🥳 Mondoo 11.36 is out! This release includes ad hoc risk prioritization with workspaces!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

Zero in on exactly the assets you need with workspaces​

Do you find yourself repeatedly searching for the same groups of assets? Do you wish you could see a subgroup of assets in your space to compare them or measure progress on a certain project? Or maybe some assets just get in the way of what you want to focus on right now? What you need are workspaces!

Workspaces are dynamic groups of assets in a space that you want to view and assess together. Unlike spaces, assets in a workspace are included based on queries. Best of all, an asset can be in as many workspaces as you want. Create a workspace that shows only assets with critical findings, another workspace that has all your Windows 2016 systems that still need to be upgraded, and another that includes all the systems owned by the front end team... whatever meets your specific business needs.

How might you use workspaces to solve problems?

Like many companies, Lunalectric has thousands of assets, but recently their CISO has been increasingly focused on their supply chain. To ensure GitHub and GitLab source code and CI/CD configuration meet best practices, let's create a workspace just for these SCM assets.

We create a single asset selection that includes the GitHub and GitLab platforms. Asset selections can match on asset name, kind, platform, platform version, and risk rating with more options coming soon. We can even add as many additional conditions to the selection as we want to create complex queries like Windows systems with a critical risk rating that aren't Windows 2022 and have the word "luna" in the asset name.

Once our workspace is created, we can find it by selecting Workspaces in the left navigation menu or choosing it from the new workspaces top navigation drop-down menu.

Once in our new SCM Assets workspace, the layout feels similar to the existing Lunalectric spaces, only more focused on understanding risks and exploring assets. Our workspaces dashboard shows just our GitLab and GitHub assets, including the top misconfigurations we should start tackling. We can dive into policies, checks, CVES, or advisories to see more details... all the while remaining tightly focused on the task at hand.

Even without diving deeper, the workspace dashboard's inventory overview is telling quite a story. GitLab assets are all passing checks, but GitHub assets, on the other hand, are all high risk.

Armed with this quick insight, we have the information we need to let our CISO know about the current SCM risk and develop a remediation plan to secure these critical assets.

To learn how you can use workspaces to better organize assets and expose risks, read Plan Your Mondoo Organization and Workspaces in the Mondoo documentation.

Quick access to reports​

Quickly access compliance reports by selecting Reporting in the left navigation menu. Looking for more reports? Stay tuned for more updates in upcoming releases. If you're looking for something in particular, let us know at product@mondoo.com!

🧹 IMPROVEMENTS​

Optionally follow HTTP -> HTTPS redirects​

You now have additional control over how Mondoo scans HTTP hosts in the host provider. By default cnquery and cnspec no longer follow redirects from HTTP to HTTPS endpoints, so you can now inspect your HTTP configurations when you choose. If you prefer to follow redirects, use the new --follow-redirects flag.

Without the redirect you can inspect the original page and headers:

$ cnquery shell host http://mondoo.com

cnquery> http.get
http.get: http.get url=url id = http://mondoo.com statusCode=301
cnquery> http.get.body
http.get.body: ""

With redirects specified, you can follow all redirects to the final page users would see:

$ cnquery shell host --follow-redirects http://mondoo.com

cnquery> http.get
http.get: http.get url=url id = http://mondoo.com statusCode=200
cnquery> http.get.body
http.get.body: "<!DOCTYPE html><!-- Last Published: Fri Jan 10 2025 00:09:49 GMT+0000 (Coordinated Universal Time) --><html..."

Resource updates​

azure.subscriptions.defenderForContainers​

• Expose Extensions values

azure.subscription.policy.assignment​

• New parameters field

fstab​

• Update options field to an array of options instead of a single string

k8s.node​

• New kubeletPort field
• New nodeInfo field
• New created field

microsoft.applications​

• Fetch all applications in large installations

Improved CIS benchmarks​

Sometimes the best changes are behind the scenes. This week we shipped all-new internal tooling to generate CIS benchmark policies in Mondoo Platform. These changes not only let us to bring you the latest and greatest policies more quickly in the future—they also enabled us to make a huge number of small improvements to existing policies:

• New checks that were previously marked as requiring manual user validation
• More clear and concise descriptions for each policy
• Expanded check descriptions, including rationale behind the security concerns
• New audit and remediation steps in many Linux distribution policies
• Simplified MQL queries to improve readability
• Additional platform version tags to improve searching for policies
• Improved policy search results when searching for platform versions

🐛 BUG FIXES AND UPDATES​

• Display CVEs for Fedora 41 assets.
• Fix a failure querying Microsoft 365 applications.
• Correct the remediation steps in the BSI 'Ensure SSH Idle Timeout Interval is configured' check.
• Add EOL dates for FreeBSD 14.2 and Alpine Linux 3.21.
• Correct the EOL date for FreeBSD 14.1.
• Update the Amazon Linux 2 EOL date, which has been extended to June 30, 2026.
• Support EBS volume scanning of instances with LVM partitions.
• Improve remediation step formatting in Mondoo VMware policies.
• Open check remediation links in a new window or tab.
• Fix an unknown-score-type error when comparing semver data in checks.
• Fix display of GitHub provider help.
• Don't reinstall some providers on each scan.
• Fix errors using the Cloudflare provider.
• Show the link to discovered assets on each integration page.
• Add detection of the upcoming M4 MacBook Air/Pro models to asset overview information.
• Add form validation to the Microsoft Defender for Cloud integration to ensure UIDs are correctly formatted.
• Display platform icon for Nmap assets in affected asset tables.
• Update Windows checks for the RestrictSendingNTLMTraffic registry entry to accept both Audit All and Deny All configurations.
• Add a missing permission to the automated CLI Azure setup.
• Show the platform in all cnspec scan results. Thanks for suggesting this, @DrackThor!

🥳 Mondoo 11.35 is out! This release includes Microsoft Defender for Cloud findings in Mondoo, Nmap scanning, performance improvements, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

Microsoft Defender for Cloud findings in Mondoo​

Mondoo now imports vulnerabilities discovered by Microsoft Defender for Cloud, so you can prioritize them alongside vulnerabilities discovered by Mondoo. Mondoo helps security teams quickly make sense of security findings regardless of where those findings originate, prioritize the most critical risks, and easily assign them to IT and DevOps with detailed remediation steps. This means that Mondoo significantly speeds up time to resolution and bolsters overall security posture.

Vulnerabilities discovered by Microsoft Defender for Cloud appear in the Mondoo console alongside those discovered by Mondoo’s own scans. Mondoo automatically enriches all vulnerabilities found by Microsoft Defender with additional risk data and remediation advice, and prioritizes them based on the actual risk posed in the environment.

Mondoo enriches the findings generated by Microsoft Defender for Cloud with severity, known exploit data, exploit prediction scoring, asset exposure, and business impact, to make sure your security teams are focused on resolving the most important problems.

Network security with Nmap scanning​

Nmap, short for Network Mapper, is a powerful and versatile open source tool used for network discovery and security auditing. Network administrators, security professionals, and penetration testers rely on Nmap to map out network structures, discover hosts, identify services, and detect vulnerabilities. Now you can integrate Nmap results with Mondoo findings using our new cnquery/cnspec Nmap provider.

Scan active IP address in a network:

nmap.network("192.168.178.0/24").hosts { name ports { * }  }
nmap.network.hosts: [
  0: {
    ports: [
      0: {
        service: "http"
        version: ""
        method: "probed"
        state: "open"
        protocol: "tcp"
        port: 443
        product: "FRITZ!Box http config"
      }
      1: {
        service: "sip"
        version: ""
        method: "probed"
        state: "open"
        protocol: "tcp"
        port: 5060
        product: "AVM FRITZ!OS SIP"
      }
    ]
    name: "192.168.178.1"
  }
  1: {
    ports: [
      0: {
        service: "rtsp"
        version: "770.8.1"
        method: "probed"
        state: "open"
        protocol: "tcp"
        port: 5000
        product: "AirTunes rtspd"
      }
      1: {
        service: "rtsp"
        version: "770.8.1"
        method: "probed"
        state: "open"
        protocol: "tcp"
        port: 7000
        product: "AirTunes rtspd"
      }
    ]
    name: "192.168.178.25"
  }
]

Scan a specific host IP:

nmap.network(target: "192.168.178.25").hosts { ports }
nmap.network.hosts: [
  0: {
    ports: [
      0: nmap.port port=5000 service="rtsp"
      1: nmap.port port=7000 service="rtsp"
    ]
  }
]

🧹 IMPROVEMENTS​

Performance improvements​

No one wants to wait so we made Mondoo faster than ever.

• 4x faster compliance report generation
• 7x faster asset discovery during large scans
• 20x faster GitHub repository discovery in large organizations
• Reduced GitHub API call usage during organization scans

New checks in Mondoo DNS Security​

The Mondoo DNS Security policy now includes full descriptions and impact scores for each check. There are also new checks to ensure DNSSEC is enabled and no DNS wildcard entries exist.

Display remediated asset count on CVEs​

It's important to observe not just the current state of CVEs, but also the work you've done to resolve them. Remediated counts on CVE and advisory pages provide the full scope of information.

Expanded Terraform Provider Mondoo resources​

You can automate more of your Mondoo Platform configuration than ever with new resources in the Terraform Provider Mondoo. Thanks for these great contributions @mati007thm!

• New mondoo_exception resource
• New mondoo_integration_email resource
• New mondoo_integration_gitlab resource
• New mondoo_integration_jira resource
• New mondoo_integration_msdefender resource
• New mondoo_integration_zendesk resource

Resource updates​

aws.cloudfront.function​

• Deprecate createdTime in favor of a new createdAt field

aws.dynamodb.table​

• Deprecate createdTime in favor of a new createdAt field

aws.elb.loadbalancer​

• Deprecate createdTime in favor of a new createdAt field

aws.rds.dbcluster​

• Deprecate createdTime in favor of a new createdAt field

aws.rds.dbinstance​

• Deprecate createdTime in favor of a new createdAt field

aws.s3.bucket​

• Deprecate createdTime in favor of a new createdAt field

github.organization​

• New totalPublicRepos field

🐛 BUG FIXES AND UPDATES​

• Fix affected assets lists not containing assets scanned by older custom policies.
• Fix failures in the files.find resource with container image scans.
• Improve display of VMware assets in the inventory overview.
• Simplify the asset print view headers.
• Rename "Sources" to "Learn More" on CVEs to better describe the purpose of the links.
• Fix policy check metrics when exceptions are set.
• Fix search for low security CVEs returning zero results in the vulnerability database.
• Update CIS NTLM checks to also accept the "Deny All" setting.
• Adjust scores in Windows policies to improve prioritization.
• Ensure Kubernetes assets always contain asset overview information.

🥳 Mondoo 11.34 is out! This release includes updated CIS macOS Sequoia benchmarks and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🧹 IMPROVEMENTS​

CIS macOS Sequoia benchmark 1.0​

Secure Apple's latest macOS release with an updated CIS benchmark. This policy has several new recommendations and improved queries compared to the preview release.

🐛 BUG FIXES AND UPDATES​

• Improve display of affected assets in the vulnerabilities overview page.
• Improve default values displayed for Cloudflare R2 buckets.
• Handle nil login values in the microsoft.user.auditlog resource.
• Add more detailed command line help for the GitLab provider.
• Fix failures with JSON exports if a duplicate key exists.
• Fix failures in the Mondoo Linux Security Policy's auditd checks when scanning Ubuntu or Debian systems.
• Fix failures running CIS VMware policy vulnerabilities checks.
• Fix some checks showing as passed when they have failed.
• Fix Kubernetes services displaying in multiple inventory page asset groups.
• Improve the output and reliability of CIS macOS benchmarks.
• Add descriptions, impacts, and remediation steps to each check in the Mondoo TLS Security policy.
• Add an icon for ticket systems on the add integrations page.
• Fix display of the last successful integration time.

🥳 Mondoo 11.33 is out! This release includes Cloudflare asset inventory, expanded Entra ID inspection, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

Explore Cloudflare services​

Dive deep into your Cloudflare infrastructure with a new Cloudflare provider for cnquery/cnspec. Use this provider to gather information on key Cloudflare services:

• Accounts
• Zones
• DNS records
• R2
• Zero Trust apps
• Streams
• Videos
• Workers
• Pages

This example queries DNS zones:

cnquery run cloudflare -c "cloudflare.zones[1] { name dns { * } }"
cloudflare.zones[1]: {
  name: "lunalectric.com"
  dns: {
    records: [
      0: cloudflare.dns.record type="A" content="164.90.210.141" name="api.lunalectric.com"
      1: cloudflare.dns.record type="A" content="142.93.110.9" name="console.lunalectric.com"
      3: cloudflare.dns.record type="CNAME" content="console.lunalectric.com-pages.pages.dev" name="prod.lunalectric.com"
      7: cloudflare.dns.record type="MX" content="mail.protonmail.com" name="lunalectric.com"
      9: cloudflare.dns.record type="TXT" content="v=DMARC1; p=none; rua=mailto:e60948910ee34fe61be5a6bf2c3fb@dmarc-reports.cloudflare.net,mailto:dmark@lunalectric.com" name="_dmarc.lunalectric.com"
      11: cloudflare.dns.record type="AAAA" content="100::" name="meet.lunalectric.com"
    ]
  }
}

🧹 IMPROVEMENTS​

Resource updates​

aws.ecr.image​

• New lastRecordedPullTime field
• New pushedAt field
• New sizeInBytes field

microsoft.user​

• New creationType field
• New identities field using the new microsoft.user.identity resource
• New auditlog field using the new microsoft.user.auditlog resource

🐛 BUG FIXES AND UPDATES​

• Improve default output of the github.repository.adminCollaborators resource.
• Improve default output of the github.organization.packages resource.
• Fix macOS process resource executable values to align with the output from Linux systems.
• Add the EOL date for Fedora 41 and update dates for 40 and 39 to match the latest published information from the Fedora Project.
• Improve cleanup of inactive assets in large organizations.
• Fix missing compliance check mappings for some frameworks.
• Add the missing query Ensure permissions on /etc/group.old are configured to the CIS SUSE Linux Enterprise 11 Benchmark policy.
• Improve the reliability of aggregate score generation on dashboards.
• Add two checks to the CIS VMware ESXi 6.7 and 7.0 Benchmark policies:
  • Ensure port-level configuration overrides are disabled
  • Ensure Virtual Distributed Switch NetFlow traffic is sent to an authorized collector
• Add an asset group for Kubernetes Namespace assets.

🥳 Mondoo 11.32 is out! This release includes single-command Azure integration, expanded risk factor support, Windows LTSC/LTSB support, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

Single-command Azure integration​

Integrate Mondoo and Azure with just a single command. No more worrying about setting up apps, configuring service principals, or generating certificates. Tell Mondoo what you'd like to scan in your Azure subscription and paste the command in CloudShell. Then kick back, relax, and let Mondoo do the heavy lifting.

Detect EOL dates for Windows LTSC and LTSB releases​

Mondoo EOL detection support for Windows now includes the Microsoft Long Term Servicing Channel (LTSC) and Long Term Servicing Branch (LTSB) releases. No matter what release of Windows you use, Mondoo detects upcoming EOL dates.

🧹 IMPROVEMENTS​

Badges for new policies​

Too many cooks in the kitchen? Understand when you or your coworkers enable new policies in a space with a "New" badge on any policy enabled in the last 7 days.

Show risk factors on asset checks​

Understand risks that elevate security concerns on your assets with risk factors on asset checks tables.

🐛 BUG FIXES AND UPDATES​

• Improve cloud snapshot scanning to support devices with multiple block devices.
• Improve performance of Windows SMBIOS discovery.
• Fix Windows platform detection in local scans.
• Improve performance of cloud detection on *nix systems. Thanks tomtrix!
• Don't display assets without vulnerabilities on the vulnerability dashboard.
• Display the platform for each asset in affected asset tables.
• Update VMware EOL dates to use the new extended dates.
• Fix an issue that prevented data exports of some checks.
• Fix TLS checks in the CIS Azure Foundations benchmark policy to match additional variations of TLS 1.2 and 1.3.
• Add Ensure error logging is enabled and set to the info logging level check to the CIS NGINX benchmark policy.
• Fix failures in the Ensure discretionary access control permission modification events are collected check in Linux CIS benchmarks.
• Improve usage of properties in the CIS NGINX benchmark policy.
• Improve reliability of last successful scan time on integrations.
• Add tool tips to asset counts on the spaces page.
• Add tool tips to the exceptions counts on compliance pages.

🥳 Mondoo 11.31 is out! This release includes asset inventory exploration, NGINX security, expanded risk detection, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

Explore query packs results space-wide​

Understand the configuration of systems throughout your spaces with query packs. Query pack pages now expose results returned for each asset. Use Mondoo's two dozen out-of-the-box query packs to expose important configuration data such as running processes or available memory. If those query packs don't include quite what you need, write your own query packs to expose business-specific asset configuration data throughout your spaces.

New CIS NGINX benchmark policies​

Keep critical web servers, proxy servers, and load balancers secure with new CIS NGINX benchmarks. These six policies include 91 checks in total designed to ensure that NGINX is not only installed securely but configured to protect sensitive data from prying eyes.

Run Mondoo in Azure Cloud Shell​

Secure your Azure subscriptions without complex Azure credential configuration. Now Mondoo can install and run directly in Azure Cloud Shell: Simply paste the Workstation Quick Setup command in Azure Cloud Shell.

🧹 IMPROVEMENTS​

Priority findings on the spaces page​

Quickly understand the spaces that need your attention the most with a count of priority findings shown on the spaces page. The number of priority findings is the total of all critical and high findings on the space. Mondoo highlights them to help you to better prioritize your effort.

Faster load times in compliance​

Track your compliance quicker than ever, with up to 10x faster load times in the Compliance Frameworks page.

Additional risk factors for FTP servers​

Prioritize the risks that matter the most with new risk factors for assets running vsftp, Pure-FTPd, and ProFTPD FTP servers.

Updated CIS Debian 11 Benchmark policy 2.0.0​

With 665 updates including new and improved checks, descriptions, and remediation steps, this updated policy keeps your Debian 11 systems secure against the latest threats.

Resource updates​

gitlab.project​

• New emptyRepo field
• New groupRunnersEnabled field
• New jobsEnabled field
• New sharedRunnersEnabled field

gitlab.project.approvalsetting​

• New selectiveCodeOwnerRemovals field

gitlab.project.member​

• New state field
• New username field

🐛 BUG FIXES AND UPDATES​

• Improve the rendering of descriptions and remediation steps in the Mondoo Linux Security policy.
• Move all service checks in the Mondoo Linux Security policy into a Sensitive Services chapter.
• Expand the Mondoo Linux Security policy Ensure FTP servers are stopped and not enabled check to include Pure-FTPd and ProFTPD.
• Expand the Mondoo Linux Security policy's Ensure IMAP and POP3 servers are stopped and not enabled check to include the Cyrus IMAP server.
• Expand the Mondoo Linux Security policy's Ensure DNS server is stopped and not enabled, Ensure NIS server is stopped and not enabled, and Ensure talk server is stopped and not enabled checks to support Debian- and Ubuntu-based systems.
• Add remediation steps for SLES/openSUSE to the Mondoo Linux Security policy.
• Fix the Mondoo Linux Security policy's Ensure SSH Protocol is set to 2 check incorrectly running on Ubuntu 24.04 systems.
• Fix the Mondoo Linux Security policy's Ensure mail transfer agent is configured for local-only mode incorrectly identifying the IPv6 loopback address.
• Ensure that the remediation steps in the Mondoo Linux Security policy include service restarts where necessary.
• Fix failing compliance reports in some spaces.
• Fix some AWS and Azure platforms not displaying correctly in the inventory overview.
• Fix the link to the CloudFormation template during AWS Serverless integration setup with non-us-east-1 regions.
• Add support for searching for software, compliance frameworks, and compliance controls in a space.

🥳 Mondoo 11.30 is out! This release includes notes for cases, expanded Windows snapshot scanning, updated policies, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

Notes for cases​

Cases are an important way to communicate with the team fixing security issues. Now you can provide the context that downstream teams need to remediate problems quickly: When you create a case, you can write a note, which automatically syncs to your ticketing or project management system.

Package data in Windows snapshot scans​

You can now expose package vulnerabilities on Windows cloud hosts without deploying agents. Windows cloud snapshot scans now include package discovery.

Parse fstab entries with MQL​

Dive head first into Linux fstab entries with new MQL resources for fstab data.

fstab.entries: [
  0: {
    fsck: 1
    options: "defaults,noatime"
    device: "UUID=7c4e7e0e-ce36-42f9-b456-16f78f3a1eb1"
    fstype: "xfs"
    mountpoint: "/"
    dump: 1
  }
  1: {
    fsck: 2
    options: "defaults,noatime,uid=0,gid=0,umask=0077,shortname=winnt,x-systemd.automount"
    device: "UUID=C155-24D2"
    fstype: "vfat"
    mountpoint: "/boot/efi"
    dump: 0
  }
]

Discover VMware distributed virtual switches and port groups​

Mondoo's new and expanded MQL resources for VMware let you discover and secure VMware distributed virtual switches and port groups.

vsphere.datacenters { distributedPortgroups { name properties } }

and

vsphere.datacenters {distributedSwitches {*} }

🧹 IMPROVEMENTS​

CIS Debian 12 v1.1.0 benchmark policy​

Secure Debian 12 systems with the latest recommendations from the Center for Internet Security. This newly updated policy includes 365 updates including all new checks, updated descriptions, and improved remediation steps.

CIS macOS 12 v3.1.0 benchmark policy​

Secure legacy macOS 12 systems with the newly updated macOS 12 (Monterey) benchmark, including updated checks, recommendations, and remediation steps.

Resource updates​

files.find​

• New depth field

microsoft.conditionalAccess​

• The namedLocations field now returns the new microsoft.conditionalAccess.namedLocations resource

vsphere.vswitch.dv​

• New moid field

🐛 BUG FIXES AND UPDATES​

• Improve help in the GitHub provider.
• Handle nil directory names in the files.find resource.

🥳 Mondoo 11.29 is out! This release includes asset risk factor customization, Windows Server 2025 support, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

Risk factor customization​

Tailor Mondoo's security model to match the needs of your business with risk factor customizations. Choose which risk factors matter to you and tune how much impact each risk factor has on the prioritization of findings. That way, the unique needs of your infrastructure determine which systems require urgent attention.

Expanded risk factors​

Focus on the most important systems first, with new risk factors for critical databases, file sharing, and directory services. These new risk factors surface your most critical systems first, so you can focus your energy on the highest risks to your business:

• Cassandra
• Elasticsearch
• MariaDB
• MongoDB
• OpenLDAP
• OpenSearch
• Samba

Descriptions for organizations and spaces​

Communicate the intended purpose of organizations and spaces to your coworkers, or maybe just your future self, with long descriptions for organizations and spaces. Set a description in the new organization and space creation pages or edit them after the fact in the settings pages.

🧹 IMPROVEMENTS​

Windows 2025 support​

It's been over three years since the last major Windows Server release, and Microsoft has been busy putting plenty of new security features in Windows 2025. If you're testing the waters on this new version, released this week, Mondoo has your back! We have full support for securing Windows Server 2025, including the new Arm processor variants.

If you're interested in learning more about everything new in this release, check out our Overview of Changes and New Security Features in Windows Server 2025 blog post.

CloudLinux support​

Query and secure CloudLinux assets with new support in Mondoo for the hosted-optimized Linux distribution.

CIS AWS Foundations benchmark 4.0​

Stay on top of the latest threats against your AWS infrastructure with the updated CIS AWS Foundations benchmark 4.0. This new release includes 14 new and updated recommendations for the most commonly used Amazon services.

Resource updates​

microsoft.user​

• New mfaEnabled field

🐛 BUG FIXES AND UPDATES​

• Improve the text describing policy scoring.
• Improve the layout of the page when adding an integration and all recommended policies are already enabled.
• Add more input validation for GitHub Enterprise URLs in the GitHub Issues integration setup.
• Fix a panic querying aws.eks.clusters { * } when no disks are present.
• Include RPM packages with the vendor of "(none)" in the packages resource.
• Improve scalability of the GitHub provider in very large organizations.
• Provide a helpful error message when clients can't authenticate with Mondoo Platform.
• Report IBM dB2 and Amazon Aurora RDS instances in asset overviews.
• Support fetching Windows Appx packages during filesystem scans.
• Update policy and query pack download icons to be more consistent with other console icons.
• Don't include the properties tab on policies that don't have any properties.
• Include the create date in asset overviews for AWS EFS filesystem assets.
• Fix a failure running some Microsoft 365 integration scans.
• Update VMware ESXi 7 EOL to the new extended EOL date.
• Don't show internal query packs on the query packs page.
• Update Microsoft Teams notification support to use the new AdaptiveCard system in Teams.

🥳 Mondoo 11.28 is out! This release includes Azure DevOps ticketing, policy scoring configuration, updated policies, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

Create Azure DevOps issues from Mondoo​

Mondoo now supports creating remediation tickets in Azure DevOps. This option joins our existing support for ticketing with Jira, Zendesk, GitHub, GitLab, and email.

Mondoo can create tickets in these external systems and update them as it detects changes. When all the findings are remediated, Mondoo can automatically close tickets. When previously resolved findings regress, Mondoo can automatically open new cases to track remediation.

Policy scoring weight configuration​

Configure how Mondoo scores your policies with a newly redesigned policy page. The new page makes it easier to enable or disable a policy, share that policy with colleagues, and now to modify how that policy is scored. Select the scale icon from the top of any policy page to display five new scoring options.

Learn more about scoring systems in the Mondoo documentation.

🧹 IMPROVEMENTS​

Updated CIS Windows benchmark policies​

Secure critical Windows servers with the latest CIS recommendations for Windows 2016 and 2019:

• CIS Windows Server 2016 benchmark 3.0.0
• CIS Windows Server 2019 benchmark 3.0.1

Creation and scan details for integrations​

Integration detail pages now expose creation and scan information to help with understand and troubleshooting integrations

• Creation date
• Last modification date
• Last successful scan date
• Last attempted scan date

Fedora 41 support​

Mondoo now detects Fedora 41 servers, workstations, and containers including EOL and package CVE support.

Simplified policy property editing​

You can now modify policy property values directly on the policies page at Security -> Policies, making it easier to customize policies to your needs.

Resource updates​

asset​

• New purl field

aws.ec2.instance​

• New iamInstanceProfile field using the new aws.iam.instanceProfile resource

aws.iam​

• New instanceProfiles field using the new aws.iam.instanceProfile resource

🐛 BUG FIXES AND UPDATES​

• Fix formatting on sample commands in the workstation integration setup page.
• Detect CVEs on recent VMware vCenter releases.
• Improve password expiration checks in Windows policies.
• Fix a failure loading the AWS integration details page with certain configuration options enabled.
• Identify new M4 iMacs in the asset overview.
• Improve the icon for uploading custom frameworks, policies, and query packs.
• Fix package detection on the latest releases of openSUSE/SLES.
• Use the asset name defined in inventory files when scanning assets over SSH.
• Fix command line help for the Azure provider not showing all available flags.
• Fix a failure scanning Microsoft 365.
• Fix some AWS resources not fetching tags properly.
• Don't show the filter search bar on the Policies page when there are no enabled policies.

🥳 Mondoo 11.27 is out! This release includes simplified policy management, Shodan scanning, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

Simplified policy and query pack management​

Say goodbye to the Registry and hello to simplified policy management and insights. A more intuitable organization puts the content you need at your fingertips:

• All the tasks you perform with policies are now accessible under Security.

• All the tasks you perform with query packs are now accessible under Inventory.

• All the tasks you perform with frameworks are now accessible under Compliance.

We listened to your feedback and made it easier to see what content is enabled and to enable or disable those policies, query packs, and frameworks. Customization is within closer reach with improved management of custom content and configuration of scoring vs. preview policies.

Understand external exposure with continuous Shodan scans​

Gain visibility into your infrastructure's external exposure with continuous Shodan scanning. Our new Shodan integration allows you to automatically monitor domains, IPs, and even entire IP blocks for external risk.

Paired with our new Shodan Security policy and query pack, this scanning provides critical insights into what attackers know about your systems. Now you can prioritize essential fixes effectively.

Search available integrations​

Quickly find the exact integration you're looking for with search on the integrations page.

🧹 IMPROVEMENTS​

Support non-ASCII characters in space and organization names​

We got a bit wrapped up in 'Merica and tossed a few too many bald eagles on the space and organization creation pages. The eagles have been relocated and now customers across the globe can safely create spaces and organizations with all your favorite non-ASCII characters.

Updated CIS VMware benchmark policies​

Secure your critical VMware infrastructure with the latest recommendations from The Center for Internet Security (CIS):

• CIS VMware ESXi 6.7 Benchmark v1.4.0
• CIS VMware ESXi 7.0 Benchmark v1.4.0
• CIS VMware ESXi 8.0 Benchmark v1.1.0

🐛 BUG FIXES AND UPDATES​

• Improve email address validation in integration setup pages.
• Add GitHub token validation to GitHub integrations.
• Update GitHub integration setup instructions to better clarify required vs. optional fields.
• Fix rendering of dividers on integration status pages.
• Fix display of Windows setup commands on the workstation integration page.
• Improve the display of policies with multiple authors.
• Improve the alignment and display of risk factor icons on vulnerability, advisory, and check pages.
• Show larger descriptions by default on advisory and CVE pages.
• Improve the layout of EC2 filtering options in the AWS serverless integration setup.
• Improve alignment of text in affected asset, top vulnerabilities, and top security findings tables.
• Fix application of some policies on Terraform assets.
• Identify the new 14" MacBook Pro M4 in the asset overview.
• Improve the reliability of queries in the Mondoo Microsoft Azure Security policy.
• Fix a failure to load some older AWS serverless integrations.
• Fix a failure scanning in the ms365.exchangeonline.reportSubmissionPolicy resource.
• Expose additional labels on Amazon ECS containers.
• Support scanning Shodan assets using an inventory file.
• Improve command line help for Snowflake and Slack.
• Display the cnspec version used to scan hosted integration assets in the asset configuration.