Looking to find what ES usecases are there that use Certificate and/or Alert datamodels
In the Use Case Library... you can filter on the data model to see if there's a matching analytic story or use case: https://<splunk:port>/splunk-es/en-US/app/SplunkEnterpriseSecuritySuite/ess_use_case_library
the filters are Framework Mapping, Data Model, App, In Use, Bookmarked
It probably depends on which version of the ES Content Updates app you have installed. I have 3.9.1.
I see ColdRoot MacOS RAT Analytic Story & Malware Use Case for Alerts.
I don't see any for Certificates.