Blast Off With Azure Advocates: Presenting The Azure Space Mystery

by Contributed | Feb 18, 2021 | Technology

This article is contributed. See the original author and article here.

TLDR; Azure Space Mystery is an interactive experience teaching you about Space, women scientist and how you can interact with LEARN to solve mysteries in the game. Blast off for the Azure Space Mystery

 

Location: 400 km above Earth, traveling at 27,600 km/h. The space crew is in a good mood. They are looking forward to today’s return to Earth. We have made groundbreaking discoveries that will change the way we understand the …   

 

Suddenly, a voice emanates from your communication console. “Captain, we have received an SOS message from the International Space Station. Their solar array wing was knocked off by debris. They are quickly running out of power! They need our help to collect the four missing pieces and deliver them back to the ISS as soon as possible.”

When that SOS call comes from the International Space Station, you know that you’re the person for the job!

Push the buttons and start your adventure! Will you embark on either the Rosetta, SOHO, Magnet, or Cluster Missions?

Azure Advocates and Community Advocacy PMs are excited to offer our third mystery experience, the Azure Space Mystery! Following on the Azure Mystery Mansion and the Azure Maya Mystery, this adventure sends you on missions in space to collect the four missing pieces of the wing. Store each piece in your space ship’s Collection Bay and find your way to the ISS to save the day.

 

During your mission, you will have to solve code challenges and unlock elements of the ship to collect the items. Can you figure out the circumference of the spool around which you must wrap the missing wire? Can you find the keyword on Microsoft Learn to unlock the door so you can complete your space walk? What if you fly into the tail of a comet?

Curious how we built this game? It uses the same architecture as the Azure Maya Mystery: TailwindCSS, VuePress, and an Azure Static Web App.

Every great explorer finds helpers along the way, and the Space Mystery is no different. You will be helped at strategic moments by four famous women who, in history, helped advance scientific inquiry. You’ll have to play the game to discover who they are, but get ready to meet a mathematician, a pilot, a scientist, and an astronomer whose work spanned 14 centuries.

You’ll not only meet these inspiring scientific women in the game, but you can also meet them in Minecraft!

 

The connection between the Space Mystery game and Minecraft is made by your acquisition of a final badge, available when you complete your missions. Collect your Space Learner badger badge and use it in the MyMetaverse Minecraft server.

In the server, this badger token will give you exclusive access to a Heroes Hangout dedicated for Azure Heroes users. The server is accessible in Minecraft Java edition at mc.mymetaverse.io. To use the badge in the server, link an Enjin Wallet, which is the app where Azure Heroes tokens are stored.

 

The Azure Space Mystery was brought to you in honor of the 6th International Day for Women and Girls in Science. This day was founded by the “Space Princess”: H.R.H. Princess Dr. Nisreen El-Hashemite. It is our hope that our game will teach a little about other famous and impactful women in Science.

But wait, there’s more! Download free wallpapers of our bespoke cosmic art for your video call backgrounds!

 

We would like to acknowledge the folks who contributed to the content of the game: Marc Duiker who did the pixel art, and Dr. Mark Looper, who provided space-focused technical expertise. Many thanks to the ‘mystery team’ of Cloud Advocates, Chris Noring and myself (Jen) and to our mysterious PM team, in particular Lucie Simeckova, Floor Drees, and Adam Jackson, Eva Amezua de Casado, Jan Schenk, Adi Stein Ben-Nun, and Cynthia Zanoni for overseeing production.

Are you ready to accept your mission to explore space? Let’s go! Blast off for the Azure Space Mystery

Level up with Microsoft Certified: Azure Solutions Architect Expert

by Contributed | Feb 18, 2021 | Technology

This article is contributed. See the original author and article here.

How do organizations today balance risk, cost, and capabilities—while continuing to deliver business value? The cloud can address all of these issues, and it has transformed the way businesses solve their technology challenges. Microsoft Azure solutions architects are the key to implementing cloud architecture, using resources efficiently, and maintaining security—whether migrating an existing system to the cloud or building a new one.

The Azure Solutions Architect Expert certification validates that you have what it takes to design and implement solutions that run on Azure, including aspects like compute, network, storage, and security. You earn this certification by passing Exam AZ-303: Microsoft Azure Architect Technologies and Exam AZ-304: Microsoft Azure Architect Design.

If your responsibilities include advising stakeholders and translating business requirements into secure, scalable, and reliable cloud solutions—especially if you partner with cloud administrators, cloud database administrators, and clients to implement solutions—this could be the certification for you.

What kind of knowledge and experience should you have?

As a candidate for this expert-level certification, an Azure solutions architect has the skills to design end-to-end solutions for Azure, considering infrastructure, apps, data, security, and more. Since it’s the most comprehensive certification, it’s suitable for IT pros, developers, and data professionals. If your experience is on the infrastructure side, you might need to reinforce your apps and data design and architecture skills. If you’re coming from the developer side, be sure to reinforce your Azure administration skills. And all candidates need to be experts in DevOps processes.

When you’re skilled up and confident in your administration and developer foundations, combine them with your advanced experience and knowledge of IT operations. These include networking, virtualization, identity, security, business continuity, disaster recovery, data platform, budgeting, and governance. And you should know how to manage the way that decisions in each area affect an overall solution.

How can you get ready?

To help you plan your journey, check out our infographic, The journey to Microsoft Certified: Azure Solutions Architect Expert. You can also find it in the resources section on the certification and exam pages, which contains other valuable help for Azure solutions architects.

The journey to Azure Solutions Architect Expert

To map out your journey, follow the sequence in the infographic. First, decide whether this is the right certification for you, and then make sure your administration and development skills are up to date. To understand what you’ll be measured on when taking Exam AZ-303 and Exam AZ-304, review the skills outline guides for Exam AZ-303 and Exam AZ-304 on the exam pages.

Sign up for training that fits your learning style and experience:

• For self-paced online training, choose curated learning paths on Microsoft Learn.


• If you prefer to learn from an instructor, choose instructor-led training from a Microsoft Learning Partner. Consider taking a course, like Microsoft Azure Architect Technologies, Microsoft Azure Technologies for AWS Architects, or Microsoft Azure Architect Design.

Then take a trial run with the Microsoft Official Practice Test for AZ-303: Microsoft Azure Architect Technologies and the Microsoft Official Practice Test for AZ-304: Microsoft Azure Architect Design. All objectives of the exams are covered in depth, so you’ll find what you need to be ready for any question.

Complement your training with additional resources, like Microsoft Docs or the Azure Architecture Center.

After you pass the exam and earn your certification, check out the many other certification opportunities. Want to add to your Azure knowledge? Explore the Microsoft Azure Well-Architected Framework.

Note: Remember that Microsoft Certifications assess how well you apply what you know to solve real business challenges. Our training resources are useful for reinforcing your knowledge, but you’ll always need experience in the role and with the platform.

Celebrate your Azure talents with the world

When you earn a certification or learn a new skill, it’s an accomplishment worth celebrating with your network. It often takes less than a minute to update your LinkedIn profile and share your achievements, highlight your skills, and help boost your career potential. Here’s how: 

• If you’ve earned a certification already, follow the instructions in the congratulations email you received. Or find your badge on your Certification Dashboard, and follow the instructions there to share it. (You’ll be transferred to the Acclaim website.)


• To add specific skills, visit your LinkedIn profile and update the Skills and endorsements section. Tip: We recommend that you choose skills listed in the skills outline guide for your certification.

Keep your certification up to date

If you’ve already earned your Azure Solutions Architect Expert certification, but it’s expiring in the near future, we’ve got good news. You’ll soon be able to renew your current certifications by passing a free renewal assessment on Microsoft Learn—anytime within six months before your certification expires. For more details, please read our blog post, Stay current with in-demand skills through free certification renewals.

It’s time to level up!

Your Microsoft Certification can help validate that you have the skills to stay ahead with today’s technology. It can also help empower you with a boost in confidence and job satisfaction—and maybe even a salary increase. Want to know more? In our blog post, Need another reason to earn a Microsoft Certification?, we offer 10 good reasons to earn your certification.

In modern business, the cloud is definitely here to stay. Be future-ready! Validate your skills and experience as an Azure solutions architect expert by earning your certification. Then apply key principles and best practices to your cloud solutions to meet your organization’s needs. Prove your worth to your team and company by designing, building, and continuously improving secure, reliable, efficient, and scalable architecture on Azure—today and in the future.

Related announcements

Understanding Microsoft Azure certifications

Finding the right Microsoft Azure certification for you

Master the basics of Microsoft Azure—cloud, data, and AI

Use Microsoft Azure Sentinel and Anomali Match for actionable threat detection

by Contributed | Feb 18, 2021 | Technology

This article is contributed. See the original author and article here.

Azure Sentinel is a cloud native SIEM that provides various ways to import Threat Intelligence data and use it in various parts of the product like hunting, investigation, analytics, workbook etc. It enables customers to harness the power of threat intelligence to find actionable threats.

Anomali Match is a high–performance security solution that detects threats within Sentinel observed data and identifies the point of origin of an attack, going back more than 5 years. With this intelligence, Match gives security teams the ability to investigate associated global threats, actors, techniques and potential future attacks and their impact on an organization’s security posture. 

Today we want to highlight the availability of a new integration between Azure Sentinel and Anomali Match, which will allow you to: 

• Bring in logs using a simple Kusto Query from Azure Sentinel into Anomali Match


• Correlate logs with millions of Threat Intelligence records imported within Anomali Match to create detection alerts


• Export the alerts created by these matches back into Azure Sentinel in form of Common Security (CEF) logs, and then create incidents on top of them for triage by the Security Operation Center analyst team in your organization.

Anomali Match + Microsoft Azure Sentinel Solution

The Anomali match and Azure Sentinel integration provides a bi-directional flow of data between them. With this integration Azure Sentinel users can export log data out of Sentinel into Anomali match. This can be done simply by registering an application in Azure Active Directory to access the log analytics workspace and then configuring the Azure Sentinel log source on the Universal Link through the Anomali Match Interface. Once the log data is imported into Anomali Match, it can be used for matching against the threat intelligence in Anomali Match and generating alerts. These alerts can then be pushed back to Azure Sentinel using a CEF over Syslog collector. This allows importing high fidelity alerts from Anomali Match into the Common Security table of Azure Sentinel from where customers can generate incidents using simple KQL based scheduled rules for making them available for triage in Azure Sentinel. The device vendor for all these alerts is set to Anomali match.

This blog will give a walkthrough of the process of importing event data from Azure Sentinel into Anomali Match and then exporting alerts generated in Anomali Match back to Azure Sentinel for triage.

Importing logs from Azure Sentinel into Anomali Match

Collecting logs from Azure Sentinel and importing into Anomali Match involves the follows 2 steps:

1. Register an application in Azure Active Directory to access the log analytics workspace.

2. Configure the Azure Sentinel log source on the Universal Link through the Anomali Match Interface.

Register an application in Azure Active Directory to access the Log Analytics Workspace

To import logs from Azure Sentinel to Anomali match, you need to register an application which will enable access to the log analytics workspace of Azure Sentinel. The following steps can be used for doing so:

1. Open the Azure Portal and navigate to the Azure Active Directory.

2. Navigate to the App Registration option under Manage menu.

3. Select New Registration.

4. Enter the following information:

        a. Name: This is a user-friendly name of the application. For example, Anomali Match for Log Analytics.

        b. Supported account types: This is to decide who can use the application and access it.

        c. Redirect URL: This can be left blank.

5. Click Register

6. Once the app is registered, copy the Application (client) ID and Directory (tenant) ID. You will need these later to configure the Azure Sentinel log sources in Anomali Match.

7. Select Certificates & secrets from the Manage menu.

8. Click the New client secret option.

9. Enter a Description and select the Time-to-live for the new secret and click Add.

10. Copy the Value of the key. You will need this later to configure the Azure Sentinel log sources in Anomali Match.

11. Select the API permissions from the Manage menu.

12. Click Add a permission.

13. Navigate to the APIs my organization uses tab on the dialogue box that opens and search for Log analytics API.

14. Select Delegated Permissions and enter the permissions below in the Select permissions text box. Permissions that need to be added are Data.Read. Select the permission and click Add.

15. Navigate to the Log Analytics workspace that contains Sentinel Logs. To do so search Log Analytics Workspaces in the Azure Portal and select the workspace that contains Azure Sentinel Logs. Copy the Workspace ID from the Overview page. You would need this to configure Sentinel log sources in Anomali match.

16. Navigate to the Access Control (IAM) menu. Click on Add -> Add role assignment. Select Log Analytics Reader from the role dropdown. Enter the name of your application in the Assign access to > Select text box. Once the name is visible in the list, select it. Click Save.

Configure the Azure Sentinel log source on the Universal Link through the Anomali Match Interface

Now that the application to access the Log analytics workspace is configured, we can use the Anomali Match Universal Link to add log sources in the Anomali Match user interface. To add logs sources, follow the below steps:

Add Azure Sentinel as a log source to Match    

1. Click on the gear icon () from the top right.

2. Click Links from the left side. The list of configured links is displayed.

3. Identify and click the Universal Link to which you want to add the new log source. The link must be online.

4. Click the plus () icon on the top right. The Add a Log Source popup displays the available log sources from the Link.

5. Click on the Azure Sentinel icon.

6. Enter a Data Source Name for the log source. Enter the Data Source Description which is a short description of the source and is an optional field.

7. Configure settings related to your application as registered in Azure Active Directory (steps to which are given in the section Register an application in Azure Active Directory to access the Log Analytics Workspace above).

8. Click Use Proxy if you wish to use a proxy.

9. Click Next.

10. Enter the query string in the Search Query 1 field. This defines what data will be retrieved from the log source. The query syntax is:

A sample query is below:

Click the plus sign () to add another query for the same table. Then enter the additional query statement in the field on the same table in Sentinel.

11. Enter the Interval Schedule. This is the time between each query run. Default value for this is 10 minutes.

12. Click Backfill Enabled if you want to specify how far back in time to go to the log

source to get data. This is an optional field.

Use one of the following formats to specify your backfill period:

13. Enter the Drilldown Settings as mentioned below:

14. Click Save.

Now the configuration for pulling data from Azure Sentinel into Anomali match is complete. Once the data is imported in Anomali match it is matched against Threat Intelligence indicators in Anomali Match to generate alerts. You can view these alerts in the Anomali match portal :

You can also drill down indicator details from the alerts to see additional context information about the indicator in the Anomali Match portal:

Exporting alerts from Anomali Match into Azure Sentinel

If you would like to import the Anomali Match alerts back into Azure Sentinel for further investigation and hunting, you can do so by setting up the CEF over Syslog connector. For doing so you will have to follow the below steps:

1. Create a Workflow for exporting alerts to Azure Sentinel in the Anomali Match portal. This can be done by clicking the Alerts option on the top bar.

2. In the Rule Workflow window, enter a Rule Name and Source. You can add Filters to decide which alerts you would like to export back to Azure Sentinel. In the Actions tab, you can configure forwarding using Syslog.

Once the alerts are imported into the Common Security table of Azure Sentinel, you can generate incidents using simple KQL based scheduled rules for making them available for triage in Azure Sentinel under the Incidents tab. This can be done by using the scheduled rule to look for the device vendor as the device vendor for all these alerts is set to Anomali. In order to do so, the following steps can be used:

1. Open the Azure Portal and navigate to the Azure Sentinel.

2. Navigate to the Analytics tab under the Configuration menu.

3. Click on the Create -> Scheduled query rule option.

4. Add a Name for the analytics rule and make sure that the rule is Enabled. You can also add a Description for the rule and Tactics.

5. Click on the Next : Set Rule Logic button and add the KQL query. A sample query that you can use to generate incidents from the Anomali match alerts is as follows:

            CommonSecurityLog

            | where DeviceVendor == “Anomali”

6. Enable Alert grouping on the Incident settings page and playbooks (if any) on the Automated response page.

7. Create the rule on the Review and Create tab.

Summary

This unique integration between Azure Sentinel and Anomali match allows you to use the power of Threat Intelligence in Anomali for matching against log data from Azure Sentinel to find actionable threats. The bi-directional capabilities allow you to bring all the security insights gained from Anomali Match into Azure Sentinel for triage and analysis by your security operations team.