Disabling the Azure Activity Sentinel connector

Daniel_Iten · ‎May 03 2022

Hi all,

I have an issue with the amount of logs the Azure Activity connector is ingesting into sentinel, and I'd like to disable it so that i could review what subscriptions i want to have in my sentinel . Now I know that i do that by disabling the diagnostic Settings on my resources, however I do not know how do so en masse, since I have a lot of resources.

Is there any way to disable the connector for all resources? via policy or any other way?

Thanks

Gary Bushey · ‎May 03 2022

You could probably use a policy to Modify and remove a property (in this case the logging), but a policy would only trigger when a resource is added/updated so it would not help you much.

Maybe a PowerShell program that iterates through all the resources in a subscription and removes the logging if it is present would work better for you.

Jonhed · ‎May 03 2022

Is the Azure Activity logs not configured solely on a subscription level though?
So you should only need to remove the diagnostic settings once per subscription.

The diagnostics settings on a resource level map to other connectors such as Azure Firewall, Azure Key Vault etc if I am not mistaken.

Disabling the Azure Activity Sentinel connector

Disabling the Azure Activity Sentinel connector

Re: Disabling the Azure Activity Sentinel connector

Re: Disabling the Azure Activity Sentinel connector

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Disabling the Azure Activity Sentinel connector