Leave us a Message:

Delete Multiple Cases – ArcSight Tool

Share on facebook
Share on linkedin
Share on twitter
Share on whatsapp
Share on email
We, CyberSIEM, developed a tool that will delete the cases with the ArcSight API the right way, without hurting the job.
Delete Multiple Cases – ArcSight Tool

Whether you mistakenly defined the rule and it opened up a lot of cases, or a large number of cases were accumulated over time, deleting them was simply impossible.

The solution that appeared in the forums was to delete the cases as a resource directly from the database, but this form of deletion deletes the resource itself without removing the links to other resources.

We, CyberSIEM, developed a tool that will delete the cases with the ArcSight API the right way, without hurting the job.

How to use:

  1. Import “CyberSIEM_Delete_Cases Vxxx.arb” package to ArcSight console.
  2. Customize the “Cases to Delete” conditions to the cases that you want to delete by group, time, or whatever you want. You can check the query before running the Query Viewer “Cases to Delete”.
  3. Run “ArcSight-DeleteCases.exe”, and enter the ESM address, port, username, and password. It will start deleting cases from the Query Viewer.

Anyway, DO NOT delete directly from the database.

Link to download:

https://www.cybersiem.com/download/delete-multiple-cases-arcsight/

You can find all related ArcSight Resources under Delete Cases Use Case Page:

For questions, premium version, and more products, please email us at [email protected]

Share this post

Share on facebook
Share on linkedin
Share on twitter
Share on whatsapp
Share on email
Eli Benitah

Eli Benitah

Leave a Replay

About Us

We increase the security of organizational information and anticipate threats before they cause damage, and improve the level of protection of organizational information, by providing end-to-end SIEM solution.

Recent Posts

Skip to content