Inventory

Eliminating Mystery from Your Complex Infrastructure

The past decade has witnessed an exponential surge in infrastructure complexity. Far behind us are the days when teams could rely on a simple mental map to navigate their software architecture or draw a server diagram on a single sheet of paper. Instead, seemingly simple application deployments now span multi-region Kubernetes clusters and traverse dozens of different cloud services. This explosion of complexity has strained security and operations teams’ ability to respond to security findings. Without the context our mental infrastructure maps once provided, we can't validate, let alone remediate, security issues. To empower both operations and security teams to secure their environment, Mondoo is launching new capabilities that deliver context to complex environments.

Find assets with ease

You can’t secure what you can’t find. 

With Mondoo’s new asset search system, nothing can hide from you. With a single search, you can find assets across multi-clouds, employee laptops, common SaaS services, and more. With GitHub-inspired search syntax, you can slice and dice your infrastructure any way you see fit.

dialog

For example, if you need to find a GitLab software project, you can search for platform:gitlab. This returns GitLab projects and organizations:

gitlab_search

What if your company uses both GitHub and GitLab, and you don't know where the project resides? But you do know that the repository contains the word frontend. You can narrow things down further using OR and AND operators to return just the right repos. The search uses fuzzy text matching, so you don't need to be precise; just get it close and let Mondoo do the rest.

exact_search



Expose infrastructure context

There’s nothing worse than waking up to a Jira alert to secure a system you’ve never heard of. Where is this system, what is running, and how can you access it? How can you find out—FAST—without revealing that you didn't know?

You can’t fix problems without context. Now Mondoo exposes the context you need to identify, understand, and secure assets in your inventory. Mondoo presents key asset information along with security results so you can find hostnames, instance IDs, and cloud account IDs, and even link directly to the resources in cloud consoles so you can fix issues immediately.

overview-1

Inventory asset configurations

Expose inventory information on all facets of your environment with Mondoo’s data query view for assets. This new view combines Mondoo’s extensive selection of out-of-the-box query packs to provide critical inventory for the different aspects of your environment, from IOT devices to employee laptops.

Here's an example that allows a security team to dig into security results without the need to log into SaaS services. This query exposes the installed Okta applications for an Okta organization:

data_query



If the pre-written query packs don't meet your unique business needs, use Mondoo’s easy, GraphQL-based query language, MQL, to retrieve exactly what you want. MQL has over 700 resources to extend inventory collection across all your platforms. Retrieve anything—from the patch state of an AWS EC2 instance to the details of services running on a laptop, a single query language exposes details about all your different assets.

In the example below, the operations team created their own custom query to parse out the app versions in containers. This lets them easily find app version data alongside their security results:

custom_query

Gain infrastructure authority

Mondoo's asset intelligence features give you the knowledge you need to make educated decisions and react quickly in a vast and changing environment. Once again, security and operations professionals can be true authorities on the workings of their infrastructure.

Monitor your infrastructure for security misconfigurations and maps those checks automatically to top compliance frameworks.

Tim Smith

Tim Smith is a Product Manager at Mondoo. He’s been working in web operations and software development roles since 2007, port scanning class As since 1994, and downloaded his first Linux distro on a 14.4 modem. He most recently held positions at Limelight Networks, Cozy Co, and Chef Software.

Letha Dunn

Letha has been writing about technology for more than thirty years. During the past decade, she’s focused on educating engineers about identity and access management, security, CI/CD, and project velocity. Letha lives in the Pacific Northwest, where she rescues and rehabilitates abused and neglected horses and dogs.

You might also like

Releases
Mondoo March 2024 Release Highlights
Vulnerabilities
Patching Made Easy: Introducing Guided Remediation in Mondoo
Vulnerabilities
How to Find the Backdoored XZ Package at Scale