SEKOIA-IO · CharlesLR-sekoia · Dec 3, 2025 · Dec 3, 2025 · Dec 3, 2025 · Dec 3, 2025
diff --git a/GoogleThreatIntelligence/CHANGELOG.md b/GoogleThreatIntelligence/CHANGELOG.md
@@ -0,0 +1,32 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## Unreleased
+
+## 2025-12-21 - 0.1.4
+
+### Fixed
+
+- Get Vulnerability Report: infinite loop with edge cases.
+
+## 2025-12-19 - 0.1.3
+
+### Fixed
+
+- Add proxy support
+
+## 2025-12-19 - 0.1.2
+
+### Fixed
+
+- Get Vulnerability Report: Extract all available fields from VT API response including counters, risk_rating, exploitation_state, exploit_availability, and other critical fields that were previously missing
+
+## 2025-12-18 - 0.1.1
+
+### Fixed
+
+- Remove validation patterns as not working with jinja templates inputs
diff --git a/GoogleThreatIntelligence/Dockerfile b/GoogleThreatIntelligence/Dockerfile
@@ -0,0 +1,16 @@
+FROM python:3.11
+
+WORKDIR /app
+
+RUN pip install poetry
+
+# Install dependencies
+COPY poetry.lock pyproject.toml /app/
+RUN poetry config virtualenvs.create false && poetry install --only main
+
+COPY . .
+
+RUN useradd -ms /bin/bash sekoiaio-runtime
+USER sekoiaio-runtime
+
+ENTRYPOINT [ "python", "./main.py" ]
diff --git a/GoogleThreatIntelligence/action_get_comments.json b/GoogleThreatIntelligence/action_get_comments.json
@@ -0,0 +1,141 @@
+{
+  "uuid": "a8e3b5f1-3f4a-4b2d-8f7e-1b2f6c9d5e11",
+  "name": "Get Comments",
+  "description": "Retrieve recent comments associated with a domain or IP from Google Threat Intelligence",
+  "docker_parameters": "get_comments",
+  "arguments": {
+    "$schema": "http://json-schema.org/draft-07/schema#",
+    "type": "object",
+    "properties": {
+      "ip": {
+        "type": "string",
+        "description": "IP address to query (e.g., 8.8.8.8)"
+      },
+      "domain": {
+        "type": "string",
+        "description": "Domain name to query (e.g., google.com)"
+      },
+      "url": {
+        "type": "string",
+        "description": "URL to query (e.g., https://example.com/path)"
+      },
+      "file_hash": {
+        "type": "string",
+        "description": "File hash to query (MD5, SHA1, or SHA256)"
+      }
+    },
+    "oneOf": [
+      {
+        "required": [
+          "ip"
+        ]
+      },
+      {
+        "required": [
+          "domain"
+        ]
+      },
+      {
+        "required": [
+          "url"
+        ]
+      },
+      {
+        "required": [
+          "file_hash"
+        ]
+      }
+    ]
+  },
+  "results": {
+    "$schema": "http://json-schema.org/draft-07/schema#",
+    "type": "object",
+    "title": "Get Comments Results",
+    "properties": {
+      "success": {
+        "type": "boolean"
+      },
+      "data": {
+        "type": "object",
+        "description": "Container for the comments data",
+        "properties": {
+          "comments_count": {
+            "type": "integer",
+            "description": "Total number of comments retrieved"
+          },
+          "entity": {
+            "type": "string",
+            "description": "The entity (domain, IP, URL, or file hash) that was queried"
+          },
+          "comments": {
+            "type": "array",
+            "description": "Array of comment objects",
+            "items": {
+              "type": "object",
+              "properties": {
+                "type": {
+                  "type": "string",
+                  "description": "Type of the object (always 'comment')",
+                  "enum": [
+                    "comment"
+                  ]
+                },
+                "id": {
+                  "type": "string",
+                  "description": "Unique identifier for the comment"
+                },
+                "text": {
+                  "type": "string",
+                  "description": "The comment text content"
+                },
+                "date": {
+                  "type": [
+                    "integer",
+                    "string"
+                  ],
+                  "description": "Comment timestamp (Unix timestamp or ISO 8601 string)"
+                },
+                "votes": {
+                  "type": "object",
+                  "description": "Vote statistics for the comment",
+                  "properties": {
+                    "positive": {
+                      "type": "integer",
+                      "description": "Number of positive votes"
+                    },
+                    "negative": {
+                      "type": "integer",
+                      "description": "Number of negative votes"
+                    }
+                  },
+                  "required": [
+                    "positive",
+                    "negative"
+                  ]
+                },
+                "author": {
+                  "type": [
+                    "string",
+                    "null"
+                  ],
+                  "description": "Username of the comment author (may be null for anonymous)"
+                }
+              },
+              "required": [
+                "text",
+                "date",
+                "votes"
+              ]
+            }
+          }
+        },
+        "required": [
+          "comments_count",
+          "entity",
+          "comments"
+        ]
+      }
+    }
+  },
+  "slug": "get_comments_in_gti"
+}