Overview


About

HackerOne is a vulnerability coordinator and bug bounty platform that connects businesses with penetration testers and cybersecurity researchers.

The HackerOne platform allows organizations to set their scope, track bug reports, and manage payouts from one location. When integrated with the Vulcan Platform, you can review Website vulnerabilities on your assets, while leveraging the power of Vulcan Cyber discoverability and automation. In this article, you will find how to connect, locate, and automate HackerOne with Vulcan Cyber.


Configure the HackerOne connector

First, you need to Grant the Vulcan Platform access to your HackerOne platform by issuing an API identifier and API Token.

  1. Go to your HackerOne console > Organization Settings tab > API Token

  2. Generate an API Identifier and an API token following the instructions here
    Note: When you create the API identifier, there is no need to assign the API identifier and Token to a group as this is a read-only user.

  3. Copy-paste the credentials you generated to somewhere safe for later use.

Now that you have your API Token and Identifier, go to your Vulcan Platform and perform the following:

  1. Log in to your Vulcan Cyber platform and go to Connectors

  2. Click on Add a Connector

  3. Click on the HackerOne icon

  4. Enter the following information into the connector setup page:

    • API Identifier: as generated above

    • API Token: as generated above

    • Check the "Fetch vulnerabilities custom fields" option in case you have customized fields in HackerOne that you want to fetch into the Vulcan Platform.


From HackerOne to the Vulcan Platform - Fields Mapping

Connector Fields Mapping

HackerOne field

Vulcan field

Note

Reported To

Site Name

Asset

Pages

program type

Tag

A Tag is created in the Vulcan platform per program type

CVE ID

CVE

Used to match fixes

Weakness

CWE

Used to match threats

References

Vulnerability details


Vulnerability Status Mapping

HackerOne status

Vulcan status

New

Vulnerable

Triaged

Vulnerable

Retesting

Vulnerable

Needs More Info

Vulnerable

Resolved

Fixed

Informative

Ignored - risk acknowledged

Duplicate

Ignored - False positive

Not Applicable

Ignored - False positive

Spam

Ignored - False positive

Note: Each Report state is mapped to the corresponding state in the Vulcan Platform.

Vulnerability Score Mapping

If CVSS is available it is used as part of the risk calculation. Otherwise, the severity level in HackerOne is converted to a numerical score in the Vulcan Platform.

HackerOne Severity

Vulcan Score

Critical

10

High

8

Medium

5

Low

2

None

0


Locate HackerOne vulnerabilities in the Vulcan Platform

As HackerOne discovers vulnerabilities, the Vulcan Platform connector imports those vulnerabilities for reporting and remediation action. With a large number of assets and potential vulnerabilities, locating specific vulnerabilities via source is made easy with filters.

  1. Open the Vulcan Platform dashboard and navigate to the Vulnerabilities.

  2. Click on the "Search or filter vulnerabilities search" box, scroll to the Vulnerability Source/Connector option, and click to filter by the vulnerability source/Connector.

  3. Locate HackerOne on the vulnerability source list and click to filter the results.

    You can click on any vulnerability to view further information and potentially take action by clicking the Take Action drop-down. Alternatively, you can automate actions as shown below.


Locate HackerOne Website assets in the Vulcan Platform

To quickly locate all synced Website assets from HackerOne, you may leverage the Assets tab in the Vulcan Platform.

  1. Open the Vulcan Cyber dashboard and navigate to Assets > Websites tab.

  2. Click on the Search or filter websites input box and select Connector/Source from the drop-down selection.

  3. Scroll down the resulting connector list to locate the HackerOne option to view all synced HackerOne website assets.


Filter HackerOne vulnerabilities and automate remediation by HackerOne custom fields

HackerOne allows you to create customized fields. In the Vulcan Platform, you can filter vulnerabilities by HackerOne custom fields as well as initiate remediation actions. First, make sure you've opted to "Fetch vulnerabilities custom fields" on the connector setup page (Connectors tab > HackerOne).

To filter by custom fields:

  1. Go to Vulnerabilities

  2. Click on the "Search or filter vulnerabilities search" box

  3. Scroll down to locate the HackerOne custom fields and select to filter the results

To automate by custom fields, see Automate HackerOne vulnerability actions in the Vulcan Platform.


Automate HackerOne vulnerability actions in the Vulcan Platform

Large environments quickly become unmanageable if constant manual attention and action are necessary to remediate vulnerabilities. Take advantage of the automation capabilities of Vulcan Cyber and the HackerOne connector.


Check the example below that shows how to assign critical HackerOne vulnerabilities through email.

  1. Go to Automation > Create new Playbook

  2. Give your automation playbook an indicative name, select HackerOner as the source of vulnerabilities, and set the vulnerability condition as "Risk is Critical".

    You can also automate by custom HackerOne fields:

  3. Click on the Assign via Email as a Remediate action.

  4. Choose how the separation of tickets is handled, here up to 200 vulnerabilities are aggregated into a single email. Then add the recipient emails to be notified.

  5. Leave all other steps as default or customize as you wish, then click on Save and Run.

Did this answer your question?