Skip to main content

Mondoo 10.1 is out!

Β· 5 min read
Mondoo Core Team

πŸ₯³ Mondoo 10.1 is out! This release includes application CVE detection, CIS MS365 benchmark 3.0, expanded asset overview data, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container


πŸŽ‰ NEW FEATURES​

Application CVE detection​

We've all been on the Zoom meeting when our coworkers share their screens and every browser window shows the "relaunch to update" badge. How long has Bob in accounting been browsing the web with that unpatched browser? A day? A week? A month? It's hard to know your organization's level of exposure if vulnerability scanning stops at the OS. Go further with new application CVE detection for non-OS installed packages, starting with the detection of vulnerable Mozilla Firefox and Google Chrome releases.

A new Software tab on the asset detail page shows Mondoo-detected software vulnerabilities. Details include impact level and additional risk factors if known exploits exist for the application.

Software vulnerabilities

Want to view data on an asset's individual vulnerabilities? New Vulnerabilities and Advisories tabs let you dive directly into the individual risks on your assets.

Advisories

🧹 IMPROVEMENTS​

CIS Microsoft 365 Foundations 3.0 policy​

Mondoo now includes version 3.0 of the CIS Microsoft 365 Benchmark policy. This updated policy includes new and updated checks to keep your Microsoft 365 environment secure, including:

  • 10 new Microsoft Teams checks
  • 8 new Microsoft SharePoint checks
  • 6 new Microsoft Power BI checks
  • 15 updated checks with improved descriptions, remediations, and query values

Improved CIS Azure Foundations policy queries​

Reworked queries in the CIS Azure Foundations Benchmark policy provide more reliable results and improved output so you can quickly find and secure your Azure resources.

Improved asset overview information​

Understand your assets at a glance using expanded asset overview information in Mondoo 10.1. New cloud, hardware manufacturer, hardware model, and serial number data are included for operating systems, allowing you to quickly track down assets.

Asset overview data

Expanded macOS and Windows inventory packs​

We've expanded the Windows and macOS inventory packs to expose critical asset configuration data.

macOS queries​

  • SMBIOS system information
  • Storage data
  • Power data
  • Network data
  • Configuration profile data
  • Uptime
  • Running processes
  • Kernel modules
  • Mounts
  • Active network connections
  • SSHd configuration

Windows queries​

  • Uptime
  • Running processes
  • Scheduled tasks
  • Expanded data for BitLocker volumes
  • Expanded data for security products
  • Expanded data for services

CVE detection on Linux Mint​

Keep your Linux workstations fresh with expanded CVE detection support for Linux Mint.

Improved Azure authentication​

No matter how you pass your authentication, Mondoo has your back with expanded authentication capabilities for scanning Azure subscriptions. Previously, running cnspec scan azure only loaded authentication credentials from the azure CLI. Now, scans can also load credentials from shell environment variables, workload identity, and managed identity, in addition to the CLI configuration.

CVSS scores in JSONL exports​

Data integrations now export JSONL data with CVSS scores, so you can feed this critical risk data into external systems that consume your data exports.

Resource improvements​

Dive deep into your Azure environment in the cnquery shell and create custom policies with an expanded MQL resource.

azure.subscription.computeService.vm​

  • New zones field
  • New state field
  • New isRunning field

πŸ› BUG FIXES AND UPDATES​

  • Improve formatting in policy description fields.
  • Fix crash on empty array.flat with no type information.
  • Fix CIS Red Hat Level 2 policy queries applying to non-Red Hat assets.
  • Improve reliability of Linux sudoers checks.
  • Change Slack provider retry logging messages from info level to debug.
  • Reduce network IO during CVE scans.
  • Improve error messages if a provider crashes.
  • Improve the reliability and readability of queries in the CIS Azure Foundations policy.
  • Prevent MS365 SOC 2 checks from running on non-MS365 platforms.
  • Fix exceptions incorrectly displaying in some situations.
  • Fix long-lived token usage failures in the AWS integration.
  • Prevent failures in the Linux Inventory query pack on container image scans.
  • Added back support for scanning systems via WinRM.
  • Reduce memory usage during asset scans.
  • Improved logging when cnquery/cnspec fails.
  • Improve scan results for large Slack accounts.
  • Return a helpful error when the specified provider cannot be found.
  • Fix failures running the aws.efs.filesystem resource.
  • Fix failures in the azure.subscription.sqlService.firewallrule resource.
  • Fix missing image for hosts in weekly spaces emails.
  • Improve descriptions of EPSS scores on CVE pages.
  • Fix a panic when trying to fetch AWS S3 bucket locations in some situations.
  • Exit 1 when cnspec or cnquery can't connect to the asset to scan.
  • Show a friendly message on the space settings page for API tokens when the user does not have permission.
  • Avoid displaying partial scan results in the console.

Mondoo 10.0 is out!

Β· 9 min read
Mondoo Core Team

πŸ₯³ Mondoo 10.0 is out! This release includes detection of known exploited vulnerabilities, EPSS scores for CVEs, a new light mode, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container


πŸŽ‰ NEW FEATURES​

Expose exploitable CVEs​

Mondoo now flags CVEs found in CISA's Known Exploited Vulnerabilities Catalog. These CVEs are critically important to patch in your environment. Now you can track the patching status across your fleet to prioritize work.

Individual CVE pages include an exploitable badge when a CVE is in the CISA Known Exploited Vulnerabilities Catalog:

Exploitable badge

From the CVEs page, a new yellow shield badge designates Known Exploited Vulnerabilities Catalog CVEs.

Exploitable CVEs

EPSS scores for CVEs​

Now that you're done patching all the actively exploited vulnerabilities in your environment, what should you do next? What if you could identify vulnerabilities with a high likelihood of being exploited in the wild in the near future? That's the focus of the Exploit Prediction Scoring System (EPSS). Now Mondoo CVE pages include EPSS data so you can see how likely a vulnerability is to be exploited soon, along with the risk when that occurs. Use this additional data to spend your precious time patching the right systems before attackers hit.

EPSS scores for CVEs

Console light mode​

Do you feel like you merely adopted the dark instead of being born into it? Maybe it's time for change. Now you can switch from the Mondoo's Console's default dark mode to a new light mode.

Enable light mode by selecting the sun icon in the toolbar.

Enabling light mode

With light mode enabled, enjoy a brighter Mondoo!

Light mode dashboard

Policy stats on asset policy pages​

The asset page's Policy tab now includes overview information summarizing the policies and results for an asset.

Policy stats

Find your spaces with ease​

Are you accumulating spaces as you secure more and more of your infrastructure? Now a space search makes it easy to find the space you need. The Spaces page for an organization also now includes pagination.

Spaces page with search

Control policies using the CLI​

Consider yourself a CLI wizard? You'll be happy to know you can now use the CLI to set how your policies execute on assets. The new cnspec policy commands give you complete control within the CLI:

Usage:
cnspec policy [command]

Available Commands:
delete Delete a policy from the connected space
disable Disables a policy in the connected space
download download a policy to a local bundle file
enable Enables a policy in the connected space
format Apply style formatting to one or more policy bundles
info Show more info about a policy from the connected space
init Create an example policy bundle
lint Lint a policy bundle
list List enabled policies in the connected space
upload Upload a policy to the connected space

πŸ”¨ BREAKING CHANGES​

As this is a major release of Mondoo's cnspec and cnquery tools, we have made two relatively small breaking changes:

  • We removed the --share flag in cnspec. To learn about other ways to report scan results, read Report Results.
  • We renamed aws-ec2-volume and aws-ec2-snapshot to aws-ebs-volume and aws-ebs-snapshot when using asset discovery to scan AWS accounts.

🧹 IMPROVEMENTS​

Scan performance improvements​

New policy fetching and reporting optimizations in Mondoo 10 mean complex scans now execute nearly twice as fast and use 1/3 the network bandwidth as previous 9.x releases.

MQL improvements​

New helpers in MQL make it simpler to write and interpret complex security queries.

recurse helper for dicts​

The recurse helper makes it easy to extract data from a dict structure made up of mixed value types.

For example, suppose you need to retrieve all users from this JSON data structure:

{
"users": [{ "name": "bob" }],
"owners": {
"admins": [{ "name": "joy", "isOwner": true }]
}
}

Because of the varying data types, finding users in this structure is difficult with traditional mechanisms. You need to understand the data structure and know where to search.

recurse eliminates that difficulty:

jdata.recurse( name != empty )
[
0: {
name: "bob"
}
1: {
isOwner: true
name: "joy"
}
]

You can then map the user names:

jdata.recurse( name != empty ).map(name)
[
0: "bob"
1: "joy"
]

Named arguments in functions​

You can set a named argument in a function. This is useful in situations where you can only use one expression (such as with all or one). It also makes the code easier to understand, especially when nesting across multiple objects, as in this example:

users.all(user:
groups.contains(group:
user.uid == group.gid
)
)

in helper for lists of strings​

For lists of strings, you can use the in assertion, which is the inverse of contains:

"anya".in(["abel","amos","anya"])

An ideal use for in is to combine it with properties. For example, if you define a property named allowedCiphers, you can assert that a configured cipher is in that list:

sshd.config.ciphers.in( props.allowedCiphers )

Resource improvements​

This release includes new resources and resource fields to expose important details for asset inventory and custom security policies.

aws.iam.loginProfile​

  • New resource with createdAt field

aws.rds.snapshot​

  • New createdAt field
  • New engineVersion field
  • New port field

azure.subscription.networkService.securityrule​

  • Add direction field

ms365.exchangeonline​

  • New sharedMailboxes field

ms365.exchangeonline.exoMailbox​

  • New resource with identity, user, and externalDirectoryObjectId fields

Group vulnerable packages by architecture​

Vulnerability advisory pages now group affected packages by architecture for easier discovery and evaluation.

Packages sorted by architecture

PowerShell remediation steps in Windows policies​

Windows policy checks now include PowerShell remediation steps in addition to the existing Group Policy steps, so you can remediate findings whatever way works best for you.

PowerShell remediation steps

Simplified policy control​

You can now change a policy's state directly from the Security Policies page. Now you can enable, disable, or preview policies without having to find them in the Registry.

Change policy state in the security policies page

Control scan as service execution​

You can now pass in alternative values to cnspec serve to configure the timer and its splay.

> cnspec serve --help
Start cnspec in background mode.

Usage:
cnspec serve [flags]

Flags:
-h, --help help for serve
--inventory-file string Set the path to the inventory file
--splay int randomize the timer by up to this many minutes (default 60)
--timer int scan interval in minutes (default 60)

Global Flags:
--api-proxy string Set proxy for communications with Mondoo API
--auto-update Enable automatic provider installation and update (default true)
--config string Set config file path (default $HOME/.config/mondoo/mondoo.yml)
--log-level string Set log level: error, warn, info, debug, trace (default "info")
-v, --verbose Enable verbose output

To run cnspec serve from the CLI:

> cnspec serve --timer 30 --splay 30
β†’ start cnspec background service
β†’ scan interval is 30 minute(s) with a splay of 30 minutes(s)

If cnspec is running as a service, it is easier to configure the timer and the splay in the configuration:

api_endpoint: https://us.api.mondoo.com
scan_interval:
timer: 5
splay: 10
auto_update: true

Custom provider paths​

Define a custom path to store cnspec and cnquery providers with the new PROVIDERS_PATH variable. Set this variable in your shell profile or change the path one time directly on the CLI:

PROVIDERS_PATH=$PWD/.providers cnquery providers install os

Updated Linux EOL dates​

We've updated many Linux distribution EOL dates based on vendor timeline updates:

  • Extend EOL date of EuroLinux 9 to June 30, 2032
  • Extend EOL date of Fedora 37 to December 5, 2023
  • Extend EOL date of openSUSE Linux 15.4 to December 7, 2023
  • Extend EOL date of Oracle Linux 7 to December 1, 2024
  • Extend EOL date of Oracle Linux 9 to December 30, 2032
  • Extend EOL date of Ubuntu Linux 23.04 to January 20, 2024
  • Fix the EOL date of Red Hat Enterprise Linux 7 to be August 6, 2019

Apple model detection​

Asset platform information now includes the human-friendly form of the Mac model designation, including the year of release, so you can more easily understand scanned IT assets.

Platform overview with Mac model information

πŸ› BUG FIXES AND UPDATES​

  • Do not show unknown assets in the affected assets page.
  • Immediately refresh the page after creating or removing an exception in Compliance Hub.
  • Improve listing of CVEs and pagination to ensure all CVEs are always displayed.
  • Respect the --log-level command line flag within provider plugins.
  • Fix auditpol resource failures on non-English Windows systems.
  • Improve content alignment on the Compliance Hub frameworks page.
  • Support vulnerable package data on the EndeavourOS Linux distribution.
  • Fix technology naming and images in the weekly space overview email.
  • Fix alignment of compliance framework tiles.
  • Fix the exception creation dialog not always closing after creating an exception.
  • Do not fail on time parsing errors.
  • Fix failures shutting down providers in some scenarios.
  • Fix fetching of the ID for Azure SQL Server firewall rules.
  • Fix an error in the attributes field of the aws.elb.classicLoadBalancers resource when fetching classic ELBs.
  • Add an error message when using the aws.elb.loadbalancer resource without a load balancer type argument.
  • Add an error message when using the aws.applicationAutoscaling resource without a namespace argument.
  • Show managed clients (if present) in the Integrations section of the sidebar.
  • Handle deprecated configurations in the Mondoo Kubernetes Operator.
  • Resolve errors running the files.find resource on containers.
  • Ensure any provider can run resources in the OS provider.
  • Improve CVSS score rendering.

Mondoo 9.14 is out!

Β· 5 min read
Mondoo Core Team

πŸ₯³ Mondoo 9.14 is out! This release includes agentless Azure VM scanning, new MQL helpers, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container


πŸŽ‰ NEW FEATURES​

Scan Azure VMs / snapshots / disks​

Use new Azure scanning capabilities to scan running VMs, instances, or disks without deploying or managing agents.

Scan snapshots of your VMs to perform agentless scans without impact to your running workloads:

cnspec scan azure compute snapshot <snapshot-name> --client-id <id> --tenant-id <id> --client-secret <value>

Scan snapshots outside your current resource group using the fully qualified Azure resource ID:

cnspec scan azure compute snapshot "/subscriptions/subId/resourceGroups/my-rg/providers/Microsoft.Compute/snapshots/test-debian-snap" --client-id <id> --tenant-id <id>--client-secret <secret>

Scan disks on running VMs with automatic running disk cloning:

cnspec scan azure compute disk <disk-id> --client-id <id> --tenant-id <id> --client-secret <value>

Not concerned about the impact to running workloads? Scan VMs directly without managing agent deploys:

cnspec azure compute instance <instance-name> --client-id <id> --tenant-id <id> --client-secret <value>

New MQL helpers for policy authoring​

New helpers for MQL give you the power to create robust security and compliance policies to meet your custom business needs.

Quickly access data in a map​

Use dot notation to access data in maps:

cnquery> {a: 1, b: 2, c:3}.a
[a]: 1

Check whether a time is within a range​

See if time values fall within a range. This works with all timestamps:

cnquery> password.lastChangedDate.inRange(time.now-90*time.day, time.now)
[ok] value: true

Check whether a number is within a range​

See if an integer value is within a range:

cnquery> 2.inRange(1,3)
[ok] value: true
```coffee

#### Check strings against a list of values

Check a string value against a list of acceptable values.

```coffee
cnquery> "PASS".in(["PASS","ALLOW","OK"])
[ok] value: true

Parse duration values​

Work with duration values using a new duration helper:

cnquery> parse.duration("3d")
parse.parse.duration: 3 days
cnquery> parse.duration("7days")
parse.parse.duration: 7 days

Check the contents of maps​

Check keys, values, and combination of the two within maps:

{'a': 1, 'b': 2}.contains( key == 'b' )
{'a': 1, 'b': 2}.all( value > 0 )
{'a': 1, 'b': 2}.one( value != 1 )
{'a': 1, 'b': 2}.none( key == /d-f/ )

Semantic version parsing​

Compare versions without the need for complex integer parsing:

cnquery> semver('1.9.0') < semver('1.10.0')
[ok] value: "1.9.0"

New Email Security policy​

A new Email Security policy includes 14 new checks for critical email security protocols, including:

  • Sender Policy Framework (SPF)
  • Domain Keys Identified Mail (DKIM)
  • Domain-based Message Authentication, Reporting & Conformance (DMARC)

This policy really shines with our continuous domain and IP scanning integration (released in Mondoo 9.11). It's also handy on the CLI using cnspec.

Email Security policy checks

New Terraform Asset Inventory Pack​

Use the new Terraform Asset Inventory Pack to inventory versions and resources within your Terraform state files, including resources on AWS, Azure, and GCP clouds.

Terraform state file inventory

🧹 IMPROVEMENTS​

macOS and Windows policy data queries moved to query packs​

To give you additional control over when cnspec collects configuration data on your assets, we've moved all data queries from our macOS and Windows security policies to the dedicated asset inventory query packs. For those who want security scanning only, this change speeds up cnspec scans. If you want to continue collecting this configuration data, enable the macOS and Windows asset inventory query packs in your space.

Expanded MQL resources​

aws.rds.dbcluster​

  • Fix members field to properly fetch cluster members
  • New port field
  • New endpoint field
  • New availabilityZones field

aws.rds.dbinstance​

  • New port field
  • New endpoint field

terraform.state.resource​

  • Add type field to the default resource output

terraform.file​

  • Add path field to the default resource output

terraform.module​

  • Add source field to the default resource output

terraform.state.output​

  • Add identifier field to the default resource output

πŸ› BUG FIXES AND UPDATES​

  • Do not include out of scope control PDFs in the framework report archive.
  • Show correct exception counts in Compliance Hub controls and PDF reports.
  • Fix platform filters on Entra ID checks in the SOC 2 Security policy.
  • Prevent Kubernetes operator from failing if it cannot report scan results
  • Add retries to provider installations.
  • Fix the status command to respect HTTP proxies.
  • Improve console load times with a 21% reduction in the size of JavaScript files.
  • Improve service restarts when upgrading Windows clients via the install.ps1 script.
  • Fix scanning registry keys over WinRM connections.
  • Don't require downloading the OS provider to collect basic OS configuration information.
  • Ensure the appropriate providers are installed when running cnspec bundle init.
  • Fix errors in the user and group resources when specifying a single user / group to query.
  • Fix the Mondoo package version to match that of cnspec and cnquery on Arch Linux.
  • Fix incorrect rendering of some CIS policies.
  • Update the EOL date for Windows 10 Pro LTSC.
  • Fix package vulnerability data not loading for some Linux distribution releases.

Mondoo 9.13 is out!

Β· 3 min read
Mondoo Core Team

πŸ₯³ Mondoo 9.13 is out! This release includes check exceptions and scope definition in Compliance Hub, an updated vendor advisories view, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container


πŸŽ‰ NEW FEATURES​

Scoping in Compliance Hub​

New scoping in Compliance Hub gives you fine-grained management of which controls you report to your auditor. Is your auditor not requesting a particular control even though it's part of the compliance framework? Select the control in Compliance Hub and mark it out of scope. With scoping, you decide what to include in your audit without setting exceptions (which would appear in audit report PDFs).

Scoping

Check exceptions in Compliance Hub​

Need more time to remediate findings for your audit? Now you can set exceptions on individual checks. Explanations let you communicate work to be done or identify compensating controls.

Check Exceptions

🧹 IMPROVEMENTS​

Improved vendor security advisory view​

Redesigned vendor security advisory pages make it easier to understand the impact of an advisory and what actions you need to take next.

Advisory page

Resource updates​

We've added new resources and fields to give you access to even more data.

aws.ecs.cluster​

  • Default fields now display name, region, status, runningTasksCount, and pendingTasksCount
  • New region field

aws.rds.dbcluster​

  • New securityGroups field

ms365.sharepointonline​

  • New spoSites field

ms365.sharepointonline.site​

  • New resource with url and denyAddAndCustomizePages fields

πŸ› BUG FIXES AND UPDATES​

  • Fix failures running cnspec vuln on Windows and Pop!_OS hosts.
  • Include the platform IDs and EC2 instance ARNs in SBOM exports.
  • Add back ECR and ECS discovery using the --discovery flag that was removed in 9.0.
  • Replace incorrect error message when failing to query Amazon GuardDuty.
  • Do not show disabled compliance controls in cnspec scans.
  • Don't clip the bottom pixels of the Mondoo logo in the console.
  • Update the macOS client installation setup instructions in the integrations page to install without Homebrew.
  • In exceptions lists, show the most recent exceptions first in each day's view.
  • Avoid failures running the Asset Count Query Pack on Microsoft 365 assets.
  • Fix remediation steps in the Linux Security policy's "Ensure SSH Idle Timeout Interval is configured" check. Thanks for this fix, @tomtrix!
  • Add properties to CIS/Mondoo Windows policies to allow tuning the maximum idle time of the Remote Desktop Services sessions.
  • Fix policy filtering on the asset checks page.
  • Improve console load times on low bandwidth connections by 70%.
  • Don't show the filter search bar on the asset checks page if there are no checks.
  • Prevent failures on Azure and Microsoft 365 assets in the SOC 2 Compliance Checks policy.
  • Improve the display of summary data on CVE pages.
  • Add tooltips to risk factors on CVE pages to make it easier to understand scoring.
  • Fix failures registering cnspec/cnquery 8.x clients.
  • Fix failures generating compliance PDF reports.
  • Improve performance loading CVE/advisory pages, individual asset pages, and the security dashboard.
  • Add an Alias directive to the system unit file definition for cnspec.
  • Update VMware Photon 4 EOL date.
  • Simplify Linux client installation on integration pages by using the install.sh script.
  • Fix errors setting an exception in compliance frameworks that are still in preview.
  • Improve check titles in the AWS Security and DNS Security policies.
  • Improve rendering of codeblocks in the Kubernetes Cluster and Workload Security policy.

Mondoo 9.12 is out!

Β· 5 min read
Mondoo Core Team

πŸ₯³ Mondoo 9.12 is out! This release includes improved asset UX, expanded AWS/MS365 resources, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container


πŸŽ‰ NEW FEATURES​

Check overview summary information​

We added an overview to the Checks tab for each of your assets. Now you can quickly grasp the state of checks and see the most important recommended actions.

Check Overview

View exceptions on policy cards​

New information on the Overview tab for each asset exposes exceptions at a glance. For each policy applied to the asset, you can now see whether (and how many) exceptions are applied.

Exceptions Overview

🧹 IMPROVEMENTS​

Updated weekly email notifications​

We rebuilt the Mondoo weekly organization overview emails from the ground up to deliver the most important information about your spaces... and with a fresh new design to top it all off. The email still shows an overview of scores in your spaces, but now also includes top vulnerabilities, end-of-life assets, and a count of improving vs. worsening asset scores.

Check Overview

New fields and defaults in resources​

aws.acm.certificate​

  • Default fields now display domainName, issuer, createdAt, and notAfter
  • New keyAlgorithm field
  • New serial field
  • New source field
  • New issuer field
  • New issuedAt field
  • New importedAt field

aws.dynamodb.table​

  • New status field
  • New sizeBytes field

aws.ec2.keypair​

  • Default fields now display name, type, and region
  • New createdAt field

aws.rds.dbcluster​

  • New storageEncrypted field
  • New storageAllocated field
  • New storageIops field
  • New storageType field
  • New status field
  • New createdTime field
  • New backupRetentionPeriod field
  • New autoMinorVersionUpgrade field
  • New clusterDbInstanceClass field
  • New engine field
  • New engineVersion field
  • New publiclyAccessible field
  • New multiAZ field
  • New deletionProtection field

aws.rds.snapshot​

  • New engine field
  • New status field
  • New allocatedStorage field

aws.vpc.endpoint​

  • New privateDnsEnabled field
  • New state field
  • New createdAt field

aws.vpc.flowlog​

  • New createdAt field
  • New destination field
  • New maxAggregationInterval field
  • New trafficType field

aws.vpc.routetable​

  • New tags field

aws.vpc.subnet​

  • New assignIpv6AddressOnCreation field
  • New state field

github.user​

  • Default fields now display login, name, email, and company

microsoft.group​

  • New visibility field

ms365.exchangeonline​

  • New externalInOutlook field

ms365.exchangeonline.externalsender​

  • New resource with identity, allowList, and enabled fields

ms365.teams.teamsmeetingpolicyconfig​

  • New resource with allowAnonymousUsersToJoinMeeting, allowAnonymousUsersToStartMeeting, autoAdmittedUsers, allowPSTNUsersToBypassLobby, meetingChatEnabledType, designatedPresenterRoleMode, allowExternalParticipantGiveRequestControl, and allowSecurityEndUserReporting fields

ms365.teams.tenantfederationconfig​

  • New resource with identity, blockedDomains, allowFederatedUsers, allowPublicUsers, allowTeamsConsumer, allowTeamsConsumerInbound, treatDiscoveredPartnersAsUnverified, sharedSipAddressSpace, and restrictTeamsConsumerToExternalUserProfiles fields

microsoft.organization​

  • New onPremisesSyncEnabled field

slack.conversation​

  • A new resource that simplifies accessing channel, direct message, and group message data. This replaces the conversations field in the slack resource.

German/Italian support in Windows Security policy​

We've reworked our Windows Security policy to fully support both Windows Server and Workstation editions with the language set to either German or Italian.

New checks in HTTP Security policy​

Our HTTP security policy now includes additional checks to ensure that Content Security Policy (CSP) and Strict-Transport-Security (HSTS) headers are set. New groups in this policy ensure that checks are grouped by protocol and only enabled when appropriate.

Complete Microsoft 365 scanning, anywhere​

Sit back for a moment while I put on my engineer's hat. Sometimes, APIs are hard. Perhaps the best example is Microsoft 365. Some data can be retrieved using their Golang SDK, but much of the API can only be accessed through PowerShell.

Until now, Mondoo queried the necessary data using both methods and returned MQL as if it were easyβ€”that isβ€”if you were on Windows with PowerShell. On Linux, macOS, or using a Mondoo integration, queries that relied on PowerShell-gathered data failed.

But no more! cnquery and cnspec now query Microsoft 365 data using PowerShell installed on macOS / Linux systems so that Mondoo Platform integrations now successfully run these queries.

πŸ› BUG FIXES AND UPDATES​

  • Don't allow creating an exception for a control/asset/check more than once.
  • Resolve multiple edge cases in multi-select when setting up exceptions.
  • Improve the rendering of code blocks in the console.
  • Improve performance loading pages in the console.
  • Add validation of IP addresses in the Domain/IP integration.
  • Don't remove previously rejected exceptions when removing the current exception.
  • Fix detecting platform IDs for Kubernetes operator manifests.
  • Reduce network traffic when scanning assets with cnspec.
  • Fix failures setting sudo to active in an inventory file.
  • Add API retries to the Slack resources to better handle throttling while querying large amounts of data.
  • Improve the suggestion text when checks, assets, or data queries tabs are empty in Compliance Hub.
  • Fix failures running cnspec vuln.
  • Add back the feature flag for Kubernetes node scanning that was accidentally removed in the 9.0 release.

Mondoo 9.11 is out!

Β· 5 min read
Mondoo Core Team

πŸ₯³ Mondoo 9.11 is out! This release includes continuous domain/IP scanning, new and expanded AWS resources, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container


πŸŽ‰ NEW FEATURES​

Continuous domain and IP scanning​

New continuous domain and IP scanning ensures the security and compliance of your external web properties.

Domain Scan Integration

Scan these endpoints using out-of-the-box SSL/TLS, DNS, and HTTP security policies to ensure your properties meet security best practices. Protect against common endpoint security mistakes such as:

  • Certificates nearing their expiration date
  • Insecure TLS releases or ciphers
  • Missing X-Content-Type-Options in HTTP headers

Domain Scan Result

Domain and IP scans don't stop with just security. These scan results are automatically mapped to compliance controls such as SOC 2 type 2's CC6.7.2: Uses Encryption Technologies or Secure Communication Channels to Protect Data. This provides continuous compliance for your web properties.

New AWS Web Application Firewall (WAF) resource​

Secure Amazon's Web Application Firewall (WAF) service with new Mondoo WAF resources. These resources allow you to query WAF ACLs, Rules, RuleGroups, and IP Sets.

See the AWS Resource Pack documentation for a complete list of new WAF resources.

Load policies from AWS S3 buckets​

Want to run custom policies across multiple systems without storing those policies in the Mondoo Platform's Registry? Now you can load policies in cnspec directly from AWS S3 buckets.

Specify an entire bucket and cnspec picks the correct policy:

cnspec scan -f s3://mysupernotexistingbucket1234567

Or specify the exact policy file in your bucket:

cnspec scan -f s3://mysupernotexistingbucket1234567/packs.mql.yaml

🧹 IMPROVEMENTS​

New fields and defaults in AWS resources​

aws.ec2.instance​

  • Improve default values
  • New enaSupported field
  • New hypervisor field
  • New instanceLifecycle field
  • New rootDeviceType field
  • New rootDeviceName field
  • New architecture field

aws.ec2.volume​

  • Improve default values
  • New multiAttachEnabled field
  • New throughput field
  • New size field
  • New iops field

aws.ec2.snapshot​

  • Improve default values
  • New volumeSize field
  • New description field
  • New encrypted field

aws.cloudwatch.logGroups​

  • New retentionInDays field

aws.ec2.securityGroups​

  • Improve default values

aws.ec2.networkacl​

  • New isDefault field
  • New tags field

New GitHub pull request query capabilities​

New fields in the GitHub resource give you fine-grained control over queries for GitHub pull requests.

First, connect to your GitHub repository with the cnquery shell:

cnquery shell github repo mondoohq/cnspec

Once you're connected to the GitHub repo in cnquery, you can query pull requests in a few different ways.

Query individual pull requests by number:

cnquery> github.mergeRequest(number: 1){ number state title }
github.mergeRequest: {
number: 1
title: "🧹 update command line help"
state: "closed"
}

Query all closed pull requests:

cnquery> github.repository.closedMergeRequests
github.repository.allMergeRequests: [
0: github.mergeRequest id=1640488170 state="closed"
1: github.mergeRequest id=1638254852 state="closed"
2: github.mergeRequest id=1638253038 state="closed"

...

]

Query all closed and open pull requests:

cnquery> github.repository.allMergeRequests
github.repository.allMergeRequests: [
0: github.mergeRequest id=1640488170 state="closed"
1: github.mergeRequest id=1640302075 state="open"
2: github.mergeRequest id=1638694955 state="open"

...

]

Improve bucket JSONL export​

Do you export your Mondoo data through one of our storage integrations? We've made it easier for you to process these exports in systems like Splunk or ELK: We added ExportedAt and asset_mrn fields:

{
"mrn": "//assets.api.mondoo.app/spaces/vibrant-edison-123456/assets/2Z8pfFOyDBcZhGHi123456789",
"asset_mrn": "//assets.api.mondoo.app/spaces/vibrant-edison-123456/assets/2Z8pfFOyDBcZhGHi123456789",
"name": "https://mondoo.com",
"platform_name": "host",
"error": "",
"score_updated_at": "2023-12-06T14:03:51Z",
"updated_at": "2023-12-06T14:03:51Z",
"labels": {
"mondoo.com/integration-mrn": "//integration.api.mondoo.app/spaces/vibrant-edison-123456/integrations/2YzVgXUPvA09dZ1tBD123456789"
},
"annotations": null,
"exported_at": "2023-12-06T15:12:57.619506985Z"
}

Alpine 3.19 support​

On December 7th the Alpine Linux team released Alpine Linux 3.19 with an updated Kernel and new versions of common language packages. Mondoo includes support for this latest release with EOL and CVE detection. Learn more about what's new in this updated version at alpinelinux.org.

Ignore .terraform directory during scans​

Want to scan Terraform files in a project directory, but the pesky .terraform directory is getting in your way? Now you can ignore files in the .terraform directory with the new --ignore-dot-terraform flag.

πŸ› BUG FIXES AND UPDATES​

  • Improve the display of categories in integrations during setup and on the integrations page.
  • Improve the UI on the space registration token page when no tokens have been created.
  • In audit log entries, include the asset on which the action occurs.
  • Improved registry search results for policies and query packs.
  • Detect Kali Linux systems running on AWS.
  • Display more than 100 spaces on the organization page.
  • Fix incorrect EOL asset counts on the organization dashboard.
  • Don't double-log failures to find SSH keys from the SSH agent in cnspec/cnquery.
  • Performance improvements loading spaces and assets in the console.
  • Fix tooltips for space and organization tokens to show the right messages.
  • Show the GCP icon for Google Container Optimized policies.
  • Use the latest Microsoft 365 logo on all integration pages.
  • Add the Okta logo to the integration page.
  • Fix + icon in the Okta integration to go directly to the Okta integration setup page.
  • Report Kali Linux as a rolling release without an EOL date.
  • Fix cannot convert primitive with NO type information error in github.mergeRequest resource.
  • Update host resources to show as Network Hosts in the console instead of Network API.
  • Properly display ReadOnlyPort value in k8s.kubelet.configuration resource when it is 0.
  • Fix caCertFile in k8s.kubelet resource to be in "authentication" and not "authorization".
  • Fix URL links from cnspec failing to load if you had previously loaded a different space.

Mondoo 9.10 is out!

Β· 5 min read
Mondoo Core Team

πŸ₯³ Mondoo 9.10 is out! This release includes compliance evidence PDF reports, exceptions for policies/assets, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container


πŸŽ‰ NEW FEATURES​

Compliance evidence report generation in PDF format​

Prove compliance to your auditors with PDF evidence reports. Now you can export reports from any control page or export an archive containing controls for your whole compliance framework.

Generate a report

These reports are specifically formatted for auditors and ready for attachment to GRC systems or other auditor evidence upload solutions.

View a report

We've got you covered with secure storage as well, so you can share reports between team members without insecure email attachments or unauthenticated URLs.

Store a report

Exceptions for assets and policies​

The power and visibility of compliance exceptions is now available outside of compliance: You can now set exceptions for checks on assets and security policies. Asset and policy exceptions enable cross-team visibility and allow more granularity in how you prioritize your work.

Improve visibility with detailed explanations of why exceptions were created, approvals, and detailed logging. You never have to ask again who made a change and why.

Improved visibility

Prioritize your work with time-based snoozing: Turn off a check temporarily while you work on more important issues, but don't let it fall through the cracks.

Improved Granularity

New CIS Azure Compute Microsoft Windows Server 2019 and 2022 benchmarks​

Secure your Windows Azure environment using the new Azure Compute Microsoft Windows Server 2019 and 2022 benchmarks. These benchmarks specifically target the security of Windows 2019 and 2022 Datacenter editions, using Azure's secure configuration guide settings. Each benchmark consists of domain and member server policies containing over 200 Azure-tailored checks.

New CIS ESXi 8.0 Benchmark v1.0.0​

Are you upgrading your VMware deployments to version 8.0? Mondoo has you covered with the new CIS ESXi 8.0 Benchmark version 1.0. This updated policy includes 86 checks tailored to the latest VMware release.

🧹 IMPROVEMENTS​

Updated RHEL/Oracle/Rocky/AlmaLinux 8 Benchmarks​

Keep your RHEL 8 compatible servers secure with the new 3.0 release of CIS benchmarks for Red Hat Enterprise Linux, Oracle Linux, AlmaLinux, and Rocky Linux. These new policies are complete reworks of the existing CIS benchmarks with hundreds of new and updated checks.

MQL containsNone with an array of regular expressions​

Now you can avoid long, chained MQL queries that check multiple regular expressions. Instead, specify an array of regular expressions:

field.containsNone( [ /a/, /.*b/ ] )

πŸ› BUG FIXES AND UPDATES​

  • Provide friendly error messages if invalid time values for token expiration are entered.
  • Clarify what search values are supported on the compliance controls page.
  • Improve table headings for affected assets on the vulnerabilities pages.
  • Don't reset the pagination back to the first page when enabling/disabling a policy in the registry.
  • Update all policy icons to be full-color for consistency.
  • Fix different scan behaviors between container and docker providers that caused failures when scanning containers.
  • Don't fail when using .contains in queries if the dict value is empty.
  • Fix container image asset names changing between 8.x and 9.x client scans.
  • Fix an error in the aws.iam.policies resource when fetching attachedGroups data.
  • Support quitting the cnquery/cnspec shells with the quit command.
  • Fix failures when running cnquery login.
  • Add additional data to the aws.iam.attachedPolicies resource.
  • Improve cnspec bundle fmt to format markdown in documentation fields and optionally sort checks by name.
  • Fix a failure in cnspec if two policies use the same query UID.
  • Don't show rejected exceptions as active exceptions when scanning in cnspec.
  • Fix the width of the scanning progress bar to show the score result.
  • Fix theEnsure updates, patches, and additional security software are installed query in the CIS Distribution Independent Linux policy to work with Photon.
  • Fix a failure when running asset{*} on some non-operating system assets.
  • Improve the titles of many inventory query pack queries.
  • Improve the form validation behavior in Azure, Okta, OCI, Microsoft 365, and GitHub integration pages.
  • Add missing badges and a description to the Slack integration setup page.
  • Fix failures in the aws.acm.certificates resource.
  • Don't run the TLS security policy on non-host network assets.
  • Ensure that AIX, FreeBSD, Fedora, Kali Linux, Scientific Linux, Pop!_OS, and EuroLinux assets are grouped as operating systems in inventory.
  • Fix rejected compliance exceptions still showing as exceptions on the controls.
  • Improve performance throughout the Mondoo Console.
  • Add EOL detection for EuroLinux assets.
  • Add platform vulnerability detection for the Windows 23H2 release.
  • Ensure audit logs are generated for space create/delete events and add logging when changing space and organization owners.
  • Improve asset group display for GitLab assets.
  • Fix a failure running the cnspec vuln command.
  • Display all spaces when an organization includes more than 25 spaces.
  • Allow the network provider to run with an inventory file.
  • Improve the policy page UI when a policy is enabled, but hasn't yet run on any assets.
  • Fix a UI error when generating a non-expiring registration token.

Mondoo 9.9 is out!

Β· 3 min read
Mondoo Core Team

πŸ₯³ Mondoo 9.9 is out! This release includes experimental SBOM support, platform/package CPE data, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container


πŸŽ‰ NEW FEATURES​

Experimental SBOM generation​

cnquery includes new experimental support for generating software bills of materials (SBOMs). You can generate SBOMs against your local system or containers, mounted filesystems, vagrant boxes, and remote systems over SSH or WinRM.

By default the SBOM prints in list format in the CLI:

cnquery sbom local
β†’ This command is experimental. Please report any issues to https://github.com/mondoohq/cnquery.
β†’ loaded configuration from /etc/opt/mondoo/mondoo.yml using source default
β†’ discover related assets for 1 asset(s)

lunalectric-test ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100%


pypi/Jinja2/2.11.3 /usr/lib/python3/dist-packages/Jinja2-2.11.3.egg-info/PKG-INFO
pypi/LibAppArmor/2.13.6 /usr/lib/python3/dist-packages/LibAppArmor-2.13.6.egg-info
pypi/Mako/1.1.3 /usr/lib/python3/dist-packages/Mako-1.1.3.egg-info/PKG-INFO
pypi/Markdown/3.3.4 /usr/lib/python3/dist-packages/Markdown-3.3.4.egg-info/PKG-INFO
pypi/MarkupSafe/1.1.1 /usr/lib/python3/dist-packages/MarkupSafe-1.1.1.egg-info/PKG-INFO
pypi/PyGObject/3.38.0 /usr/lib/python3/dist-packages/PyGObject-3.38.0.egg-info/PKG-INFO
pypi/PyYAML/5.3.1 /usr/lib/python3/dist-packages/PyYAML-5.3.1.egg-info
deb/acl/2.2.53-10
deb/acpid/1:2.0.32-1
deb/adduser/3.118+deb11u1
deb/amd64-microcode/3.20230808.1.1~deb11u1
deb/anacron/2.3-30
...

Using the --output flag you can control the output format with support for cyclonedx-json, cyclonedx-xml, spdx-json, spdx-tag-value, and table formats.

cnquery sbom local --output spdx-json
β†’ This command is experimental. Please report any issues to https://github.com/mondoohq/cnquery.
β†’ loaded configuration from /etc/opt/mondoo/mondoo.yml using source default
β†’ discover related assets for 1 asset(s)

lunalectric-test ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100%

{
"spdxVersion": "SPDX-2.3",
"dataLicense": "",
"SPDXID": "SPDXRef-DOCUMENT",
"name": "",
"documentNamespace": "",
"creationInfo": {
"creators": [
"Tool: cnquery"
],
"created": "2023-11-28T22:47:07Z"
},
"packages": [
{
"name": "Jinja2",
"SPDXID": "SPDXRef-Package-pypi-Jinja2-2e4a538b3939365a",
"versionInfo": "2.11.3",
"packageFileName": "/usr/lib/python3/dist-packages/Jinja2-2.11.3.egg-info/PKG-INFO",
"downloadLocation": "",
"filesAnalyzed": false,
"licenseDeclared": "2.11.3",
"externalRefs": [
{
"referenceCategory": "SECURITY",
"referenceType": "cpe23Type",
"referenceLocator": "cpe:2.3:a:jinja2_project:jinja2:2.11.3:*:*:*:*:*:*:*"
},
{
"referenceCategory": "SECURITY",
"referenceType": "purl",
"referenceLocator": "pkg:pypi/Jinja2@2.11.3"
}
]
},
...

🧹 IMPROVEMENTS​

Platform and package CPE data​

To power our new SBOM capabilities, Mondoo's asset and package resources now include Common Platform Enumeration (CPE) data that uniquely identifies the platform of the system and packages. Learn more about CPE on the NIST National Vulnerability Database CPE page.

Asset CPEs:

cnquery> asset.cpes
asset.cpes: [
0: cpe uri="cpe:2.3:o:debian:debian_linux:11.8:*:*:*:*:*:*:*"
]

OS package CPEs:

cnquery> packages{name cpes}
packages.list: [
0: {
name: "acl"
cpes: [
0: cpe uri="cpe:2.3:a:acl:acl:2.2.53-10:amd64:*:*:*:*:*:*"
]
}

πŸ› BUG FIXES AND UPDATES​

  • Fix authentication failures in some AWS resources.
  • Allow updating tokens in GitLab integrations.
  • Fix a false positive in the CIS macOS Ensure Show Wi-Fi status in Menu Bar Is Enabled check.
  • Fix the CIS Distribution Independent Linux policy Ensure updates, patches, and additional security software are installed check to run properly on Debian-based systems.
  • Show the number of assets for a policy, not the number of checks, on the Security -> Policies page.
  • Open CVE source links in new windows.
  • Remove extra white space on CVE pages with short descriptions.
  • Improve reliability of queries in the Mondoo Linux Security policy
  • Improve query titles in asset inventory query packs.

Mondoo 9.8 is out!

Β· 6 min read
Mondoo Core Team

πŸ₯³ Mondoo 9.8 is out! This release includes automated compliance inventory gathering, AIX support, a new CVE view, plus a whole lot more!​

Get this release: Installation Docs | Package Downloads | Docker Container


πŸŽ‰ NEW FEATURES​

Automated compliance inventory gathering​

Your audit goes beyond security checks; now so does Mondoo, with continuous infrastructure inventory gathering mapped automatically to top compliance frameworks. Compliance Hub controls now include a Data Queries tab listing inventory data from query packs. This inventory data is gathered automatically from the cnspec CLI or from integrations like AWS, GitHub, or Kubernetes. Inventory data fills key requirements from auditors to ensure your infrastructure is compliant, such as gathering AWS VPC configuration to prove SOC 2 CC6.1.5 or asset inventory data for CC6.1.1.

SOC 2 control with data queries:

SOC 2 control with data queries

Drill into a data query to see the query detail and the assets for which it gathered data:

Data queries page

New result scoring design​

The list of security findings was often presented and sorted in a confusing way. Successful security checks would often be listed above failed checks and errors and skipped checks were mixed into the list at seemingly random. This was due to the previous prioritization focusing more on the impact of checks, rather than the success or failure of its finding.

Scoring example

The new system is focused on prioritizing the most impactful actions. We now sort everything by failed checks first, followed by errors, then successful checks, and finally anything that is ignored or disabled. This means that the list now prioritizes the most critical failed findings.

We also improved the colors. If it looks like a successful check, it is now consistently green. If it looks like a red alarm, it's definitely a critical failed check.

Here's an overview of this new scoring system:

Scoring overview

New asset scorecard design​

When progress isn't lightning-fast, it's important to track small wins. With this in mind, we've redesigned our asset policy cards to better show progress made towards securing systems. The new design removes the score number from the cards and instead shows the number of passing and failing checks, so you can track progress without the need to dive into the list of all checks on an asset.

Asset with new scorecards

New security policies page​

When we built the security policies page, our goal was to give users a single location where they could see all asset scores for policies in their space and control how those policies ran.

This week, we updated that page to make it easier to identify failing assets for each policy quickly:

Policies Page

The updated page also allows you to disable a policy or set it to preview without leaving the policies page:

Changing Policies

New CVE view​

Out with the old and in with the new is the theme of the Mondoo 9.8 release, so why not update one of our oldest components? It's time for a whole new CVE page! A fresh, new design makes it easier to understand the impact of a CVE.

CVE Page

AIX 7.1 and 7.2 support​

Kubernetes and serverless may be all the rage, but mainframes power the world. Now you can secure your AIX mainframes with Mondoo. We've updated cnquery and cnspec with new remote scan capabilities for AIX and bundled CIS AIX 7.1 and 7.2 benchmark policies, allowing you to quickly evaluate the security and compliance of your AIX systems.

AIX Asset

New BSI SiSyPHuS Windows 10 policy​

Mondoo now includes a new BSI SiSyPHuS Windows 10 policy based on BSI's SiSyPHuS Win10 - Study on system design, logging, hardening and security features in Windows 10 - Configuration Recommendations document. This policy includes 363 queries with impact scores and remediation steps. The checks map to all Mondoo supported compliance frameworks, including BSI's Cloud Computing Compliance Controls Catalog (C5) framework.

🧹 IMPROVEMENTS​

Expanded resource fields​

Whether you're writing custom security policies or exploring your infrastructure with cnquery shell, it's important to have all the data possible for assets. This week, we further expand some of our most popular assets with additional fields, giving you greater insight into your infrastructure.

atlassian.admin.organization.managedUser​

  • productAccess - Product access
  • status - Status

aws.autoscaling.group​

  • minSize - The minimum number of instances to scale down to
  • maxSize - The maximum number of instances to scale up to
  • defaultCooldown - The time to wait after scaling up / down before the next scaling event is started
  • launchConfigurationName - The name of the launch configuration
  • healthCheckGracePeriod - The grace period in seconds before an instance with a failing health check will be replaced
  • createdAt - Time when the autoscaling group was created

aws.ssm.instance​

  • platformType - The type of for the SSM Instance, as described by AWS (Windows, Linux, etc)
  • platformVersion - Platform version for the SSM Instance, as described by AWS

aws.ec2.networkacl.entry​

  • ruleNumber - The rule number
  • cidrBlock - CIDR block for the ACL entry

microsoft​

  • tenantDomainName - The connected tenant's default domain name

package / python.package​

Expanded EOL date data​

Mondoo includes the latest EOL dates for distributions so you can ensure your systems receive critical security updates.

  • macOS 11 EOL date of September 26, 2023
  • FreeBSD 12.4 EOL date of December 31, 2023

πŸ› BUG FIXES AND UPDATES​

  • Fix the coloring of code blocks in print mode.
  • Correct spelling of SOC 2 in policies and frameworks.
  • Improved reliability in Windows CIS security checks.
  • Improve SOC 2 security check mapping.
  • Fix select all checkbox behavior in compliance frameworks to only select the visible controls on the page.
  • Use the time datatype instead of string in the Atlassian provider for better resource output.
  • cnspec bundle fmt now preserves comments on the first line of the policy file.
  • Update providers when cnspec is scanning as a service (serve mode).
  • Fix CIS Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop' check failures.
  • Don't show the same policy twice for a single check in Compliance Hub.
  • Fix example scan flags for Kubernetes on the workstation integration page.
  • Only show the create space button on the organizations page if the user has permission to create a space.
  • Don't require all data to be reentered when updating a Jira integration.
  • Improve the performance of loading CVE and advisory data.
  • Add new preview HTTP Security policy.
  • Improve the reliability of organization dashboard graphs for some spaces.

Mondoo 9.7 is out!

Β· 5 min read
Mondoo Core Team

πŸ₯³ Mondoo 9.7 is out! This release includes a new compliance UI, expanded resources, and even more CVE data!​

Get this release: Installation Docs | Package Downloads | Docker Container


πŸŽ‰ NEW FEATURES​

New compliance exceptions UI​

We've reworked the compliance exceptions system to make it easier to understand when exceptions have been set and what that means for your compliance data collection.

Each control includes a new Set Exception button so you can quickly create exceptions directly from framework control pages.

Set Exception

For controls with an exception set, the UI now communicates which type of exception has been set: snooze or disable. It gives a quick description of how the exception affects compliance data collection. The details of the exception are also shown directly on the control page, allowing you to accept, reject, or delete the exception without needing to dig through the exceptions tab.

Active exception state

Run local query packs from cnspec​

Want to quickly test a custom query pack you've written? Now it's easier than ever because you can run a local query pack directly from cnspec:

cnspec scan -f example-pack.mql.yaml
β†’ no provider specified, defaulting to local. Use --help to see all providers.
β†’ loaded configuration from /Users/tsmith/.config/mondoo/mondoo.yml using source default
β†’ using service account credentials
β†’ discover related assets for 1 asset(s)

Asset: Luna-Laptop.local
----------------------

Data queries:
packages.where.list: [
0: package name="ssh" version=""
]
services.where.list: [
0: service name="com.openssh.ssh-agent" running=true enabled=true type="launchd"
]
sshd.config.params: {
AcceptEnv: "LANG LC_*"
AuthorizedKeysFile: ".ssh/authorized_keys"
Subsystem: "sftp /usr/libexec/sftp-server"
UsePAM: "yes"
}

Scanned 1 asset

macOS
U Luna-Laptop.local

🧹 IMPROVEMENTS​

Atlassian asset grouping​

Atlassian admin, Jira, Confluence, and SCM assets scanned with cnspec are now grouped as Atlassian assets in the console. This helps you quickly find all your Atlassian assets.

Atlassian Asset Group

Ubuntu 23.10 EOL/CVE detection​

Ubuntu 23.10 is out, and Mondoo is ready with EOL reporting and CVE detection now available for this latest Ubuntu release. See our blog post What's New in Security for Ubuntu 23.10 to learn more about this release's great new security features.

Raspbian 11 and 12 CVE detection​

cnspec scans on Raspbian 11.x and 12.x releases now include important CVE data on both the CLI and in the console, so you can keep your Raspberry Pi hobby and IoT projects secure.

Better application of CIS Distribution Independent Linux Benchmark policy​

The CIS Distribution Independent Linux Benchmark policy is a fantastic alternative Linux security policy to use when your operating system distribution or specific version is not supported by one of the main CIS Linux benchmarks. Thanks to new filters, you can now apply this policy in any space and rest assured it will only apply to systems for which more specific CIS benchmark policies aren't available. This means that now you can always have security and compliance data available, even when you're running distros that are a bit off the beaten path, such as non-LTS Ubuntu releases, Arch Linux, or Raspbian.

New AWS resource fields​

AWS resources include new default values to improve data pack queries and navigation in the cnquery/cnspec shell. The resources also have many new fields to expose valuable asset inventory data:

aws.cloudfront.distribution

  • enabled
  • httpVersion
  • isIPV6Enabled
  • priceClass

aws.dynamodb.table

  • createdAt
  • deletionProtectionEnabled
  • globalTableVersion
  • id

aws.accessanalyzer.analyzer

  • createdAt
  • lastResourceAnalyzed
  • lastResourceAnalyzedAt

aws.autoscaling.group

  • region

aws.backup.vault

  • createdAt
  • encryptionKeyArn
  • locked
  • region

πŸ› BUG FIXES AND UPDATES​

  • Ensure asset groups display correctly as new assets are added or deleted.
  • Show the correct status badges on the Managed Clients page.
  • Fix incorrect EBS volume scan regions.
  • Fix a failure to display asset scores for EBS volume scans.
  • Add the ability to list processes on Windows systems in the ports.listening resource.
  • Fix EKS node checks not correctly executing in the CIS Amazon Elastic Kubernetes Service (EKS) Benchmark policies.
  • Improve reliability of checks within the CIS Amazon Elastic Kubernetes Service (EKS) Benchmark policies.
  • Fix failures in CIS macOS Benchmark policies' "Ensure Pop-up Windows Are Blocked" and "Ensure Show Status Bar Is Enabled" checks.
  • Fix VMware vSphere CVE detection with cnspec 8.x clients.
  • Return a 100 (A) score when no CVEs are detected on a system.
  • Fix CIS rsyslog checks to fail instead of erroring when the rsyslog config is not found.
  • Improve chrony configuration detection in the Operational Best Practices for Time Synchronization policy.
  • Better detect when journald is running in the Ensure journald is not configured to receive logs from a remote client check.
  • Improve titles of queries in multiple query packs.
  • Fix failures in some JSON data exports due to malformed JSON data.
  • Fix failures detecting the platform on some remote scans.
  • Improve shell help content for many resources.