A method for interfacing with a user of an enterprise intrusion detection system, the method comprises receiving at least one packet flow, each packet flow originating from a unique node in the intrusion detection system and comprising descriptive information and a plurality of packet headers. The descriptive information of a first subset of the received packet flows is communicated to a user based at least in part on a filtering ruleset. A second subset of the received packet flows is concealed from the user based at least in part on the filtering ruleset. In response to receiving a command from the user, the plurality of packet headers for at least one packet flow in the first subset is communicated to the user.