you do not necessarily need an "app" to square this away for you. All you need is a couple scheduled searches configured to report.
ensure the RSA Auth Manager logs are a separate source type (it makes life easier).
create a couple saved searches. a quick and dirty example i use is:
sourcetype="RSA_AUTH_MGR" AND fail* | stats count by user,reason | where count >3
Make it a saved search running every 24 hours, email the results (condition if not null) daily.
This will output failed logins and reason if greater than 3 in a table, in the body of an email message.
You could also do a real time search if you want an immediate alert on failed logins.
Same stuff for the logins, etc. search for Authenticated | stats count by user, save the search to create a report every 24 hours, week, whatever.
Hope this helps.
... View more