The HackerOne Gateway enables access to public and firewalled assets and allows IP whitelisting per program. It also provides the ability to control hacker access at both a high and granular level.
The asset types available for gateway are:
Managing Gateway Settings
Go to Program Settings > Program > Hacker Management > Gateway to manage your Gateway settings.
To pause or resume the Gateway program, click on the Online/Offline toggle on the top left as shown below.
You need to allowlist the IP addresses dedicated to your program. To view a list of the Allowlisted IPs provided by HackerOne Gateway, click on the Allowlisted IPs button in the top right corner of the page. You can copy the table as CSV by clicking the Copy as CSV button on the bottom right corner.
See this page for more details on Hacker Traffic Identification on various layers.
You can use Supporting Routes in situations where you want to add certain routes to Gateway, but do not want to add them to your engagement's scope. You can also use it to give hackers access to third-party assets.
Manage User Access
The Overview page shows the allowlisted users for your program’s Gateway. Hackers, triagers, and program admins are listed under separate tabs.
You can pause or resume access for multiple users at the same time.
Select the users you want to manage access for using the checkboxes.
Pause access and Resume access buttons will be enabled. Click on the desired action to block/unblock a user.
You can easily view blocked users by clicking the Blocked tab at the top.
You can pause or resume access for individual users by clicking on the three dots at the far right of the user's name, as indicated below.
The activity overview shows what actions are being performed by Hackers while on the Gateway solution. It is possible to customize the results by using the filters available, such as Date, Month, Year, and start-end time, or by using the search box. Please note the latest activity logs can take up to 20 minutes to display.
Download Hacker Traffic Logs
The log page allows you to download verbose logs of your network activities for the selected date at UTC (Coordinated Universal Time). The logs may take time to generate depending on the hacker traffic volume on the given date. You will receive an email notification when the logs are ready to download. Refer to the Gateway Traffic Logs page to see the log file types and their content.
The links to download logs are valid for 6 hours. Once it expires, you can request logs for the same date again to receive a new link. You can request a maximum of 5 logs at the same time.
You can view all log requests that have been made for the given program. The table shows request details such as request time, status, requester, the requested log date, expiration time of the download link, and a download link if available.
Sync Hacker Traffic Logs
To sync logs directly to your selected data storage, please reach out to your CSM. Logs are pushed in batches as soon as possible. Usually, it takes 3-4 minutes for the logs to be available in your data storage.
See this page to learn about Gateway Analytics.
Guidelines on how to identify hackers are described on this page.
Program admins and triagers can test the Gateway connection. See the Cloudflare WARP client setup instructions here to test the access to your allowlisted assets.
The following events related to Gateway are logged and available to download on the platform:
Triggered when the Gateway access status changes in program level for all hackers.
Triggered when the Gateway access status changes for selected hackers.
Triggered when an admin requests a Hacker Traffic Log.
Triggered when supporting routes have been updated.
Audit Logs are located under Program Settings > General > Audit Log. You can filter audit logs by the event name and the username and download the results as CSV.
See this page for more details about Audit Logs.