Grouping Portscans

["Derrick Lichti" <dlichti () mitra com>]

Hi;
 
I've been looking for a method to clean up my alerts from Snort 1.9.0 running on FreeBSD 4.6.2 with ACID 0.9.6b22 as 
the interface and MySQL 3.23.51 as the DB. Does anybody know of a method to group all portscan alerts from the 
spp_portscan2 processor? In otherwords, instead of having 4000 portscan alerts, I'd like to group them as '1' portscan 
alert with 4000 recurring instances.
 
Thanks in advance,
Derrick