HackerOne
Last updated
Last updated
© 2024 PlexTrac, Inc. All rights reserved.
PlexTrac integrates with HackerOne, a platform that facilitates vulnerability coordination and bug bounty programs. It connects organizations that want to improve the security of their software and systems with a community of ethical hackers, also known as white-hat hackers, who are skilled in finding and reporting security vulnerabilities.
This is a licensed feature.
An integration with HackerOne and PlexTrac consists of three parts:
Enabling the feature via the license key.
Obtaining the HackerOne API Key Identifier and HackerOne API Key values.
Configuring PlexTrac to complete the setup.
If the license is needed within a tenant, the phrase “License Required” with a link to the Support Portal will display within the HackerOne card on the Integrations page of the Admin Dashboard.
When a license is obtained, insert the license key into PlexTrac via the Admin Dashboard>Licensing page.
When the integration is available, a “Connect” button will display within the HackerOne card on the Integrations page of the Admin Dashboard.
Once the feature has been enabled, the next step is to obtain the HackerOne API Key Identifier and HackerOne API Key values.
Step 1: Log in to HackerOne's API token page.
Step 2: Click Create API Token.
Step 3: Enter an identifier value into the provided box. Click Create.
Step 4: Copy the API key to a secure place (it will not be accessible after this point). Click I have stored the API Token.
Step 5: The API token just created appears at the top of the API page (an email will also be sent confirming the action). Click Manage groups in the row of the token.
Step 6: Check the desired boxes to define the user's permissions for this group. Click Apply changes.
Step 1: From the Admin Dashboard, click Integrations under "Tools & Integrations."
Step 2: Click Connect in the HackerOne card.
Step 3: A modal appears with three tabs. On the first tab, enter the following information:
Integration Name: This value is seen by users when selecting which tool to import findings from into a report, so pick a value that quickly identifies the integration.
Step 4: Click Save.
Step 5: In the "Mapping" tab, select which fields to import from HackerOne to PlexTrac.
HackerOne syncs data to PlexTrac, but updates in PlexTrac do not sync back to HackerOne.
Required fields are grayed out in the "Synch" column. The other fields are optional and can be removed from import by clicking the checkbox to remove the checkmark. Click Save.
Step 6: A message will validate that the synch was successful. Click Got It.
HackerOne now appears as "connected" on the Integrations page.
Findings from HackerOne can now be imported into a report.
The integration can be temporarily turned off and on via the toggle button under "Enabled."
Click Edit under the "Actions" column to adjust existing settings.
Step 1: Click Edit under the "Actions" column.
Step 2: Click the Sync Log tab.
Step 3: Click View of the desired log to read.
HackerOne API Key identifier: This was the value entered when creating the API token within HackerOne.
API Key: This key was provided by HackerOne and saved for future use.