Several approaches have been proposed for anonymization of Internet packet traces [25,36,24]. For example, Pang and Paxson proposed a high-level language and tool [24] as part of the Bro package, enabling anonymization of packet header and content. They are interested in wide-scale network traces such as FTP sessions, while our application is alert management. Further, we examine strategies that mitigate dictionary attacks from adversaries who can stimulate and then observe alert production within the target's site.