Question | Answer |
What's captured and logged by HackerOne Gateway (VPN)? | All packets and netflow are captured. HTTPS is automatically decrypted, all other protocols (SMTPS, SSH, etc.) are captured but, if encrypted, aren't decrypted by HackerOne. |
Does Gateway (VPN) log each keystroke? | No, Gateway (VPN) uses split tunnel technology which doesn't log keystrokes. |
What additional information about finder activity does Gateway (VPN) provide? | Gateway (VPN) provides session-level detail on URLs hit by each participating finder, including when, how often, and the duration. |
How can the data captured by Gateway (VPN) be accessed? | Access is based on guidelines established by HackerOne. |
How will access to Gateway (VPN) data be made available? | Data is made available via a password-protected Google Drive folder. |
Where is the data log stored? | Data is stored in dedicated AWS S3 buckets that are unique for each program or Challenge. |
How long is the data retained? | Data is stored for 12 months from the end of the program or Challenge. |
Does Gateway (VPN) allow site-to-site tunnels? | No, Gateway (VPN) does not support dedicated connections directly to one or more assets. |
How do I revoke access for a specific hacker on my program? | Make the revoke request to HackerOne and we’ll disable the hacker's unique IP address. |
How can we allowlist testing-related traffic on our IDS? | Each Bounty program and Challenge is assigned a dedicated range of IP addresses to add to your IDS allowlist. |