Releases

Mondoo July 2024 Release Highlights

It's been a hot July for the Mondoo team! It's tough to pick what we're most excited about this month. We launched cases, our new remediation task tracking feature... We expanded our GitHub, GitLab, and Linux support, exceptions coverage, and CIS benchmark policies… We improved Kubernetes scanning, compliance framework management, and data exports… And more! What capabilities do these changes give you? Find out in this month's release highlights.

Track remediation tasks with cases and Jira

Do you find it's a burden writing Jira issues for all your priority security findings? Is it a daunting job managing what's been fixed and what hasn't? This month we made life easier with cases, a quick way to turn Mondoo findings into tasks in your team's everyday workflow.

When you see a failed security check or a vendor advisory that requires fixing, you create a case for it with the click of a button. Mondoo automatically includes:

  • The details of the finding
  • Information on the affected asset(s)
  • Instructions for fixing the problem

When you save the case, Mondoo automatically creates an issue containing all of this information in your Jira project.

When you view a finding in the Mondoo Console, you can see if a case has already been created to track it. 

From the Cases page, you can access all your Mondoo-generated Jira issues. And you can choose whether to automatically close Jira issues when you close cases in Mondoo. 

We're continuing our work on cases to expand this feature. Stay tuned for updates!

Control advisories with exceptions

Exceptions—snoozing and disabling security checks—have long been an essential tool for our customers who want to customize their compliance and security goals. Now we've broadened the Mondoo exceptions feature to include vendor advisories.

Advisory exceptions tell Mondoo to exclude certain advisories when assessing an asset's security posture.

If an asset has some advisories that, for any reason, you don't want to include in your assessments, you can disable them (skip them entirely) or snooze them (skip them until a set date). This lets your team focus on the findings that matter the most to your organization.

Secure your infrastructure as code with ease

Honestly, who among us knows exactly where all our IaC lurks? But don't let that prevent you from detecting security issues before they create problems in production! Mondoo now automatically discovers and scans Terraform code and Kubernetes manifests in GitHub and GitLab. 

If any Terraform or Kubernetes manifest files exist in a repo, Mondoo can automatically detect and scan them for security misconfigurations. And with our expanded Terraform support in the CIS AWS Foundations and CIS GCP Foundations benchmark policies, these scans are more effective than ever.

Continuously scan GitHub Enterprise

We broadened our GitHub support to include continuous GitHub Enterprise scanning. 

If you're a GitHub Enterprise user, you can now enjoy all the Mondoo GitHub features for your private instance, including configuration scanning and automatic discovery of Terraform code and Kubernetes manifests in GitHub repositories.

Manage end of life as a risk factor

Instead of using a policy to track assets that are reaching or have reached end of life (EOL), Mondoo now includes EOL as a risk factor. That means you see EOL as a flag in every asset list in the Mondoo Console, you can sort based on EOL, and you have control over when it displays.

A space-wide setting lets you choose the warning period length:

You can also filter on EOL assets within affected asset pages:

Better assess your security posture with new and updated CIS benchmark policies

In July we reworked many of our CIS benchmark policies to ensure reliable and actionable results. We also added entirely new CIS benchmark policies.

  • In the CIS Windows 10 and 11 benchmark policies, we overhauled the recommendations for securing Windows hosts, including new and updated recommendations, improved descriptions and remediation text, and overall improvements to queries.
  • Our CIS Linux benchmark policies all benefited from a major refactoring for improved reliability and output.
  • We created two new CIS Google Workspace Foundations benchmark policies with 58 important security checks for securing your Google Workspace infrastructure.
  • We built two brand-new CIS GitLab benchmark policies. These include 27 checks for users, groups, and projects and are compatible with both self-hosted and SaaS GitLab instances.
  • We improved Terraform support in CIS policies. The newest CIS AWS Foundations and CIS GCP Foundations benchmark policies have extended Terraform capabilities so you can catch critical security issues before they reach production.

Choose the security scoring system for each policy in a space

Mondoo policies support a number of scoring systems that emphasize different priorities. The recommended scoring mechanism for each policy is built into the policy itself. This month we added the ability to choose the scoring for a policy in the Mondoo Console.

For each policy in a space, you can choose how Mondoo calculates asset scores. There's no need to check out the policy file, fork it, make the change, and then upload your own policy version.

Learn more about your asset inventory with expanded data collection

Gather detailed information on more aspects of your infrastructure with new VMware and Shodan asset inventory packs:

  • The VMware asset inventory pack gathers information on vCenter servers as well as individual ESXi hosts, so you can better understand the state of your clusters. 
  • The Shodan asset inventory pack gathers information on hosts assets using the Shodan service.

Find and fix the security risks that pose the biggest threat to your business.

Detect Linux vulnerabilities and advisories

We upped our Linux vulnerability detection game this month. Mondoo now:

  • Detects and reports CVEs in the Oracle Unbreakable Enterprise Linux Kernel
  • Scans for Rocky Linux AppStream package advisories, so you can secure assets that use AppStream to get the latest language and server releases
  • Identifies security advisories for openSUSE Tumbleweed
  • Supports CVE scanning and EOL detection in Linux Mint 22

Gather critical compliance data with Compliance Hub improvements

Iterating locally on a custom compliance framework? Automating the management of frameworks stored in source control repos? The new cnspec framework command lets you manage frameworks as quickly as you can type. Now you can list, download, upload, and change the state of frameworks entirely on the command line.

Usage:
  cnspec framework [command]

Available Commands:
  active      Change a framework status to active
  download    Download a compliance framework
  list        List available compliance frameworks
  preview     Change a framework status to preview
  upload      Upload a compliance framework

Flags:
  -h, --help   help for framework

Global Flags:
      --api-proxy string   Set proxy for communications with Mondoo API
      --auto-update        Enable automatic provider installation and update (default true)
      --config string      Set config file path (default $HOME/.config/mondoo/mondoo.yml)
      --log-level string   Set log level: error, warn, info, debug, trace (default "info")
  -v, --verbose            Enable verbose output

In other Compliance Hub news, we built the new NIS2 compliance framework for companies in the European Union that must comply with the NIS2 cybersecurity directive.

Run smarter Kubernetes scans

We worked hard on our Kubernetes scanning in July so that you can focus on the workloads that matter to your business. The Mondoo Kubernetes Operator now scans top-level workloads only so that:

- Results better reflect the true state of security in your cluster.

- You can trace all results back to actual Kubernetes manifest code (that you can update).

For example, suppose you define a CronJob in a Kubernetes manifest. Mondoo used to scan the Job and Pod assets during every execution of the CronJob. Now we scan only the CronJob workload asset. In this case, hundreds of child assets no longer scan. Space statistics don't reflect ephemeral child assets that are no longer present in the cluster. 

This means that now you get a more focused set of assets in the Mondoo Console, plus faster scans and lower scan memory usage. We saw a 3x improvement in our test clusters!

That's not the only way Kubernetes scans got smarter: In addition, the Mondoo Kubernetes integration now can run as a DaemonSet, a Deployment or a CronJob; it's your choice.

See alerts when integrations fail

Stuff happens: Accounts change and tokens expire.These changes can prevent Mondoo from running continuous scans or exporting data. Now you can quickly spot when integrations stop working. 

Space owners see a new icon in the Integrations menu whenever an issue arises. Plus, any failing integrations are highlighted on the Integrations page so you can identify the exact problem at a glance.

Export more data

Mondoo data exports now include more data than ever. Now you can feed more expansive security findings into external SIEM or data warehousing systems. Exports now include vulnerability data as well as detailed asset scoring information.

Better understand affected assets

The table of affected assets on each individual check page is now much more informative. It shows the last update time, additional risk factors, risk score, and asset name. 

Manage Mondoo with Terraform

It's been a great month for improvements to our Terraform provider! It now has full access to this data:

  • The asset list of a Mondoo space
  • The full list of active policies

Also, you can now use Terraform to enable Mondoo compliance frameworks and even upload your own custom frameworks.

Updated resources

Resource Change
aws.ec2.securitygroup.ippermission New prefixListIds field
New userIdGroupPairs field
aws.eks.cluster New supportType field
aws.iam.policy New policyId field to replace the now deprecated id field
aws.rds.dbcluster New engineLifecycleSupport field
aws.rds.dbinstance

New subnets field

New engineLifecycleSupport field

aws.vpc.routetable New associations field using the new aws.vpc.routetable.associations resource
azure.subscription.aksService.cluster New apiServerAccessProfile field
github.branch New headCommitSha field
github.file New downloadUrl field
github.packages New resource
gitlab.project

New approvalSettings field using the new gitlab.project.approvalRule resource

New mergeMethod field

New projectFiles field using the new gitlab.project.file resource

New projectMembers field using the new gitlab.project.member resource

New protectedBranches field using the new gitlab.project.protectedBranch resource

New webhooks field using the new gitlab.project.webhook resource

macos.systemExtensions New resource
package.vendor New resource

Letha Dunn

Letha has been writing about technology for more than thirty years. During the past decade, she’s focused on educating engineers about identity and access management, security, CI/CD, and project velocity. Letha lives in the Pacific Northwest, where she rescues and rehabilitates abused and neglected horses and dogs.

Tim Smith

Tim Smith is a Product Manager at Mondoo. He’s been working in web operations and software development roles since 2007 and port scanning class As since 1994. He downloaded his first Linux distro on a 14.4 modem. Tim most recently held positions at Limelight Networks, Cozy Co, and Chef Software.

You might also like

Releases
Mondoo September 2024 Release Highlights
Releases
Mondoo August 2024 Release Highlights
Mondoo June 2024 Release Highlights