You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/security-center/faq-data-collection-agents.md
+18-5Lines changed: 18 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -63,6 +63,14 @@ The location of the default workspace depends on your Azure region:
63
63
- For VMs in Australia, the workspace location is Australia
64
64
65
65
66
+
## What data is collected by the Log Analytics agent?
67
+
68
+
For a full list of the applications and services monitored by the agent, see [What is monitored by Azure Monitor?](https://docs.microsoft.com/azure/azure-monitor/monitor-reference#azure-services).
69
+
70
+
> [!IMPORTANT]
71
+
> Note that for some services, such as Azure Firewall, if you have enabled logging and chosen a chatty resource to log (for example, setting the log to *verbose*) you may see significant impacts on your Log Analytics workspace storage needs.
72
+
73
+
66
74
## Can I delete the default workspaces created by Security Center?
67
75
68
76
**Deleting the default workspace is not recommended.** Security Center uses the default workspaces to store security data from your VMs. If you delete a workspace, Security Center is unable to collect this data and some security recommendations and alerts are unavailable.
@@ -197,9 +205,17 @@ To manually remove the agent:
197
205
198
206
## How do I disable data collection?
199
207
200
-
Automatic provisioning is off by default. You can disable automatic provisioning from resources at any time by turning off this setting in the security policy. Automatic provisioning is highly recommended in order to get security alerts and recommendations about system updates, OS vulnerabilities, and endpoint protection.
208
+
Automatic provisioning is highly recommended in order to get security alerts and recommendations about system updates, OS vulnerabilities, and endpoint protection. By default, auto-provisioning is disabled.
209
+
210
+
If you've enabled it but now want to disable it:
201
211
202
-
To disable data collection, [Sign in to the Azure portal](https://portal.azure.com), select **Browse**, select **Security Center**, and select **Select policy**. Select the subscription that you wish to disable automatic provisioning. When you select a subscription **Security policy - Data collection** opens. Under **Auto provisioning**, select **Off**.
212
+
1. From [the Azure portal](https://portal.azure.com), open **Security Center** and select **Security policy**.
213
+
214
+
1. Select the subscription on which you want to disable automatic provisioning.
215
+
216
+
**Security policy - Data collection** opens.
217
+
218
+
1. Under **Auto provisioning**, select **Off**.
203
219
204
220
205
221
## How do I enable data collection?
@@ -229,9 +245,6 @@ To collect the data, each VM and server must connect to the Internet using HTTPS
229
245
The agent consumes a nominal amount of system resources and should have little impact on the performance. For more information on performance impact and the agent and extension, see the [planning and operations guide](security-center-planning-and-operations-guide.md#data-collection-and-storage).
230
246
231
247
232
-
## Where is my data stored?
233
-
234
-
Data collected from this agent is stored in either an existing Log Analytics workspace associated with your subscription or a new workspace. For more information, see [Data Security](security-center-data-security.md).
0 commit comments