Forum Discussion

Daniel_Iten's avatar
Daniel_Iten
Copper Contributor
May 03, 2022

Disabling the Azure Activity Sentinel connector

Hi all,

I have an issue with the amount of logs the Azure Activity connector is ingesting into sentinel, and I'd like to disable it so that i could review what subscriptions i want to have in my sentinel . Now I know that i do that by disabling the diagnostic Settings on my resources, however I do not know how do so en masse, since I have a lot of resources.

Is there any way to disable the connector for all resources? via policy or any other way?

Thanks

  • GaryBushey's avatar
    GaryBushey
    Bronze Contributor
    You could probably use a policy to Modify and remove a property (in this case the logging), but a policy would only trigger when a resource is added/updated so it would not help you much.

    Maybe a PowerShell program that iterates through all the resources in a subscription and removes the logging if it is present would work better for you.
    • Jonhed's avatar
      Jonhed
      Steel Contributor

      Is the Azure Activity logs not configured solely on a subscription level though?
      So you should only need to remove the diagnostic settings once per subscription.

      The diagnostics settings on a resource level map to other connectors such as Azure Firewall, Azure Key Vault etc if I am not mistaken.

Resources