Mondoo 8.17 is out!

July 4, 2023 · 5 min read

Mondoo Core Team

🥳 Mondoo 8.17 is out! This release includes new Jira ticketing integration, GCP snapshot scanning, continuous Azure VM scanning, and more!

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES

Atlassian Jira ticketing integration

Exposing critical issues is only half the journey toward a secure and compliant infrastructure. The next step is effectively communicating these findings to the appropriate teams and tracking remediation progress. Take the work out of communicating your findings with Mondoo's new Atlassian Jira integration.

Create Jira ticket

Automatically create issues directly in Atlassian Jira so teams can schedule remediation work within their existing project workflows. Without ever leaving the Mondoo Console, you can create Jira tickets that include all the details necessary for infrastructure owners to remediate findings, even if they don't have access to Mondoo.

Jira project

GCP snapshot scanning

In Mondoo 8.16, we introduced GCP VM instance scanning using snapshots, allowing you to scan running instances without agents or impact on production workloads. This week we're extending our GCP scanning options with support for scanning snapshots by name. With snapshot scanning, you scan different point-in-time snapshots of VMs, giving you deep insights into systems at a particular point in time as well as security over time.

cnquery shell gcp snapshot suse12 --project-id my-project-id
→ discover related assets for 1 asset(s)
→ resolved assets resolved-assets=1
→ found target volume device name=/dev/sdb3
  ___ _ __  ___ _ __   ___  ___
 / __| '_ \/ __| '_ \ / _ \/ __|
| (__| | | \__ \ |_) |  __/ (__
 \___|_| |_|___/ .__/ \___|\___|
   mondoo™     |_|
cnspec> asset.platform
asset.platform: "sles"
cnspec> asset.version
asset.version: "12.5"
cnspec> packages
packages.list: [
  0: package name="release-notes-sles" version="12.5.20200504-3.11.1"
  1: package name="libqrencode3" version="3.4.3-1.31"
  2: package name="lifecycle-data-sle-module-toolchain" version="1-3.15.1"
  3: package name="yast2-firewall" version="3.4.0-6.3.2"
  4: package name="recode" version="3.6-663.62"
  5: package name="sle-module-legacy-release-POOL" version="12-10.10.1"
  6: package name="SuSEfirewall2" version="3.6.312.333-3.13.1"
  7: package name="gamin-server" version="0.1.10-11.19"
...

Continuous Azure VM scanning

Scanning Azure VMs is easier than ever with our Azure integration's new continuous VM scanning feature. Automatically scan all VMs in your subscription without needing to deploy agents or change your provisioning process.

To enable VM scanning, select the Scan VMs option during the Azure integration setup.

Mondoo discovers all Linux and Windows VMs in your subscription automatically and scans these VMs using Azure's built-in Run Commands functionality.

Scanned VMs

🧹 IMPROVEMENTS

Use the latest existing snapshot for GCP VM instance scanning

Want to scan GCP VM instances by snapshot, but don't want to wait for a new snapshot to be created? Now you can scan GCP instances using existing VM snapshots with the new --use-latest-snapshot flag.

cnspec scan gcp instance sles12 --project-id my-project-id --zone us-central1-a --use-latest-snapshot
→ no Mondoo configuration file provided. using defaults
→ discover related assets for 1 asset(s)
→ resolved assets resolved-assets=1

 sles12 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% score: C


Asset: sles12
-------------

Checks:
✕ Fail:  D  20  Ensure auditing for processes that start prior to auditd is enabled
✕ Fail:  D  20  Ensure successful file system mounts are collected
✕ Fail:  C  40  Ensure Advanced Intrusion Detection Environment (AIDE) is installed
✓ Pass:  A 100  Ensure rsh server is stopped and not enabled
✕ Fail:  F   0  Ensure secure permissions on /etc/group- are set
✓ Pass:  A 100  Ensure Avahi server is stopped and not enabled
✕ Fail:  D  20  Ensure system accounts are non-login
✓ Pass:  A 100  Ensure secure permissions on /etc/group are set
! Error:        Ensure rsyslog default file permissions configured
✓ Pass:  A 100  Ensure prelink is disabled
✓ Pass:  A 100  Ensure auditd is installed
✓ Pass:  A 100  Ensure X Window System is not installed
! Error:        Ensure access to the su command is restricted
✕ Fail:  D  20  Ensure session initiation information is collected
✕ Fail:  F   0  Ensure broadcast ICMP requests are ignored
✕ Fail:  D  20  Ensure login and logout events are collected
...

More asset inventory data on Windows

The cnquery Windows Asset Inventory Pack now includes additional inventory data collection:

Installed hotfixes
Installed features
Windows Computer/System information
Expanded network interface information

🐛 BUG FIXES AND UPDATES

Add a remediation hint for UFW users to the Linux Security policy. Thanks for this update, @danielwillshare!
Add custom metrics to the Mondoo Kubernetes Operator. Thanks for this update, @mariuskimmina!
Improve help output in cnspec and cnquery.
Fix ignored checks on assets not displaying as ignored.
Fixed incorrect "Private" status for policies on the Security Policies page.
Improve Security Policy tooltips and column names.
Remove outdated (ONLINE) status from assets on the Security Policies page.
Use the term "checks" instead of "queries" on the Security Policies page.
Fix the display of nested queries in the asset resources tab.
Fix an incorrect remediation step in the CIS Distribution Independent Linux Benchmark policy.

🥳 Mondoo 8.17 is out! This release includes new Jira ticketing integration, GCP snapshot scanning, continuous Azure VM scanning, and more!​

🎉 NEW FEATURES​

Atlassian Jira ticketing integration​

GCP snapshot scanning​

Continuous Azure VM scanning​

🧹 IMPROVEMENTS​

Use the latest existing snapshot for GCP VM instance scanning​

More asset inventory data on Windows​

🐛 BUG FIXES AND UPDATES​