Skip to content
Find out how we support MDR.

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=secutec-overview

Secutec integration overview

API Network

You can integrate Secutec SecureDNS with Sophos Central so that it sends alerts to Sophos for analysis.

This page gives you an overview of the integration.

Secutec product overview

Secutec SecureDNS focuses on enhancing network safety and integrity through domain name system (DNS) security. Utilizing a cloud-based platform, Secutec SecureDNS offers centralized management of DNS traffic, scrutinizing and filtering requests to prevent access to malicious or unauthorized domains.

Sophos documents

Integrate Secutec SecureDNS

What we ingest

We ingest all alerts where rpzlist is malware or botnet.

Filtering

We filter messages as follows:

  • We ALLOW only messages that are in the correct format.
  • We DROP messages that aren't in the correct format.

Sample threat mappings

We define the alert type by the field rpzlist.

Sample mappings:

{"alertType": "scam", "threatId": "TA0001", "threatName": "Initial Access"}
{"alertType": "certs", "threatId": "T1573", "threatName": "Encrypted Channel"}
{"alertType": "phishing", "threatId": "T1598.002", "threatName": "Spearphishing Attachment"}

Vendor documentation

Secutec Portal