May 03 2022 01:22 AM
Hi all,
I have an issue with the amount of logs the Azure Activity connector is ingesting into sentinel, and I'd like to disable it so that i could review what subscriptions i want to have in my sentinel . Now I know that i do that by disabling the diagnostic Settings on my resources, however I do not know how do so en masse, since I have a lot of resources.
Is there any way to disable the connector for all resources? via policy or any other way?
Thanks
May 03 2022 04:04 AM
May 03 2022 06:13 AM - edited May 03 2022 06:16 AM
Is the Azure Activity logs not configured solely on a subscription level though?
So you should only need to remove the diagnostic settings once per subscription.
The diagnostics settings on a resource level map to other connectors such as Azure Firewall, Azure Key Vault etc if I am not mistaken.