HackerOne is a vulnerability coordination and bug bounty platform that connects businesses with Cybersecurity researchers and penetration testers.
To import your data from HackerOne to Cisco Vulnerability Management, you will need to leverage the HackerOne Connector under the Bug Bounties section of the Cisco Vulnerability Management UI.
Prerequisites
-
A service account or user account with access to all the items you wish to import and must have API Access.
- You must be a Cisco Vulnerability Management Administrator.
Note: The HackerOne Connector is a Cloud connector, and does not require the Virtual Tunnel.
Configuring your Connector in Cisco Vulnerability Management
1. In the Cisco Vulnerability Management UI, click Connectors.
2. Click Add Connector.
3. In the Bug Bounties section, click HackerOne.
4. On the HackerOne page, enter the following information:
-
Name: Enter a name for the connector, or leave it as “HackerOne."
Enter the Username information and API Key for the service or user account you want to use. - Schedule: Select the frequency that you’d like your Connector to run.
- Asset Inactivity Limit: Enter a time in days for the connector level asset inactivity limit. For Bug Bounty connectors recommends a longer Asset Inactivity Limit, because these items are seen less often than a typical Vulnerability Management vulnerability or finding.
5, Click Save and Verify.
What HackerOne Items does Cisco Vulnerability Management Import and what API Calls are involved?
Cisco Vulnerability Management will import all of the findings associated with the user leveraged for the connector.
HackerOne Field |
Cisco Vulnerability Management Field |
Notes |
---|---|---|
Data> Attributes > asset_identifier |
Application Identifier |
|
data_id |
External ID |
|
Source Vulnerability > id |
Vulnerability Identifier |
|
Title |
Name |
|
State |
Status |
We do not map Triaged States |
vulnerability_information |
Details & Description |
|
Attributes > external_id |
CWE |
|
Attributes > cve_ids |
CVE |
|
Attributes > created_at |
found_date |
|
updated_at |
last_seen_date |
|
closed_at (if populated) |
Closed |
Closed Date |
Score |
Scanner Score |
(0-10) OR Low - 3 Medium - 6 High - 9 |
The Connector does not import the following:
-
Bounty Amount Awarded
-
Messages posted (Comments)
-
Swag Awarded
-
Custom Fields
-
Reporter
The API endpoints that Cisco Vulnerability Management leverages are:
-
https://api.hackerone.com
-
…/v1/me/programs (for all relevant pages)
-
…/v1/reports/
Optional Settings
The following settings can be enabled on the backend for HackerOne Connectors. To have these settings enabled, or for more information, contact Cisco Support, or your Customer Success Engineer.
Exclude Informationals
When you enable this option, Cisco Vulnerability Management will only import vulnerabilities that include a CVE, CWE, or WASC ID.
Ignore Scanner Last Seen Time
Select this setting if you do not want the asset last seen time in Cisco Vulnerability Management to be the scanner reported last seen time.
Custom Ordered Locators
Locators (such as IP, Netbios, and FQDN) can be reordered to better deduplicate vulnerabilities on the Connector level or the entire Platform level. For more information, see the help article here.
Common Reasons for HackerOne Connector Run Failures
- Bad Credentials. If you enter the incorrect connector credentials during the connector setup, Cisco Vulnerability Management will not have access to the environment to make the API calls.
- If no reports are found, Cisco Vulnerability Management will abort the Connector run, rather than fail it outright.
- If an API call fails (no data available, or other reasons).
- If Cisco Vulnerability Management receives data that is not in the expected format and cannot process it, the connector will fail.
- If more than 1% of connector payloads fail to import cleanly, Cisco Vulnerability Management will auto-fail the Connector run.
Additional Assistance
Contact Support if you require any additional assistance with the HackerOne Connector.
Comments
Please sign in to leave a comment.