Most sourcetypes contain endpoint events of some sort. This app provides Splunk dashboards, forms, and reports which can be used to explore your endpoint events across your different sourcetypes. To do this, the app relies on the Splunk Common Information Model (CIM) for endpoint events. This means that the app can report on any endpoint data, as long as it has been on-boarded properly, and is available through the Endpoint data model.