and waited over the period of time that has been suggested, but still no connection.
- Did you do the remediation task ok? There is a step by step walkthrough here:
https://intothecloudverse.com/2021/08/24/azure-activity-data-connector-for-azure-sentinel-issue-and-solution/
