AjayBathini-MSFT
commented
8 months ago @CNELINN Thanks for your feedback! We will investigate and update as appropriate.
Closed CNELINN closed 7 months ago
AjayBathini-MSFT
commented
8 months ago @CNELINN Thanks for your feedback! We will investigate and update as appropriate.
ManoharLakkoju-MSFT
commented
8 months ago @CNELINN I'm going to assign this to the document author so they can take a look at it accordingly
@cwatson-cat Can you please check and add your comments on this doc update request as applicable.
batamig
commented
8 months ago batamig
commented
7 months ago Hi @CNELINN, thanks for writing into docs.
This type of feedback is best addressed in our Tech Community, where we have experts available to answer product questions, or by opening a support ticket.
I'm going to close this issue for now, but please feel free to continue commenting if you have specific feedback on the docs.
We appreciate your contributions!
https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/sentinel/data-connectors/google-workspace-g-suite-using-azure-functions.md
Currently the above connector works, but is very limited in options.
Options would be an excellent addition to allow us to disable certain types of logs e.g having a configuration value within the function app that sets what types of logs you want to ingest eg
GWorkspace_ReportsAPI_drive_CL=1,GWorkspace_ReportsAPI_mobile_CL=1,GWorkspace_ReportsAPI_token_CL=0Currently we have to disable this whole connector because of large GB of ingestion in to the GWorkspace_ReportsAPI_token_CL table caused by a DLP solution in use within Google Workspace.
We cannot change this table to Basic because it is Custom Classic and cannot edit the function app because it runs as Linux Consumption. Without any kind of configuration options, we cannot re-enable this connector.
Document Details
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.