Build end-to-end cybersecurity solutions for Microsoft Sentinel that delivers enterprise value by collecting data, managing security, detecting, hunting, investigating, and responding to cybersecurity threats!

As organizations’ digital estate grows, so does the volume of security data. Per a detailed study by Microsoft’s Enterprise Strategy Group (ESG), 76% of organizations report an increase which continues to keep growing. To shore up their defenses, enterprise have deployed dozens of security products, each producing a large volume of alerts. In isolation, these products may have high false positive rates and poor response prioritization, resulting in deafening alert noise. As a result, organizations report that 44% are never investigated. Part of the reason for these alerts to fall through the cracks is a massive shortage in security professionals.  

This is where Microsoft Sentinel, Microsoft’s cloud native Security Incident and Event Management (SIEM), enables organizations to achieve more by tapping into the scale and intelligence of the cloud to deliver instant value to defenders, auto-scale to enterprise needs and improve effectiveness of operations using Artificial Intelligence (AI) and automations.

Microsoft Sentinel has been named a Leader in The Forrester WaveTM: Security Analytics Platform Providers, Q4 2020, with the top ranking in strategy.

Microsoft Sentinel provides a platform for security analysts and threat hunters of various levels to not only leverage existing content like workbooks (dashboard), playbooks (workflow orchestrations), analytic rules (detections), hunting queries, notebooks, etc. but also to build custom content and solutions as needed. Microsoft Sentinel solutions can be of two types:

1. Product solution - Solutions that deliver E2E product value include data connectors and associated content like workbooks, analytics etc. for a certain product. For e.g. Cisco Umbrella solution or Microsoft Defender solution, etc. These generally operate on a single data source. Refer to the list of solutions for Microsoft Sentinel as examples (all solutions not under Domain solutions category are all product solutions).

2. Domain solution - Solutions that provide E2E domain or industry vertical value to enterprise like specialized solutions for healthcare compliance or finanacial compliance or vulnerability management or healthcare product integration, SAP scenarios, etc. These are generally data source agnostic and can operate on multiple data sources unlike product solutions. View list of current domain solutions for Microsoft Sentinel as examples.

Furthermore, Microsoft Sentinel also provides APIs for integrating different types of applications to connect with Microsoft Sentinel data and insights. 

This hackathon challenge revolves around how you can provide the ultimate enterprise value by delivering an end-to-end solution via Microsoft Sentinel content and/or integrations. Refer to the Get Started guide for resources and inspiration.


Main Requirement

Submissions must be built for Microsoft Sentinel and can be in the form of one of the following project types:

Project Type 1: Microsoft Sentinel domain solutions that include at least three different content types like data connectors, workbooks, playbooks, analytic rule templates, notebooks, to deliver an end-to-end monitoring - detection - investigation - response scenario. It's not required to have a data connector and projects can leverage existing Microsoft Sentinel data connectors and/or data connectors in existing Microsoft Sentinel solutions These scenarios can fulfill:

    • Domain value (like compliance scenarios, or threat intelligence capabilities or networking capabilities, etc.) and/or
    • Industry vertical value (like finance, healthcare, etc.).

Extra credit for including more and relevant content in the submission.

These may be submitted as Microsoft Sentinel solution by following guidance at

Project Type 2: Microsoft Sentinel API integrations that deliver enterprise value and / or can enable easy migration of organizational content to Microsoft Sentinel. 

Additional Submission Requirements

  • Include a text description that explains the features and functionality of the submission and describe how the submission could help enterprise cybersecurity using Microsoft Sentinel.
  • Submit a demo video (hosted on YouTube, Vimeo). Your video should include a demo of your working submission via a step-by-step visual demo.
  • Please submit at least one image/screenshot of your submission.
  • Link to Microsoft Sentinel GitHub Pull Request (PR) or public code repository (GitHub preferred) to the working submission with detailed Readme on how to deploy the submission and use it in Microsoft Sentinel. Submissions can be done as a Pull Request directly to the Microsoft Sentinel GitHub repository and look up the  for contribution guidance. For submissions to the Microsoft Sentinel GitHub, have a prefix as [Microsoft Sentinel Hackathon Spring 2022] in the PR title as these will be reviewed as part of the judging process.



Hackathon Sponsors


$18,000 in prizes

First Prize

* $10,000 USD cash
* Blog post, social and in community tab of Microsoft Sentinel featuring the winning submission

Second Prize

* $4,000 USD cash
* Blog post, social and banner in community tab of Microsoft Sentinel featuring the winning submission

Runner Up (2)

* $1,500 USD cash
* Blog post, social and banner in community tab of Microsoft Sentinel featuring the winning submission

Popular Choice

* $1,000 USD cash
* Blog post, social and banner in community tab of Microsoft Sentinel featuring the winning submission

Devpost Achievements

Submitting to this hackathon could earn you:


Ann Johnson

Ann Johnson
Corporate Vice President, Security, Compliance and Identity (SCI) BD, Microsoft

John Lambert

John Lambert
Distinguished Engineer and General Manager, Microsoft Threat Intelligence Center

Olaf Hartong

Olaf Hartong
Defensive Specialist and Security Researcher, FalconForce and Microsoft MVP

Judging Criteria

  • Quality of Idea
    Indicates creativity, originality, and the potential to significantly improve organizational security using Microsoft Sentinel
  • Value to Enterprise
    Demonstrates usefulness to an enterprise, for example by streamlining or automating security operations, reducing threat detection and response times, or improving the effectiveness of existing security tools or enables migration to Microsoft Sentinel
  • Technical Implementation
    Assesses how well the idea was executed by the submitter, including the user experience, the complexity of the scenarios, blending in Microsoft and non-Microsoft entities or data or other APIs with Microsoft Sentinel, and whether it performs as expected

Questions? Email the hackathon manager

Tell your friends

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.