Skip to main content

Mondoo 11.33 is out!

ยท 2 min read
Tim Smith
Tim Smith
Mondoo Core Team

๐Ÿฅณ Mondoo 11.33 is out! This release includes Cloudflare asset inventory, expanded Entra ID inspection, and more!โ€‹

Get this release: Installation Docs | Package Downloads | Docker Container

๐ŸŽ‰ NEW FEATURESโ€‹

Explore Cloudflare servicesโ€‹

Dive deep into your Cloudflare infrastructure with a new Cloudflare provider for cnquery/cnspec. Use this provider to gather information on key Cloudflare services:

  • Accounts
  • Zones
  • DNS records
  • R2
  • Zero Trust apps
  • Streams
  • Videos
  • Workers
  • Pages

This example queries DNS zones:

cnquery run cloudflare -c "cloudflare.zones[1] { name dns { * } }"
cloudflare.zones[1]: {
  name: "lunalectric.com"
  dns: {
    records: [
      0: cloudflare.dns.record type="A" content="164.90.210.141" name="api.lunalectric.com"
      1: cloudflare.dns.record type="A" content="142.93.110.9" name="console.lunalectric.com"
      3: cloudflare.dns.record type="CNAME" content="console.lunalectric.com-pages.pages.dev" name="prod.lunalectric.com"
      7: cloudflare.dns.record type="MX" content="mail.protonmail.com" name="lunalectric.com"
      9: cloudflare.dns.record type="TXT" content="v=DMARC1; p=none; rua=mailto:e60948910ee34fe61be5a6bf2c3fb@dmarc-reports.cloudflare.net,mailto:dmark@lunalectric.com" name="_dmarc.lunalectric.com"
      11: cloudflare.dns.record type="AAAA" content="100::" name="meet.lunalectric.com"
    ]
  }
}

๐Ÿงน IMPROVEMENTSโ€‹

Resource updatesโ€‹

aws.ecr.imageโ€‹

  • New lastRecordedPullTime field
  • New pushedAt field
  • New sizeInBytes field

microsoft.userโ€‹

  • New creationType field
  • New identities field using the new microsoft.user.identity resource
  • New auditlog field using the new microsoft.user.auditlog resource

๐Ÿ› BUG FIXES AND UPDATESโ€‹

  • Improve default output of the github.repository.adminCollaborators resource.
  • Improve default output of the github.organization.packages resource.
  • Fix macOS process resource executable values to align with the output from Linux systems.
  • Add the EOL date for Fedora 41 and update dates for 40 and 39 to match the latest published information from the Fedora Project.
  • Improve cleanup of inactive assets in large organizations.
  • Fix missing compliance check mappings for some frameworks.
  • Add the missing query Ensure permissions on /etc/group.old are configured to the CIS SUSE Linux Enterprise 11 Benchmark policy.
  • Improve the reliability of aggregate score generation on dashboards.
  • Add two checks to the CIS VMware ESXi 6.7 and 7.0 Benchmark policies:
    • Ensure port-level configuration overrides are disabled
    • Ensure Virtual Distributed Switch NetFlow traffic is sent to an authorized collector
  • Add an asset group for Kubernetes Namespace assets.