CVEs can’t hide from Mondoo
Our engineering team has spent the last several months quietly crafting an all new CVE detection engine and this month we released the first portion of this work. Was it worth all the time we’ve spent? Absolutely.
Our new scanning engine significantly improves our ability to detect and surface CVEs in macOS, Linux, and Windows packages. It also enables scanning across a broader range of distributions and applications. We’ve expanded CVE detection to now include IBM AIX, Microsoft SQL Server, Microsoft 365 apps, and Microsoft Office for Mac. And this is just the beginning—expect even more detection capabilities to roll out very soon.
Taking action has never been easier
It’s not just about what you detect though, it’s also about making it actionable. That’s why we’ve enhanced all our CVE and advisory pages in our console, making it easy to dive into individual findings on an asset and quickly take action. The new pages introduce a fresh look to Mondoo, accelerating understanding of the risk and reducing the time it takes to remediate findings. Key information on not only the finding, but also the asset where it was discovered is presented front and center and a new ‘Take Action’ button lets you quickly create a ticket, set an exception, or share a link with colleagues.
Expanded exceptions for outliers
Mondoo already provided the ability to set exceptions for security checks, helping teams focus on what matters most in their environment. Now, we’re expanding that flexibility to allow you to create exceptions for CVEs and vendor advisories. This is especially valuable for prioritization workflows, where not every vulnerability requires immediate action. By creating snooze exceptions for known, low-risk, or vendor-acknowledged issues, teams can reduce noise, streamline remediation efforts, and focus resources on the most critical threats.
Quickly understand risk
We’re further evolving how risk is displayed in Mondoo to make it clearer and more actionable. This month, we replaced our previous A–F grading system with a streamlined risk scale: LOW, MEDIUM, HIGH, and CRITICAL. With this new approach, you can assess exposure risk at a glance and prioritize your response more effectively.
When you dig into individual assets, you’ll now see key risk factors that deserve extra attention, along with the top security findings that should be addressed first. This gives you a clear starting point for hardening each asset. Instead of sifting through long lists of issues, you can immediately focus on what matters most. It’s a faster, more focused way to move from insight to action.
To help you focus on the most important findings first, we’ve introduced new risk factors that highlight critical misconfigurations. One of the most impactful is the new Internet Exposed risk factor, which identifies cloud instances with public IPs. We’ve also added risk factors for common cloud services that help surface high-priority CVEs, especially when those vulnerabilities could be exploited in combination with internet exposure.
Expanded insights for VMware, AWS, Azure, GCP and hypervisors
We’ve extended our already powerful asset inventory capabilities with new Mondoo Query Language (MQL) resources and Mondoo console asset inventory data for leading clouds and virtualization hypervisors.
A new ‘cloud’ MQL resource fetches critical instance metadata on AWS, Azure, and GCP. This resource provides quick access to key instance configuration values such as cloud provider, public/private hostnames, and public/private IP addresses. If you need to dive deeper, the complete vendor metadata is also available to you, unlocking everything there is to know about a system.
If you’re not running in the cloud there’s still plenty to be happy about this month. A new ‘os.hypervisor’ resource includes virtualization hypervisor detection support on macOS, Windows, and Linux with support for over a dozen different hypervisors, so you’ll always know if assets are bare metal in your datacenter or VMware in your private cloud.
Not only is this information available in your own custom security policies, it’s exposed directly on assets in the Mondoo console. Updated asset overview information presents key bare metal, cloud, and virtualization information, so you can quickly go from finding to remediation.
Set and track SLAs
Stay on top of critical internal or compliance SLAs with the new SLA tracking section on your space and workspace dashboards. This section monitors your CVE remediation progress against standard SLA timeframes defined in the PCI-DSS framework so you can quickly see where you’re meeting expectations and where action is needed. Need something more tailored for your business? Warning and violation thresholds are fully configurable for each space through the security model settings.
Your data is just a few clicks away
Want to dig deeper into your Mondoo security findings or merge them with other data in your BI tools? With new ad-hoc CSV exports, you can now export your full Mondoo dataset on demand giving you the flexibility to analyze, visualize, and report on your security data however you choose.
New frameworks and CIS benchmarks
Up to date content is key for detecting the latest security concerns in your infrastructure. As usual this month our team shipped new and updated policies to help you continually secure your infrastructure:
- CIS SUSE Linux Enterprise Server 2.0: This updated policy includes hundreds of new and updated checks.
- Mondoo AWS Security policy 4.0: We rewrote our AWS security policy from the ground up to detect critical misconfigurations that expose sensitive assets. New checks support both cloud resources and Terraform plans and expanded remediations support CLI, console, CloudFormation, and Terraform based remediation.
- CIS Amazon EKS 1.6.0: This policy includes support for the latest EKS feature sets and improved remediation steps.
- CIS Azure AKS 1.6.0: This policy includes support for the latest AKS feature sets and improved remediation steps. benchmark.
That’s it for March. We’re working on many exciting updates for April. Stay tuned!
