Updated Falco Alerts (markdown)

Falco-Alerts.md

@@ -27,7 +27,7 @@ When run in the background via the `-d/--daemon` command line option, standard o
 
 When configured to send alerts to a file, a message is written to the file for each alert. The format is very similar to the Standard Output format:
 
-```
+```yaml
 file_output:
   enabled: true
   keep_alive: false
@@ -55,7 +55,7 @@ Syslog messages are sent with a facility of LOG_USER. The rule's priority is use
 
 When configured to send alerts to a program, for each alert the program is started and written to its standard input. For example, given a `falco.yaml` configuration of:
 
-```
+```yaml
 program_output:
   enabled: true
   keep_alive: false
@@ -70,7 +70,7 @@ If `keep_alive` is set to true, before the first alert falco will spawn the prog
 
 If you'd like to send falco notifications to a slack channel, here's the required configuration to massage the JSON output to a form required for the slack webhook endpoint:
 
-```
+```yaml
 # Whether to output events in json or text
 json_output: true
 …
@@ -83,7 +83,7 @@ program_output:
 
 If you'd like to send a stream of alerts over a network connection, here's an example:
 
-```
+```yaml
 # Whether to output events in json or text
 json_output: true
 …
@@ -107,14 +107,14 @@ For all output channels, you can switch to JSON output either in the configurati
 
 Here's an example:
 
-```
+```javascript
 {"output":"16:31:56.746609046: Error File below a known binary directory opened for writing (user=root command=touch /bin/hack file=/bin/hack)","priority":"Error","rule":"Write below binary dir","time":"2017-10-09T23:31:56.746609046Z", "output_fields": {"evt.t\
 ime":1507591916746609046,"fd.name":"/bin/hack","proc.cmdline":"touch /bin/hack","user.name":"root"}} 
 ```
 
 Here's the same output, pretty-printed:
 
-```
+```javascript
 {
    "output" : "16:31:56.746609046: Error File below a known binary directory opened for writing (user=root command=touch /bin/hack file=/bin/hack)"
    "priority" : "Error",