Forum Discussion
Azure Activity data collector with Azure Policy : data is not ingested
- I finally found out what the problem was. I had forgotten to enable a remediation during the policy creation. ow it works.
PhilippeAugras I think that it makes sense that there is no ressources associated, because the policy is applied to the subscription only and not specific resources.
So if you go to the subscription for which you applied the policy, then choose "Activity Logs" and then choose "Diagnostic Settings" in the top of the window, you should be able to see the diagnostic settings from the subscription is being sent to sentinel.
It seems like you expect all resources in the subscription to have their diagnostic settings updated (please correct me if im wrong). Only the chosen subscription's diagnostic settings will be set.
Bonus: if you want to have multiple subscriptions set, you need to create a management group, and assign the policy to a group containing multiple subscriptions.
- I was having issues with the Azure Activity connector not 'connecting' and it was due to the fact that I assigned the policy to the sub and the rg. I cretaed a new one assigned only to the subscription and after about 10 minutes it connected.
