Open ewilded opened 5 years ago
Yes, I need to fix this. As I uploaded the project there was a problem with empty directories. Github doesn't accept upload of empty directories, so I added dummy files to force their creation. But it broke exceptions loading.
First, I installed the tool like this (correct me if some steps were not needed, basically I just wanted to make sure I have all the capabilities).
First I ran
python installer.py sysmon
to get proper sysmon config (was already there in my case):Then I ran
python installer.py install auditpol
(python installer.py auditpol
was returning an error, just wanted to be sure I have it installed with the extended audit).Then I installed dependencies (by the way, I installed in the Endpoint Protection Mode, so pyshark and the reportlab should not really be required, should they?).
I also installed the pre-defined exceptions:
Then I tried to run it and got this issue:
So I dug a bit, added one print to the code to get some verbose output:
Tried to run again and got this:
So I figured out the culprit was the dummy FORCE_EMPTY_DIR file, which is not an actual JSON file:
So I removed it and ran the tool again, this time successfully :)
SOLUTION: Remove that file while installing/avoid installing it in the first place.