EDIT: After further digging, it occurs to me that configuring Snort is more like configuring Iptables than configuring Squid. I am going to have to write a conf file from scratch to fit our needs, as modifying the default snort.conf file is hopeless. God I hope it doesn't take as long as learning iptables scripting.
If I use the preprocessor flow_portscan for detection of portscans, do I still need preprocessor portscan? Or does the former replace the latter in terms of functionality?