HackerOne Gateway

Organizations: Control hacker access at both a high and granular level

Updated over a week ago

This page refers to the new version of Gateway. For documentation of the Legacy Gateway solution, please refer to this page.

The HackerOne Gateway enables access to public and firewalled assets and allows IP whitelisting per program. It also provides the ability to control hacker access at both a high and granular level.

Gateway is available as an add-on. To learn more about adding HackerOne Gateway to your program, contact your account manager.

The asset types available for gateway are:

  • IP Address

  • CIDR

  • URL

  • Domain

  • Wildcard (only on the third level domain, e.g. *.acme.com).

Managing Gateway Settings

  1. Go to Program > Gateway to manage your Gateway solution.

  2. To pause or resume the Gateway program, click on the Online/Offline toggle on the top left as shown below.

gateway online/offline toggle

Allowlisted IPs

You need to allowlist the IP addresses dedicated to your program. To view a list of the Allowlisted IPs provided by HackerOne Gateway, click on the Allowlisted IPs button in the top right corner of the page. You can copy the table as CSV by clicking the Copy as CSV button on the bottom right corner.

See this page for more details on Hacker Traffic Identification on various layers.

Allowlisted IP addresses

Supporting Routes

You can use Supporting Routes when you want to add certain routes to Gateway, but do not want to add them to your engagement's scope. You can also use it to give hackers access to third-party assets.

Add supporting routes

Manage User Access

The Overview page shows the allowlisted users for your program’s Gateway. Hackers, triagers, and program admins are listed under separate tabs.

You can pause or resume access for multiple users at the same time.

  1. Select the users you want to manage access for using the checkboxes.

  2. Pause access and Resume access buttons will be enabled. Click on the desired action to block/unblock a user.

  3. You can easily view blocked users by clicking the Blocked tab at the top.

You can pause or resume access for individual users by clicking on the three dots at the far right of the user's name, as indicated below.

Pause access in Gateway

Activity Overview

The activity overview shows what actions are being performed by Hackers while on the Gateway solution. It is possible to customize the results by using the filters available, such as Date, Month, Year, and start-end time, or by using the search box. Please note the latest activity logs can take up to 20 minutes to display.

Download Hacker Traffic Logs

The log page allows you to download verbose logs of your network activities for the selected date at UTC (Coordinated Universal Time). The logs may take time to generate depending on the hacker traffic volume on the given date. You will receive an email notification when the logs are ready to download. Refer to the Gateway Traffic Logs page to see the log file types and their content.

The links to download logs are valid for 6 hours. Once it expires, you can request logs for the same date again to receive a new link. You can request a maximum of 5 logs at the same time.

You can view all log requests that have been made for the given program. The table shows request details such as request time, status, requester, the requested log date, expiration time of the download link, and a download link if available.

download hacker traffic logs

Sync Hacker Traffic Logs

To sync logs directly to your selected data storage, please reach out to your CSM. Logs are pushed in batches as soon as possible. Usually, it takes 3-4 minutes for the logs to be available in your data storage.

Analytics Dashboard

See this page to learn about Gateway Analytics.

Hacker Identification

Guidelines on how to identify hackers are described on this page.

Test Gateway

Program admins and triagers can test the Gateway connection. See the Cloudflare WARP client setup instructions here to test the access to your allowlisted assets.

Audit Logs

The following events related to Gateway are logged and available to download on the platform:

Event Name

Details

teams.gateway_program_vpn_state.update

Triggered when the Gateway access status changes in program level for all hackers.

teams.gateway_users_vpn_state.update

Triggered when the Gateway access status changes for selected hackers.

teams.gateway_compliance_log_request.create

Triggered when an admin requests a Hacker Traffic Log.

teams.gateway_program_gateway_scopes.update

Triggered when supporting routes have been updated.

Audit Logs are located under Program Settings > General > Audit Log. You can filter audit logs by the event name and the username and download the results as CSV.

See this page for more details about Audit Logs.

Supported Log Destinations

HackerOne Gateway supports sending your logs through Cloudflare to the destinations shown:

Did this answer your question?