We're using splunk Enterprise Security V5.1.0. When i search in data models list, i can't find "Endpoint" data model. But there are a lot of correlation searches using this data model.
I know that "Application State" data model is deprycated and "Endpoint" data model is used instead.
Could you please correct my understanding?
Upgrade the CIM add-on to version 4.12 or newer.