HackerOne is a vulnerability coordination and bug bounty platform that connects businesses with Cybersecurity researchers and penetration testers.
To import your data from HackerOne to Cisco Vulnerability Management, you will need to leverage the HackerOne Connector under the Bug Bounties tools.
User Prerequisites/Connector Setup:
-
A service account or user account with access to all the items you wish to import and must have API Access.
-
Note: The HackerOne Connector is a Cloud connector, and does not require the Virtual Tunnel.
Configuring your Connector in Cisco Vulnerability Management
To set up the Connector, navigate to the Connectors tab in your Cisco Vulnerability Management deployment (you must be a Cisco Vulnerability Management Administrator to do so). On the Connectors page, select HackerOne:
Once you select the HackerOne Connector, the following screen will appear:
-
Enter a name for the connector, or leave it as “HackerOne."
-
Enter the Username and API Key for the account.
-
Schedule the connector and select the run frequency.
-
Click "Save and Verify."
-
If you’d like to set a connector level asset inactivity limit, you can do that at this time. For Bug Bounty connectors we recommend a longer Asset Inactivity Limit, as these items are ingested / seen less often than a typical VM/AppSec vulnerability.
What HackerOne Items does Cisco Vulnerability Management Import and what API Calls are involved?
Cisco Vulnerability Management will import all of the findings associated with the user leveraged for the connector. We will pull the following information and fields:
HackerOne Field |
Cisco Vulnerability Management Field |
Notes |
---|---|---|
Data> Attributes > asset_identifier |
Application Identifier |
|
data_id |
External ID |
|
Source Vulnerability > id |
Vulnerability Identifier |
|
Title |
Name |
|
State |
Status |
We do not map Triaged States |
vulnerability_information |
Details & Description |
|
Attributes > external_id |
CWE |
|
Attributes > cve_ids |
CVE |
|
Attributes > created_at |
found_date |
|
updated_at |
last_seen_date |
|
closed_at (if populated) |
Closed |
Closed Date |
Score |
Scanner Score |
(0-10) OR Low - 3 Medium - 6 High - 9 |
The Connector does not pull in the following:
-
Bounty Amount Awarded
-
Messages posted (Comments)
-
Swag Awarded
-
Custom Fields
-
Reporter
The API endpoints we leverage are:
-
https://api.hackerone.com
-
…/v1/me/programs (for all relevant pages)
-
…/v1/reports/
Optional Settings
The following settings can be enabled on the backend for HackerOne Connectors. To have these settings enabled, or for more information, please contact Support, or your Customer Success Engineer.
-
Exclude Informationals
-
When this option is enabled, Cisco Vulnerability Management will not import vulnerabilities that do not include a CVE, CWE, or WASC ID.
-
-
Ignore Scanner Last Seen Time
-
This can be enabled for customers who do not want the asset last seen time in Cisco Vulnerability Management to be the scanner reported last seen time.
-
-
Custom Ordered Locators
-
Locators (IP, Netbios, FQDN, etc) can be reordered to better deduplicate vulnerabilities on the Connector level or the entire Platform level. For more information see the help article here.
-
Common Reasons for HackerOne Connector Run Failures
-
Bad credentials
-
No reports are found, Cisco Vulnerability Management will abort
-
Failed API calls
-
Inability to process unexpected data/format
-
If more than 1% of connector payloads fail, Cisco Vulnerability Management will auto-fail the Connector Run.
Additional Assistance:
Please contact Support should you require any additional assistance with the HackerOne Connector(s).
Comments
Please sign in to leave a comment.