Before analysis all the captured data NEEDS to be organized in a particular format or pattern for the classification purpose this whole process of organizing data is known as preprocessing. In this process data that is COLLECTED from the IDS or IPS sensors needs to be PUT into some canonical format or a structured database format based on the preprocessing. Once the data is formatted it is further broken down into classifications, which TOTALLY depends on the analysis scheme used. Once the data is CLASSIFIED, it is concatenated and used along with predefined detection templates in which the variables are replaced with real-time data.

Before analysis all the captured data needs to be organized in a particular format or pattern for the classification purpose this whole process of organizing data is known as preprocessing. In this process data that is collected from the IDS or IPS sensors needs to be put into some canonical format or a structured database format based on the preprocessing. Once the data is formatted it is further broken down into classifications, which totally depends on the analysis scheme used. Once the data is classified, it is concatenated and used along with predefined detection templates in which the variables are replaced with real-time data.