Once you have identified that an incident has occurred, it is important to quickly act on the incident. Although Snort itself provides nothing more than a few ideas on looking further at a specific event, it's the responsibility of the administrator to decide how to handle an event.
In a smaller network a formalized incident response plan isn't always necessary, but it does help in maintaining system security if we have an idea of what to do if subjected to a specific attack. Some good examples would be port scans, denial of service, and exploitation attempts. We can then decide on things like:
Do we want to report these?
Do we want to analyze other protection systems if they occur?
Do we have to notify someone?
Answering a few basic questions like these as you set up your IDS gives the IDS much more value as it becomes part of a valid plan for network protection.