Automation Rising 2020 SOAR Hackathon Results

Nov 19, 2020
6 minutes

Announcing the Automation Rising 2020 Hackathon Winners!

It is with great pleasure and excitement that we get to announce the final results and winners of the Automation Rising 2020 SOAR Hackathon, Palo Alto Networks’ first-ever security playbook building competition! 

During this two-month-long challenge, the Cortex XSOAR team joined forces with our four amazing sponsors AWS, Google, RiskIQ, and Sixgill to offer over $65k  across 8 different prize categories to developers in the security community. 

In total, we had nearly 600 participants who built automated security playbooks for the Cortex XSOAR Marketplace - our recently launched innovation ecosystem to make security products work better together to deliver critical results.

We were amazed at how quickly the security community around the globe innovated to automate critical security processes, streamline workflows, and increase efficiency across security tools. Our Hackathon participants pulled from their technical expertise and deep knowledge of threat trends to identify existing gaps and solve critical security challenges. The resulting submissions showcase the boundless potential for security innovation and the role that Cortex Marketplace can play in accelerating that innovation in the future. 


Hackathon Highlights

  • We had 587 participants join the competition from 57 countries around the world!
  • Participants and winners received a total of $65,000 in cash and other prizes.
  • Dozens of playbooks including the 14 winning contributions are being reviewed by our security experts and will be considered for our Marketplace.


Hackathon Champions

Here are the official winners of the Automation Rising 2020 SOAR Hackathon:


Best Security Playbook Winner: Threat Detection Automation in IT OT converged Networks by Weranga Kumaradasa

This playbook aims to solve challenges in IT-OT convergence networks by correlating the alerts generated by both IT and OT point security products, identifying the malware that may have moved across the IT-OT boundaries, and containing the malware to prevent further damage to the organization. 

Judge Anton Chuvakin, a security solution strategy leader at Google Cloud, describes this winning submission by saying While many things in cyber security are challenging, dealing with a mix of IT and OT systems ranks towards the top of the challenge pyramid. Any SOAR playbook that works in such production environments is expected to be of much help to organizations. Fantastic, Weranga!

Best Palo Alto Networks’ Playbook Winner: SecureHealth integration by Seth Piezas

Seth’s work in the medical device industry and his knowledge of the expanding medical attack surface inspired his submission. This integration allows medical devices that are provisioned and controlled through SecureHealth to be monitored through Cortex XSOAR. 

Judge Rishi Bhargava spoke to the important application of this integration, stating The SecureHealth Hackathon contribution uses Palo Alto Networks NGFW AppId feature to solve the prevalent IOT security issue within the healthcare domain. The content pack detects anomaly in AppId and uses the security data collected by google chronicle to further enrich and respond to the threat using Cortex XSOAR. Thank you, Seth!


Customer Choice Award Winner: 1+1 = 3 Supercharging XSOAR with Ansible by Serge Bakharev 

This playbook and its featured integrations within Cortex XSOAR fill the gaps required for IT infrastructure operations using Ansible modules. 

Judge Heather Gantt-Evans, Sr. Director of Security Operations and Cyber Resilience at Home Depot, was thrilled about this playbook and told us I love that this solution helps IT and Security speak each other’s language while also opening up Ansible usage to people who do not code (which enables more D&I). I also loved that the author went above and beyond on the number of integrations he custom coded.Great work, Serge!



Additional Winners:

Runner Up Palo Alto Networks Product Integration Playbook: AWS EC2 - Prisma and XDR by Manoj V

Runner Up Security Playbook: SlashNext Online Brand Protection Detect & Respond Playbook by Lisa O’Reilly

Early Submission Prize: AWS Security Hub | Starter Pack by Daniel Prince

Best Business Use Case Playbook: 1+1 = 3 Supercharging XSOAR with Ansible by Serge Bakharev

Runner Up Business Use Case Playbook: Temp Account Management for External Parties by Apple Li


In addition to all of the winners above, our sponsors each chose their favorite “hack”, recognizing the exciting relationships between Cortex XSOAR and their leading product offerings:  


AWS logoAWS Security Hub Playbook Winner: AWS Security Hub Starter Pack by Daniel Prince

This playbook classifies Security Hub incidents and maps the fields to an XSOAR instance with the goal of taking a cloud-native application with auto scaling groups and automatically remediating a compromised instance. A creative collaboration between AWS and Palo Alto Networks technology. 

Runner Up: AWS EC2 Compromise Response by Thomas Burnette


Chronicle logoGoogle Chronicle Playbook Winner: Chronicle Threat Hunting by Manoj V

This playbook leverages Cortex XSOAR and Google Chronicle capabilities to detect, identify, and thoroughly understand Indicators of Compromise (IoCs). This important integration will allow analysts and incident responders to quickly isolate and respond to threats by giving them the data they need to apply IoCs to their environments. 

Runner Up: Incident Response Pack by Arpitha Srinivas


sixgill logoSixgill Playbook Winner: Sixgill Stolen Domain Investigation by Manoj V, U S, and Mala Verma 

This playbook is a powerful collaboration between Cortex XSOAR, Sixgill, and RiskIQ. It allows organizations to quickly recognize stolen or malicious domains, and integrate that information into the layers of protection that surround their environment. 

Runner Up: Sixgill XSOAR Content Pack by Arpitha Srinivas


RiskIQ logoRiskIQ Playbook Winner: Cyber Squatting Detection with XSOAR by Manoj V


This playbook allows organizations to quickly identify cybersquatting and phishing domains. Helping organizations to protect employees, customers, and their own brand, this critical integration with RiskIQ gives analysts the tools they need to determine if a domain exists and if it is legitimate or malicious. 

Runner Up: RiskIQ Threat Hunting by Manoj V, Mala Verma, and U S 


Check out the full list of submissions and winners at


A Huge Thank You to Our Participants, Judges, and Sponsors!

Congratulations to all the Hackathon winners and a huge thank you to all participants for your important contributions.  We are grateful to our judges for donating their time and their expertise, defining the criteria for a winning playbook and reviewing hundreds of submissions. 

Cortex XSOAR Hackathon judges

Finally, we thank our sponsors for making this event possible and supporting the vision of SOAR and mission of the Cortex XSOAR Marketplace.  A special thank you to Amazon Web Services (AWS) for donating the cloud host instances for all of our participants, giving them a seamless experience and the platform they needed to excel.   

Hackathon sponsor logos

Cortex XSOAR Marketplace will continue to play a significant role in scaling and accelerating the use of automation in enterprise security. We are honored to have such a great start to our journey back in August and will continue to push forward with innovations in the marketplace to make sure that each day is safer and more secure than the one before. 


Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.