How-To: Export your EZCMS Logs to CrowdStrike Falcon

Learn how to export your EZCMS Audit Logs to CrowdStrike Falcon for advanced analysis and monitoring.

Prerequisites

How to Export your Passwordless Onboarding Audit Logs to CrowdStrike Falcon

How To Enable Log Export in EZCMS Portal

  1. Go to your EZCMS portal.

  2. Click on Settings.

    EZCMS Settings

  3. Scroll down to SIEM Connection Settings and enable the Send Alerts to SIEM option.

    EZCMS Send Audit Logs to SIEM checkbox

How to Configure the CrowdStrike Falcon LogScale Exporter

  1. Select CrowdStrike Falcon LogScale as the SIEM Provider.

    Set CrowdStrike Falcon LogScale as the SIEM in EZCMS

  2. In another tab, go to your CrowdStrike Falcon LogScale instance.

  3. Click on the Settings tab.

  4. Select the Ingest Tokens menu.

  5. Click on the Add Token button.

    CrowdStrike Falcon LogScale Tokens

  6. Enter the token name

  7. Assign the json parser and click Create

    CrowdStrike Falcon LogScale Token for your cloud PKI

  8. Copy the token and the ingest host name.

    CrowdStrike Falcon LogScale Token for your cloud PKI

How to Configure the CrowdStrike Falcon LogScale SIEM in EZCMS Portal

  1. Go back to the EZCMS tab.

  2. Paste the ingest host name in the Ingestion Endpoint field.

  3. Paste the token in the Ingestion Token field.

  4. Click the Test Connection button, this will create a test log in your SIEM to make sure EZCMS can write to the SIEM.

    EZCA Settings

  5. If the connection test is successful, click Save changes

    EZCA Settings