Description
Hey guys!
I would like to implement an alert system based on karton-config-extractor, where it would alert/log about specific cases where there are YARA matches by rules in the modules but still we don't get a config.
In the current implementation of push_procmem it is hard to know if there aren't any YARA matches or there are, but extraction failed since both cases return None. There are debug logs, but at scale and when running as a service it is not ideal. It would be nice if there was any way to distinguish the different cases.
The issue I see is that if an Enum is used:
from enum import Enum
ProcmemAnalysisResult = Enum("ProcmemAnalysisResult", ["NoYaraMatch", "NoConfigExtracted"])Then essentially NoYaraMatch is 1, and returning it instead of None may break backwards compatibility. Maybe if you point all of these to be None, then it would retain the same logic as there is now.