Grouping Portscans

["Derrick Lichti" <dlichti () mitra com>]

Hi;
 
I've been looking for a method to clean up my alerts from Snort 1.9.0 running on FreeBSD 4.6.2 with ACID 0.9.6b22 as 
the interface and MySQL 3.23.51 as the DB. Does anybody know of a method to group all portscan alerts from the 
spp_portscan2 processor? In otherwords, instead of having 4000 portscan alerts, I'd like to group them as '1' portscan 
alert with 4000 recurring instances, many with different IPs.
 
Thanks in advance,
Derrick