RE: How to disconnect a data connector

Brass Contributor

Hello to all,


Is there a way to disconnect a data connector?


For example, if I wanted to disconnect Amazon Web Services OR Fortinet data connector (from the Microsoft Sentinel) or Azure side, what is the best approach or practice for this?

3 Replies
It really depends on the data connector. For something like Fortinet, you can turn off the Linux box that sends the CEF data. After a while, the data connector will not show as connected anymore.
Hi @GBushey,

Yes, regarding Fortinet, actually doing that. Understand from 'outside' of Sentinel, such as turning off the Linux server but wondered what was available from an Azure or Sentinel perspective.

I did see there is a Powershell module for Sentinel. Can you delete, disable or disconnect using command functions in there?

Sorry, I have just not had a chance to delve into it yet.

I hope Microsoft start to provide more guidance in this domain.
While Microsoft offers a vast library of commands for Sentinel, removing a data connector remains surprisingly cumbersome. The current process requires manually locating all data sources within diagnostics and disabling them individually. This is not only inconvenient but can also be problematic when dealing with large deployments.

Here's why the current method falls short:

Time-consuming: Manually disabling data sources for each connector is a tedious and inefficient process, especially for large deployments.

Error-prone: Manually navigating through diagnostics increases the risk of overlooking data sources, leading to incomplete connector removal and potential security concerns.

Lack of automation: The absence of a dedicated command for removing connectors hinders automation efforts and prevents streamlined workflows.

This lack of a direct removal method is a significant pain point for Sentinel users, and it's crucial for Microsoft to address this issue. A dedicated command would streamline connector removal, improve efficiency, and reduce the risk of errors.

Adding to the frustration, the provided link ( doesn't offer any information on connector removal, further highlighting the lack of resources available for this essential task.

I urge Microsoft to prioritize this issue and provide a more user-friendly solution for removing data connectors in Sentinel. This will significantly enhance the overall user experience and make managing Sentinel deployments more efficient and secure.