Turn off diagnostic data for Elastic Defend
Stop producing diagnostic data for Elastic defend by configuring your integration policy.
By default, Elastic Defend streams diagnostic data to your cluster, which Elastic uses to tune protection features. You can stop producing this diagnostic data by configuring the advanced settings in the Elastic Defend integration policy.
Note
Elastic Security also collects usage telemetry, which includes Elastic Defend diagnostic data. You can modify telemetry preferences in Advanced Settings.
- Go to Assets → Endpoints to view the Endpoints list.
- Locate the endpoint for which you want to disable diagnostic data, then click the integration policy in the Policy column.
- Scroll down to the bottom of the policy and click Show advanced settings.
- Enter
false
for these settings:windows.advanced.diagnostic.enabled
linux.advanced.diagnostic.enabled
mac.advanced.diagnostic.enabled
- Click Save.