Found a lot of that useful for understanding some of the traffic and alerts seen on some Cisco HIDS sensors. Its always an ongoing effort deciphering legit traffic from non-legit. Some of those well written articles shed some light on some of the queries I had.