diff --git a/bitwarden_license/bit-common/src/dirt/organization-integrations/models/integration-configuration-config/configuration-template/hec-template.ts b/bitwarden_license/bit-common/src/dirt/organization-integrations/models/integration-configuration-config/configuration-template/hec-template.ts
index 27d71f29e59..a3a2df57f38 100644
--- a/bitwarden_license/bit-common/src/dirt/organization-integrations/models/integration-configuration-config/configuration-template/hec-template.ts
+++ b/bitwarden_license/bit-common/src/dirt/organization-integrations/models/integration-configuration-config/configuration-template/hec-template.ts
@@ -2,8 +2,6 @@ import { OrgIntegrationTemplate } from "../../integration-builder";
 import { OrganizationIntegrationServiceName } from "../../organization-integration-service-type";
 
 export class HecTemplate implements OrgIntegrationTemplate {
-  event = "#EventMessage#";
-  source = "Bitwarden";
   index: string;
   bw_serviceName: OrganizationIntegrationServiceName;
 
@@ -12,12 +10,54 @@ export class HecTemplate implements OrgIntegrationTemplate {
     this.bw_serviceName = service;
   }
 
-  toString(): string {
-    return JSON.stringify({
-      Event: this.event,
-      Source: this.source,
-      Index: this.index,
+  private toJSON() {
+    const template: Record<string, any> = {
       bw_serviceName: this.bw_serviceName,
-    });
+      source: "bitwarden",
+      service: "event-logs",
+      event: {
+        object: "event",
+        type: "#Type#",
+        itemId: "#CipherId#",
+        collectionId: "#CollectionId#",
+        groupId: "#GroupId#",
+        policyId: "#PolicyId#",
+        memberId: "#UserId#",
+        actingUserId: "#ActingUserId#",
+        installationId: "#InstallationId#",
+        date: "#DateIso8601#",
+        device: "#DeviceType#",
+        ipAddress: "#IpAddress#",
+        secretId: "#SecretId#",
+        projectId: "#ProjectId#",
+        serviceAccountId: "#ServiceAccountId#",
+      },
+      enrichment_details: {
+        actingUser: {
+          name: "#ActingUserName#",
+          email: "#ActingUserEmail#",
+          type: "#ActingUserType#",
+        },
+        member: {
+          name: "#UserName#",
+          email: "#UserEmail#",
+          type: "#UserType#",
+        },
+        group: {
+          name: "#GroupName#",
+        },
+      },
+    };
+
+    // Only include index if it's provided
+    if (this.index && this.index.trim() !== "") {
+      template.index = this.index;
+    }
+
+    return template;
+  }
+
+  toString(): string {
+    return JSON.stringify(this.toJSON());
   }
 }
diff --git a/libs/common/src/enums/feature-flag.enum.ts b/libs/common/src/enums/feature-flag.enum.ts
index ab8fe5decd8..4ba70665f5d 100644
--- a/libs/common/src/enums/feature-flag.enum.ts
+++ b/libs/common/src/enums/feature-flag.enum.ts
@@ -55,6 +55,7 @@ export enum FeatureFlag {
 
   /* DIRT */
   EventManagementForDataDogAndCrowdStrike = "event-management-for-datadog-and-crowdstrike",
+  EventManagementForHuntress = "event-management-for-huntress",
   PhishingDetection = "phishing-detection",
 
   /* Vault */
@@ -116,6 +117,7 @@ export const DefaultFeatureFlagValue = {
 
   /* DIRT */
   [FeatureFlag.EventManagementForDataDogAndCrowdStrike]: FALSE,
+  [FeatureFlag.EventManagementForHuntress]: FALSE,
   [FeatureFlag.PhishingDetection]: FALSE,
 
   /* Vault */