fix(config,yara): Resolve indentation mess-up and allow systray sender

rabbitstack · rabbitstack · commit e9be3206b45d · 2024-09-13T17:10:01.000+02:00
The default configuration file has a wrong indentation in the Yara scanner section. Address it to comply with the JSON validation schema. Also, allow systray as an additional sender for YARA alerts.
diff --git a/configs/fibratus.yml b/configs/fibratus.yml
@@ -578,27 +578,27 @@ yara:
       - string:
         namespace:
 
-    # Indicates which sender is used to transport the alert generated by scanner
-    #alert-via: mail
+  # Indicates which sender is used to transport the alert generated by scanner
+  #alert-via: mail
 
-    # Specifies templates for the alert title and text in Go templating language (https://golang.org/pkg/text/template)
-    #alert-template:
-    #  title:
-    #  text:
+  # Specifies templates for the alert title and text in Go templating language (https://golang.org/pkg/text/template)
+  #alert-template:
+  #  title:
+  #  text:
 
-    # Determines when multiple matches of the same string can be avoided when not necessary
-    #fastscan: true
+  # Determines when multiple matches of the same string can be avoided when not necessary
+  #fastscan: true
 
-    # Specifies the timeout for the scanner. If the timeout is reached, the scan operation is cancelled
-    #scan-timeout: 20s
+  # Specifies the timeout for the scanner. If the timeout is reached, the scan operation is cancelled
+  #scan-timeout: 20s
 
-    # Indicates whether file scanning is disabled. This affects the scan triggered by the image loading events.
-    #skip-files: true
+  # Indicates whether file scanning is disabled. This affects the scan triggered by the image loading events.
+  #skip-files: true
 
-    # Contains the list of file names that shouldn't be scanned
-    #excluded-files:
-    #  - kernel32.dll
+  # Contains the list of file names that shouldn't be scanned
+  #excluded-files:
+  #  - kernel32.dll
 
-    # Contains the list of the process' image names that shouldn't be scanned
-    #excluded-procs:
-    #  - System
+  # Contains the list of the process' image names that shouldn't be scanned
+  #excluded-procs:
+  #  - System
diff --git a/pkg/config/schema_windows.go b/pkg/config/schema_windows.go
@@ -474,7 +474,7 @@ var schema = `
 						"additionalProperties": false
 					}]
 				},
-				"alert-via":		{"type": "string", "enum": ["slack", "mail"]},
+				"alert-via":		{"type": "string", "enum": ["slack", "mail", "systray"]},
 				"alert-template":   {
 						"type": 		"object",
 						"properties": {
