VRT Rules question

[Juan Camilo Valencia <juan.valencia () seguratec com co>]

Hi Guys,

I think that this couple of questions were answered in the past, or are in
some documentation but in this moment I can't find the answer. Basically
what I Have is the need to activate certain rules based on CVE or MS in
rules but based in a category, for example I want to enable all the CVE
since 2000 to 2012 in os-windows.rules, however when I create the line in
enablesid.conf in PulledPork, it activates for all the rules downloaded.
Is there a way to mix that two criterias, CVE or MS and category?
if not,
have the rules a range in a category based? for example, os-linux.rules are
between 2000 and 3000, os-windows.rules are between 3001 and 4000, etc.

Because with that I think that I can use pcre and regex to do that.

Thanks a lot for your time and your advance,

Best regards from Colombia

-- 
JUAN CAMILO VALENCIA VARGAS
Ingeniero de Operaciones
SeguraTec S.A.S
Calle 11 # 43B-50 of 307
Medelllín Colombia

*“Choose a job you love, and you will never have to work a day in your life”
*

------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and 
AppDynamics. Performance Central is your source for news, insights, 
analysis and resources for efficient Application Performance Management. 
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!