Blog home

Release Highlights December 2024

Letha Dunn
Tim Smith
December 26, 2024
2 min read

Ever wish you could apply Mondoo's advanced prioritization and remediation tracking to findings from your other security tools? Wish granted: We added the ability to ingest Microsoft Defender for Cloud findings into Mondoo—with support for more security tools coming soon! We also added support for querying Nmap data and Cloudflare infrastructure, plus made huge performance improvements. But that's not all we accomplished this month. Read our release highlights to learn more.

Microsoft Defender for Cloud findings in Mondoo

Mondoo now imports vulnerabilities discovered by Microsoft Defender for Cloud. Defender findings appear in the Mondoo console alongside those discovered by Mondoo’s own scans. 

Mondoo automatically enriches all vulnerabilities found by Defender with additional risk data and remediation advice, and prioritizes them based on the actual risk posed in the environment. By adding insights on severity, known exploit data, exploit prediction scoring, asset exposure, and business impact, Mondoo helps you focus on resolving the most important problems.

Network security with Nmap scanning

Nmap (short for Network Mapper) is a powerful and versatile open source tool used for network discovery and security auditing. Network administrators, security professionals, and penetration testers rely on Nmap to map out network structures, discover hosts, identify services, and detect vulnerabilities. Now you can integrate Nmap results with Mondoo findings using our new cnquery/cnspec Nmap provider.

Scan an active IP address in a network:

nmap.network("192.168.178.0/24").hosts { name ports { * }  }
nmap.network.hosts: [
 0: {
   ports: [
     0: {
       service: "http"
       version: ""
       method: "probed"
       state: "open"
       protocol: "tcp"
       port: 443
       product: "FRITZ!Box http config"
     }
     1: {
       service: "sip"
       version: ""
       method: "probed"
       state: "open"
       protocol: "tcp"
       port: 5060
       product: "AVM FRITZ!OS SIP"
     }
   ]
   name: "192.168.178.1"
 }
 1: {
   ports: [
     0: {
       service: "rtsp"
       version: "770.8.1"
       method: "probed"
       state: "open"
       protocol: "tcp"
       port: 5000
       product: "AirTunes rtspd"
     }
     1: {
       service: "rtsp"
       version: "770.8.1"
       method: "probed"
       state: "open"
       protocol: "tcp"
       port: 7000
       product: "AirTunes rtspd"
     }
   ]
   name: "192.168.178.25"
 }
]

Scan a specific host IP:

nmap.network(target: "192.168.178.25").hosts { ports }
nmap.network.hosts: [
 0: {
   ports: [
     0: nmap.port port=5000 service="rtsp"
     1: nmap.port port=7000 service="rtsp"
   ]
 }
]

Assess the security of Cloudflare services

Dive deep into your Cloudflare infrastructure with a new Cloudflare provider for cnquery/cnspec. Gather information on the configuration of key Cloudflare services:

  • Accounts
  • Zones
  • DNS records
  • R2
  • Zero Trust apps
  • Streams
  • Videos
  • Workers
  • Pages

This example queries DNS zones:

cnquery run cloudflare -c "cloudflare.zones[1] { name dns { * } }"
cloudflare.zones[1]: {
 name: "lunalectric.com"
 dns: {
   records: [
     0: cloudflare.dns.record type="A" content="164.90.210.141" name="api.lunalectric.com"
     1: cloudflare.dns.record type="A" content="142.93.110.9" name="console.lunalectric.com"
     3: cloudflare.dns.record type="CNAME" content="console.lunalectric.com-pages.pages.dev" name="prod.lunalectric.com"
     7: cloudflare.dns.record type="MX" content="mail.protonmail.com" name="lunalectric.com"
     9: cloudflare.dns.record type="TXT" content="v=DMARC1; p=none; rua=mailto:e60948910ee34fe61be5a6bf2c3fb@dmarc-reports.cloudflare.net,mailto:dmark@lunalectric.com" name="_dmarc.lunalectric.com"
     11: cloudflare.dns.record type="AAAA" content="100::" name="meet.lunalectric.com"
   ]
 }
}

Performance improvements

Patience may be a virtue, but we don't think it should be required! We made Mondoo faster than ever:

  • 4x faster compliance report generation
  • 7x faster asset discovery during large scans
  • 20x faster GitHub repository discovery in large organizations
  • Reduced GitHub API call usage during organization scans

Find and fix the security risks that pose the biggest threat to your business.

Get started

Show remediated asset counts on CVEs

It's important to observe not just the current state of CVEs, but also the work you've done to resolve them. Remediated counts on CVE and advisory pages provide the full scope of information.

Expanded Terraform Provider Mondoo resources

You can automate more of your Mondoo Platform configuration than ever with new resources in the Terraform Provider Mondoo:

  • New mondoo_exception resource
  • New mondoo_integration_email resource
  • New mondoo_integration_gitlab resource
  • New mondoo_integration_jira resource
  • New mondoo_integration_msdefender resource
  • New mondoo_integration_zendesk resource

Policy updates

  • Secure Apple's latest macOS release, Sequoia, with an updated CIS benchmark. This policy has several new recommendations and improved queries compared to the preview release.
  • The Mondoo DNS Security policy now includes full descriptions and impact scores for each check. There are also new checks to ensure DNSSEC is enabled and no DNS wildcard entries exist.
  • New checks in the CIS VMware ESXi 6.7 and 7.0 benchmark policies ensure port-level configuration overrides are disabled and Virtual Distributed Switch NetFlow traffic is sent to an authorized collector.
  • The Mondoo TLS Security policy has new descriptions, impacts, and remediation steps for every check.

Resource updates

aws.ecr.image

  • New lastRecordedPullTime field
  • New pushedAt field
  • New sizeInBytes field

github.organization

  • New totalPublicRepos field

microsoft.user

  • New creationType field
  • New identities field using the new microsoft.user.identity resource
  • New auditlog field using the new microsoft.user.auditlog resource

Letha Dunn

Letha has been writing about technology for more than thirty years. During the past decade, she’s focused on educating engineers about identity and access management, security, CI/CD, and project velocity. Letha lives in the Pacific Northwest, where she rescues and rehabilitates abused and neglected horses and dogs.

Tim Smith

Tim Smith is a Product Manager at Mondoo. He’s been working in web operations and software development roles since 2007 and port scanning class As since 1994. He downloaded his first Linux distro on a 14.4 modem. Tim most recently held positions at Limelight Networks, Cozy Co, and Chef Software.

You might also like

Augment Microsoft Defender for Cloud with Mondoo Exposure Management
Deborah Galea
December 19, 2024
Releases
Mondoo November 2024 Release Highlights
Letha Dunn
Tim Smith
November 30, 2024
Overview of Changes and New Security Features in Windows Server 2025
Christoph Hartmann
November 4, 2024

Stay informed with our news and new articles

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.