Once you have familiarized yourself with the main interface, investigate the actual functionality of the ACID page in more detail. Here is where you can examine the types of packets hitting your network and what they contain. This section closely details the searching and graphing capabilities of ACID. Although it attempts to clarify the nuances of each page and the results presented therein, it cannot explain every minor detail or categorize all possible attack scenarios. The best thing to do is to become acquainted with each listing and the data it contains as we work through this section.
After checking the main ACID web page for the latest attacks, your first point of reference for additional details will probably be the Unique Alerts link. All alerts are sorted here, by time, with the oldest signature listed first. The most recent unique alert is placed last.
The default Alert Listing page has several columns containing data, most of which also link to detailed content. The page is broken down by column headings in the following manner:
A brief description of the alert and a link to an external site explaining its signature in detail
The grouping into which this alert type falls
The number of times a particular signature has been logged since analysis began
The ID of the sensor that logged that signature
A link to the source address(es) from where the signature originated