Integrations with CrowdStrike and SentinelOne, priority asset customization, optimized dashboards that give you exactly what you need to start your day informed… Nobody told us it was a short month! Learn about these and many more additions and improvements we made to Mondoo in February.​

Unify findings from SentinelOne and CrowdStrike Falcon​

Do you wish there was an easy way to centralize data from multiple security tools? Want to assess your overall security posture without manually wrangling data or writing custom code? Need to triage and track all of your security findings in one place?

Centralizing findings in Mondoo from external security tools is easy in Mondoo. And this month we added SentinelOne and CrowdStrike Falcon to our list of third-party security integrations.

With these integrations, you can take advantage of Mondoo's security visualization, prioritization, and ticketing capabilities. Consolidating the data in Mondoo lets you understand your biggest risks and make the most impactful changes to boost your security posture.

Mondoo includes Microsoft Defender, SentinelOne, and CrowdStrike data alongside findings from Mondoo's own scans, and deduplicates so you don't have to.

To learn the benefits of pulling all your security data into Mondoo, read Unify Findings from CrowdStrike, SentinelOne, and Microsoft Defender in Mondoo.

Protect what matters most to your business​

You now have even more control over how Mondoo evaluates risk in your infrastructure. You can identify assets as high or low priority based on tags or labels (added in the cloud), or annotations (added using Mondoo) on the asset. When Mondoo assigns a risk score, it considers the asset's priority along with other factors, such as running database servers or open ports.

Now, you can rest assured that any risks that endanger your most critical assets are automatically assigned a higher priority. At the same time, you can reduce noise by specifying which assets are less important to your business.

Enhanced space dashboard​

See the information that's most important to you on the new and improved space dashboard. You immediately see the total number of priority (critical and high risk) findings in the space, an important indicator of the overall security of your infrastructure.

The top ten findings, based on risk score and blast radius, display prominently as well, allowing you to take quick action where your efforts will bring the greatest results.

Remediation information lets you quickly assess security and operations team performance on vulnerabilities. All remediation data is grouped by risk level:

• The mean time it takes the team to remediate findings (MTTR)
• The number of vulnerabilities remediated

Summary counts provide a more detailed overview of your current security posture, including risk level and status:

• Vulnerable assets
• Advisories
• CVEs

Lastly, policy information describes the measures you have in place to assess your environment:

• How your infrastructure is currently performing against your enabled policies
• The types of policies you've enabled

All combined, the space dashboard provides a holistic view of your security and compliance at a glance.

Query Tailscale networks with Mondoo​

Our new tailscale provider lets you query devices, users, DNS namespaces, and more information about a Tailscale network.

This example retrieves details on a single device:

tailscale.device: {
  id: "55161282215123456"
  isExternal: false
  os: "linux"
  created: 2022-06-25 12:34:34 -0700 PDT
  updateAvailable: true
  nodeKey: "nodekey:abc123"
  lastSeen: 2024-03-25 08:01:04 -0700 PDT
  user: "stella@lunalectric.com"
  hostname: "raspberrypi"
  clientVersion: "1.10.0-t766ae6c10-g3e6822772"
  authorized: true
  blocksIncomingConnections: false
  addresses: [
    0: "100.71.181.41"
    1: "abc1:abc1:a1e0:ab12:abc1:cd96:abc1:bf33"
  ]
  keyExpiryDisabled: true
  expires: 2022-08-02 18:55:39 -0700 PDT
  name: "raspberrypi.tail1a4a6.ts.net"
  machineKey: "mkey:abc123"
  tailnetLockKey: ""
  tailnetLockError: ""
}

Create workspaces with Terraform​

You can now use Terraform to automate creating Mondoo workspaces, thanks to the updated Mondoo Terraform provider. Learn more about the mondoo_workspace resource in the Mondoo Terraform provider documentation.

AWS RDS cluster support​

AWS account scans now include automatic discovery of RDS clusters. Cluster assets appear on the Assets page in a new RDS Clusters group. Each asset includes full inventory information.

More view options for asset lists​

We've updated the Assets page to make finding and selecting the assets you care about easier than ever. Improved search results show only the asset groups that include results. It's also now more clear when no assets match your search. New group and list icons let you switch between views: Organize by platform groups or display a single list so you can sort and select all assets in a group at once.

Risk factors on assets​

The detail page for an asset now shows any risk factors present on the asset, such as an end-of-life operating system or an incompletely removed package. Hover over a risk factor icon to see the risk factor.

Improved search experience​

We made loads of changes to all the different searches you perform in the Mondoo Console. These are a few examples:

• Application search results now include the risk rating.
• Asset search results now include the platform.
• You can now search for an advisory based on a corresponding CVE.
• We reduced false-positive results for CVE searches.
• You can now search for software based on a present CVE.

Improved layout of finding details on assets​

On the Checks tab of asset detail pages, we reorganized the information displayed about each policy check. It's easier than ever to find the remediation steps you need most.

Easier prioritization​

In a few different ways, we provided extra help prioritizing the assets and findings that most need your attention:

• In lists throughout the Mondoo Console, we display the assets or findings with the worst scores first.
• On dashboards and other pages, we display final scores that are adjusted per Mondoo's contextual risk factors (instead of just base scores).
• On dashboards and other pages, we consider risk factors when choosing the most important data to display.

Mondoo AWS security policy improvements​

The Mondoo AWS security policy now does an even better job of identifying misconfigurations and other issues in your AWS infrastructure:

• We expanded descriptions and remediation information to help you better understand the problem and the solution.
• We run checks on more (fine-grained) assets for better score visibility.
• We added checks for insecure security groups that allow remote access to systems (VNC/RDP).

Directly open individual PDF reports​

If you run a single report in Mondoo, there's no need to download a zip file and then extract the PDF; you can just open the PDF directly in your browser.

Improved risk factors and scoring​

We expanded and improved how Mondoo weighs risk factors to calculate a final risk score:

• We improved how we apply risk factors and your customized security model.
• Scoring now better prioritizes risks.
• We updated vulnerability risk factors to work on a wider range of Linux distributions.

Represent blast radius visually​

Blast radius icons now reflect the size of the blast radius.

Expanded Google Kubernetes support to include GKE 1.7​

Our CIS benchmark policies now include support for the latest Google Kubernetes Engine (GKE) version, 1.7.0. To see the newest CIS benchmarks for Kubernetes, go to the CIS website.

Resource updates​

azure.subscription.cloudDefenderService​

• New settingsMCAS, settingsWDATP, and settingsSentinel fields using the new azure.subscription.cloudDefenderService.settings resource

azure.subscription.cloudDefenderService.securityContact​

• Deprecate alertNotifications in favor of the new notificationSources field

azure.subscription.webService.appsite​

• New ftp and scm fields using the new azure.subscription.webService.appsite.basicPublishingCredentialsPolicies resource

gcp.project.gke.cluster​

• New releaseChannel field

microsoft​

• New users field using the new microsoft.users resource

• New roles field using the new microsoft.roles resource

microsoft.applications.length​

• Improve performance

microsoft.groups.length​

• Improve performance

sshd.config​

• New context field using the new file.context resource

🥳 Mondoo 11.41 is out! This release includes RDS cluster support, improved asset navigation, new resources, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🧹 IMPROVEMENTS​

AWS RDS Cluster support​

AWS account scans now include automatic discovery of RDS clusters. Cluster assets appear on the Assets page in a new RDS Clusters group and each asset includes full inventory information.

More view options for asset lists​

We've updated the Assets page to make finding and selecting the assets you care about easier than ever. Improved search results show just the asset groups that include results. A new empty state makes it more clear when no assets match your search. New group and list icons let you switch between views: organize by platform groups or display a single list so you can sort and select all assets of a certain asset group at once.

Resource updates​

azure.subscription.cloudDefenderService​

• New settingsMCAS, settingsWDATP, and settingsSentinel fields using the new azure.subscription.cloudDefenderService.settings resource

azure.subscription.cloudDefenderService.securityContact​

• Deprecate alertNotifications in favor of the new notificationSources field

azure.subscription.webService.appsite​

• New ftp and scm fields using the new azure.subscription.webService.appsite.basicPublishingCredentialsPolicies resource

microsoft​

• New users field using the new microsoft.users resource
• New roles field using the new microsoft.roles resource

sshd.config​

• New context field using the new file.context resource

🐛 BUG FIXES AND UPDATES​

• Prefer the --token command line flag over the GITHUB_TOKEN environmental variable when both are present.
• Display asset platforms in search results.
• Preselect ticket email recipient values when only a single option exists in the drop down menu.
• When a user selects "Create ticket," don't show the "All Assets" and "Selected Assets" options if there's only one asset.
• Don't show policies or checks counts on third-party integration pages.
• Show a friendly empty state when a filter on the Assets page returns no results.
• Don't show empty asset groups when filtering on the Assets page.
• Display a friendly error if an exception cannot be created.
• Don't require new users in a private instance to activate the region.
• Improve the reliability of AWS region fetching in low-privilege environments.
• Fix risk factors settings in the security model configuration not applying in some cases.
• Adjust score weighting for risk factors to better prioritize findings.
• Don't zip one-file PDF reports so users can open them directly in the browser.
• Improve the reliability of SBOM generation.
• Fix the namespace of PURLs on Red Hat Enterprise Linux systems.
• Improve the reliability of risk factor counts on finding pages.

🥳 Mondoo 11.40 is out! This release introduces imported security findings from SentinelOne and CrowdStrike!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

Import findings from SentinelOne and CrowdStrike Falcon​

Unify your security findings with Mondoo! Stop wasting your time compiling and comparing data from multiple security tools and reconciling duplicate findings. Mondoo can now import data from SentinelOne and CrowdStrike Falcon so you can more easily assess your overall security posture.

With these integrations, you can take advantage of Mondoo's security visualization, prioritization, and ticketing capabilities. Consolidating the data in Mondoo Platform lets you understand your biggest risks and make the most impactful changes.

Mondoo includes SentinelOne and CrowdStrike data alongside findings from Mondoo's own scans, and deduplicates so you don't have to.

You get the benefit of multiple tools—eliminating security gaps—without the management headache. Best of all, the Mondoo Console gives you a big-picture view of your entire attack surface.

🧹 IMPROVEMENTS​

Goodbye cases, hello tickets​

We love customer feedback and are grateful when we can make changes driven by our users. When we learned that the name of cases, our task tracking capability, wasn't clear to everyone, we acted. Cases are now Mondoo tickets.

Ticketing still has all the same capabilities that have made this feature a game-changer for so many of our customers: seamless integration with your external issue tracking platform, remediation details in the ticket, and a user experience that saves you countless hours of work. All we changed is what we call them!

Create workspaces with Terraform​

Automate the creation of workspaces with the updated Mondoo Terraform provider 0.23. Learn more about the mondoo_workspace resource in the Mondoo Terraform provider documentation.

Resource updates​

gcp.project.gke.cluster​

• New releaseChannel field

🐛 BUG FIXES AND UPDATES​

• Improve provider command-line help for gcp, k8s, network, os, terraform, vcd, vsphere.
• Fix incorrect detection of Python packages when common Python directories aren't present.
• Don't ignore the --regions flag when scanning using the aws provider.
• Fix GCP labels missing from asset search box filtering and workspaces setup.
• Handle permission denied messages when fetching the GCP resource's parent organization.
• Fix a panic during GKE discovery due to handling of threadsPerCore field on GKE project nodePool config.
• Fix failures in MQL using the .contains helper with dict type data.
• Improve readability of risk factor icons in some result tables.
• Only show failing priority findings on the spaces and workspaces page.
• Improve the reliability of risk factors application on findings.

🥳 Mondoo 11.39 is out! This release includes cases and search in workspaces, improved asset risk exposure, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

Create cases in workspaces​

Turn prioritized findings into action: You can now create a case from within a workspace. Track cases in the workspaces where you created them, or in the parent space for consolidated management.

Search for assets and findings in workspaces​

Quickly track down assets, CVEs, checks, or policies with the new global search within workspaces.

🧹 IMPROVEMENTS​

Risk insights on assets​

Quickly assess asset risks with the updated Risk Insights section, displaying total counts of high and critical findings and vulnerabilities. Click any section to drill down into particular findings to fix.

🐛 BUG FIXES AND UPDATES​

• Fix asset technology fields on VMware and OCI assets.
• Add OCI to the list of technology values available for workspace creation.
• Fix incorrect CVSS scores displayed in CVE page score boxes.
• Ensure that positive risk factors display in green.
• Display the save button on the security model settings tab even if the advanced settings aren't selected.
• Update the workspaces selection filtering to move "Kind" under infrastructure.
• Fix failures generating some exports.
• Support certificate-based authentication for the Microsoft Defender integration.
• Add the version number to the PCI DSS compliance framework to make it more clear which version is included.
• Fix the application of risk factors on Debian-based systems.
• Show correct timestamps for export and import integrations.
• Fix missing asset titles in space and organization search.
• Improve the display of Ansible-, Bash-, and PowerShell-based remediation steps for advisories.
• Improve calculation of asset risk scores.
• Display EPSS data for more CVEs.
• Fix missing advisory remediation information when using workspaces.

🥳 Mondoo 11.38 is out! This release includes improved workspaces filtering, new resources, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

Create workspaces based on asset technology​

Design your perfect workspace without all the clicking! Now Mondoo can dynamically include assets in (or exclude assets from) workspaces based on their general technologies, such as cloud families (AWS, Azure, GCP...) or functions (network, infrastructure as code, operating systems...). This lets you target assets in a general group without selecting each individual platform.

For example, previously to create a workspace made up of all your GCP assets, you individually specified 11 platforms: BigQuery Dataset, Compute Firewall, Compute Image, and so on. Now it's as easy as selecting one technology: GCP!

🧹 IMPROVEMENTS​

Quickly jump to integrations from an asset​

Quickly dive into integration configuration directly from scanned assets. A new link in each asset scan overview takes you to the integration that added the asset.

Resource updates​

microsoft.application​

Query Microsoft 365 applications by ID or name:

microsoft.application(id: "2efd0330-112c-4971-ab20-eaa54c.....") { * }
microsoft.application(name: "nametest") { * }

terraform.plan​

• New applyable field
• New errored field
• New variables field using the new terraform.plan.variable resource

🐛 BUG FIXES AND UPDATES​

• Include additional information on the query when cnquery or cnspec fails to compile a query.
• Display policy names in check exceptions.
• Display correct keyboard navigation tips in the workspaces asset selection filter menus.
• Improve rendering of the workspace asset selection process.
• Allow organization and space IDs to start with a number and be up to 50 characters long.
• Update the "Ensure that 'Java version' is currently supported" check in the CIS Azure Foundations policy to support LTS releases of Java 17 and 11.
• Stop the CIS GitLab Level 2 policy from applying to non-GitLab assets.
• Improve error messages when data export integrations fail.
• Ensure gcp.project.cloudRun.services fetches data from all available regions.
• Fix failures fetching the traffic field in the gcp.project.cloudRun.services resource.
• Improve the reliability of the CIS Azure Foundations policy's "Ensure IAM policies that allow full ":" administrative privileges are not attached" check.
• Improve rendering of remediation steps in the Mondoo AWS Security policy.
• Allow excluding users from the Mondoo Linux Security policy's "Ensure SSH Idle Timeout Interval is configured" check using a property.

🥳 Mondoo 11.37 is out! This release includes workspace creation from tags/labels and Mondoo annotations, plus a whole lot more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

Create workspaces from labels/tags and annotations​

Create the perfect workspace for exploring assets in your infrastructure with new filtering capabilities. Now you can create a workspace that includes or excludes all assets that match certain labels or tags, such as environment:production, or Mondoo annotations you set, such as priority:high.

Create a workspace of production cloud assets:

Create a workspace of assets you've annotated as high priority:

🧹 IMPROVEMENTS​

Quickly find integrations​

Find the right integration with less scrolling. The Add Integration page now supports search based on integration categories in addition to integration names.

Improved asset overview information​

Dive into asset configuration with new first and last scan time data. Plus, now you can easily copy asset information: When you hover over any value, you see the option to copy the data to your clipboard.

Resource updates​

aws.iam.instanceProfile​

• Deprecate createDate in favor of a new createdAt field

aws.iam.policy​

• Deprecate createDate in favor of a new createdAt field

aws.iam.policyversion​

• Deprecate createDate in favor of a new createdAt field

aws.iam.role​

• Deprecate createDate in favor of a new createdAt field

aws.iam.user​

• Deprecate createDate in favor of a new createdAt field

aws.iam.usercredentialreportentry​

• Deprecate createDate in favor of a new createdAt field

gcp.project.storageservice.bucket​

• New encryption field

macos.alf​

• Support macOS Sequoia (15) assets

🐛 BUG FIXES AND UPDATES​

• Categorize Nmap assets as "Domains and Hosts" on the Assets page.
• Fix an invalid reporting job error when running certain policies.
• Fix display of score boxes on CVE and Advisory pages.
• Show assets link on AWS integrations.
• Allow creating workspaces with the asset kind value of "Virtual Machine".
• Improve reliability of some CIS/BSI Windows policy checks on non-English systems.
• Improve fetching available AWS regions.
• Expand CVE and advisory detection on Windows 2025 hosts.
• Fix user check failures on Windows when a domain user has not locally logged in.
• Fix the risk rating order in the check overview tile on asset pages.
• Update the EOL date for Amazon Linux 2023 to the extended June 30th, 2029 date.
• Rework multiple checks in the CIS Azure Foundations policy to improve reliability and readability of output.
• Fix incorrect form validation when setting up the Microsoft Defender for Cloud integration.
• Improve links to documentation on integration pages.

🥳 Mondoo 11.36 is out! This release includes ad hoc risk prioritization with workspaces!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

Zero in on exactly the assets you need with workspaces​

Do you find yourself repeatedly searching for the same groups of assets? Do you wish you could see a subgroup of assets in your space to compare them or measure progress on a certain project? Or maybe some assets just get in the way of what you want to focus on right now? What you need are workspaces!

Workspaces are dynamic groups of assets in a space that you want to view and assess together. Unlike spaces, assets in a workspace are included based on queries. Best of all, an asset can be in as many workspaces as you want. Create a workspace that shows only assets with critical findings, another workspace that has all your Windows 2016 systems that still need to be upgraded, and another that includes all the systems owned by the front end team... whatever meets your specific business needs.

How might you use workspaces to solve problems?

Like many companies, Lunalectric has thousands of assets, but recently their CISO has been increasingly focused on their supply chain. To ensure GitHub and GitLab source code and CI/CD configuration meet best practices, let's create a workspace just for these SCM assets.

We create a single asset selection that includes the GitHub and GitLab platforms. Asset selections can match on asset name, kind, platform, platform version, and risk rating with more options coming soon. We can even add as many additional conditions to the selection as we want to create complex queries like Windows systems with a critical risk rating that aren't Windows 2022 and have the word "luna" in the asset name.

Once our workspace is created, we can find it by selecting Workspaces in the left navigation menu or choosing it from the new workspaces top navigation drop-down menu.

Once in our new SCM Assets workspace, the layout feels similar to the existing Lunalectric spaces, only more focused on understanding risks and exploring assets. Our workspaces dashboard shows just our GitLab and GitHub assets, including the top misconfigurations we should start tackling. We can dive into policies, checks, CVES, or advisories to see more details... all the while remaining tightly focused on the task at hand.

Even without diving deeper, the workspace dashboard's inventory overview is telling quite a story. GitLab assets are all passing checks, but GitHub assets, on the other hand, are all high risk.

Armed with this quick insight, we have the information we need to let our CISO know about the current SCM risk and develop a remediation plan to secure these critical assets.

To learn how you can use workspaces to better organize assets and expose risks, read Plan Your Mondoo Organization and Workspaces in the Mondoo documentation.

Quick access to reports​

Quickly access compliance reports by selecting Reporting in the left navigation menu. Looking for more reports? Stay tuned for more updates in upcoming releases. If you're looking for something in particular, let us know at product@mondoo.com!

🧹 IMPROVEMENTS​

Optionally follow HTTP -> HTTPS redirects​

You now have additional control over how Mondoo scans HTTP hosts in the host provider. By default cnquery and cnspec no longer follow redirects from HTTP to HTTPS endpoints, so you can now inspect your HTTP configurations when you choose. If you prefer to follow redirects, use the new --follow-redirects flag.

Without the redirect you can inspect the original page and headers:

$ cnquery shell host http://mondoo.com

cnquery> http.get
http.get: http.get url=url id = http://mondoo.com statusCode=301
cnquery> http.get.body
http.get.body: ""

With redirects specified, you can follow all redirects to the final page users would see:

$ cnquery shell host --follow-redirects http://mondoo.com

cnquery> http.get
http.get: http.get url=url id = http://mondoo.com statusCode=200
cnquery> http.get.body
http.get.body: "<!DOCTYPE html><!-- Last Published: Fri Jan 10 2025 00:09:49 GMT+0000 (Coordinated Universal Time) --><html..."

Resource updates​

azure.subscriptions.defenderForContainers​

• Expose Extensions values

azure.subscription.policy.assignment​

• New parameters field

fstab​

• Update options field to an array of options instead of a single string

k8s.node​

• New kubeletPort field
• New nodeInfo field
• New created field

microsoft.applications​

• Fetch all applications in large installations

Improved CIS benchmarks​

Sometimes the best changes are behind the scenes. This week we shipped all-new internal tooling to generate CIS benchmark policies in Mondoo Platform. These changes not only let us to bring you the latest and greatest policies more quickly in the future—they also enabled us to make a huge number of small improvements to existing policies:

• New checks that were previously marked as requiring manual user validation
• More clear and concise descriptions for each policy
• Expanded check descriptions, including rationale behind the security concerns
• New audit and remediation steps in many Linux distribution policies
• Simplified MQL queries to improve readability
• Additional platform version tags to improve searching for policies
• Improved policy search results when searching for platform versions

🐛 BUG FIXES AND UPDATES​

• Display CVEs for Fedora 41 assets.
• Fix a failure querying Microsoft 365 applications.
• Correct the remediation steps in the BSI 'Ensure SSH Idle Timeout Interval is configured' check.
• Add EOL dates for FreeBSD 14.2 and Alpine Linux 3.21.
• Correct the EOL date for FreeBSD 14.1.
• Update the Amazon Linux 2 EOL date, which has been extended to June 30, 2026.
• Support EBS volume scanning of instances with LVM partitions.
• Improve remediation step formatting in Mondoo VMware policies.
• Open check remediation links in a new window or tab.
• Fix an unknown-score-type error when comparing semver data in checks.
• Fix display of GitHub provider help.
• Don't reinstall some providers on each scan.
• Fix errors using the Cloudflare provider.
• Show the link to discovered assets on each integration page.
• Add detection of the upcoming M4 MacBook Air/Pro models to asset overview information.
• Add form validation to the Microsoft Defender for Cloud integration to ensure UIDs are correctly formatted.
• Display platform icon for Nmap assets in affected asset tables.
• Update Windows checks for the RestrictSendingNTLMTraffic registry entry to accept both Audit All and Deny All configurations.
• Add a missing permission to the automated CLI Azure setup.
• Show the platform in all cnspec scan results. Thanks for suggesting this, @DrackThor!

🥳 Mondoo 11.35 is out! This release includes Microsoft Defender for Cloud findings in Mondoo, Nmap scanning, performance improvements, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

Microsoft Defender for Cloud findings in Mondoo​

Mondoo now imports vulnerabilities discovered by Microsoft Defender for Cloud, so you can prioritize them alongside vulnerabilities discovered by Mondoo. Mondoo helps security teams quickly make sense of security findings regardless of where those findings originate, prioritize the most critical risks, and easily assign them to IT and DevOps with detailed remediation steps. This means that Mondoo significantly speeds up time to resolution and bolsters overall security posture.

Vulnerabilities discovered by Microsoft Defender for Cloud appear in the Mondoo console alongside those discovered by Mondoo’s own scans. Mondoo automatically enriches all vulnerabilities found by Microsoft Defender with additional risk data and remediation advice, and prioritizes them based on the actual risk posed in the environment.

Mondoo enriches the findings generated by Microsoft Defender for Cloud with severity, known exploit data, exploit prediction scoring, asset exposure, and business impact, to make sure your security teams are focused on resolving the most important problems.

Network security with Nmap scanning​

Nmap, short for Network Mapper, is a powerful and versatile open source tool used for network discovery and security auditing. Network administrators, security professionals, and penetration testers rely on Nmap to map out network structures, discover hosts, identify services, and detect vulnerabilities. Now you can integrate Nmap results with Mondoo findings using our new cnquery/cnspec Nmap provider.

Scan active IP address in a network:

nmap.network("192.168.178.0/24").hosts { name ports { * }  }
nmap.network.hosts: [
  0: {
    ports: [
      0: {
        service: "http"
        version: ""
        method: "probed"
        state: "open"
        protocol: "tcp"
        port: 443
        product: "FRITZ!Box http config"
      }
      1: {
        service: "sip"
        version: ""
        method: "probed"
        state: "open"
        protocol: "tcp"
        port: 5060
        product: "AVM FRITZ!OS SIP"
      }
    ]
    name: "192.168.178.1"
  }
  1: {
    ports: [
      0: {
        service: "rtsp"
        version: "770.8.1"
        method: "probed"
        state: "open"
        protocol: "tcp"
        port: 5000
        product: "AirTunes rtspd"
      }
      1: {
        service: "rtsp"
        version: "770.8.1"
        method: "probed"
        state: "open"
        protocol: "tcp"
        port: 7000
        product: "AirTunes rtspd"
      }
    ]
    name: "192.168.178.25"
  }
]

Scan a specific host IP:

nmap.network(target: "192.168.178.25").hosts { ports }
nmap.network.hosts: [
  0: {
    ports: [
      0: nmap.port port=5000 service="rtsp"
      1: nmap.port port=7000 service="rtsp"
    ]
  }
]

🧹 IMPROVEMENTS​

Performance improvements​

No one wants to wait so we made Mondoo faster than ever.

• 4x faster compliance report generation
• 7x faster asset discovery during large scans
• 20x faster GitHub repository discovery in large organizations
• Reduced GitHub API call usage during organization scans

New checks in Mondoo DNS Security​

The Mondoo DNS Security policy now includes full descriptions and impact scores for each check. There are also new checks to ensure DNSSEC is enabled and no DNS wildcard entries exist.

Display remediated asset count on CVEs​

It's important to observe not just the current state of CVEs, but also the work you've done to resolve them. Remediated counts on CVE and advisory pages provide the full scope of information.

Expanded Terraform Provider Mondoo resources​

You can automate more of your Mondoo Platform configuration than ever with new resources in the Terraform Provider Mondoo. Thanks for these great contributions @mati007thm!

• New mondoo_exception resource
• New mondoo_integration_email resource
• New mondoo_integration_gitlab resource
• New mondoo_integration_jira resource
• New mondoo_integration_msdefender resource
• New mondoo_integration_zendesk resource

Resource updates​

aws.cloudfront.function​

• Deprecate createdTime in favor of a new createdAt field

aws.dynamodb.table​

• Deprecate createdTime in favor of a new createdAt field

aws.elb.loadbalancer​

• Deprecate createdTime in favor of a new createdAt field

aws.rds.dbcluster​

• Deprecate createdTime in favor of a new createdAt field

aws.rds.dbinstance​

• Deprecate createdTime in favor of a new createdAt field

aws.s3.bucket​

• Deprecate createdTime in favor of a new createdAt field

github.organization​

• New totalPublicRepos field

🐛 BUG FIXES AND UPDATES​

• Fix affected assets lists not containing assets scanned by older custom policies.
• Fix failures in the files.find resource with container image scans.
• Improve display of VMware assets in the inventory overview.
• Simplify the asset print view headers.
• Rename "Sources" to "Learn More" on CVEs to better describe the purpose of the links.
• Fix policy check metrics when exceptions are set.
• Fix search for low security CVEs returning zero results in the vulnerability database.
• Update CIS NTLM checks to also accept the "Deny All" setting.
• Adjust scores in Windows policies to improve prioritization.
• Ensure Kubernetes assets always contain asset overview information.

🥳 Mondoo 11.34 is out! This release includes updated CIS macOS Sequoia benchmarks and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🧹 IMPROVEMENTS​

CIS macOS Sequoia benchmark 1.0​

Secure Apple's latest macOS release with an updated CIS benchmark. This policy has several new recommendations and improved queries compared to the preview release.

🐛 BUG FIXES AND UPDATES​

• Improve display of affected assets in the vulnerabilities overview page.
• Improve default values displayed for Cloudflare R2 buckets.
• Handle nil login values in the microsoft.user.auditlog resource.
• Add more detailed command line help for the GitLab provider.
• Fix failures with JSON exports if a duplicate key exists.
• Fix failures in the Mondoo Linux Security Policy's auditd checks when scanning Ubuntu or Debian systems.
• Fix failures running CIS VMware policy vulnerabilities checks.
• Fix some checks showing as passed when they have failed.
• Fix Kubernetes services displaying in multiple inventory page asset groups.
• Improve the output and reliability of CIS macOS benchmarks.
• Add descriptions, impacts, and remediation steps to each check in the Mondoo TLS Security policy.
• Add an icon for ticket systems on the add integrations page.
• Fix display of the last successful integration time.

🥳 Mondoo 11.33 is out! This release includes Cloudflare asset inventory, expanded Entra ID inspection, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

Explore Cloudflare services​

Dive deep into your Cloudflare infrastructure with a new Cloudflare provider for cnquery/cnspec. Use this provider to gather information on key Cloudflare services:

• Accounts
• Zones
• DNS records
• R2
• Zero Trust apps
• Streams
• Videos
• Workers
• Pages

This example queries DNS zones:

cnquery run cloudflare -c "cloudflare.zones[1] { name dns { * } }"
cloudflare.zones[1]: {
  name: "lunalectric.com"
  dns: {
    records: [
      0: cloudflare.dns.record type="A" content="164.90.210.141" name="api.lunalectric.com"
      1: cloudflare.dns.record type="A" content="142.93.110.9" name="console.lunalectric.com"
      3: cloudflare.dns.record type="CNAME" content="console.lunalectric.com-pages.pages.dev" name="prod.lunalectric.com"
      7: cloudflare.dns.record type="MX" content="mail.protonmail.com" name="lunalectric.com"
      9: cloudflare.dns.record type="TXT" content="v=DMARC1; p=none; rua=mailto:e60948910ee34fe61be5a6bf2c3fb@dmarc-reports.cloudflare.net,mailto:dmark@lunalectric.com" name="_dmarc.lunalectric.com"
      11: cloudflare.dns.record type="AAAA" content="100::" name="meet.lunalectric.com"
    ]
  }
}

🧹 IMPROVEMENTS​

Resource updates​

aws.ecr.image​

• New lastRecordedPullTime field
• New pushedAt field
• New sizeInBytes field

microsoft.user​

• New creationType field
• New identities field using the new microsoft.user.identity resource
• New auditlog field using the new microsoft.user.auditlog resource

🐛 BUG FIXES AND UPDATES​

• Improve default output of the github.repository.adminCollaborators resource.
• Improve default output of the github.organization.packages resource.
• Fix macOS process resource executable values to align with the output from Linux systems.
• Add the EOL date for Fedora 41 and update dates for 40 and 39 to match the latest published information from the Fedora Project.
• Improve cleanup of inactive assets in large organizations.
• Fix missing compliance check mappings for some frameworks.
• Add the missing query Ensure permissions on /etc/group.old are configured to the CIS SUSE Linux Enterprise 11 Benchmark policy.
• Improve the reliability of aggregate score generation on dashboards.
• Add two checks to the CIS VMware ESXi 6.7 and 7.0 Benchmark policies:
  • Ensure port-level configuration overrides are disabled
  • Ensure Virtual Distributed Switch NetFlow traffic is sent to an authorized collector
• Add an asset group for Kubernetes Namespace assets.