It would be hugely beneficial for customers and RSA engineering if they knew about imtool. Similarly to ESAtool that 100s of people working with SA/NW love.
I was on a webex with engineering this morning and they nearly spent 2 hours to get the results that imtool would have given in less than 2 minutes. I find this a little sad, not to mention time-wasting for both customers and RSA staff.
As a workaround and because RSA didn't think that is beneficial enough to share it, I attach it to this post for the benefit of everyone.
Courtesy of Pablo Trigo, the author of 000032358 - Event Stream Analysis troubleshooting script (ESATool) for RSA Security Analytics which is one of the most popular articles on the community.