Turn off Endpoint Security diagnostic dataedit

By default, Endpoint Security streams diagnostic data to your cluster, which Elastic uses to tune protection features. You can stop producing this diagnostic data by configuring the advanced settings in the Endpoint Security integration policy.

Kibana also collects usage telemetry, which includes Endpoint Security diagnostic data. You can control telemetry in Advanced Settings.

  1. In the Elastic Security app, go to ManageEndpoints to view the Endpoints list.
  2. Locate the endpoint for which you want to disable diagnostic data, then click the integration policy in the Policy column.
  3. Scroll down to the bottom of the policy and click Show advanced settings.
  4. Enter false for these settings:

    • windows.advanced.diagnostic.enabled
    • linux.advanced.diagnostic.enabled
    • mac.advanced.diagnostic.enabled
  5. Click Save.