Marinos Roussos

Make IMTOOL public

Discussion created by Marinos Roussos on Mar 15, 2018
Latest reply on Apr 9, 2018 by Marinos Roussos

It would be hugely beneficial for customers and RSA engineering if they knew about imtool. Similarly to ESAtool that 100s of people working with SA/NW love.


I was on a webex with engineering this morning and they nearly spent 2 hours to get the results that imtool would have given in less than 2 minutes. I find this a little sad, not to mention time-wasting for both customers and RSA staff.


As a workaround and because RSA didn't think that is beneficial enough to share it, I attach it to this post for the benefit of everyone.


Courtesy of Pablo Trigo, the author of 000032358 - Event Stream Analysis troubleshooting script (ESATool) for the RSA NetWitness Platform  which is one of the most popular articles on the community.


How to use imtool:


- rpm -Uvh imtool-v.1.0-3.noarch.rpm

- imtool



Count alerts (Count sorted by source RE,ESA)

Count incidents

Count alerts in date range

Count incidents in date range

Delete all incidents from IM

Delete all alerts from IM

Delete a range of incidents

Delete date range of alerts


Remember to use at your own risk and is provided without support from RSA. If you are unsure or not comfortable using the script, raise a ticket with RSA Support.