HackerOne
HackerOne is a vulnerability coordination and bug bounty program that companies use to invite hackers to find security vulnerabilities in their systems. By integrating HackerOne with Brinqa, you can bring in activity data, pentest findings, and discovered weaknesses to prioritize and mitigate potential risks, gain insights into your attack surface, and enhance your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with HackerOne and how to obtain that information from HackerOne. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select HackerOne from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information to authenticate HackerOne with Brinqa:
-
API URL: The HackerOne API URL. The default URL is
https://api.hackerone.com. -
API ID and API key: The API credentials associated with the HackerOne user, which must have permissions to log in to the API server and return data.
Generate a HackerOne API ID and API key
For the HackerOne connector to use the HackerOne API, you must provide the API ID and API key from HackerOne. Only HackerOne program administrators can generate API keys. To generate a new HackerOne API key, follow these steps:
-
Log in to your HackerOne account as an administrator.
-
Navigate to Organization Settings > API Tokens.
-
Click Create API Token.
-
Give the new API token an identifier. The identifier must begin with a letter or a number and can only contain letters, numbers, hyphens, or underscores.
- The identifier is the API ID that is used for authenticating the HackerOne connector with Brinqa. The API ID is case sensitive.
-
Select the
AdminandStandardgroups. Both are required for the HackerOne connector to work with Brinqa. TheAdmingroup grants permissions to collectProgramdata while theStandardgroup grants permissions to collectReportdata. -
Click Add API token.
Your new API key displays. You cannot view the key again. Copy the token and save it in a secure location.
-
Click I have stored the API token.
For additional information on API tokens, see the HackerOne documentation.
Additional settings
The HackerOne connector contains additional options for specific configuration:
-
Page size: The maximum number of records to get per API request. The default setting is 100. It is not recommended to go over 100.
-
Parallel requests: The maximum number of parallel API requests. The default setting is 4.
Types of data to retrieve
The HackerOne connector can retrieve the following types of data from the HackerOne API:
Table 1: Data retrieved from HackerOne
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Activity | No | Not mapped |
| Pentest Finding | Yes | Pentest Finding |
| Pentest Finding Definition | Yes | Pentest Finding Definition |
| Site | Yes | Site |
| Weakness | No | Weakness |
For detailed steps on how to view the data retrieved from HackerOne in the Brinqa Platform, see How to view your data.
Attribute mappings
Click the tabs below to view the mappings between the source and the Brinqa data model attributes.
- Pentest Finding
- Pentest Finding Definition
- Site
- Weakness
Table 2: Pentest Finding attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| program.handle | Local variable |
| report.assignee | Local variable |
| report.bounties.amount | Local variable |
| report.closedAt | Local variable |
| report.createdAt | firstFound |
| report.disclosedAt | Local variable |
| report.FirstReporterActivityAt | Local variable |
| report.id | uid |
| report.issueTrackerReferenceId | Local variable |
| report.lastActivityAt | Local variable |
| report.lastProgramActivityAt | Local variable |
| report.lastPublicActivityAt | Local variable |
| report.lastReporterActivityAt | Local variable |
| report.reporter | Local variable |
| report.reporterAgreedOnGoingPublicAt | Local variable |
| report.source | Local variable |
| report.state | status, statusCategory |
| report.structured_scope.asset_identifier | targets |
| report.swagAwardedAt | Local variable |
| report.title & report.vulnerability_information | type |
| report.triagedAt | Local variable |
| report.updatedAt | lastFound |
| report.weakness | Local variable |
| report.bountyAwardedAt | Local variable |
Table 3: Pentest Finding Definition attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| report.attributes.cveIds | cveIds, cveRecords |
| report.severity.attackComplexity | cvssV3AttackComplexity |
| report.severity.attackVector | cvssV3AttackVector |
| report.severity.availability | cvssV3AvailabilityImpact |
| report.severity.confidentiality | cvssV3ConfidentialityImpact |
| report.severity.integrity | cvssV3IntegrityImpact |
| report.severity.privilegesRequired | cvssV3PrivilegesRequired |
| report.severity.rating | severity, sourceSeverity, severityScore |
| report.severity.score | cvssV3BaseScore |
| report.severity.scope | Local variable |
| report.severity.userInteraction | cvssV3UserInteraction |
| report.title | name |
| report.type & report.vulnerability_information | uid |
| report.vulnerabilityInformation | description |
| report.weakness.external_id | cweId, weaknesses |
Table 4: Site attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| ASSET_CATEGORY_WEB_APPLICATION | categories |
| report.structured_scope.assetType | assetType |
| report.structured_scope.asset_identifier | uid |
| report.structured_scope.asset_identifier | name |
| report.structured_scope.asset_identifier | description |
| report.structured_scope.asset_identifier | url |
| report.structured_scope.availabilityRequirement | Local variable |
| report.structured_scope.confidentialityRequirement | Local variable |
| report.structured_scope.eligibleForBounty | Local variable |
| report.structured_scope.eligibleForSubmission | Local variable |
| report.structured_scope.instruction | Local variable |
| report.structured_scope.integrityRequirement | Local variable |
| report.structured_scope.maxSeverity | Local variable |
Table 5: Weakness attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| weakness.createdAt | Local variable |
| weakness.description | description |
| weakness.externalAd | Local variable |
| weakness.id | uid |
| weakness.name | name |
Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.
Operation options
The HackerOne connector supports the following operation options. See connector operation options for information about how to apply them.
Table 6: HackerOne connector operation options
| Connector Object | Option | All Possible Values | Description | Example |
|---|---|---|---|---|
| Pentest Finding | severity | none, low, medium, high, critical | Retrieve pentest findings by the specified severity level. | Key: severity Value: critical. This key and value combination only retrieves pentest findings with a critical severity level. |
| state | new, triaged | Retrieve pentest findings by the specified state. | Key: state Value: new. This key and value combination only retrieves new pentest findings. | |
| Pentest Finding Definition | severity | none, low, medium, high, critical | Retrieve pentest finding definitions by the specified severity level. | Key: severity Value: high. This key and value combination only retrieves pentest finding definitions with a high severity level. |
| state | new, triaged | Retrieve pentest finding definitions by the specified state. | Key: state Value: triaged. This key and value combination only retrieves pentest finding definitions that have been triaged. | |
| Site | severity | none, low, medium, high, critical | Retrieves sites by the specified severity level. | Key: severity Value: medium. This key and value combination only retrieves sites with a medium severity level. |
| state | new, triaged | Retrieves sites by the specified state. | Key: state Value: new. This key and value combination only retrieves new sites. |
The option keys and values are case-sensitive as they are shown in this documentation.
APIs
The HackerOne connector uses the HackerOne API. Specifically, it uses the following endpoints:
Table 7: HackerOne API Endpoints
| Connector Object | API Endpoint |
|---|---|
| Activity | GET https://api.hackerone.com/v1/me/programs |
GET https://api.hackerone.com/v1/incremental/activities | |
| Pentest Finding | GET https://api.hackerone.com/v1/me/programs |
GET https://api.hackerone.com/v1/reports | |
| Pentest Finding Definition | GET https://api.hackerone.com/v1/me/programs |
GET https://api.hackerone.com/v1/reports | |
| Site | GET https://api.hackerone.com/v1/me/programs |
GET https://api.hackerone.com/v1/reports | |
| Weakness | GET https://api.hackerone.com/v1/{programId}/weaknesses |
Changelog
The HackerOne connector has undergone the following changes:
3.0.5
- Added support for Data lifecycle management to the Pentest finding and Site objects.
3.0.4
- Fixed an issue where findings with an "Informational" status in HackerOne were incorrectly marked as "Active" in Brinqa instead of "Fixed".
3.0.3
- Added the SOURCE_STATUS attribute to the Pentest Finding object.
3.0.2
- Fixed an issue with the SOURCE_SEVERITY attribute on the Pentest Finding Definition object.
3.0.1
-
Added a check for null values in the Activity object.
-
Addressed the HTTP 429 error when using multiple threads.
3.0.0
- Initial Integration+ release.