You might want to look into DeepSight at Symantec which my partner and myself designed and built while at SecurityFocus (my partner stayed on so now he is a Symantec kind of guy
). There is a free component that you can join (see »
aris.securityfocus.com ) and there are all sorts of global reports and analysis available(most are in the $ side however, but still there is a lot that is free). The idea is you send your IDS logs (supported systems here »
analyzer.symantec.com/re ··· ents.asp ) to DeepSight and you can use DeepSight to create all sorts of reports and such.
Blake