Skip to main content

Mondoo 11.28 is out!

ยท 3 min read
Tim Smith
Tim Smith
Mondoo Core Team
Charles Johnson
Charles Johnson
Mondoo Core Team

๐Ÿฅณ Mondoo 11.28 is out! This release includes Azure DevOps ticketing, policy scoring configuration, updated policies, and more!โ€‹

Get this release: Installation Docs | Package Downloads | Docker Container


๐ŸŽ‰ NEW FEATURESโ€‹

Create Azure DevOps issues from Mondooโ€‹

Mondoo now supports creating remediation tickets in Azure DevOps. This option joins our existing support for ticketing with Jira, Zendesk, GitHub, GitLab, and email.

Mondoo can create tickets in these external systems and update them as it detects changes. When all the findings are remediated, Mondoo can automatically close tickets. When previously resolved findings regress, Mondoo can automatically open new cases to track remediation.

Cases in Azure DevOps

Policy scoring weight configurationโ€‹

Configure how Mondoo scores your policies with a newly redesigned policy page. The new page makes it easier to enable or disable a policy, share that policy with colleagues, and now to modify how that policy is scored. Select the scale icon from the top of any policy page to display five new scoring options.

Scoring

Learn more about scoring systems in the Mondoo documentation.

๐Ÿงน IMPROVEMENTSโ€‹

Updated CIS Windows benchmark policiesโ€‹

Secure critical Windows servers with the latest CIS recommendations for Windows 2016 and 2019:

  • CIS Windows Server 2016 benchmark 3.0.0
  • CIS Windows Server 2019 benchmark 3.0.1

Creation and scan details for integrationsโ€‹

Integration detail pages now expose creation and scan information to help with understand and troubleshooting integrations

  • Creation date
  • Last modification date
  • Last successful scan date
  • Last attempted scan date

Integration details

Fedora 41 supportโ€‹

Mondoo now detects Fedora 41 servers, workstations, and containers including EOL and package CVE support.

Simplified policy property editingโ€‹

You can now modify policy property values directly on the policies page at Security -> Policies, making it easier to customize policies to your needs.

Editing properties

Resource updatesโ€‹

assetโ€‹

  • New purl field

aws.ec2.instanceโ€‹

  • New iamInstanceProfile field using the new aws.iam.instanceProfile resource

aws.iamโ€‹

  • New instanceProfiles field using the new aws.iam.instanceProfile resource

๐Ÿ› BUG FIXES AND UPDATESโ€‹

  • Fix formatting on sample commands in the workstation integration setup page.
  • Detect CVEs on recent VMware vCenter releases.
  • Improve password expiration checks in Windows policies.
  • Fix a failure loading the AWS integration details page with certain configuration options enabled.
  • Identify new M4 iMacs in the asset overview.
  • Improve the icon for uploading custom frameworks, policies, and query packs.
  • Fix package detection on the latest releases of openSUSE/SLES.
  • Use the asset name defined in inventory files when scanning assets over SSH.
  • Fix command line help for the Azure provider not showing all available flags.
  • Fix a failure scanning Microsoft 365.
  • Fix some AWS resources not fetching tags properly.
  • Don't show the filter search bar on the Policies page when there are no enabled policies.

Mondoo 11.27 is out!

ยท 3 min read
Tim Smith
Tim Smith
Mondoo Core Team

๐Ÿฅณ Mondoo 11.27 is out! This release includes simplified policy management, Shodan scanning, and more!โ€‹

Get this release: Installation Docs | Package Downloads | Docker Container


๐ŸŽ‰ NEW FEATURESโ€‹

Simplified policy and query pack managementโ€‹

Say goodbye to the Registry and hello to simplified policy management and insights. A more intuitable organization puts the content you need at your fingertips:

  • All the tasks you perform with policies are now accessible under Security.

  • All the tasks you perform with query packs are now accessible under Inventory.

  • All the tasks you perform with frameworks are now accessible under Compliance.

Content in nav bar

We listened to your feedback and made it easier to see what content is enabled and to enable or disable those policies, query packs, and frameworks. Customization is within closer reach with improved management of custom content and configuration of scoring vs. preview policies.

Simpler policy enablement

Understand external exposure with continuous Shodan scansโ€‹

Gain visibility into your infrastructure's external exposure with continuous Shodan scanning. Our new Shodan integration allows you to automatically monitor domains, IPs, and even entire IP blocks for external risk.

Shodan Integration

Paired with our new Shodan Security policy and query pack, this scanning provides critical insights into what attackers know about your systems. Now you can prioritize essential fixes effectively.

Shodan Asset

Search available integrationsโ€‹

Quickly find the exact integration you're looking for with search on the integrations page.

Integration search

๐Ÿงน IMPROVEMENTSโ€‹

Support non-ASCII characters in space and organization namesโ€‹

We got a bit wrapped up in 'Merica and tossed a few too many bald eagles on the space and organization creation pages. The eagles have been relocated and now customers across the globe can safely create spaces and organizations with all your favorite non-ASCII characters.

Updated CIS VMware benchmark policiesโ€‹

Secure your critical VMware infrastructure with the latest recommendations from The Center for Internet Security (CIS):

  • CIS VMware ESXi 6.7 Benchmark v1.4.0
  • CIS VMware ESXi 7.0 Benchmark v1.4.0
  • CIS VMware ESXi 8.0 Benchmark v1.1.0

๐Ÿ› BUG FIXES AND UPDATESโ€‹

  • Improve email address validation in integration setup pages.
  • Add GitHub token validation to GitHub integrations.
  • Update GitHub integration setup instructions to better clarify required vs. optional fields.
  • Fix rendering of dividers on integration status pages.
  • Fix display of Windows setup commands on the workstation integration page.
  • Improve the display of policies with multiple authors.
  • Improve the alignment and display of risk factor icons on vulnerability, advisory, and check pages.
  • Show larger descriptions by default on advisory and CVE pages.
  • Improve the layout of EC2 filtering options in the AWS serverless integration setup.
  • Improve alignment of text in affected asset, top vulnerabilities, and top security findings tables.
  • Fix application of some policies on Terraform assets.
  • Identify the new 14" MacBook Pro M4 in the asset overview.
  • Improve the reliability of queries in the Mondoo Microsoft Azure Security policy.
  • Fix a failure to load some older AWS serverless integrations.
  • Fix a failure scanning in the ms365.exchangeonline.reportSubmissionPolicy resource.
  • Expose additional labels on Amazon ECS containers.
  • Support scanning Shodan assets using an inventory file.
  • Improve command line help for Snowflake and Slack.
  • Display the cnspec version used to scan hosted integration assets in the asset configuration.

Mondoo 11.26 is out!

ยท 3 min read
Tim Smith
Tim Smith
Mondoo Core Team

๐Ÿฅณ Mondoo 11.26 is out! This release includes new AWS scan filtering options, custom fields in Zendesk cases, and more!โ€‹

Get this release: Installation Docs | Package Downloads | Docker Container


๐ŸŽ‰ NEW FEATURESโ€‹

AWS resource scan filteringโ€‹

Pick and choose the exact AWS resources that Mondoo evaluates with new scan filtering.

The AWS serverless integration now includes the ability to define AWS resources to scan with region-, instance-, and tag-based include and exclude filters. Scan just a single region or exclude resources using owner tags.

AWS resource filtering

For CLI users, now you can specify a comma-separated list of tag values with the --filters flag.

To include only EC2 instances with the "Owner" tag of "backend", "frontend", or "dba":

--filters ec2:tag:Owner=backend,frontend,dba

To exclude EC2 instances with the "Owner" tag of "qa" and "dev":

--filters exclude:ec2:tag:Owner=qa,dev

Custom fields for Zendesk casesโ€‹

Improve the routing of cases generated in Zendesk with new globally set custom fields.

Custom fields for Zendesk

๐Ÿงน IMPROVEMENTSโ€‹

Improved policy risk displayโ€‹

Understand the risk scores distribution of policies across assets in your spaces with improved asset scan results on the security policies page.

Risk score distribution

Ubuntu 24.10 platform supportโ€‹

Secure workstations running the latest release of Ubuntu with full Ubuntu 24.10 support including Linux security policies, vulnerability detection, and EOL support.

๐Ÿ› BUG FIXES AND UPDATESโ€‹

  • Fix errors on the Software page versions graph if all risk severities are unchecked.
  • Add a creation date column to ticketing integration lists.
  • Don't display "Last scanned" on ticketing integration pages.
  • Don't display the "Schedule Now" button on ticketing integration pages.
  • Don't include the "Pause Scanning" menu option on ticketing integration pages.
  • Improve display of affected assets on advisories, CVEs, and checks pages.
  • Fix flickering of text fields on integration setup pages.
  • Improve rendering of manual setup instructions on the Workstation integration setup page.
  • Don't show base scores in the score summaries of CVEs or Advisories.
  • Fix incorrect rendering of some tool tips on overview pages.
  • Improve rendering of compliance progress bars at 0% progress.
  • Improve reliability of advisories and MTTR values on the vulnerabilities overview page.
  • Improve readability of markdown generated by cases.
  • Expand and improve help in cnquery and cnspec.
  • Properly parse command line flags containing double hyphens (--).
  • Improve performance loading asset checks.

Mondoo 11.25 is out!

ยท 2 min read
Tim Smith
Tim Smith
Mondoo Core Team

๐Ÿฅณ Mondoo 11.25 is out! This release includes expanded platform and AWS region support, updated Ubuntu 22.04 CIS policies, and more!โ€‹

Get this release: Installation Docs | Package Downloads | Docker Container


๐Ÿงน IMPROVEMENTSโ€‹

Updated CIS Ubuntu 22.04 benchmark policyโ€‹

Secure critical Ubuntu 22.04 systems with the latest CIS Ubuntu benchmark version 2.0 policy. This updated policy includes 488 changes including dozens of all-new checks to keep your systems secure against the latest threats.

Expanded AWS serverless integration region supportโ€‹

The Mondoo AWS serverless integration has always supported scanning your AWS resources in any region. Now you have additional options for where the scanner itself runs. Mondoo now supports installing the integration into the following new regions:

  • ca-central-1
  • eu-north-1
  • eu-west-2
  • eu-west-3
  • ap-south-1

Expanded platform supportโ€‹

Ensure systems are supported and secured with expanded vulnerability and end of life detection:

  • Windows 11 24H2
  • Google COS 117
  • macOS Monterey (12)

View exception count on check pagesโ€‹

Exception counts on individual check pages let you quickly see how many exceptions are set for an individual check.

Exceptions summary information

๐Ÿ› BUG FIXES AND UPDATESโ€‹

  • Improve score accuracy for CVEs and checks.
  • Open links from the AWS integration page in new tabs.
  • Improve form validation and formatting in the AWS integration setup form.
  • Fix incorrectly clipped log messages in the AWS integration page.
  • Make single account installs the default option during AWS serverless integration setup.
  • Improve auditd checks in CIS Linux benchmark policies to better support container image and filesystem snapshot scans.
  • Redirect to the spaces list page after deleting a space.
  • Support sending very large scan results to Mondoo Platform.
  • Fix returning an incorrect platform family for Dockerfiles.
  • Improve scan reliability in the AWS serverless integration.
  • Expand and improve help in cnquery and cnspec.
  • Update CIS Google Cloud Foundations policy to version 3.0 to match the check content.

Mondoo 11.24 is out!

ยท 2 min read
Tim Smith
Tim Smith
Mondoo Core Team

๐Ÿฅณ Mondoo 11.24 is out! This release includes an all-new AWS serverless integration, macOS Sequoia support, and more!โ€‹

Get this release: Installation Docs | Package Downloads | Docker Container


๐ŸŽ‰ NEW FEATURESโ€‹

All-new AWS serverless integration experienceโ€‹

Over the past few months, our engineers have been hard at work on a complete rewrite of our AWS serverless integration. This new release builds on our previous design and incorporates valuable insights we've gained from securing AWS accounts at scale. What can you expect from this new release?

  • Enhanced security - Our new design drastically reduces the number of privileges required to run in your environment so you can gather critical security insights without introducing new risks to your business.
  • Expanded scalability - From the smallest dev account to enterprise-sized production accounts, Mondoo has you covered.
  • Granular results - Our new approach to scanning provides resource-level granularity in more situations, giving you enhanced visibility into critical risks to your business.

AWS Serverless integration status page

macOS Sequoia supportโ€‹

Is your team eager to upgrade to the latest macOS Sequoia release? Now you can keep your bleeding edge users happy and secure with Mondoo! With tested packages, EOL detection support, and new CIS benchmarks, you'll be ready to tackle early adopters on day one. For users still running Sonoma (14) or Ventura (13), updated CIS benchmark policies offer new and improved security recommendations.

๐Ÿงน IMPROVEMENTSโ€‹

Resource updatesโ€‹

microsoft.policiesโ€‹

  • New consentPolicySettings field

๐Ÿ› BUG FIXES AND UPDATESโ€‹

  • Improve the setting descriptions on the user settings page.
  • Fix formatting errors on Linux integration code blocks.
  • Fix false positive error messages when scanning GitHub repositories and organizations.
  • Improve Windows event log entries from the Mondoo service.
  • Improve resiliency of Windows system information gathering.
  • Add the Shodan logo to Shodan policies.
  • Improve reliability of CVE risk scores.
  • Fix missing Red Hat advisories for legacy releases.

Mondoo 11.23 is out!

ยท 3 min read
Tim Smith
Tim Smith
Mondoo Core Team
Charles Johnson
Charles Johnson
Mondoo Core Team

๐Ÿฅณ Mondoo 11.23 is out! This release includes automatic drift detection, GitHub and GitLab ticketing support, improved asset tables, and more!โ€‹

Get this release: Installation Docs | Package Downloads | Docker Container


๐ŸŽ‰ NEW FEATURESโ€‹

Added features in casesโ€‹

This release further expands the capabilities of cases, Mondoo's feature for tracking remediation work. Cases let you turn security findings into tasks that automatically export to your existing project management or ticket system. That way, you can track and resolve Mondoo findings in your regular workflow.

New support for GitHub Issues, GitLab Issues, and email ticketingโ€‹

Mondoo now supports creating tickets in GitHub Issues and GitLab Issues, and can also send ticket notifications via email. These options join our existing support for ticketing with Jira and Zendesk.

Create cases automatically on asset driftโ€‹

When scans go from passing to failing, you want to know quickly. Now when an asset fails a check or vulnerability scan that it previously passed, Mondoo creates a case and shares it with your ticket system so you can respond rapidly. Mondoo can even group similar drift findings in a single case.

Case Details Page

New CIS Ubuntu 24.04 benchmark policyโ€‹

Secure your Ubuntu 24.04 servers and containers with the brand new CIS Ubuntu 24.04 level 1 & 2 benchmarks. These policies include 295 total checks to secure your critical Ubuntu systems.

๐Ÿงน IMPROVEMENTSโ€‹

Updated CIS Azure Foundations 3.0 benchmark policyโ€‹

Evaluate your Azure subscriptions against the latest CIS recommendations with the updated CIS Azure Foundations benchmark version 3.0. This updated policy includes 15 all-new checks as well as 69 updated checks.

Improved asset view in policiesโ€‹

Out with the old and in with the new: Now you can view risk scores, risk factors, and last updated times for assets directly from the policy pages.

Policy Assets Table

Shodan host asset overviewโ€‹

Shodan host scans are now included in the "Domains and Hosts" inventory group and include helpful configuration summary information on their asset pages.

Shodan Configuration Data

Resource updatesโ€‹

github.repositoryโ€‹

  • New codeOfConductFile field
  • New supportFile field
  • New securityFile field

github.fileโ€‹

  • New exists field

microsoft.conditionalAccessโ€‹

  • New resource with namedLocations field

microsoft.conditionalAccess.ipNamedLocationโ€‹

  • New resource with name and trusted fields

azure.subscription.networkservice.applicationGatewayโ€‹

  • New wafConfiguration field using the new azure.subscription.networkService.wafConfig resource

azure.subscription.webService.appsiteโ€‹

  • New functions field using the new azure.subscription.webService.function resource

๐Ÿ› BUG FIXES AND UPDATESโ€‹

  • Improve the performance of EC2 instance discovery.
  • Fix tag filtering in the AWS provider.
  • Avoid errors in the AWS Elasticsearch, SageMaker, and SNS resources when nil values are returned.
  • Ensure that the AWS KMS resource returns all keys.
  • Improve performance of data exports.
  • Improve performance loading vulnerability data.
  • Show risk scores for each CVE displayed on advisory pages.
  • Improve asset category names in the inventory page.
  • Improve performance of checks in the CIS GitHub benchmark policy.
  • Improve the overall reliability of multiple checks in CIS Linux benchmarks.
  • Fix invalid Kubernetes operator installation code in the Kubernetes integration.
  • Improve reliability of inactive asset cleanup in large spaces.
  • Fix some Red Hat advisories with CVSS v3 data incorrectly identifying as CVSS v2 format.
  • Improve the display of data query results in command line scans.
  • Improve cnspec logging when running as a service.
  • When searching for spaces, show the name not the ID.

Mondoo 11.22 is out!

ยท 3 min read
Tim Smith
Tim Smith
Mondoo Core Team
Charles Johnson
Charles Johnson
Mondoo Core Team

๐Ÿฅณ Mondoo 11.22 is out! This release includes the new case overview, Zendesk ticket support, a Microsoft Entra ID security policy, and more!โ€‹

Get this release: Installation Docs | Package Downloads | Docker Container


๐ŸŽ‰ NEW FEATURESโ€‹

Cases and ticket system integrations!โ€‹

Case Overview

Mondoo users can now group security findings into cases and assign those cases to external ticket systems for efficient tracking and resolution. Cases ship today with out-of-the-box support for Jira and Zendesk, with more to come.

Case Create Modal

Key highlights:

  • Group findings into cases for better organization and management.
  • Delegate cases to external teams using your existing ticketing systems.
  • Automatically update issues as your team remediates findings, ensuring real-time progress tracking.
  • Auto-close cases and corresponding tickets when all findings within a case are resolved.

A Jira ticket created by Mondoo

This feature enhances collaboration and simplifies the remediation process, helping teams stay focused on securing your environment.

Microsoft Entra ID policyโ€‹

Secure your Microsoft Entra ID (previously Active Directory) with our new Mondoo Microsoft Entra ID Security policy. This policy includes essential checks to keep your directory data secure.

๐Ÿงน IMPROVEMENTSโ€‹

New checks in the CIS Azure Foundations benchmark policyโ€‹

Harden your Microsoft Azure subscriptions with expanded checks in the CIS Azure Foundations Benchmark policy. This policy now ensures that Azure Key Vault rotation is configured and AppService HTTP logs are enabled.

๐Ÿ› BUG FIXES AND UPDATESโ€‹

  • Improve rendering of complex remediation text in CIS policies.
  • Fix the alignment of the Start Scanning and Browse Integration buttons in new spaces.
  • Improve handling of SMBIOS data on Windows to prevent errors displaying in the asset overview.
  • Fix failures to scan more than 100 S3 buckets at a time.
  • Resolve an AWS serverless integration error shown in the console integration details page.
  • Improve the rendering of some CVE descriptions.
  • Update AWS policies to use the latest RDS MQL resources.
  • Install cnspec from install.mondoo.com instead of mondoo.com during Azure VM scans.
  • Fix false negatives when checking bootloader config on Linux distributions based on RHEL 9.
  • Skip GDM and firewalld checks when those packages aren't installed on Linux distributions based on RHEL 9.
  • Fix policy pages in the registry to display all checks when policies include duplicate check names.
  • Don't include asset, policies, or checks counts in ticket system integration pages.
  • Improve consistency of letter score calculations.
  • Add EOL detection support for FreeBSD 13.4.
  • Fix auto-closing of Jira tickets when all Mondoo assets have been deleted.

Mondoo 11.21 is out!

ยท 2 min read
Tim Smith
Tim Smith
Mondoo Core Team

๐Ÿฅณ Mondoo 11.21 is out! This release includes improved vulnerability views, policy and resource additions, and more!โ€‹

Get this release: Installation Docs | Package Downloads | Docker Container


๐Ÿงน IMPROVEMENTSโ€‹

Risk summaries for softwareโ€‹

Quickly understand the risk of software versions deployed throughout your infrastructure with new risk summary boxes on software pages. The risk, CVSS score, EPSS score, risk factors, and blast radius help you make informed decisions when it comes to prioritizing software updates in your infrastructure.

Related Advisories on a CVE page

Discover advisories for CVEsโ€‹

CVE pages now show whether the CVE has a related advisory. Now you can dive deeper into specific vendor recommendations when evaluating the impact of CVEs on your infrastructure.

Related Advisories on a CVE page

New checks in the CIS Azure Foundations benchmark policyโ€‹

Harden your Microsoft Azure subscriptions with expanded checks in the CIS Azure Foundations Benchmark policy. This policy now ensures that guest users in Entra ID are further restricted and that storage accounts have logging.

Resource updatesโ€‹

azure.subscription.keyVaultService.vaultโ€‹

  • New autorotation field using the new azure.subscription.keyVaultService.key.autorotation resource

๐Ÿ› BUG FIXES AND UPDATESโ€‹

  • Truncate long control names in compliance report filenames.
  • Rename the TLS/SSL Security policy to Mondoo TLS/SSL Security to match other Mondoo policies.
  • Fix asset search at the organization level not returning results.
  • Improve colorblind mode display.
  • Show space names instead of space IDs in organization-level search results.
  • Add EOL detection for FreeBSD 13.2 and 14.1.
  • Update EOL dates for AlmaLinux 8 and Ubuntu 24.04 to match the latest vendor dates.
  • Fix false positive CVEs in packages on Red Hat Enterprise Linux and UBI container images.
  • Fix MRNs displaying in top security findings list instead of names.
  • Provide a helpful error message if the cnquery/cnspec GCP provider fails to authenticate with Google Cloud.
  • Fix mapping of checks to compliance frameworks when a policy includes variants.
  • Update integration setup flow to mention both recommended query packs and policies.
  • Show an unknown risk score when no risk is known for a CVE or advisory.
  • Don't show findings with a blast radius of 0 in the top security findings list.
  • Ensure the vulnerabilities page lists only CVEs that impact the space.
  • Improve rendering of risk rank numbers above 999.

Mondoo 11.20 is out!

ยท 2 min read
Tim Smith
Tim Smith
Mondoo Core Team

๐Ÿฅณ Mondoo 11.20 is out! This release includes improved display of compliance evidence, expanded resources, and more!โ€‹

Get this release: Installation Docs | Package Downloads | Docker Container


๐Ÿงน IMPROVEMENTSโ€‹

Quickly review compliance evidenceโ€‹

View compliance evidence gathered by Mondoo without leaving Compliance Hub. Now Compliance Hub query pages show evidence for each scanned asset right on the page, so you can quickly review evidence without individually opening each asset.

Compliance Hub evidence

Resource updatesโ€‹

atlassian.jira.issueโ€‹

  • New projectKey field
  • New creator field
  • New typeName field

azure.subscriptionโ€‹

  • New iot field using new azure.subscription.iotService resource

azure.subscription.webService.appsiteโ€‹

  • New diagnosticSettings field

๐Ÿ› BUG FIXES AND UPDATESโ€‹

  • Improve detection of Terraform files within GitHub repositories.
  • Improve grouping of IaC assets in the inventory view.
  • Fix mismatching checks scores been the asset page and the individual check pages.
  • Improve error reporting if export integrations fail.
  • Simplify workstation setup options on the integrations page.
  • Ensure all CIS policies include a description in the registry.
  • Fix failures uploading custom compliance frameworks.
  • Fix a failure to load check scores on CVE pages.
  • Update the background color of the CVE and advisory page score depending on the risk score.
  • Improve query reliability in the CIS Azure Foundations benchmark policies.
  • Fix a failure in Snowflake exports.

Mondoo 11.19 is out!

ยท 3 min read
Tim Smith
Tim Smith
Mondoo Core Team

๐Ÿฅณ Mondoo 11.19 is out! This release includes a new Shodan security policy, updates to existing security policies, and more!โ€‹

Get this release: Installation Docs | Package Downloads | Docker Container


๐ŸŽ‰ NEW FEATURESโ€‹

New Mondoo Shodan Security policyโ€‹

Secure critical, public-facing domains and IP addresses with the new Mondoo Shodan Security policy. It includes checks to identify open ports and vulnerabilities as reported by the Shodan network scanning service.

Shodan policy

๐Ÿงน IMPROVEMENTSโ€‹

Risk summaries for vendor advisoriesโ€‹

Better understand the criticality of vendor advisories with new score summaries. Advisories now include an overall risk score, taking into account blast radius and Mondoo-identified risk factors.

Vendor Advisory summary

Vulnerability detection on Windows Enterprise multi-sessionโ€‹

Mondoo now includes vulnerability detection on Windows 10/11 Enterprise multi-session editions.

Compliance data in exportsโ€‹

Data exports now include compliance control references, so you can feed compliance evidence collected by Mondoo into external data analytics systems.

Expanded security policiesโ€‹

Secure your ever growing fleet of assets with new and expanded policies:

  • Mondoo HTTP Security policy now includes checks to ensure Server, X-AspNetMvc-Version, X-AspNet-Version, X-Powered-By, and Public-Key-Pins HTTP headers are not set.
  • CIS Azure Foundations benchmark policy includes 8 new checks as well as filter and query improvements.
  • Mondoo Endpoint Detection and Response (EDR) policy now includes support for Cortex XDR.
  • AWS Operational Best Practices policy includes improved S3 bucket permission checks.

New console audit eventsโ€‹

Keep tabs on changes made to your Mondoo organization and spaces with improved audit logging. New events recorded in the Mondoo Console audit log include:

  • Policies or frameworks enabled
  • Policies or frameworks disabled
  • Policies or frameworks put in preview
  • Risk factor configuration changes
  • Integrations created
  • Integrations deleted
  • Space settings modified
  • Registration tokens created
  • API tokens created
  • Compliance reports generated
  • Custom policy or framework uploads

Expanded query packsโ€‹

Collect important asset inventory data with new and expanded query packs:

  • macOS Inventory Pack now collects system extensions information.
  • Shodan inventory pack now collects DNS NS records, subdomains, and domain tag information.
  • There's a new Event Log Collector for NTLMv1 query pack.
  • We added the Event Log Collector for SMBv1 query pack.

Resource updatesโ€‹

github.commitโ€‹

  • New authoredDate field
  • New committedDate field

๐Ÿ› BUG FIXES AND UPDATESโ€‹

  • Add custom icons in the registry for AlmaLinux, BSI, Oracle Linux, Rocky Linux, and Arista.
  • Improve the consistency of table score headings throughout the console.
  • Improve descriptions in multiple CIS benchmark policies.
  • Improve handling of expired registration tokens in cnquery and cnspec.