Create HTML, PDF and ASCII text reports.
Can specify order (ascending or decscending).
Can specify the number of occurences to view.
Can resolve IP addresses and domains.
The ability to get Whois Database information.
Add colors for best visibility.
Graphic User Interface.
Possibility to do filtering (e.g if you only want src logs) reference's rules.
Generate GIF, PNG or JPG graph in HTML output.
Works with Syslog, Fast and Full alerts.
Works with all preprocessor (spp_stream4, spp_portscan, spp_decoder, flow and flowportscan ...).
Has the possibility to link the signature to the web reference attack description.
Works with "-I" Snort's option to specify an interface and add report.
Works with "-e" Snort's option (Display the second layer header info).
Use a specific plugin to generate your owns reference's rules.