Mondoo May 2024 Release Highlights

We definitely have spring fever here at Mondoo. The most exciting development is full-text search that finds assets, policies, checks, CVEs, advisories, and more. There's a whole lot of good news for our AWS and GitHub customers. And to help you secure your entire infrastructure, we've further expanded our platform support, policies, and resources.

Find everything with full-text search

We expanded our search from just assets to absolutely everything. Now you can find spaces, assets, checks, CVEs, and vendor advisories with a simple, text-only search.

Examples:

  • Search for the Google Cloud project ID luna-discovery to see not only the project asset itself but also storage buckets with that project ID and a Terraform file with the name luna-discovery-backend.
  • Search for stella@lunalectric.com to see all assets in a space that contain Stella's email in any resource field.
  • Search for RDS across an entire organization to find all RDS assets in all spaces in the organization plus all RDS-related checks in policies.

AWS got a lot of love this month!

We love when our customers tell us exactly what they want. This month, much of our customer-requested additions centered on AWS. From the smallest resource addition to the positively game-changing ability to perform agentless continuous scanning, we're excited to ship these new capabilities for our customers. 

Introducing Mondoo-hosted continuous AWS scanning

For over three years, Mondoo's Lambda-based scanning agent has provided our customers with continuously updated AWS configuration and security data they can trust. But some of our customers wanted agentless AWS scanning similar to what we provide for other cloud platforms. We listened and we delivered!

You now have a choice for continuous AWS scanning: the tried-and-true serverless integration or new Mondoo-hosted scanning. Each has its benefits; you choose based on the specific needs of your business and environment.

Scan Fedora AWS instance snapshots

You can now scan Fedora workloads in AWS without deploying the Mondoo package. New snapshot scanning support for Fedora instances makes this possible.

Catch it before it's live: Scan CloudFormation templates

We didn't limit our AWS improvements to production environments; we also added CloudFormation template scanning so you can catch misconfigurations before they reach production.

We now provide security assessments for JSON- and YAML-formatted CloudFormation templates and Serverless Application Model (SAM) templates.

Cancel running serverless AWS scans

We're all about giving you the control you need over your environments. You can now cancel all running AWS instance scans for your organization or account directly from the integration page with a new Cancel Scans option on the ellipsis menu. 

Learn a lot more about your AWS integration

If knowledge is power then we're supercharging your AWS security. We've overhauled the AWS integration management experience, laying out the current configuration, potential scanning errors, and discovered assets. 

And here's a bonus: You can now name your new or existing integrations with more human-friendly titles—because no one should have to memorize 12-digit Amazon account IDs!

Explore these new AWS resources and fields

We topped off our AWS feature additions with some new resources and resource fields to expand your understanding of your AWS infrastructure.

Resource Change
aws.dynamodb.export new resource
aws.ec2.eip new resource
aws.ec2.instance new tpmSupport field
aws.ec2.instance.device improved default fields displayed in cnquery shell
aws.eks.cluster new nodeGroups field
aws.eks.nodegroup new resource
aws.organization new accounts field
aws.rds.backupsetting new resource
aws.rds.dbcluster new backupSettings field
aws.rds.dbinstance new backupSettings field
aws.sqs.queues new resource
aws.ssm.parameter new resource
aws.vpc.natgateway new resource
aws.vpc.peeringConnection new resource
aws.vpc.serviceEndpoint new resource

Monitor your infrastructure for security misconfigurations and maps those checks automatically to top compliance frameworks.

GitHub got plenty of attention too

Not all our focus went to AWS in May! We also worked hard expanding our GitHub capabilities so that you can improve security in your development process.

Scan entire GitHub organizations

Adding a new Mondoo GitHub integration every time you create a new repository felt like extra work. So we added support for scanning GitHub organizations, which includes automatically scanning new repositories as you create them. 

Need more control over which repositories to scan? Specify individual repositories to include or exclude.

Automatically discover Terraform plans in repositories

Infrastructure as code (IaC) can live anywhere. With automatic Terraform plan file discovery in GitHub repositories, you'll never miss a plan in GitHub. Scan your entire organization and let Mondoo do the heavy lifting: It automatically finds and scans each file.

cnspec scan github organization MY_ORG --discover repository,terraform

GitHub-app-based authentication

Do you want to scan your GitHub organizations and repositories without using GitHub API tokens? Now cnspec can access your source using GitHub application authentication.

cnspec scan github org MY_ORG --app-id MY_APP_ID --app-installation-id MY_APP_INSTALL_ID --app-private-key PATH_TO_PEM_FILE

New and improved policies

Our security engineers knocked it out of the park this month with loads of new policies!

New CIS Kubernetes policies

Mondoo now includes the latest CIS Kubernetes benchmark policies for self-managed Kubernetes clusters, EKS, AKS, and GKE. These policies include the latest CIS recommendations as well as all-new queries for improved output so you can remediate issues more quickly.

New CIS Debian 12 benchmark policies

Secure Debian 12 systems with new CIS Debian Linux 12 Benchmark Levels 1 & 2 policies. These policies include 284 checks specifically tuned for this latest release of Debian.

Updated Windows and Linux CIS benchmark policies

Scan your infrastructure with the very latest CIS benchmark policies for Linux and Windows. These updated policies include improved descriptions, remediation steps, and new checks to keep your systems secure against the latest threats.

  • CIS Benchmark RHEL 7 v4.0.0
  • CIS Benchmark CentOS 7 v4.0.0
  • CIS Benchmark Oracle Linux 7 v4.0.0
  • CIS Benchmark Amazon Linux 2 v3.0.0
  • CIS Benchmark Windows 2019 v3.0.0
  • CIS Benchmark Windows 2022 v3.0.0

Improved control of SSH policy application

Tune Mondoo's SSH security checks to meet your particular business needs with new reworked SSH checks that include properties. With properties, you can set your allowed SSH key exchange algorithms, ciphers, and message authentication codes (MACs) without the need to write your own checks.

Improved container policy application

From SSH configuration to interactive user permissions, many traditional security checks aren't applicable in a container world. To reduce noise and help you prioritize what matters, CIS benchmarks no longer apply to container workloads. Instead, we've modified our existing Mondoo Linux Security policy to better execute on containers. We highly recommend enabling this policy to scan your containerized workloads.

Prioritize CVEs based on clearer information

The more you understand about the risk that CVEs present to your organization, the better you can prioritize the work of fixing them. With that in mind, we enhanced our CVE experience.

Get more risk information at a glance

Better understand the true risk that a CVE presents—even at a glance. The new risk score box on CVE pages includes the overall risk of the CVE as well as the CVSS score, EPSS score, risk factors, and blast radius so you can quickly understand whether a CVE needs attention.

Count individual risk factors for CVEs and advisories

CVE and advisory pages now include the count of individual risk factors, so you can better understand the distribution of risk throughout your infrastructure.

Expanded platform support

Our reach just keeps growing! We expanded our platform support in May.  

Fedora 41 CVE detection

The Fedora 41 development process has just begun. But if you're on the bleeding edge, Mondoo has your back with EOL and CVE detection support for this upcoming Fedora release.

Alpine Linux 3.20

Keep your container applications secure with EOL and CVE detection support for Alpine Linux 3.20

Improved Arista EOS support

We've made securing Arista EOS devices easier:

  • Find your devices quickly with grouping under Network Devices in the inventory list
  • Understand what you're seeing with FQDN and model number information on the asset overview
  • Explore system configuration with improved resource default values in cnquery shell

More resource improvements

Our May resource additions weren't exclusive to AWS. Here are more enhancements we made:

Resource Change
azure.subscription.postgreSqlService.flexibleServer new resource
microsoft.group new fields: groupTypes, membershipRule, and membershipRuleProcessingState
ms365.teams.teamsMeetingPolicyConfig new allowExternalNonTrustedMeetingChat field
ms365.teams.teamsMessagingPolicyConfig new resource
ms365.exchangeonline.reportSubmissionPolicy new resource
ms365.exchangeonline.teamsProtectionPolicy new resource
docker.file new user field
github.organization new fields: hasOrganizationProjects and hasRepositoryProjects

Letha Dunn

Letha has been writing about technology for more than thirty years. During the past decade, she’s focused on educating engineers about identity and access management, security, CI/CD, and project velocity. Letha lives in the Pacific Northwest, where she rescues and rehabilitates abused and neglected horses and dogs.

Tim Smith

Tim Smith is a Product Manager at Mondoo. He’s been working in web operations and software development roles since 2007 and port scanning class As since 1994. He downloaded his first Linux distro on a 14.4 modem. Tim most recently held positions at Limelight Networks, Cozy Co, and Chef Software.

You might also like

Mondoo June 2024 Release Highlights
Releases
Mondoo April 2024 Release Highlights
Linux
Exploring the Latest Security Features in Ubuntu 24.04