SIEM Integrations¶
Parapet Security integrates with all major SIEM platforms via webhook. Our AI normalization means you don't need custom parsers - just point your SIEM at our endpoint.
Supported Platforms¶
-
Wazuh
Open-source security monitoring with native webhook support.
-
Elastic SIEM
Elastic Security with webhook connector integration.
-
CrowdStrike Falcon
Next-gen endpoint protection with streaming API.
-
Microsoft Sentinel
Cloud-native SIEM with Logic Apps automation.
-
Splunk
Enterprise SIEM with alert action integration.
How It Works¶
All integrations follow the same pattern:
graph LR
A[Your SIEM] -->|Webhook POST| B[Parapet Endpoint]
B -->|AI Processing| C[Normalized Alert]
C --> D[Dashboard & Notifications]- Configure your SIEM to send alerts via webhook
- Authenticate using a Bearer token from Parapet Security
- Receive triaged alerts in your dashboard
Integration Comparison¶
| Platform | Setup Complexity | Native Webhook | Filtering |
|---|---|---|---|
| Wazuh | Easy | Yes | By rule level |
| Elastic SIEM | Medium | Via connector | By detection rule |
| CrowdStrike | Medium | Via streaming API | By detection type |
| Microsoft Sentinel | Medium | Via Logic Apps | By analytics rule |
| Splunk | Easy | Yes | By alert |
Before You Start¶
Make sure you have:
- A Parapet Security account (sign up)
- A service token (generate one)
- Admin access to your SIEM platform
Need a Different Platform?¶
Parapet Security's AI can normalize alerts from any source. If your SIEM isn't listed:
- Check if it supports webhook/HTTP destinations
- Configure it to POST JSON to your Parapet webhook URL
- Include your Bearer token in the Authorization header
The AI will automatically understand and triage your alerts.
For custom integrations or enterprise setups, contact support@parapetsecurity.com.