Secutec integration overview
You can integrate Secutec SecureDNS with Sophos Central so that it sends alerts to Sophos for analysis.
This page gives you an overview of the integration.
Secutec product overview
Secutec SecureDNS focuses on enhancing network safety and integrity through domain name system (DNS) security. Utilizing a cloud-based platform, Secutec SecureDNS offers centralized management of DNS traffic, scrutinizing and filtering requests to prevent access to malicious or unauthorized domains.
Sophos documents
What we ingest
We ingest all alerts where rpzlist
is malware
or botnet
.
Filtering
We filter messages as follows:
- We ALLOW only messages that are in the correct format.
- We DROP messages that aren't in the correct format.
Sample threat mappings
We define the alert type by the field rpzlist
.
Sample mappings:
{"alertType": "scam", "threatId": "TA0001", "threatName": "Initial Access"}
{"alertType": "certs", "threatId": "T1573", "threatName": "Encrypted Channel"}
{"alertType": "phishing", "threatId": "T1598.002", "threatName": "Spearphishing Attachment"}