Slack Integration 2.0: Notification Filters, Multiple Channels, & Username Mentions
For many HackerOne customers, Slack is the place where team collaboration happens and where work gets done. Originally, we built our integration to maximize information sharing for teams that preferred a steady stream of alerts on HackerOne reports. But with more than 800 active customers, we found that this approach worked for some more than others.
Today we’re announcing an enhanced Slack integration which allows teams to customize their HackerOne notifications and support their own unique workflows. The new integration features include: granular notification settings, ability to configure multiple channels, and username mention notifications.
How GitHub Uses Slack + HackerOne
“This is my new favorite Slack integration. The mapping between usernames is great (kudos for for the original idea). I expect our program metrics to improve as a result of more interactive ChatOps.” -- Neil Matatall, Security Engineer @ GitHub
A great example of how HackerOne and Slack can be used together comes from GitHub. Since 2014, GitHub has been running one of the most successful and most innovative bug bounty programs on HackerOne and their App Sec team is always looking for ways to improve their workflows.
GitHub hoped to use the Slack integration for two distinct use cases:
#appsec-ops channel which is comprised of bot-generated messages (which mostly go unread) but are useful for scrollback. This channel provides a complete and instantly searchable log of all HackerOne report activity.
#appsec channel which is where every message is read and the bulk of the team’s conversations and collaboration happen. In this channel, it is important to alert users to the following activity in a HackerOne report:
<ul> <li dir="ltr"> <p dir="ltr"><b id="docs-internal-guid-8893d53f-ed03-29f0-27d5-56b1c7a98957">New reports: team members can judge by the title and the reporter details whether or not they should drop what they're doing or just wait until the normal triage takes place.</b></p> </li> <li dir="ltr"> <p dir="ltr"><b id="docs-internal-guid-8893d53f-ed03-29f0-27d5-56b1c7a98957">Internal comment: allow people to join in the conversation.</b></p> </li> <li dir="ltr"> <p dir="ltr"><b id="docs-internal-guid-8893d53f-ed03-29f0-27d5-56b1c7a98957">Payout suggested: GitHub’s workflow requires an approval when a payout amount is suggested</b></p> </li> <li dir="ltr"> <p dir="ltr"><b id="docs-internal-guid-8893d53f-ed03-29f0-27d5-56b1c7a98957">Payout awarded: just in case something unexpected happens!</b></p> </li> </ul> </li>
The second use case for the #appsec channel was not possible before, but now with a smarter Slack integration, GitHub can do this and more.
Now let’s see it in action for GitHub.
Reduce noise with granular notification filtering
GitHub’s HackerOne admins can now select which report activities in HackerOne will result in a Slack notification. This includes 20+ report activities such as report submitted, bounty paid, and internal comment added. Check the product or help center for a full list of activity options.
Alert individuals with mention notifications
While granular filtering settings help ensure notifications are more relevant, we know that keeping up with active Slack channels can still be tough. Oftentimes the most critical HackerOne notifications are those where your @username is mentioned specifically for a follow-up comment or action. Unfortunately, HackerOne usernames don’t always line up Slack usernames and an @username mention in HackerOne won’t automatically result in a mention notification in Slack.
We've now made it possible to easily map HackerOne usernames to Slack usernames. Admins can map usernames so that, when someone mentions your HackerOne username in HackerOne, you'll receive a notification just as if someone mentioned your username in Slack.
Support business processes with multiple channels
With support for multiple channels, GitHub can now enable Slack to function as both a log of all HackerOne report activity and a tool which provides actionable alerts to its App Sec team.
The possibilities for supporting different workflows here are effectively endless. For example, your organization could configure notifications on all triaged reports to a #security-notification channel (audience = small app sec team) and all notifications on resolved reports to a #security channel (audience = broader engineering org).
The enhanced Slack integration is live and ready to be used today by all HackerOne Bounty and HackerOne Response customers (Professional and above). To enable these new features, both existing and new users of the Slack integration will need to navigate to Settings > Program > Integrations > Slack.
HackerOne for Slack is brought to you by Siebe Jan, Willian, Maarten, Dirk, Aditi, Nicole, Lars, Martijn, David and the HackerOne team.