HackerOne is a vulnerability coordination and bug bounty platform that connects businesses with penetration testers and cybersecurity researchers.

With HackerOne integrations users can manage remediation of vulnerabilities detected by bug bounty program in Vulcan unified risk view.

HackerOne integration is available via CSV export or API.

Using CSV file

In hackerOne

  1. Go to the HackerOne program -> Inbox -> All
  2. Click Down as CSV

In vulcan

  1. Go to Connectors -> Add a connector
  2. Choose HackerOne CSV
  3. Upload CSV file

Using API integration

  1. Go to HackerOne program follow instructions to Generate API token
  2. Don't need to select groups
  3. In vulcan go to Connectors -> add a Connector > Choose HackerOne
  4. Enter API credentials

HackerOne Assets

HackerOne programs are shown in the Vulcan as Website Assets, program information can be found in the asset details. some felids are mapped to vulcan fields according to the table below

HackerOne

Vulcan

Notes

Reported To

Site Name

Asset

Pages

program type

Tag

Tag will be created for type

HackerOne Vulnerabilities

HackerOne findings are shown in the vulnerabilities view by title as the vulnerability name, each vulnerability contains the report details

Severity - if CVSS is available it will be used for the as part of the risk calculation, otherwise for severity will be converted to a numerical score accordingly:

  • Critical - 10
  • High - 8
  • Medium -5
  • Low - 2
  • None - 0

The following data will be mapped if available

HackerOne

Vulcan

Notes

CVE ID

CVE

Used to match fixes

Weakness

CWE

Used to match threats

References

Vulnerability details

Each Report state is mapped to the corresponding state in vulcan

HackerOne

Vulcan

New

Vulnerable

Triaged

Vulnerable

Retesting

Vulnerable

Needs More Info

Vulnerable

Resolved

Fixed

Informative

Ignored - risk acknowledged

Duplicate

Ignored - False positive

Not Applicable

Ignored - False positive

Spam

Ignored - False positive

Did this answer your question?