May 25 2022 02:35 PM
In the Device Discovery article,
" By invoking the SeenBy function, in your advanced hunting query, you can get detail on which onboarded device a discovered device was seen by. This information can help determine the network location of each discovered device and subsequently, help to identify it in the network."
But when I try to run it
DeviceInfo
| where OnboardingStatus != "Onboarded"
| summarize arg_max(Timestamp, *) by DeviceId
| where isempty(MergedToDeviceId)
| limit 100
| invoke SeenBy()
| project DeviceId, DeviceName, DeviceType, SeenBy
I get -
'Unknown function: 'SeenBy'.
I guess these are 'Enrichment Functions'... so, how do we turn these on so they're available?
Thanks!
Jun 02 2022 08:53 AM