Skip to main content
HackerOne Connector

Learn all about integrating HackerOne into the Vulcan Platform

Updated over a week ago

Overview

About HackerOne

HackerOne is a vulnerability coordinator and bug bounty platform that connects businesses with penetration testers and cybersecurity researchers.

The HackerOne platform allows organizations to set their scope, track bug reports, and manage payouts from one location. When integrated with the Vulcan Platform, you can review Website vulnerabilities on your assets, while leveraging the power of Vulcan Cyber discoverability and automation. In this article, you will find how to connect, locate, and automate HackerOne with Vulcan Cyber.

Why integrating HackerOne into the Vulcan platform?

The HackerOne Connector by Vulcan integrates with the HackerOne platform to pull and ingest HackerOne website-type assets and vulnerability data into your Vulcan Platform. Once the integration is complete, the Vulcan Platform scans the report's findings to correlate, consolidate, and contextualize the ingested data to impact risk and remediation priority.

HackerOne Connector details

The HackerOneconnector maps domains to websites.

Supported products

Category

Bug Bounty

Ingested asset type(s)

Websites

Integration type

UNI directional (data is transferred from HackerOne to the Vulcan Platform in one direction)

Supported version and type

SaaS (latest)


Connector Setup

Prerequisites and user permissions

Before you begin configuring the connector, make sure you have the following:

Generating HackerOne API Identifier and Key

  1. Go to your HackerOne console > Organization Settings tab > API Token

  2. Generate an API Identifier and an API token following the instructions here
    Note: When you create the API identifier, there is no need to assign the API identifier and Token to a group as this is a read-only user.

    api-token-3

Configuring the HackerOne Connector

  1. Log in to your Vulcan Cyber dashboard and go to Connectors.

  2. Click on Add a Connector.

  3. Click on the HackerOne icon.

  4. Set up the connector as follows:

  5. Click the Test Connectivity button to verify that Vulcan Cyber can connect to your HackerOne instance, then click Create (or Save Changes).

  6. Inactive Assets: You can configure a Vulcan rule to consider inactive assets, and Vulcan will remove assets that do not appear in scans within the configured time range.

  7. Allow some time for the sync to complete. Then, you can review the sync status under Log.

  8. To confirm the sync is complete, navigate to the Connectors tab to check the sync status. Once the HackerOne icon shows Connected, the connection is complete.


HackerOne in the Vulcan Platform

Locating HackerOne vulnerabilities in the Vulcan Platform

As HackerOne discovers vulnerabilities, the Vulcan Platform Connector imports those vulnerabilities for reporting and action. You can view vulnerabilities via Connector by using the relevant filter:

  1. Open the Vulcan Platform dashboard and navigate to the Vulnerabilities.

  2. Click on the Search or filter vulnerabilities search box, scroll to the Vulnerability Source option, and click to filter by the vulnerability source.

  3. Locate HackerOne on the vulnerability source/Connector list and click to filter results.

  4. Click on any vulnerability to view further information.

Locating HackerOne website assets in the Vulcan Platform

To locate all retrieved Website assets from HackerOne:

  1. Open the Vulcan Cyber dashboard and navigate to Assets.

  2. Click on the Websites tab.

  3. Click on the Search or filter websites input box and select Connector from the drop-down selection.

  4. Locate the HackerOne option to view all synced assets.

Automating actions on vulnerabilities detected by HackerOne

Large environments quickly become unmanageable if constant manual attention and effort are necessary to remediate vulnerabilities. Take advantage of the automation capabilities of Vulcan Cyber and the HackerOne Connector.

Click here to learn how to create automation in the Vulcan Cyber Platform.


From HackerOne to the Vulcan Platform - Data Mapping

The Vulcan Platform integrates with Hackerone through API to pull relevant vulnerabilities and assets data and map it into the Vulcan Platform pages and fields. HackerOne Domains are mapped into Vulcan Websites. Each HackerOne report is mapped into a vulnerability instance in Vulcan.

Websites mapping

Hackerone field

Vulcan field

asset_identifier

Asset Uniqueness criteria

asset_identifier

Asset Name

reference

max_severity

Asset Details

website

Asset type

asset_identifier

Address

created_at

Created date

updated_at

Last seen date

handle

eligible_for_bounty

eligible_for_submission

Tags - Vendor’s tags

report id

Vulnerability uniqueness criteria

title

Vulnerability Title

vulnerability_information

Vulnerability Description

custom_fields

report_id

report_state

asigned_to

hackerone_rating

weakness_type

weakness_type_description

reporter_name

reporter_username

attack_vector

attack_complexity

privileges_required

user_interaction

scope

confidentiality

integrity

availability

Vulnerability Details

score or rating

CVSS

cve_ids

CVE/S

external_id

CWE

asset_identifier + report id

Asset-Vulnerability connection uniqueness criteria

created_at

First Seen

last_activity_at

Last Seen

state

Status

cvss_score

eligible_for_bounty

eligible_for_submission

Info tool tip (from Assets screen)

Vulnerability status mapping

HackerOne Status

Vulcan Status

pre-submission, new, pending-program-review, triaged, retesting, needs-more-info, informative

Vulnerable

resolved

Fixed

spam

duplicate

Ignored - False Positive

not-applicable

Ignored - Risk Acknowledged

Vulnerability score mapping

HackerOne score

Vulcan score

Critical

10

High

7

Medium

5

Low

3

none

0

Update Mechanisms

Status update mechanisms

Every day, the Vulcan Platform syncs with the vendor's platform to receive updates on existing vulnerabilities and assets and to retrieve new ones (if any were added).

The table below describes how the status update mechanism works in the HackerOne connector for the vulnerabilities and assets in the Vulcan Platform.

Update type

Mechanism

Archiving Assets

An asset not found on the connector's last sync is archived and no longer presented on the Vulcan platform.

Change of vulnerability instances status from "Vulnerable" to "Fixed"

- When the vulnerability status on the vendor changes to "resolved"

Note: Asset or vulnerability updates on the vendor side are reflected on the Vulcan Platform only when the next scheduled sync completes.


API

API Endpoints in use

API Endpoint

Use in Vulcan

Permissions required

/me/programs

Program ID for following steps

None

/programs/{programId}

Program handle for following steps and asset enrichment

None

/programs/{programId}/structured_scopes

Assets (website)

None

/reports?filter[program][]={programHandle}

Vulnerabilities and asset-vulnerability connections

None


Data Validation

How do I validate and compare the data between HackerOne and the Vulcan Platform?

Assets validation

Vulcan ingests and maps only Hackerone’s Domains into Websites on the Vulcan Platform.

  1. Go to Hackerone console, for each program, select the program on the top banner and click on the program name.

  2. Scroll down to see the Program’s assets list in the Scopes table.

  3. In the Vulcan Platform, go to Assets > Websites.

  4. Filter the assets by Connector - HackerOne.

  5. The number of assets should match the count of the domains from all of the hackerone’s programs. The example below presents the results of only one program.

Unique vulnerabilities validation

In most cases, the count of open reports in Hackerone should match the unique vulnerabilities count on the Vulcan Platform.

Reports with N/A state are mapped to Ignored on Vulcan.

Vulnerability instances validation

  1. Go to Hackerone console

  2. Click on Inbox to see the program’s reports.

  3. Filter to see only open states.

  4. Click on a specific report to see the related asset. In the example below, we clicked on the "Test by Roni" asset.

  5. On the Vulcan Platform, click on a specific asset to see the attached vulnerabilities. Example:

Did this answer your question?