PlexTrac integrates with HackerOne, a platform that facilitates vulnerability coordination and bug bounty programs. It connects organizations that want to improve the security of their software and systems with a community of ethical hackers, also known as white-hat hackers, who are skilled in finding and reporting security vulnerabilities.
This is a licensed feature.

Integration Overview

An integration with HackerOne and PlexTrac consists of three parts:
  1. 1.
    Enabling the feature via the license key.
  2. 2.
    Obtaining the HackerOne API Key Identifier and HackerOne API Key values.
  3. 3.
    Configuring PlexTrac to complete the setup.

Enabling HackerOne

If the license is needed within a tenant, the phrase “License Required” with a link to the Support Portal will display within the HackerOne card on the Integrations page of the Admin Dashboard.
When a license is obtained, insert the license key into PlexTrac via the Admin Dashboard>Licensing page.
When the integration is available, a “Connect” button will display within the HackerOne card on the Integrations page of the Admin Dashboard.

Creating an API Token

Once the feature has been enabled, the next step is to obtain the HackerOne API Key Identifier and HackerOne API Key values.
Step 1: Log in to HackerOne's API token page.
Step 2: Click Create API Token.
Step 3: Enter an identifier value into the provided box. Click Create.
Step 4: Copy the API key to a secure place (it will not be accessible after this point). Click I have stored the API Token.
Step 5: The API token just created appears at the top of the API page (an email will also be sent confirming the action). Click Manage groups in the row of the token.
Step 6: Check the desired boxes to define the user's permissions for this group. Click Apply changes.

Configuring PlexTrac

Step 1: From the Admin Dashboard, click Integrations under "Tools & Integrations."
Step 2: Click Connect in the HackerOne card.
Step 3: A modal appears with three tabs. On the first tab, enter the following information:
  1. 1.
    Integration Name: This value is seen by users when selecting which tool to import findings from into a report, so pick a value that easily identifies the integration.
  2. 2.
    HackerOne API Key identifier: This was the value entered when creating the API token within HackerOne.
  3. 3.
    API Key: This was the key provided by HackerOne that was saved for future use.
Step 4: Click Save.
Step 5: In the "Mapping" tab, select which fields to import from HackerOne to PlexTrac.
HackerOne syncs data to PlexTrac, but updates in PlexTrac do not sync back to HackerOne.
Required fields are grayed out in the "Synch" column. The other fields are optional and can be removed from import by clicking the checkbox to remove the checkmark. Click Save.
Step 6: A message will validate that the synch was successful. Click Got It.
HackerOne now appears as "connected" on the Integrations page.
Findings from HackerOne can now be imported into a report.

Disabling Integration

The integration can be temporarily turned off and on via the toggle button under "Enabled."

Editing Integration

Existing settings can be adjusted by clicking Edit under the "Actions" column.

Viewing Logs

Step 1: Click Edit under the "Actions" column.
Step 2: Click the Sync Log tab.
Step 3: Click View of the desired log to read.

Last modified 1mo ago
© 2023 PlexTrac, Inc. All rights reserved.