How-To: Export your EZMonitor SSL Monitoring Logs to Kafka

EZMonitor enables your security team to monitor critical user actions and SSL alerts by pushing the information to your SIEM. In this page we will show you how to connect your SSL Monitoring logs to Kafka.

Prerequisites

  1. The Keytos Entra ID application is registered in your tenant
  2. You have an active EZMonitor plan

How To Export Your EZMonitor SSL Monitoring Logs To Kafka

How To Enable Log Export in EZMonitor Portal

  1. Navigate to the EZMonitor Portal.

  2. Click on Settings.

    EZMonitor SSL Monitoring left navigation sidebar with Settings menu item highlighted in red

  3. Expand your subscription’s Advanced Settings.

    EZMonitor SSL Monitoring subscription settings page showing Advanced Settings collapsible section with expand arrow highlighted

  4. Enable the Send Alerts to SIEM option.

    EZMonitor SSL Monitoring Connect to SIEM section with Send Alerts to SIEM checkbox highlighted in red

How To Configure Kafka Logs in the Kafka Portal

  1. Open your Kafka instance in another window.

  2. Identify your Kafka topic name and note it down.

  3. Verify authentication support:
    Ensure your Kafka server supports Plaintext SASL Authentication.

  4. Gather credentials:
    Note the SASL username and password required for authentication.

How To Configure the Kafka SIEM in EZMonitor

  1. Now go back to the EZMonitor Portal.

  2. Select Kafka as the SIEM Provider.

    Set Kafka as the SIEM in EZMonitor

  3. Input the values that you copied from the Kafka portal. Then, click Test Connection. This will create a test log in your Kafka SIEM (please allow a few minutes for the log to show up in the Kafka portal).

    Kafka Paste Values and Test Connection

  4. If the connection test is successful, click Save changes.

    EZMonitor Settings Save Changes

  5. Done! EZMonitor will now send your security alerts to your SIEM. If an error occurs it will email your subscription administrators.