Attack Monitor fails to run due to the FORCE_EMPTY_DIR dummy file

[ewilded]

First, I installed the tool like this (correct me if some steps were not needed, basically I just wanted to make sure I have all the capabilities).

First I ran python installer.py sysmon to get proper sysmon config (was already there in my case):

Then I ran python installer.py install auditpol (python installer.py auditpol was returning an error, just wanted to be sure I have it installed with the extended audit).

Then I installed dependencies (by the way, I installed in the Endpoint Protection Mode, so pyshark and the reportlab should not really be required, should they?).

I also installed the pre-defined exceptions:

Then I tried to run it and got this issue:

So I dug a bit, added one print to the code to get some verbose output:

Tried to run again and got this:

So I figured out the culprit was the dummy FORCE_EMPTY_DIR file, which is not an actual JSON file:

So I removed it and ran the tool again, this time successfully :)

SOLUTION: Remove that file while installing/avoid installing it in the first place.

[yarox24]

Yes, I need to fix this. As I uploaded the project there was a problem with empty directories. Github doesn't accept upload of empty directories, so I added dummy files to force their creation. But it broke exceptions loading.