Alerts Not Arriving¶
If alerts from your SIEM aren't appearing in Parapet Security, follow this troubleshooting guide.
Quick Checks¶
- Verify your webhook URL - Ensure it matches exactly what's shown in Settings (1)
- Check SIEM connectivity - Can your SIEM reach
webhook-{region}.parapetsecurity.com? - Review SIEM logs - Look for webhook delivery errors
- Check alert threshold - Is your SIEM configured to send alerts at the right severity level?
- A common mistake is including a trailing slash. The URL should end with your tenant ID, not
/.
Step-by-Step Diagnosis¶
Step 1: Verify Webhook URL¶
- Go to Settings → Service Tokens
- Compare the webhook URL with your SIEM configuration
- URL format should be:
Common Mistakes
- Extra trailing slash (
/webhook/abc123/vs/webhook/abc123) - HTTP instead of HTTPS
- Wrong region (
usvseu) - Typos in tenant ID
Step 2: Verify Token¶
- In Settings → Service Tokens, check:
- Token exists
- Token isn't expired
-
Token hasn't been revoked
-
Try generating a new token and updating your SIEM
Step 3: Test Connectivity¶
From your SIEM server, test the connection:
curl -X POST https://webhook-us.parapetsecurity.com/webhook/{tenant-id} \
-H "Authorization: Bearer pst_YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"source": "test", "message": "connectivity test"}'
Expected response:
If you get an error, see the table below.
Step 4: Check SIEM Logs¶
Look for webhook delivery logs in your SIEM:
Step 5: Verify SIEM Is Generating Alerts¶
Ensure alerts are being generated in your SIEM before the webhook:
Common Error Responses¶
| Status Code | Meaning | Solution |
|---|---|---|
401 | Invalid or missing token | Check Authorization header format |
403 | Token revoked or wrong tenant | Regenerate token, verify webhook URL |
404 | Invalid tenant ID | Double-check your webhook URL |
429 | Rate limited | You've exceeded your plan's alert limit |
500 | Server error | Contact support if persistent |
| Timeout | Network issue | Check firewall rules |
Firewall Configuration¶
Ensure your SIEM can reach these endpoints:
| Endpoint | Port | Purpose |
|---|---|---|
webhook-us.parapetsecurity.com | 443 | Alert ingestion (NA) |
webhook-eu.parapetsecurity.com | 443 | Alert ingestion (EU) |
On-premises SIEM?
If your SIEM is behind a corporate firewall, you may need to allowlist our IP ranges. Contact support for the current list.
Check Your Plan Limits¶
Free and Starter plans have daily alert limits:
| Plan | Monthly Alerts | What Happens at Limit |
|---|---|---|
| Starter | 1,000 | Alerts queued until reset |
| Professional | 5,000 | Alerts queued until reset |
| Team | 20,000 | Soft limit with warning |
View your current usage: Settings → Account & Billing
Common Scenarios¶
Alerts Worked Before, Now Stopped¶
- Token expired - Check token expiry, regenerate if needed
- Plan limit reached - Check usage in billing
- SIEM updated - Check if SIEM update changed webhook config
- Network change - Firewall rules may have changed
Some Alerts Arrive, Others Don't¶
- Severity threshold - Check SIEM is sending all severities
- Rate limiting - High volume may trigger limits
- Filtering rules - Check SIEM alert forwarding rules
Test Alert Works, Real Alerts Don't¶
- Alert format - Your test may differ from real alerts
- Integration script - Check for errors in custom scripts
- Alert rules - Ensure SIEM rules are triggering
Advanced Diagnostics¶
Check DNS Resolution¶
Should return valid IPs.
Check TLS Connectivity¶
Should show certificate chain and "Verify return code: 0 (ok)".
Check Response Headers¶
curl -v -X POST https://webhook-us.parapetsecurity.com/webhook/{tenant-id} \
-H "Authorization: Bearer pst_YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"test": true}' 2>&1 | grep -E "^< "
Look for unusual headers or error messages.
Still Having Issues?¶
- Enable debug logging in your SIEM
- Capture the full HTTP request and response
- Send the details to support@parapetsecurity.com
Include:
- Your tenant ID (first 8 characters only)
- SIEM platform and version
- HTTP response code and body
- Timestamp of the issue