The HackerOne Gateway enables access to public and firewalled assets and allows IP whitelisting per program. It also allows for the control of hacker access at both a high and granular level.
Gateway is available as an add-on. To learn more about adding HackerOne Gateway to your program, contact your account manager.
The asset types available for gateway are:
IP Address
CIDR
URL
Domain
Wildcard (only on the third level domain, e.g. *.acme.com).
Managing Gateway Settings
Go to Program > Gateway to manage your Gateway solution.
To pause or resume the Gateway program, click on the Online/Offline toggle on the top left, as shown below.
Allowlisted IPs
You need to allowlist the IP addresses dedicated to your program. To view a list of the Allowlisted IPs provided by HackerOne Gateway, click on the Allowlisted IPs button in the top right corner of the page. You can also copy the table as CSV by clicking the Copy as CSV button in the bottom right corner.
For more details, visit our Hacker Traffic Identification document.
Supporting Routes
You can use Supporting Routes when you want to add certain routes to Gateway but do not want to add them to your engagement's scope. You can also use it to give hackers access to third-party assets.
Manage User Access
The Overview page shows the allowlisted users for your program’s Gateway. Hackers, triagers, and program admins are listed under separate tabs.
Go to Program settings > Gateway > Overview.
For individual users: Click the kabob menu to the right of a user's name to pause or resume access.
For multiple users: Use the checkboxes to select the users you want to manage access for. Click Pause access or Resume access to block or unblock a user. You can easily view blocked users by clicking the Blocked tab at the top.
Activity Overview
The activity overview shows what actions hackers are performing while on the Gateway solution. You can customize the results by using the available filters, such as Date, Month, Year, and start-end time, or by using the search box. Please note that the latest activity logs can take up to 20 minutes to display.
Download Hacker Traffic Logs
The log page lets you download verbose logs of your network activities for the selected date at UTC (Coordinated Universal Time). The logs may take time to generate depending on the hacker traffic volume on the given date. You will receive an email notification when the logs are ready to download. Refer to the Gateway Traffic Logs page for the log file types and their content.
The links to download logs are valid for 6 hours. Once it expires, you can request logs for the same date again to receive a new link. You can request a maximum of 5 logs at the same time.
You can view all log requests that have been made for the given program. The table shows request details such as request time, status, requester, the requested log date, expiration time of the download link, and a download link if available.
Sync Hacker Traffic Logs
To sync logs directly to your selected data storage, please contact your CSM. Logs are pushed in batches as soon as possible. Usually, it takes 3-4 minutes for the logs to be available in your data storage.
Analytics Dashboard
See this page to learn about Gateway Analytics.
Hacker Identification
Guidelines on how to identify hackers are described on this page.
Test Gateway
Program admins and triagers can test the Gateway connection. See the Cloudflare WARP client setup instructions to test the access to your allowlisted assets.
Audit Logs
The following events related to Gateway are logged and available to download on the platform:
Event Name | Details |
teams.gateway_program_vpn_state.update | Triggered when the Gateway access status changes in program level for all hackers. |
teams.gateway_users_vpn_state.update | Triggered when the Gateway access status changes for selected hackers. |
teams.gateway_compliance_log_request.create
| Triggered when an admin requests a Hacker Traffic Log. |
teams.gateway_program_gateway_scopes.update | Triggered when supporting routes have been updated. |
Audit Logs are located under Program Settings > General > Audit Log. You can filter audit logs by the event name and the username and download the results as CSV.
See this page for more details about Audit Logs.
Supported Log Destinations
HackerOne Gateway supports sending your logs through Cloudflare to the destinations shown:
