Forum Discussion
mathurin68
May 25, 2022Brass Contributor
Enrichment Functions, Device Discovery 'invoke SeenBy()' doesn't work...
In the Device Discovery article,
" By invoking the SeenBy function, in your advanced hunting query, you can get detail on which onboarded device a discovered device was seen by. This information can help determine the network location of each discovered device and subsequently, help to identify it in the network."
But when I try to run it
DeviceInfo
| where OnboardingStatus != "Onboarded"
| summarize arg_max(Timestamp, *) by DeviceId
| where isempty(MergedToDeviceId)
| limit 100
| invoke SeenBy()
| project DeviceId, DeviceName, DeviceType, SeenBy
I get -
'Unknown function: 'SeenBy'.
I guess these are 'Enrichment Functions'... so, how do we turn these on so they're available?
Thanks!
- mathurin68Brass ContributorApparently, a GCC thing... closing out.