How to delete sentinel

Brass Contributor

Hi Team,

I have created one sentinel and connected to ALA in LAB. Now i want to remove them.

So could anyone help me how to delete sentinel from subscription.

 

And one more thing if anyone can shed any link or other stuff to configure sentinel in production.

I have gone through MS blogs however it would be great if i will have something for deep-dive.

 

Thanks in advance! 

5 Replies

@GouravIN you cannot delete Sentinel itself, but you can delete the Log Analytics workspaces associated with it to accomplish pretty much the same thing

@GouravIN 

 

You should probably removed any Data Connectors you added in Sentinel.  Also I assume the workspace was created for especially for Sentinel and only for Sentinel to use, if not deleting might not be the best idea.

Hi Both,

 

Thanks for the valuable reply.

I have connected sentinel with my centralized ALA that are monitoring and collection logs from five different subscription. 

So deletion of ALA is not at all feasible here, I guess now i have to live with this unwanted piece.

 

It would be great if MS will think about deletion option of ALA too.

@GouravIN  I don't know if I understood correctly your question, anyway Sentinel is a solution in Log Analytics terms, so to disable Sentinal for that workspace you just have to remove the Sentinel solution:

  1. Select “Workspace settings”
  2. Select “Solutions”
  3. Select the SecurityInsights solutions
  4. Use the delete button at the top