Turn off diagnostic data for Elastic Defend

Stop producing diagnostic data for Elastic defend by configuring your integration policy.

By default, Elastic Defend streams diagnostic data to your cluster, which Elastic uses to tune protection features. You can stop producing this diagnostic data by configuring the advanced settings in the Elastic Defend integration policy.


Elastic Security also collects usage telemetry, which includes Elastic Defend diagnostic data. You can modify telemetry preferences in Advanced Settings.

  1. Go to AssetsEndpoints to view the Endpoints list.
  2. Locate the endpoint for which you want to disable diagnostic data, then click the integration policy in the Policy column.
  3. Scroll down to the bottom of the policy and click Show advanced settings.
  4. Enter false for these settings:
    • windows.advanced.diagnostic.enabled
    • linux.advanced.diagnostic.enabled
    • mac.advanced.diagnostic.enabled
  5. Click Save.

On this page