- Managing clusters for addresses, timestamps (and more?)
- Dynamic cluster_min_size algorithm
- Alerts for port scan, grouped alerts, UDP and ICMP too