How-To: Export your EZCMS Logs to CloudWatch

Prerequisites

• The Keytos Entra ID application is registered in your tenant
• You have an active EZCMS plan

How To Export Your EZCMS Audit Logs To CloudWatch

How To Enable Log Export in EZCMS Portal

1. Go to your EZCMS portal.

2. Click on Settings.

   

3. Scroll down to SIEM Connection Settings and enable the Send Alerts to SIEM option.

   

How To Configure CloudWatch Logs in the CloudWatch Portal

1. Open your CloudWatch Portal in a new browser tab.

2. In the top right corner, locate your AWS Region and make a note of it.

   

3. From the left-hand menu, under Setup, click on Settings.

   

4. Go to the Logs tab. In the API Keys section, click Create.

   

5. Choose your preferred API key expiration, then click Generate.

   

6. After the key is generated, copy and save it immediately. You will not be able to view it again after leaving this page.

   

7. Navigate to Log Management under Logs in the left-hand menu. Select the Log Group where you want to deliver your logs.

   

8. Click the Actions dropdown, then select Edit bearer token authentication.

   

9. When prompted, enable bearer token authentication by selecting Yes.

   

10. Confirm that bearer token authentication is enabled.

    

11. Identify and note the log stream where you want your logs delivered.

    

How To Configure the CloudWatch SIEM in EZCMS Portal

1. Now go back to the EZCMS Portal.

2. Select CloudWatch as the SIEM Provider.

   

3. Input the values that you copied from the CloudWatch portal. Then, click Test Connection. This will create a test log in your CloudWatch SIEM (please allow a few minutes for the log to show up in the CloudWatch portal).

   

4. If the connection test is successful, click Save Changes.

   

5. EZCMS will now send your security alerts to your SIEM. If an error occurs it will email your subscription administrators.