A CLI as well as a library to interact with the Microsoft Defender ATP REST API.

go-mdatp provides a client library for the Microsoft Defender ATP REST API written in Go. It follows the Microsoft API Reference available here.

go-mdatp is also a CLI application with everything you need to interact with the API on the command line.

Currently, go-mdatp requires Go version 1.13 or greater.

We provide pre-built go-mdatp binaries for Windows, Linux and macOS (Darwin) architectures, in both 386/amd64 flavors.
Please see the release section here.

• Overview
  • Supported Architectures
• Get Started
  • Build
• CLI
  • Usage
  • Configuration File

go-mdatp uses Go Modules introduced in Go 1.11 for dependency management.

Build the CLI for a target platform (Go cross-compiling feature), for example linux, by executing:

$ mkdir $HOME/src
$ cd $HOME/src
$ git clone https://github.com/devodev/go-mdatp.git
$ cd go-mdatp
$ env GOOS=linux go build -o go_mdatp_linux ./cmd/go-mdatp
..

If you are a Windows user, substitute the $HOME environment variable above with %USERPROFILE%.

Auto-generated documentation for each command can be found here.

Interact with the Microsoft Defender ATP REST API.

Usage:
  go-mdatp [command]

Available Commands:
  alert       Alert resource type commands.
  gendoc      Generate markdown documentation for the go-mdatp CLI.
  help        Help about any command

Flags:
  -h, --help      help for go-mdatp
  -v, --version   version for go-mdatp

Use "go-mdatp [command] --help" for more information about a command.

Commands that need to interact with the API require credentials to be provided using a YAML configuration file.
The following locations are looked into if the --config flag is not provided:

$CWD/.go-mdatp.yaml

The following is the current schema used.

Credentials can be found in Azure Active Directory, under: Installed apps.

---
Credentials:
  ClientID: 00000000-0000-0000-0000-000000000000
  ClientSecret: 00000000000000000000000000000000
  TenantID: 00000000-0000-0000-0000-000000000000