2018-03-15 08:38 AM
It would be hugely beneficial for customers and RSA engineering if they knew about imtool. Similarly to ESAtool that 100s of people working with SA/NW love.
I was on a webex with engineering this morning and they nearly spent 2 hours to get the results that imtool would have given in less than 2 minutes. I find this a little sad, not to mention time-wasting for both customers and RSA staff.
As a workaround and because RSA didn't think that is beneficial enough to share it, I attach it to this post for the benefit of everyone.
Courtesy of Pablo Trigo, the author of 000032358 - Event Stream Analysis troubleshooting script (ESATool) for RSA Security Analytics which is one of the most popular articles on the community.
How to use imtool:
Install (IN SA SERVER, SA NOT ESA)
- rpm -Uvh imtool-v.1.0-3.noarch.rpm
- imtool
Options:
Count alerts (Count sorted by source RE,ESA)
Count incidents
Count alerts in date range
Count incidents in date range
Delete all incidents from IM
Delete all alerts from IM
Delete a range of incidents
Delete date range of alerts
Remember to use at your own risk and is provided without support from RSA. If you are unsure or not comfortable using the script, raise a ticket with RSA Support.
2018-03-22 06:11 PM
Will there be an equivalent in Version 11, if so when can we expect it to be released?
2018-04-09 07:02 AM
I cannot speak for RSA as I don't know if there is a plan for making something official to benefit everyone. However the author of this script is no longer with the company and even then, it was not officially supported or recognised enough.