"USOM" is a cyber intelligence sharing platform provided by Turkey's government. USOM publishes malicious sites when it detected so that this project ensures that the list is stored in the reference set and kept up to date in order to be used in QRadar rules.
The project doesn't need any dependencies, just run the following command on the QRadar CLI as root.
bash <(curl -s https://raw.githubusercontent.com/semsaksoy/qradar_usom/master/usom_install.sh)
This installation script will download the usom update script and add it to the cron so that it runs on an hourly basis.
Reference data view
Rule conditions
Rule response
Offense view
Events view
Scripts are not official IBM solutions. IBM highlights Modified (YUM) is not supported through all other installations of non-QRadar software modules, RPMs, or Yellowdog Updater. Use at your own risk.