How-To: Export your EZCMS Logs to Huntress

EZCMS enables your security team to monitor critical user actions by pushing the information to your SIEM. In this page we will show you how to connect your EZCMS logs to Huntress.

Prerequisites

How To Export Your EZCMS Audit Logs To Huntress

How To Enable Log Export in EZCMS Portal

  1. Go to your EZCMS portal.

  2. Click on Settings.

    EZCMS Settings

  3. Scroll down to SIEM Connection Settings and enable the Send Alerts to SIEM option.

    EZCMS Send Audit Logs to SIEM checkbox

How To Configure the Huntress Exporter in the Huntress Portal

  1. In another tab, go to your Huntress instance.

  2. Click on the SIEM menu. Then, click Source Management.

    Huntress Source Management

  3. Click Add Source. Then, click Generic HEC (HTTP Event Collector).

    Huntress Source Management HTTP Event Collector

  4. Click + Add to add a new HEC.

    Huntress Configure Generic HEC Add HEC

  5. Add an Organization, Name, and optional Description. Then, click Save.

    Huntress Configure Generic HEC

  6. After the HEC is created, copy the HTTP Event Collector URL and the HTTP Event Collector Token.

    Huntress Generic HEC Details

How To Configure the Huntress SIEM in EZCMS Portal

  1. Now go back to the EZCMS Portal.

  2. Select Huntress as the SIEM Provider.

    Set Huntress as the SIEM in EZCMS

  3. Input the values that you copied from the Huntress portal. Then, click Test Connection. This will create a test log in your Huntress SIEM (please allow a few minutes for the log to show up in the Huntress portal).

    Huntress Paste Values and Test Connection

  4. If the connection test is successful, click Save Changes.

    EZCMS SIEM Settings Save Changes

  5. EZCMS will now send your security alerts to your SIEM. If an error occurs it will email your subscription administrators.