1) Looking out for new signatures
2) Tuning existing configuration to reduce false positives
3) Coordination with system admins whenever alerts are generated to confirm or deny malicious activity
4) Sifting through tons of event logs
5) Read the Cisco NetPro site
6) Study for CCNP
Rinse, repeat
Hope this helps.
Please remember to rate all replies
