From 815574b11a2bc6df5400ced8eebb685184300247 Mon Sep 17 00:00:00 2001
From: Mark Stemm <mark.stemm@sysdig.com>
Date: Fri, 5 Aug 2016 11:00:47 -0700
Subject: [PATCH] Updated Falco Configuration (markdown)

---
 Falco-Configuration.md | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/Falco-Configuration.md b/Falco-Configuration.md
index 3c05d71..8101fef 100644
--- a/Falco-Configuration.md
+++ b/Falco-Configuration.md
@@ -30,7 +30,6 @@ a list containing these sub-keys:
 
 * `enabled: [true|false]`: if true, falco alerts will be sent via syslog
 
-
 ####`file_output`
 
 a list containing these sub-keys:
@@ -45,3 +44,12 @@ a list containing thse sub-keys:
 
 * `enabled: [true|false]`: if true, falco alerts will be sent to standard output
 
+####`program_output`
+
+a list containing these sub-keys:
+
+* `enabled: [true|false]`: if true, falco alerts will be sent to a program
+* `program: <program>`: the program to run for each alert. This is started via a shell, so you can specify a command pipeline to allow for additional formatting.
+
+
+