Mondoo 11.18 is out!

🥳 Mondoo 11.18 is out! This release includes expanded security policies, Compliance Hub improvements, piles of new resources, and more!

Get this release: Installation Docs | Package Downloads | Docker Container

---

🎉 NEW FEATURES

New policies for detecting NTLMv1 and SMBv1

Secure your Windows infrastructure against vulnerable legacy Microsoft file sharing and authentications protocols with the new Mondoo NTLMv1 Audit policy and Mondoo SMBv1 Audit policy. These policies, co-developed with the wonderful engineers at SVA, ensure you're using only modern and secure file sharing and authentication methods.

🧹 IMPROVEMENTS

Space sunburst chart improvements

Quickly understand where security problems lie with improvements to the sunburst charts on the space overview page. The sunburst now groups IaC, network, and SaaS assets to quickly expose hot spots in your security posture. Dive deeper into each category with improved asset placement, so you can track down problematic services.

Deeper AWS serverless integration scans

When a default VPC is in place, the Mondoo AWS serverless integration now produces deeper security scans that include:

• Individual assets for common AWS resources

• Improved query outputs

Use these improved scan results to navigate security issues in organization and space dashboards and to set granular exceptions on individual resources.

Improved Compliance Hub look and feel

A refreshed Compliance Hub UI makes it easier to track your audit progress. Simplified progress bars show completion status. We also replaced the check distribution graph with intuitable icons for each exception state.

Cover letters in compliance reports

Inform your auditor about Mondoo with a new Mondoo introduction PDF included in each compliance report. The letter explains who we are and how we collect evidence, and lets them know how to contact us if they have questions.

Expanded CIS Azure Foundations policy

Expand your Azure security insights with our newly expanded CIS Azure Foundations benchmark. The policy includes dozens of new checks for securing IAM, database, storage, secrets, and directory services.

Resource updates

azure.subscription

• New policy field using the new azure.subscription.policy resource
• New iam field that deprecates the authorization field

azure.subscription.authorizationService

• New roleAssignments field using the new azure.subscription.authorizationService.roleAssignment resource
• New managedIdentities field using the new azure.subscription.managedIdentity resource

azure.subscription.authorizationservice.roledefinition

• New type field that deprecates the isCustom field

azure.subscription.cloudDefenderService

• New defenderForAppServices field
• New defenderForSqlServersOnMachines field
• New defenderForSqlDatabases field
• New defenderForOpenSourceDatabases field
• New defenderForCosmosDb field
• New defenderForStorageAccounts field
• New defenderForKeyVaults field
• New defenderForResourceManager field

azure.subscription.postgreSql.FlexibleServers

• Return all servers in the subscription

microsoft

• The organizations field is now deprecated. Use microsoft.tenant instead.

microsoft.application

• New api field
• New applicationTemplateId field
• New certification field
• New defaultRedirectUri field
• New disabledByMicrosoftStatus field
• New groupMembershipClaims field
• New isDeviceOnlyAuthSupported field
• New isFallbackPublicClient field
• New nativeAuthenticationApisEnabled field
• New optionalClaims field
• New parentalControlSettings field
• New publicClient field
• New requestSignatureVerification field
• New samlMetadataUrl field
• New serviceManagementReference field
• New servicePrincipal field
• New servicePrincipalLockConfiguration field
• New spa field
• New tokenEncryptionKeyId field
• New web field
• New appRoles field using the new microsoft.application.role field

microsoft.roles

• New resource that replaces microsoft.rolemanagement

microsoft.serviceprincipal

• New appId field
• New applicationTemplateId field
• New appOwnerOrganizationId field
• New appRoleAssignmentRequired field
• New description field
• New isFirstParty field
• New loginUrl field
• New logoutUrl field
• New notificationEmailAddresses field
• New permissions field using the new microsoft.application.permission field
• New preferredSingleSignOnMode field
• New servicePrincipalNames field
• New signInAudiencesignInAudience field
• New verifiedPublisher field

microsoft.user

• New authMethods field using the new microsoft.user.authenticationMethods resource
• Deprecated companyName, department, employeeId, jobTitle, mail, mobilePhone, otherMails, officeLocation, postalCode, and state in favor of data in the job and contact fields

microsoft.tenant

• Renamed from microsoft.organization
• New createdAt replaces the now deprecated createdDateTime
• New name field
• New provisionedPlans field
• New subscriptions field
• New type field

microsoft.security

• New riskyUsers field using the new microsoft.security.riskyUser resource

🐛 BUG FIXES AND UPDATES

• Fix incorrect AWS account identification in some resources.
• Don't error when checking services on containers.
• Fix a failure fetching AWS KMS information.
• Update the title of the CIS Controls framework to include the version number.
• Generate complete report archives with the correct file date stamps.
• Fix a failure exporting data to S3.
• Improve rendering of very long policy names on the asset page.
• Fix missing search results.
• Improve application of Azure and Amazon EKS policies.