Skip to main content
HackerOne Gateway

Organizations: Learn how HackerOne Gateway can help your organization

Updated over 3 months ago

The HackerOne Gateway enables access to public and firewalled assets and allows IP whitelisting per program. It also allows for the control of hacker access at both a high and granular level.

Gateway is available as an add-on. To learn more about adding HackerOne Gateway to your program, contact your account manager.

The asset types available for gateway are:

  • IP Address

  • CIDR

  • URL

  • Domain

  • Wildcard (only on the third level domain, e.g. *.acme.com).

Managing Gateway Settings

  1. Go to Program > Gateway to manage your Gateway solution.

  2. To pause or resume the Gateway program, click on the Online/Offline toggle on the top left, as shown below.

gateway online/offline toggle

Allowlisted IPs

You need to allowlist the IP addresses dedicated to your program. To view a list of the Allowlisted IPs provided by HackerOne Gateway, click on the Allowlisted IPs button in the top right corner of the page. You can also copy the table as CSV by clicking the Copy as CSV button in the bottom right corner.

For more details, visit our Hacker Traffic Identification document.

Allowlisted IP addresses

Supporting Routes

You can use Supporting Routes when you want to add certain routes to Gateway but do not want to add them to your engagement's scope. You can also use it to give hackers access to third-party assets.

Add supporting routes

Manage User Access

The Overview page shows the allowlisted users for your program’s Gateway. Hackers, triagers, and program admins are listed under separate tabs.

  1. Go to Program settings > Gateway > Overview.

  2. For individual users: Click the kabob menu to the right of a user's name to pause or resume access.

  3. For multiple users: Use the checkboxes to select the users you want to manage access for. Click Pause access or Resume access to block or unblock a user. You can easily view blocked users by clicking the Blocked tab at the top.

Pause access in Gateway

Activity Overview

The activity overview shows what actions hackers are performing while on the Gateway solution. You can customize the results by using the available filters, such as DateMonth, Year, and start-end time, or by using the search box. Please note that the latest activity logs can take up to 20 minutes to display.

Download Hacker Traffic Logs

The log page lets you download verbose logs of your network activities for the selected date at UTC (Coordinated Universal Time). The logs may take time to generate depending on the hacker traffic volume on the given date. You will receive an email notification when the logs are ready to download. Refer to the Gateway Traffic Logs page for the log file types and their content.

The links to download logs are valid for 6 hours. Once it expires, you can request logs for the same date again to receive a new link. You can request a maximum of 5 logs at the same time.

You can view all log requests that have been made for the given program. The table shows request details such as request time, status, requester, the requested log date, expiration time of the download link, and a download link if available.

download hacker traffic logs

Sync Hacker Traffic Logs

To sync logs directly to your selected data storage, please contact your CSM. Logs are pushed in batches as soon as possible. Usually, it takes 3-4 minutes for the logs to be available in your data storage.

Analytics Dashboard

See this page to learn about Gateway Analytics.

Hacker Identification

Guidelines on how to identify hackers are described on this page.

Test Gateway

Program admins and triagers can test the Gateway connection. See the Cloudflare WARP client setup instructions to test the access to your allowlisted assets.

Audit Logs

The following events related to Gateway are logged and available to download on the platform:

Event Name

Details

teams.gateway_program_vpn_state.update

Triggered when the Gateway access status changes in program level for all hackers.

teams.gateway_users_vpn_state.update

Triggered when the Gateway access status changes for selected hackers.

teams.gateway_compliance_log_request.create

Triggered when an admin requests a Hacker Traffic Log.

teams.gateway_program_gateway_scopes.update

Triggered when supporting routes have been updated.

Audit Logs are located under Program Settings > General > Audit Log. You can filter audit logs by the event name and the username and download the results as CSV.

See this page for more details about Audit Logs.

Supported Log Destinations

HackerOne Gateway supports sending your logs through Cloudflare to the destinations shown:

Did this answer your question?