How-To: Export your EZCMS Logs to Huntress

Prerequisites

• The Keytos Entra ID application is registered in your tenant
• You have an active EZCMS plan

How To Export Your EZCMS Audit Logs To Huntress

How To Enable Log Export in EZCMS Portal

1. Go to your EZCMS portal.

2. Click on Settings.

   

3. Scroll down to SIEM Connection Settings and enable the Send Alerts to SIEM option.

   

How To Configure the Huntress Exporter in the Huntress Portal

1. In another tab, go to your Huntress instance.

2. Click on the SIEM menu. Then, click Source Management.

   

3. Click Add Source. Then, click Generic HEC (HTTP Event Collector).

   

4. Click + Add to add a new HEC.

   

5. Add an Organization, Name, and optional Description. Then, click Save.

   

6. After the HEC is created, copy the HTTP Event Collector URL and the HTTP Event Collector Token.

   

How To Configure the Huntress SIEM in EZCMS Portal

1. Now go back to the EZCMS Portal.

2. Select Huntress as the SIEM Provider.

   

3. Input the values that you copied from the Huntress portal. Then, click Test Connection. This will create a test log in your Huntress SIEM (please allow a few minutes for the log to show up in the Huntress portal).

   

4. If the connection test is successful, click Save Changes.

   

5. EZCMS will now send your security alerts to your SIEM. If an error occurs it will email your subscription administrators.