Sep 22 2022 10:04 AM
Hi All,
My organization is currently working to stand up Sentinel and we are implementing our data connectors. However, we are unable to enable the Azure Activity data connector. All policies are written correctly and should be sending to Sentinel, but it is saying not connected.
Any recommendations?
Sep 22 2022 10:12 AM
How long have you waited so far, it can sometimes take an hour or more?
Have you actually checked to see if data is being sent - I've seen cases where its shown as "not connected" but you do get data?
Sep 22 2022 10:33 AM
Sep 22 2022 11:21 AM
Sep 22 2022 01:32 PM
Sep 22 2022 08:41 PM
You can manually export the Activity Log to Log Analytics. This is what the remediate task does.
Sep 23 2022 03:38 AM
Check if your policy scope is the resource group instead of the subscription. I made that mistake the first time deploying the connector in a similar situation than the one described.
For it to work, the scope must be the susbscription.
Hope this helps.
Sep 27 2022 08:15 AM
Apr 05 2023 06:12 AM
@tungdra I've noticed that during deployment Azure have created Remediation task for Azure Activity connector along with service principal and rights in log analytics + subscription right in IAM.
Do you think it can be removed? Or data ingestion will stop after removal?