Sure, many of our superstar engineers, like much of Europe, were on vacation in August. Still we managed to pump up our compliance experience, write loads of new policies, improve our UI, give you access to new resources, and more. Here's the whole story in this month's release highlights.
We elevated our compliance solution
We've reworked the Compliance Hub to make it easier to start and manage audits with Mondoo:
A new welcome page helps you pick your very first framework.
We added descriptions to help you choose from our ever-growing list of out-of-the-box compliance frameworks.
To make it easier to manage in-progress audits, we introduced preview and active states for audits. Only frameworks in those states display in Compliance Hub, which makes it easier to find what you need.
Reworked framework pages include helpful descriptions, a simpler progress indicator, and a quick selector to control the state of an audit. We also replaced the check distribution graph with intuitable icons for each exception state.
Data exports now include compliance control references, so you can feed compliance evidence collected by Mondoo into external data analytics systems.
We added an introductory letter to compliance reports that informs your auditor about Mondoo. The PDF explains who we are and how we collect evidence, and lets auditors know how to contact us if they have questions.
An exciting month for new and improved policies
We built seven brand-new policies in August:
Mondoo Shodan Security policy for critical, public-facing domains and IP addresses includes checks to identify open ports and vulnerabilities as reported by the Shodan network scanning service.
Mondoo NTLMv1 Audit policy detects the vulnerable Microsoft NTLMv1 authentication protocol so you can ensure you're using only secure authentication methods.
Mondoo SMBv1 Audit policy detects Microsoft's Server Message Block to be sure your file and device sharing doesn't use this insecure protocol.
Mondoo Dockerfile Security policy enables you to secure your container workloads before they run in production.
CIS AWS Database Services Benchmark policy secures your most valuable business data in Amazon's most popular database services, including Aurora, DynamoDB, ElastiCache, Neptune, RDS, and Timestream.
Mondoo AWS GuardDuty policy includes checks to ensure that GuardDuty is properly enabled and configured for EC2, EKS, IAM, Lambda, and S3 security.
Mondoo AWS IAM Access Analyzer policy helps you secure access to critical resources by verifying that IAM Access Analyzer is enabled and properly configured.
We gave existing policies some major updates as well:
The new 2.0 release of CIS benchmarks for AlmaLinux, Oracle Linux, Rocky Linux, and Red Hat Enterprise Linux 9 includes 630 total changes, including dozens of all-new recommendations to keep your systems secure. These policies passed the rigorous CIS benchmark validation process, so are certified to secure even the most complex enterprise Linux installations.
Mondoo HTTP Security policy now includes checks to ensure Server, X-AspNetMvc-Version, X-AspNet-Version, X-Powered-By, and Public-Key-Pins HTTP headers are not set.
CIS Azure Foundations Benchmark policy gained eight new checks as well as filter and query improvements.
Mondoo Endpoint Detection and Response (EDR) policy now supports Cortex XDR.
AWS Operational Best Practices policy includes improved S3 bucket permission checks.
Find and fix the security risks that pose the biggest threat to your business.
New createdAt field
New pagination support for fetching large issue counts
aws.dynamodb.table
New items field
New latestStreamArn field
aws.elasticache
New serverlessCaches field using the new aws.elasticache.serverlessCache resource
aws.guardduty.detector
New features field
New findings field using the new aws.guardduty.finding resource
New tags field
Improve performance fetching detector details
aws.iam.accessAnalyzer
Renamed from aws.accessAnalyzer with backward compatibility for existing policies
New findings field using the new aws.iam.accessanalyzer.finding resource
aws.iam.accessanalyzer.analyzer
New region field
Include organization-level analyzers as well as activated but unused analyzers
aws.neptune
New resource for the AWS Neptune graph database
New clusters field using the new aws.neptune.cluster resource
New instances field using the new aws.neptune.instance resource
aws.rds
New allPendingMaintenanceActions field using the new aws.rds.pendingMaintenanceAction resource
Deprecated the dbInstances field in favor of a new instances field
Deprecated the dbClusters field in favor of a new clusters field
aws.rds.dbcluster and aws.rds.dbinstance
New activityStreamMode field
New activityStreamStatus field
New certificateAuthority field
New certificateExpiresAt field
New enabledCloudwatchLogsExports field
New iamDatabaseAuthentication field
New monitoringInterval field
New networkType field
New preferredBackupWindow field
New preferredMaintenanceWindow field
Improve performance fetching security groups details
Don't include non-RDS engine results
aws.timestream.liveanalytics
New resource with databases and tables fields
aws.vpc
New name field
azure.subscription
New policy field using the new azure.subscription.policy resource
Deprecated the authorization field in favor of the new iam field
azure.subscription.authorizationService
New roleAssignments field using the new azure.subscription.authorizationService.roleAssignment resource
New managedIdentities field using the new azure.subscription.managedIdentity resource
Deprecated the isCustom field in favor of the new type field
azure.subscription.cloudDefender
Check the pricing tier for the Servers plan when verifying that Azure's Defender for Servers is enabled
azure.subscription.cloudDefenderService
New defenderForAppServices field
New defenderForSqlServersOnMachines field
New defenderForSqlDatabases field
New defenderForOpenSourceDatabases field
New defenderForCosmosDb field
New defenderForStorageAccounts field
New defenderForKeyVaults field
New defenderForResourceManager field
azure.subscription.cosmosDbService
New support for Cosmos DB, MongoDB, and PostgreSQL databases
azure.subscription.postgreSql.FlexibleServers
Return all servers in the subscription
github.commit
New authoredDate field
New committedDate field
github.repository
New defaultBranch field
microsoft
Deprecated the organizations field in favor of the microsoft.tenant field
microsoft.application
New api field
New applicationTemplateId field
New certificates field using the new microsoft.keyCredential resource
New certification field
New createdAt field
New defaultRedirectUri field
New description field
New disabledByMicrosoftStatus field
New groupMembershipClaims field
New hasExpiredCredentials field
New info field
New isDeviceOnlyAuthSupported field
New isFallbackPublicClient field
New name field
New nativeAuthenticationApisEnabled field
New notes field
New optionalClaims field
New parentalControlSettings field
New publicClient field
New requestSignatureVerification field
New samlMetadataUrl field
New secrets field using the new microsoft.passwordCredential resource
New serviceManagementReference field
New servicePrincipal field
New servicePrincipalLockConfiguration field
New spa field
New tags field
New tokenEncryptionKeyId field
New web field
New appRoles field using the new microsoft.application.role field
microsoft.group
New members field
microsoft.roles
New resource that replaces microsoft.rolemanagement
microsoft.serviceprincipal
New appId field
New applicationTemplateId field
New appOwnerOrganizationId field
New appRoleAssignmentRequired field
New description field
New isFirstParty field
New loginUrl field
New logoutUrl field
New notificationEmailAddresses field
New permissions field using the new microsoft.application.permission field
New preferredSingleSignOnMode field
New servicePrincipalNames field
New signInAudiencesignInAudience field
New verifiedPublisher field
microsoft.tenant
Renamed from microsoft.organization
Deprecated the createdDateTime field in favor of the new createdAt field
New name field
New provisionedPlans field
New subscriptions field
New type field
microsoft.security
New riskyUsers field using the new microsoft.security.riskyUser resource
microsoft.user
New owners field
New authMethods field using the new microsoft.user.authenticationMethods resource
Deprecated the companyName, department, employeeId, jobTitle, mail, mobilePhone, otherMails, officeLocation, postalCode, and state fields in favor of data in the job and contact fields
product.eol
Use this new resource to look up end-of-life status for common products.
Get to the point quickly with an improved user experience
We never stop working to make it easier for you to access the information you need in the Mondoo Console. In August that meant making these improvements:
We changed how links work on affected asset pages: They go directly to the asset result instead of the main asset page. Now you can spend your time remediating findings instead of searching for them.
Advisories now include an overall risk score that takes into account the blast radius and Mondoo-identified risk factors. This helps you better understand the criticality of vendor advisories.
This month's updates to the Kubernetes integration page include a pre-populated namespace filter to skip scanning the operator itself and a simpler flow for enabling or disabling workload image scanning.
We made case creation easier for our customers with large numbers of Jira projects: We now support fetching large project lists and we added a new project selection page that includes quick, text-based filtering.
Deeper AWS security insights
When a default VPC is in place, the Mondoo AWS serverless integration now produces deeper security scans that include:
Individual assets for common AWS resources
Improved query outputs
Use these improved scan results to navigate security issues in organization and space dashboards and to set granular exceptions on individual resources.
Audit your Mondoo usage
Improved audit logging provides better tracking of changes to your Mondoo organization and spaces. New events recorded in the Mondoo Console audit log include:
Policies or frameworks enabled
Policies or frameworks disabled
Policies or frameworks put in preview
Risk factor configuration changes
Integrations created
Integrations deleted
Space settings modified
Registration tokens created
API tokens created
Compliance reports generated
Custom policy or framework uploads
Letha Dunn
Letha has been writing about technology for more than thirty years. During the past decade, she’s focused on educating engineers about identity and access management, security, CI/CD, and project velocity. Letha lives in the Pacific Northwest, where she rescues and rehabilitates abused and neglected horses and dogs.
Tim Smith
Tim Smith is a Product Manager at Mondoo. He’s been working in web operations and software development roles since 2007 and port scanning class As since 1994. He downloaded his first Linux distro on a 14.4 modem. Tim most recently held positions at Limelight Networks, Cozy Co, and Chef Software.