Our next-gen architecture is built to help you make sense of your ever-growing data. Watch a 4-min demo video!

Quick Start Security for HackerOne

HackerOne
HackerOne icon

Out-of-the-Box Security For HackerOne Includes:

Alerts - 7

Stay on top of HackerOne key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.

IPs Related to HackerOne Observed

This alert detects whenever IPs and URIs related to HackerOne are observed in the logs. HackerOne is a security platform that connects businesses with penetration testers and cybersecurity researchers. Impact If an attacker gained access to the HackerOne's vulnerabilities disclosure reports can exploit them before they are patched. This can cause damage to an organization's reputation eventually. Mitigation Check if the traffic is legitimate or not. If not, investigate it further. MITRE Tactic: TA0001 MITRE Technique: T1190

URI Specific Traffic Observed

This alert detects whenever HackerOne-related traffic is generated for the URIs belonging to the organization. HackerOne is a security platform that connects businesses with penetration testers and cybersecurity researchers. Impact If an attacker gained access to the HackerOne's vulnerabilities disclosure reports can exploit them before they are patched. This can cause damage to an organization's reputation eventually. Mitigation Check if the traffic is legitimate or not. If not, investigate it further. MITRE Tactic: TA0108 MITRE Technique: T0819

Traffic Generated For HackerOne

This alert detects whenever HackerOne-related traffic is generated from a public IP. HackerOne is a security platform that connects businesses with penetration testers and cybersecurity researchers. Impact If an attacker gained access to the HackerOne's vulnerabilities disclosure reports can exploit them before they are patched. This can cause damage to an organization's reputation eventually. Mitigation If the traffic is from a public IP address, check its legitimacy. If the traffic is not known investigate it further. Note: Please add the internal CIDR IP range to whitelist according to your requirement. MITRE Tactic: TA0108 MITRE Technique: T0819

Bug bounty header Seen

This alert detects whenever 'x_bug_bounty' header is present in the logs. This custom HTTP header is used by the security researchers/bug bounty hunters in their research/findings report to the respective organization as part of HackerOne's bug bounty hunting programs. Impact An attacker if gained access to these vulnerabilities disclosure reports can exploit them before they are patched. This can cause damage to an organization. Mitigation Make sure that a user includes this HTTP header in the vulnerability disclosure requests so that it can be validated that the request is via HackerOne. If these reports are shared on a public forum before the vulnerabilities are patched, check this header to identify if the report was via HackerOne. If yes, investigate further. MITRE Tactic: TA0108 MITRE Technique: T0819

Potentially Malicious Traffic Observed

This alert detects whenever HackerOne-related traffic is generated from an IP that is not a trusted IP on the URIs belonging to the organization. HackerOne is a security platform that connects businesses with penetration testers and cybersecurity researchers. Impact If an attacker gained access to the HackerOne's vulnerabilities disclosure reports can exploit them before they are patched. This can cause damage to an organization's reputation eventually. Mitigation Check if the traffic is legitimate or not. If not, investigate it further. Note: Please add the internal CIDR IP range to whitelist according to your requirement. MITRE Tactic: TA0108 MITRE Technique: T0819

5xx Status Code Generated

This alert detects when 5xx Downstream status code is present in the logs. This status code is generated when downstream validation fails. Below are different 5xx downstream status codes: 500 - Unable to complete the HTTP request downstream and the exception is not OperationCanceledException or HttpRequestException. 502 - Unable to connect to downstream service. 503 - The downstream request times out. Impact A large number of the 5xx requests can be an indicative of server failure for multiple reasons as stated above. Mitigation Investigate if high number of downstream error codes are generated and based on the error code generated, remediate accordingly. MITRE Tactic: TA0040 MITRE Technique: T1498

No logs from HackerOne

This rule detects if there are no logs in the last 36 hours for HackerOne in the customer account. Note- This alert should configured with relevant app & subsystem. Impact Disabling logging is a tactic that adversaries might employ as part of various MITRE ATT&CK techniques to avoid detection, cover their tracks, or impede incident response investigations. Mitigation Address logging concerns to ensure comprehensive monitoring within the Coralogix SIEM system. MITRE Tactic: TA0005 MITRE Technique:T1562

Documentation

Learn more about Coralogix's out-of-the-box integration with HackerOne in our documentation.

Read More
Schedule Demo