It would be hugely beneficial for customers and RSA engineering if they knew about imtool. Similarly to ESAtool that 100s of people working with SA/NW love.
I was on a webex with engineering this morning and they nearly spent 2 hours to get the results that imtool would have given in less than 2 minutes. I find this a little sad, not to mention time-wasting for both customers and RSA staff.
As a workaround and because RSA didn't think that is beneficial enough to share it, I attach it to this post for the benefit of everyone.
Courtesy of Pablo Trigo, the author of 000032358 - Event Stream Analysis troubleshooting script (ESATool) for RSA Security Analytics which is one of the most popular articles on the community.
How to use imtool:
Install (IN SA SERVER, SA NOT ESA)
- rpm -Uvh imtool-v.1.0-3.noarch.rpm
- imtool
Options:
Count alerts (Count sorted by source RE,ESA)
Count incidents
Count alerts in date range
Count incidents in date range
Delete all incidents from IM
Delete all alerts from IM
Delete a range of incidents
Delete date range of alerts
Remember to use at your own risk and is provided without support from RSA. If you are unsure or not comfortable using the script, raise a ticket with RSA Support.
