Explore the functionality of LogReduce, which allows you to distill unique messages from the noise by identifying recurring Signatures in your data.
Run LogReduce on your Snort security data to identify unusual activity (i.e. intrusions) in the last 60 minutes.
Sort your results by count to identify those that happen only once. Click on the count (1) to view the unusual message. Now click on the host to view surrounding messages to identify the context of the intrusion.