A command line client for the Threat Stack API. Made in Go, with love.
FYI: This is a work in progress. We released it a bit earlier than we may normally have to get it in folks hands. If you run into issues, please open an issue or provide a PR. Thanks!
If you have an existing Go environment set up, skip ahead to "Get the Source and Build the TS CLI."
Fortunately, setting up Go isn't too bad these days. Go has some preferences on where code lives on the filesystem; there's a directory structure under $GOPATH that you'll need. To install and set $GOPATH, run:
- brew install golang
- export GOPATH=$HOME/go
- mkdir -p $GOPATH/bin $GOPATH/src $GOPATH/pkg
- export PATH=$GOPATH/bin:$PATH
Add the exports to your shell profile (.zshrc, .bash_profile), and you should be good to go.
You can build and put the ts binary in your $PATH by running:
go get github.com/threatstack/ts
Set the following environment variables before using any of the commands. You can
also set them on the command line (see ts help).
These values for these variables can be found in the Threat Stack application under the Settings page. Once you're there, browse to the Application Keys tab, and they'll show up.
| Environment Variable | Purpose |
|---|---|
| TS_API_ENDPOINT | Defaults to https://app.threatstack.com - no trailing slash |
| TS_API_KEY | Your API key |
| TS_ORGANIZATION_ID | ID of Organization you are making requests for |
| TS_USER_ID | ID of your user (not email address - check UI) |
The CLI isn't feature complete. As of today, you can retrieve information on agents and data portability enrollments.
Retrieve a JSON object of all online agents in your organization using the
ts agent list online command. Offline agents are available with the
ts agent list offline command. Retrieving information on a single agent is easy:
run the ts agent show ID command, where ID is the Agent ID. The Agent ID
will likely be a UUID, but if it has been around for a while, it will be a
24-character string.
jq is the easiest way to format the output.
A human-friendly listing of your S3 exports is available with ts portability s3 list.
Add an S3 export to your organization with ts portability s3 create. There are flags,
so it is best to run ts portability s3 create --help.
Delete exports with ts portability s3 delete [S3 Bucket Name Here].
We realize that we're lacking some support for some endpoints, so we provide the ability
to send raw commands to the API. Use ts raw --help.