Turn off diagnostic data for Endpoint and Cloud Security

edit

By default, Endpoint and Cloud Security streams diagnostic data to your cluster, which Elastic uses to tune protection features. You can stop producing this diagnostic data by configuring the advanced settings in the Endpoint and Cloud Security integration policy.

Kibana also collects usage telemetry, which includes Endpoint and Cloud Security diagnostic data. You can modify telemetry preferences in Advanced Settings.

  1. In the Elastic Security app, go to ManageEndpoints to view the Endpoints list.
  2. Locate the endpoint for which you want to disable diagnostic data, then click the integration policy in the Policy column.
  3. Scroll down to the bottom of the policy and click Show advanced settings.
  4. Enter false for these settings:

    • windows.advanced.diagnostic.enabled
    • linux.advanced.diagnostic.enabled
    • mac.advanced.diagnostic.enabled
  5. Click Save.