Mondoo

Mondoo August 2024 Release Highlights

Sure, many of our superstar engineers, like much of Europe, were on vacation in August. Still we managed to pump up our compliance experience, write loads of new policies, improve our UI, give you access to new resources, and more. Here's the whole story in this month's release highlights.

Letha DunnTim Smith
Letha Dunn, Tim Smith
·3 min read·
Mondoo August 2024 Release Highlights

We elevated our compliance solution

We've reworked the Compliance Hub to make it easier to start and manage audits with Mondoo:

  • A new welcome page helps you pick your very first framework.

Framework page empty state

  • We added descriptions to help you choose from our ever-growing list of out-of-the-box compliance frameworks.

  • To make it easier to manage in-progress audits, we introduced preview and active states for audits. Only frameworks in those states display in Compliance Hub, which makes it easier to find what you need.

Framework page

  • Reworked framework pages include helpful descriptions, a simpler progress indicator, and a quick selector to control the state of an audit. We also replaced the check distribution graph with intuitable icons for each exception state.

Framework list

  • Data exports now include compliance control references, so you can feed compliance evidence collected by Mondoo into external data analytics systems.
  • We added an introductory letter to compliance reports that informs your auditor about Mondoo. The PDF explains who we are and how we collect evidence, and lets auditors know how to contact us if they have questions.

An exciting month for new and improved policies

We built seven brand-new policies in August:

  • Mondoo Shodan Security policy for critical, public-facing domains and IP addresses includes checks to identify open ports and vulnerabilities as reported by the Shodan network scanning service.
  • Mondoo NTLMv1 Audit policy detects the vulnerable Microsoft NTLMv1 authentication protocol so you can ensure you're using only secure authentication methods.
  • Mondoo SMBv1 Audit policy detects Microsoft's Server Message Block to be sure your file and device sharing doesn't use this insecure protocol.
  • Mondoo Dockerfile Security policy enables you to secure your container workloads before they run in production.
  • CIS AWS Database Services Benchmark policy secures your most valuable business data in Amazon's most popular database services, including Aurora, DynamoDB, ElastiCache, Neptune, RDS, and Timestream.
  • Mondoo AWS GuardDuty policy includes checks to ensure that GuardDuty is properly enabled and configured for EC2, EKS, IAM, Lambda, and S3 security.
  • Mondoo AWS IAM Access Analyzer policy helps you secure access to critical resources by verifying that IAM Access Analyzer is enabled and properly configured.

We gave existing policies some major updates as well:

  • The new 2.0 release of CIS benchmarks for AlmaLinux, Oracle Linux, Rocky Linux, and Red Hat Enterprise Linux 9 includes 630 total changes, including dozens of all-new recommendations to keep your systems secure. These policies passed the rigorous CIS benchmark validation process, so are certified to secure even the most complex enterprise Linux installations.
  • Mondoo HTTP Security policy now includes checks to ensure Server, X-AspNetMvc-Version, X-AspNet-Version, X-Powered-By, and Public-Key-Pins HTTP headers are not set.
  • CIS Azure Foundations Benchmark policy gained eight new checks as well as filter and query improvements.
  • Mondoo Endpoint Detection and Response (EDR) policy now supports Cortex XDR.
  • AWS Operational Best Practices policy includes improved S3 bucket permission checks.

Expanded resources for querying your environment

ResourceChange
atlassian.jira.issueNew createdAt field. New pagination support for fetching large issue counts.
aws.dynamodb.tableNew items field. New latestStreamArn field.
aws.elasticacheNew serverlessCaches field using the new aws.elasticache.serverlessCache resource.
aws.guardduty.detectorNew features field. New findings field using the new aws.guardduty.finding resource. New tags field. Improve performance fetching detector details.
aws.iam.accessAnalyzerRenamed from aws.accessAnalyzer with backward compatibility for existing policies. New findings field using the new aws.iam.accessanalyzer.finding resource.
aws.iam.accessanalyzer.analyzerNew region field. Include organization-level analyzers as well as activated but unused analyzers.
aws.neptuneNew resource for the AWS Neptune graph database. New clusters field using the new aws.neptune.cluster resource. New instances field using the new aws.neptune.instance resource.
aws.rdsNew allPendingMaintenanceActions field using the new aws.rds.pendingMaintenanceAction resource. Deprecated the dbInstances field in favor of a new instances field. Deprecated the dbClusters field in favor of a new clusters field.
aws.rds.dbcluster and aws.rds.dbinstanceNew activityStreamMode field. New activityStreamStatus field. New certificateAuthority field. New certificateExpiresAt field. New enabledCloudwatchLogsExports field. New iamDatabaseAuthentication field. New monitoringInterval field. New networkType field. New preferredBackupWindow field. New preferredMaintenanceWindow field. Improve performance fetching security groups details. Don't include non-RDS engine results.
aws.timestream.liveanalyticsNew resource with databases and tables fields.
aws.vpcNew name field.
azure.subscriptionNew policy field using the new azure.subscription.policy resource. Deprecated the authorization field in favor of the new iam field.
azure.subscription.authorizationServiceNew roleAssignments field using the new azure.subscription.authorizationService.roleAssignment resource. New managedIdentities field using the new azure.subscription.managedIdentity resource.
azure.subscription.authorizationservice.roledefinitionDeprecated the isCustom field in favor of the new type field.
azure.subscription.cloudDefenderCheck the pricing tier for the Servers plan when verifying that Azure's Defender for Servers is enabled.
azure.subscription.cloudDefenderServiceNew defenderForAppServices field. New defenderForSqlServersOnMachines field. New defenderForSqlDatabases field. New defenderForOpenSourceDatabases field. New defenderForCosmosDb field. New defenderForStorageAccounts field. New defenderForKeyVaults field. New defenderForResourceManager field.
azure.subscription.cosmosDbServiceNew support for Cosmos DB, MongoDB, and PostgreSQL databases.
azure.subscription.postgreSql.FlexibleServersReturn all servers in the subscription.
github.commitNew authoredDate field. New committedDate field.
github.repositoryNew defaultBranch field.
microsoftDeprecated the organizations field in favor of the microsoft.tenant field.
microsoft.applicationNew api field. New applicationTemplateId field. New certificates field using the new microsoft.keyCredential resource. New certification field. New createdAt field. New defaultRedirectUri field. New description field. New disabledByMicrosoftStatus field. New groupMembershipClaims field. New hasExpiredCredentials field. New info field. New isDeviceOnlyAuthSupported field. New isFallbackPublicClient field. New name field. New nativeAuthenticationApisEnabled field. New notes field. New optionalClaims field. New parentalControlSettings field. New publicClient field. New requestSignatureVerification field. New samlMetadataUrl field. New secrets field using the new microsoft.passwordCredential resource. New serviceManagementReference field. New servicePrincipal field. New servicePrincipalLockConfiguration field. New spa field. New tags field. New tokenEncryptionKeyId field. New web field. New appRoles field using the new microsoft.application.role field.
microsoft.groupNew members field.
microsoft.rolesNew resource that replaces microsoft.rolemanagement.
microsoft.serviceprincipalNew appId field. New applicationTemplateId field. New appOwnerOrganizationId field. New appRoleAssignmentRequired field. New description field. New isFirstParty field. New loginUrl field. New logoutUrl field. New notificationEmailAddresses field. New permissions field using the new microsoft.application.permission field. New preferredSingleSignOnMode field. New servicePrincipalNames field. New signInAudiencesignInAudience field. New verifiedPublisher field.
microsoft.tenantRenamed from microsoft.organization. Deprecated the createdDateTime field in favor of the new createdAt field. New name field. New provisionedPlans field. New subscriptions field. New type field.
microsoft.securityNew riskyUsers field using the new microsoft.security.riskyUser resource.
microsoft.userNew owners field. New authMethods field using the new microsoft.user.authenticationMethods resource. Deprecated the companyName, department, employeeId, jobTitle, mail, mobilePhone, otherMails, officeLocation, postalCode, and state fields in favor of data in the job and contact fields.
product.eolUse this new resource to look up end-of-life status for common products.

Get to the point quickly with an improved user experience

We never stop working to make it easier for you to access the information you need in the Mondoo Console. In August that meant making these improvements:

  • We changed how links work on affected asset pages: They go directly to the asset result instead of the main asset page. Now you can spend your time remediating findings instead of searching for them.
  • Advisories now include an overall risk score that takes into account the blast radius and Mondoo-identified risk factors. This helps you better understand the criticality of vendor advisories.

Vendor Advisory summary

  • This month's updates to the Kubernetes integration page include a pre-populated namespace filter to skip scanning the operator itself and a simpler flow for enabling or disabling workload image scanning.
  • We made case creation easier for our customers with large numbers of Jira projects: We now support fetching large project lists and we added a new project selection page that includes quick, text-based filtering.

Jira project filtering

Deeper AWS security insights

When a default VPC is in place, the Mondoo AWS serverless integration now produces deeper security scans that include:

  • Individual assets for common AWS resources
  • Improved query outputs

Use these improved scan results to navigate security issues in organization and space dashboards and to set granular exceptions on individual resources.

Improved AWS asset results

Audit your Mondoo usage

Improved audit logging provides better tracking of changes to your Mondoo organization and spaces. New events recorded in the Mondoo Console audit log include:

  • Policies or frameworks enabled
  • Policies or frameworks disabled
  • Policies or frameworks put in preview
  • Risk factor configuration changes
  • Integrations created
  • Integrations deleted
  • Space settings modified
  • Registration tokens created
  • API tokens created
  • Compliance reports generated
  • Custom policy or framework uploads

About the Authors

Letha Dunn

Letha Dunn

Technical Writer

Letha has been writing about technology for more than thirty years. During the past decade, she's focused on educating engineers about identity and access management, security, CI/CD, and project velocity. Letha lives in the Pacific Northwest, where she rescues and rehabilitates abused and neglected horses and dogs.

Tim Smith

Tim Smith

Product Manager

Tim Smith is a Product Manager at Mondoo. He's been working in web operations and software development roles since 2007 and port scanning class As since 1994. He downloaded his first Linux distro on a 14.4 modem. Tim most recently held positions at Limelight Networks, Cozy Co, and Chef Software.

Ready to Get Started?

See how Mondoo can help secure your infrastructure.

Get DemoMore Articles