Overview
About
HackerOne is a vulnerability coordinator and bug bounty platform that connects businesses with penetration testers and cybersecurity researchers.
The HackerOne platform allows organizations to set their scope, track bug reports, and manage payouts from one location. When integrated with the Vulcan Platform, you can review Website vulnerabilities on your assets, while leveraging the power of Vulcan Cyber discoverability and automation. In this article, you will find how to connect, locate, and automate HackerOne with Vulcan Cyber.
Configure the HackerOne connector
First, you need to Grant the Vulcan Platform access to your HackerOne platform by issuing an API identifier and API Token.
Go to your HackerOne console > Organization Settings tab > API Token
Generate an API Identifier and an API token following the instructions here
Note: When you create the API identifier, there is no need to assign the API identifier and Token to a group as this is a read-only user.Copy-paste the credentials you generated to somewhere safe for later use.
Now that you have your API Token and Identifier, go to your Vulcan Platform and perform the following:
Log in to your Vulcan Cyber platform and go to Connectors
Click on Add a Connector
Click on the HackerOne icon
Enter the following information into the connector setup page:
API Identifier: as generated above
API Token: as generated above
Check the "Fetch vulnerabilities custom fields" option in case you have customized fields in HackerOne that you want to fetch into the Vulcan Platform.
From HackerOne to the Vulcan Platform - Fields Mapping
Connector Fields Mapping
HackerOne field | Vulcan field | Note |
Reported To | Site Name | |
Asset | Pages | |
program type | Tag | A Tag is created in the Vulcan platform per program type |
CVE ID | CVE | Used to match fixes |
Weakness | CWE | Used to match threats |
References | Vulnerability details |
Vulnerability Status Mapping
HackerOne status | Vulcan status |
New | Vulnerable |
Triaged | Vulnerable |
Retesting | Vulnerable |
Needs More Info | Vulnerable |
Resolved | Fixed |
Informative | Ignored - risk acknowledged |
Duplicate | Ignored - False positive |
Not Applicable | Ignored - False positive |
Spam | Ignored - False positive |
Note: Each Report state is mapped to the corresponding state in the Vulcan Platform.
Vulnerability Score Mapping
If CVSS is available it is used as part of the risk calculation. Otherwise, the severity level in HackerOne is converted to a numerical score in the Vulcan Platform.
HackerOne Severity | Vulcan Score |
Critical | 10 |
High | 8 |
Medium | 5 |
Low | 2 |
None | 0 |
Locate HackerOne vulnerabilities in the Vulcan Platform
As HackerOne discovers vulnerabilities, the Vulcan Platform connector imports those vulnerabilities for reporting and remediation action. With a large number of assets and potential vulnerabilities, locating specific vulnerabilities via source is made easy with filters.
Open the Vulcan Platform dashboard and navigate to the Vulnerabilities.
Click on the "Search or filter vulnerabilities search" box, scroll to the Vulnerability Source/Connector option, and click to filter by the vulnerability source/Connector.
Locate HackerOne on the vulnerability source list and click to filter the results.
You can click on any vulnerability to view further information and potentially take action by clicking the Take Action drop-down. Alternatively, you can automate actions as shown below.
Locate HackerOne Website assets in the Vulcan Platform
To quickly locate all synced Website assets from HackerOne, you may leverage the Assets tab in the Vulcan Platform.
Open the Vulcan Cyber dashboard and navigate to Assets > Websites tab.
Click on the Search or filter websites input box and select Connector/Source from the drop-down selection.
Scroll down the resulting connector list to locate the HackerOne option to view all synced HackerOne website assets.
Filter HackerOne vulnerabilities and automate remediation by HackerOne custom fields
HackerOne allows you to create customized fields. In the Vulcan Platform, you can filter vulnerabilities by HackerOne custom fields as well as initiate remediation actions. First, make sure you've opted to "Fetch vulnerabilities custom fields" on the connector setup page (Connectors tab > HackerOne).
To filter by custom fields:
Go to Vulnerabilities
Click on the "Search or filter vulnerabilities search" box
Scroll down to locate the HackerOne custom fields and select to filter the results
To automate by custom fields, see Automate HackerOne vulnerability actions in the Vulcan Platform.
Automate HackerOne vulnerability actions in the Vulcan Platform
Large environments quickly become unmanageable if constant manual attention and action are necessary to remediate vulnerabilities. Take advantage of the automation capabilities of Vulcan Cyber and the HackerOne connector.
Check the example below that shows how to assign critical HackerOne vulnerabilities through email.
Go to Automation > Create new Playbook
Give your automation playbook an indicative name, select HackerOner as the source of vulnerabilities, and set the vulnerability condition as "Risk is Critical".
You can also automate by custom HackerOne fields:
Click on the Assign via Email as a Remediate action.
Choose how the separation of tickets is handled, here up to 200 vulnerabilities are aggregated into a single email. Then add the recipient emails to be notified.
Leave all other steps as default or customize as you wish, then click on Save and Run.