Note: Read the Hackathon rules first, if you haven't already.
Check out the documentation, code samples, videos, webinars, tutorials, and guides to help you get started, building your submissions! Remember to build end-to-end solutions that includes multiple Microsoft Sentinel content types or Microsoft Sentinel content (workbooks, analytics, and more) or extend Microsoft Sentinel capabilities via APIs and feel free to mix and match different types of content and data sources to deliver richer end-to-end experiences. Be creative!
Step 1. Create and Configure Microsoft Sentinel
First, create and configure an Azure Sentinel workspace, if you have not done so already.
- Go to https://aka.ms/AzureSentinel - Get set up with your Azure free account. Reach out to Microsoft Sentinel Hackathon team for additional credits.
- Go to the Microsoft Sentinel dashboard in the Azure portal.
- Explore the documentation and quickstarts (Step 2.a. below helps with not only ingesting data sets but also deploying Microsoft Sentinel and configuring onboarding options in the deployment template. Read up on this option before going ahead with setting up Microsoft Sentinel from scratch.)
- Next, it’s all about onboarding to Microsoft Sentinel and the onboarding quickstart is your key here.
Step 2. Setup Data
Then, start setting up data so that you can try out different use cases in Microsoft Sentinel and get ideas for your submission. There are multiple options here. These are all optional and you can choose from one or many of these depending on the variety of data you wish to explore.
- Azure-Sentinel2Go expedites the deployment of an Microsoft Sentinel lab along with other Azure resources and a data ingestion pipeline to consume pre-recorded datasets for Microsoft products for research purposes. This ingests pre-recorded datasets.
- Ingest sample data from some non-Microsoft security products without having access to those products. This is using the Microsoft Sentinel custom log ingest tool that helps ingest these in Azure Log Analytics workspace as custom logs. You can also use the tool to bring in your own data in Microsoft Sentinel as well as custom logs. Go through the steps in the ingest tool readme for this.
- Connect with different types of Microsoft as well as non-Microsoft data by following steps in the documentation. To enable this for Microsoft data sources, you can leverage one or more the following free trials to get started:
- Get access to Azure Services with a free 12-month subscription and a $200 credit (Step #1) includes free trial of Azure Security Center (Standard)
- Get access to Enterprise Mobility and Security E5 90-day free trial for access to Cloud Application Security (CAS), Azure Active Directory Information Protection (AADIP), Azure Information Protection (AIP), Intune and other products depending on your scenario
- Get access to Windows Defender Advanced Threat Protection 60-day free trial, depending on your scenario
- Get the Azure Active Directory Premium subscription for up-to 100 licenses for a month
- Leverage existing Microsoft Sentinel data connectors and/or data connectors in existing Microsoft Sentinel solutions
- Microsoft Sentinel documentation – Learn about Microsoft Sentinel product and use cases
- Microsoft Sentinel contribution/content development guidelines – Captures links to different content/contribution types and how it fits in Microsoft Sentinel use cases along with how to develop these and relevant product documentation as well. This also includes links to helpful resources like Kusto Query Language guide, etc. that can help with creating different types of queries in Microsoft Sentinel.
- Learn about Microsoft Sentinel solutions and build solutions to deliver end to end value in Microsoft Sentinel. You may optionally choose to publish your solution to Azure Marketplace.
- Learn about Microsoft Sentinel REST APIs to build integrations.
- Microsoft Sentinel level 400 training – Summarizes videos and webinars that can get you ramped up on Microsoft Sentinel and covers in depths on different Microsoft Sentinel use cases. These cover a range of training videos starting with content development on Microsoft Sentinel all the way to extending and integrating with Microsoft Sentinel.
- Microsoft Sentinel solutions catalog - Covers a list of product and domain solutions for Microsoft Sentinel
- Microsoft Sentinel GitHub repository – Covers lots of use cases and examples of content contributions from the Microsoft Sentinel Community
- Microsoft Sentinel Threat Hunters publications and tools – Covers examples of integrating and extending Microsoft Sentinel
- Refer to the following for few examples of end-to-end solutions that unlocks the potential of Microsoft Sentinel and drives enterprise value.
- Microsoft Sentinel Solutions blogpost provides examples of end-to-end solutions that deliver product and/or domain and/or industry vertical value.
- SOC Prime Sigma integration provides an example of API integration.
- Microsoft Azure Sentinel2Go lab with pre-recorded data provides an example of a tool that enables easier onboarding to Microsoft Sentinel.
- Join in the Microsoft Sentinel Tech Community conversations
- Post a question in the Discussions forum if you need help!
- We’ll organize a couple of online Office hours to help with answering any questions or to connect on the Hackathon in general. Tune in for further updates on this.
Find a team
No one is an expert at everything, so you may want to consider looking for a teammate to help you iron out the kinks and fill in the blanks of your submission. We’ve got a few tips for finding a teammate in case you need them.
Use the competition Participants page to connect
In our experience, it’s more fun to code with a friend. On the Participants tab, you can:
- Look for teammates by introducing yourself to the community. Mention any ideas you have and what kind of teammates you’re looking for.
- Sort participants by the number of projects and followers they have or by registration date.
- Search participants by name, skills, and portfolio info.
- Reach out to potential teammates and get to know each other.
- Collaborate on something amazing!