A CLI as well as a library to interact with the Microsoft Defender ATP REST API.
go-mdatp provides a client library for the Microsoft Defender ATP REST API written in Go. It follows the Microsoft API Reference available here.
go-mdatp is also a CLI application with everything you need to interact with the API on the command line.
Currently, go-mdatp requires Go version 1.13 or greater.
We provide pre-built go-mdatp binaries for Windows, Linux and macOS (Darwin) architectures, in both 386/amd64 flavors.
Please see the release section here.
go-mdatp uses Go Modules introduced in Go 1.11 for dependency management.
Build the CLI for a target platform (Go cross-compiling feature), for example linux, by executing:
$ mkdir $HOME/src
$ cd $HOME/src
$ git clone https://github.com/devodev/go-mdatp.git
$ cd go-mdatp
$ env GOOS=linux go build -o go_mdatp_linux ./cmd/go-mdatp
..If you are a Windows user, substitute the $HOME environment variable above with %USERPROFILE%.
Auto-generated documentation for each command can be found here.
Interact with the Microsoft Defender ATP REST API.
Usage:
go-mdatp [command]
Available Commands:
alert Alert resource type commands.
gendoc Generate markdown documentation for the go-mdatp CLI.
help Help about any command
Flags:
-h, --help help for go-mdatp
-v, --version version for go-mdatp
Use "go-mdatp [command] --help" for more information about a command.Commands that need to interact with the API require credentials to be provided using a YAML configuration file.
The following locations are looked into if the --config flag is not provided:
$CWD/.go-mdatp.yamlThe following is the current schema used.
Credentials can be found in
Azure Active Directory, under:Installed apps.
---
Credentials:
ClientID: 00000000-0000-0000-0000-000000000000
ClientSecret: 00000000000000000000000000000000
TenantID: 00000000-0000-0000-0000-000000000000