Working with event acknowledgement in Data Center Security Server can be very helpful. It's a great way of keeping track of events as you are tuning a policy. However, if you are dealing with a large amount of events (say in the initial phase of policy tuning) it can be a chore to acknowledge a large amount of events.
Below are a few handy SQL statements to help you work in bulk with these events. Please note that the way I differentiate between prevention and deletion is a kludge as I haven't been able to identify the column in the CSPEVENT table that determines the policy type the event comes from. If someone out there knows what it is, please let me know and I will update the statement.
EDIT: Updated statements to add the more accurate filtering thanks to Chuck's post.
-- This statement will acknowledge any events related to prevention policies
update CSPEVENT
set EVENT_REMEDIATED='1'
where EVENT_TYPE like 'P%'
and EVENT_REMEDIATED='0'
-- And this one acknowledges all detection events
update CSPEVENT
set EVENT_REMEDIATED='1'
where EVENT_TYPE like 'D%'
and EVENT_REMEDIATED='0'
-- This one resets the ackowledgment flag (sets to not ackowledged) on all prevention events for the last 24 hours
update CSPEVENT
set EVENT_REMEDIATED='0'
where EVENT_TYPE like 'P%'
and EVENT_DT between DATEADD(dd,-1,getdate()) and DATEADD(dd,0,getdate())
-- This one resets the ackowledgment flag (sets to not ackowledged) on all detection events for the last 24 hours
update CSPEVENT
set EVENT_REMEDIATED='0'
where EVENT_TYPE like 'D%'
and EVENT_DT between DATEADD(dd,-1,getdate()) and DATEADD(dd,0,getdate())