Turn off diagnostic data for Elastic Defend

edit

[preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.

By default, Elastic Defend streams diagnostic data to your cluster, which Elastic uses to tune protection features. You can stop producing this diagnostic data by configuring the advanced settings in the Elastic Defend integration policy.

Elastic Security also collects usage telemetry, which includes Elastic Defend diagnostic data. You can modify telemetry preferences in Advanced Settings.

  1. Go to AssetsEndpoints to view the Endpoints list.
  2. Locate the endpoint for which you want to disable diagnostic data, then click the integration policy in the Policy column.
  3. Scroll down to the bottom of the policy and click Show advanced settings.
  4. Enter false for these settings:

    • windows.advanced.diagnostic.enabled
    • linux.advanced.diagnostic.enabled
    • mac.advanced.diagnostic.enabled
  5. Click Save.