[Workshop Alert] Mastering Observability with OpenTelemetry Fundamentals - Register Now!

Start Free Trial Get a Demo
Start Free Trial Request Demo

Quick Start Security for HackerOne

HackerOne
HackerOne icon

Coralogix Extension For HackerOne Includes:

Alerts - 7

Stay on top of HackerOne key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.

IPs Related to HackerOne Observed

This alert detects whenever IPs and URIs related to HackerOne are observed in the logs. HackerOne is a security platform that connects businesses with penetration testers and cybersecurity researchers. Impact If an attacker gained access to the HackerOne's vulnerabilities disclosure reports can exploit them before they are patched. This can cause damage to an organization's reputation eventually. Mitigation Check if the traffic is legitimate or not. If not, investigate it further. MITRE Tactic: TA0001 MITRE Technique: T1190

URI Specific Traffic Observed

This alert detects whenever HackerOne-related traffic is generated for the URIs belonging to the organization. HackerOne is a security platform that connects businesses with penetration testers and cybersecurity researchers. Impact If an attacker gained access to the HackerOne's vulnerabilities disclosure reports can exploit them before they are patched. This can cause damage to an organization's reputation eventually. Mitigation Check if the traffic is legitimate or not. If not, investigate it further. MITRE Tactic: TA0108 MITRE Technique: T0819

Traffic Generated For HackerOne

This alert detects whenever HackerOne-related traffic is generated from a public IP. HackerOne is a security platform that connects businesses with penetration testers and cybersecurity researchers. Impact If an attacker gained access to the HackerOne's vulnerabilities disclosure reports can exploit them before they are patched. This can cause damage to an organization's reputation eventually. Mitigation If the traffic is from a public IP address, check its legitimacy. If the traffic is not known investigate it further. Note: Please add the internal CIDR IP range to whitelist according to your requirement. MITRE Tactic: TA0108 MITRE Technique: T0819

Bug bounty header Seen

This alert detects whenever 'x_bug_bounty' header is present in the logs. This custom HTTP header is used by the security researchers/bug bounty hunters in their research/findings report to the respective organization as part of HackerOne's bug bounty hunting programs. Impact An attacker if gained access to these vulnerabilities disclosure reports can exploit them before they are patched. This can cause damage to an organization. Mitigation Make sure that a user includes this HTTP header in the vulnerability disclosure requests so that it can be validated that the request is via HackerOne. If these reports are shared on a public forum before the vulnerabilities are patched, check this header to identify if the report was via HackerOne. If yes, investigate further. MITRE Tactic: TA0108 MITRE Technique: T0819

Potentially Malicious Traffic Observed

This alert detects whenever HackerOne-related traffic is generated from an IP that is not a trusted IP on the URIs belonging to the organization. HackerOne is a security platform that connects businesses with penetration testers and cybersecurity researchers. Impact If an attacker gained access to the HackerOne's vulnerabilities disclosure reports can exploit them before they are patched. This can cause damage to an organization's reputation eventually. Mitigation Check if the traffic is legitimate or not. If not, investigate it further. Note: Please add the internal CIDR IP range to whitelist according to your requirement. MITRE Tactic: TA0108 MITRE Technique: T0819

5xx Status Code Generated

This alert detects when 5xx Downstream status code is present in the logs. This status code is generated when downstream validation fails. Below are different 5xx downstream status codes: 500 - Unable to complete the HTTP request downstream and the exception is not OperationCanceledException or HttpRequestException. 502 - Unable to connect to downstream service. 503 - The downstream request times out. Impact A large number of the 5xx requests can be an indicative of server failure for multiple reasons as stated above. Mitigation Investigate if high number of downstream error codes are generated and based on the error code generated, remediate accordingly. MITRE Tactic: TA0040 MITRE Technique: T1498

No logs from HackerOne

This rule detects if there are no logs in the last 36 hours for HackerOne in the customer account. Note- This alert should configured with relevant app & subsystem. Impact Disabling logging is a tactic that adversaries might employ as part of various MITRE ATT&CK techniques to avoid detection, cover their tracks, or impede incident response investigations. Mitigation Address logging concerns to ensure comprehensive monitoring within the Coralogix SIEM system. MITRE Tactic: TA0005 MITRE Technique:T1562

Integration

Learn more about Coralogix's out-of-the-box integration with HackerOne in our documentation.

Read More
Schedule Demo

300+ Integrations

View More
Akamai
Akamai
JIRA
JIRA
Logstash
Logstash
Prometheus
Prometheus
Fluent Bit
Fluent Bit
Kubernetes
Kubernetes
Amazon CloudWatch
Amazon CloudWatch
GCP Log Explorer
GCP Log Explorer
CircleCI
CircleCI
Slack
Slack
PagerDuty
PagerDuty
Jenkins
Jenkins
OTel
OTel
CrowdStrike Falcon
CrowdStrike Falcon
Teams
Teams
AWS Lambda
AWS Lambda
GitHub
GitHub
Azure
Azure
Cortex XSOAR
Cortex XSOAR
AWS S3
AWS S3