Skip to main content

Mondoo 8.17 is out!

Β· 5 min read
Tim Smith
Tim Smith
Mondoo Core Team

πŸ₯³ Mondoo 8.17 is out! This release includes new Jira ticketing integration, GCP snapshot scanning, continuous Azure VM scanning, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container


πŸŽ‰ NEW FEATURES​

Atlassian Jira ticketing integration​

Exposing critical issues is only half the journey toward a secure and compliant infrastructure. The next step is effectively communicating these findings to the appropriate teams and tracking remediation progress. Take the work out of communicating your findings with Mondoo's new Atlassian Jira integration.

Create Jira ticket

Automatically create issues directly in Atlassian Jira so teams can schedule remediation work within their existing project workflows. Without ever leaving the Mondoo Console, you can create Jira tickets that include all the details necessary for infrastructure owners to remediate findings, even if they don't have access to Mondoo.

Jira project

GCP snapshot scanning​

In Mondoo 8.16, we introduced GCP VM instance scanning using snapshots, allowing you to scan running instances without agents or impact on production workloads. This week we're extending our GCP scanning options with support for scanning snapshots by name. With snapshot scanning, you scan different point-in-time snapshots of VMs, giving you deep insights into systems at a particular point in time as well as security over time.

cnquery shell gcp snapshot suse12 --project-id my-project-id
β†’ discover related assets for 1 asset(s)
β†’ resolved assets resolved-assets=1
β†’ found target volume device name=/dev/sdb3
___ _ __ ___ _ __ ___ ___
/ __| '_ \/ __| '_ \ / _ \/ __|
| (__| | | \__ \ |_) | __/ (__
\___|_| |_|___/ .__/ \___|\___|
mondooβ„’ |_|
cnspec> asset.platform
asset.platform: "sles"
cnspec> asset.version
asset.version: "12.5"
cnspec> packages
packages.list: [
0: package name="release-notes-sles" version="12.5.20200504-3.11.1"
1: package name="libqrencode3" version="3.4.3-1.31"
2: package name="lifecycle-data-sle-module-toolchain" version="1-3.15.1"
3: package name="yast2-firewall" version="3.4.0-6.3.2"
4: package name="recode" version="3.6-663.62"
5: package name="sle-module-legacy-release-POOL" version="12-10.10.1"
6: package name="SuSEfirewall2" version="3.6.312.333-3.13.1"
7: package name="gamin-server" version="0.1.10-11.19"
...

Continuous Azure VM scanning​

Scanning Azure VMs is easier than ever with our Azure integration's new continuous VM scanning feature. Automatically scan all VMs in your subscription without needing to deploy agents or change your provisioning process.

To enable VM scanning, select the Scan VMs option during the Azure integration setup.

Scan VMs Option

Mondoo discovers all Linux and Windows VMs in your subscription automatically and scans these VMs using Azure's built-in Run Commands functionality.

Scanned VMs

🧹 IMPROVEMENTS​

Use the latest existing snapshot for GCP VM instance scanning​

Want to scan GCP VM instances by snapshot, but don't want to wait for a new snapshot to be created? Now you can scan GCP instances using existing VM snapshots with the new --use-latest-snapshot flag.

cnspec scan gcp instance sles12 --project-id my-project-id --zone us-central1-a --use-latest-snapshot
β†’ no Mondoo configuration file provided. using defaults
β†’ discover related assets for 1 asset(s)
β†’ resolved assets resolved-assets=1

sles12 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% score: C


Asset: sles12
-------------

Checks:
βœ• Fail: D 20 Ensure auditing for processes that start prior to auditd is enabled
βœ• Fail: D 20 Ensure successful file system mounts are collected
βœ• Fail: C 40 Ensure Advanced Intrusion Detection Environment (AIDE) is installed
βœ“ Pass: A 100 Ensure rsh server is stopped and not enabled
βœ• Fail: F 0 Ensure secure permissions on /etc/group- are set
βœ“ Pass: A 100 Ensure Avahi server is stopped and not enabled
βœ• Fail: D 20 Ensure system accounts are non-login
βœ“ Pass: A 100 Ensure secure permissions on /etc/group are set
! Error: Ensure rsyslog default file permissions configured
βœ“ Pass: A 100 Ensure prelink is disabled
βœ“ Pass: A 100 Ensure auditd is installed
βœ“ Pass: A 100 Ensure X Window System is not installed
! Error: Ensure access to the su command is restricted
βœ• Fail: D 20 Ensure session initiation information is collected
βœ• Fail: F 0 Ensure broadcast ICMP requests are ignored
βœ• Fail: D 20 Ensure login and logout events are collected
...

More asset inventory data on Windows​

The cnquery Windows Asset Inventory Pack now includes additional inventory data collection:

  • Installed hotfixes
  • Installed features
  • Windows Computer/System information
  • Expanded network interface information

πŸ› BUG FIXES AND UPDATES​

  • Add a remediation hint for UFW users to the Linux Security policy. Thanks for this update, @danielwillshare!
  • Add custom metrics to the Mondoo Kubernetes Operator. Thanks for this update, @mariuskimmina!
  • Improve help output in cnspec and cnquery.
  • Fix ignored checks on assets not displaying as ignored.
  • Fixed incorrect "Private" status for policies on the Security Policies page.
  • Improve Security Policy tooltips and column names.
  • Remove outdated (ONLINE) status from assets on the Security Policies page.
  • Use the term "checks" instead of "queries" on the Security Policies page.
  • Fix the display of nested queries in the asset resources tab.
  • Fix an incorrect remediation step in the CIS Distribution Independent Linux Benchmark policy.