🥳 Mondoo 8.28 is out! This release includes fine-grained GitLab scanning and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

Fine grained scanning of GitLab assets​

Mondoo now offers more detailed scanning capabilities for GitLab assets. Instead of the previous single gitlab asset, Mondoo now provides separate gitlab-group and gitlab-project assets. When scanning your GitLab group, both cnspec and cnquery now automatically detect each project within your group. This enhanced granularity in asset scans improves the accuracy of scan results and allows for setting exceptions for specific projects.

 cnspec scan gitlab --group lunalectric
→ loaded configuration from /Users/luna/.config/mondoo/mondoo.yml using source default
→ using service account credentials
→ discover related assets for 1 asset(s)
→ resolved assets resolved-assets=37
→ synchronize assets
 lunalectric / rockets_101         ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100%
 lunalectric / oxygen_generator    ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100%
 lunalectric / space_cats          ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100%
 lunalectric / rover_design        ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100%
 lunalectric / human_habitats      ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100%
 ...

🧹 IMPROVEMENTS​

Runtime data in AWS Lambda function resource​

The aws.lambda.function MQL resource now includes a new runtime field that displays the runtime environment of the function. Thanks for this addition @mbainter!

🐛 BUG FIXES AND UPDATES​

• Fix a panic viewing some asset data in the asset resources tab.
• Add more user-friendly control titles to the SOC 2 compliance framework.
• Show 0% check completion instead of “Unknown” when appropriate in compliance controls.
• Automatically close the search box when results display.
• Fix hardware systems incorrectly identifying as Azure VMs in asset configuration data.
• Improve reliability of the CIS Ensure GDM login banner is configured check on RHEL based systems.
• Prevent errors in the CIS Ensure filesystem integrity is regularly checked check when the aide package is not installed.

🥳 Mondoo 8.27 is out! This release includes asset search, improved CIS policies, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

Product-wide asset search​

Want to quickly find all your Debian systems or maybe the Mac laptop with a particular IT asset tag? Now you can with simple, yet powerful, search.

Search your whole organization or limit results to a single Mondoo space.

Need to craft a more advanced query? Use GitHub-style search syntax to write powerful search queries with ease.

Learn more in the Mondoo search docs.

🧹 IMPROVEMENTS​

Improved CIS policy results​

This week we further improved the reliability of our CIS benchmark policies, so you'll always have the best security compliance data for your infrastructure.

• Fix failures in the Ensure permissions on bootloader config are configured on some Linux distributions.
• Fix failures in the Ensure permissions on /etc/shadow- are configured when the /etc/shadow- file doesn't exist.
• Update the Ensure local login warning banner is configured properly and Ensure remote login warning banner is configured properly checks to also ensure the /etc/issue file exists.
• Fix failures in the Ensure permissions on /etc/issue are configured check when the /etc/issue file does not exist.
• Fix failures in the Ensure permissions on /etc/issue.net are configured check when the /etc/issue.net file does not exist.
• Fix failures in the Ensure permissions on /etc/gshadow- are configured and Ensure permissions on /etc/gshadow are configured checks on Debian-based systems.
• Fix failures in the Ensure audit log storage size is configured, Ensure audit logs are not automatically deleted, and Ensure system is disabled when audit logs are full checks when the /etc/audit/audit.conf file does not exist.
• Fix failures in the Ensure at/cron is restricted to authorized users if the /etc/cron.allow or /etc/at.allow config files don't exist.
• Add PowerShell remediation snippets to all Windows policies.

🐛 BUG FIXES AND UPDATES​

• Pages in compliance that show check details now include breadcrumbs that take you back to the main compliance page.
• Allow users to update the private key in OCI integrations.
• Remove GCP BigQuery table count from the asset configuration overview to prevent long scan times in complex environments.
• Show an improved empty state page on security and compliance check pages that have no assets.
• Update the AWS integrations list page design to match other integration pages.
• Improve the rendering of the integration list page when the last integration has been removed.
• Fix missing check summary counts on asset pages.
• Fix some CVE scores showing up as "None" when they should be "Critical".

🥳 Mondoo 8.26 is out! This release includes OCI asset configuration data, improved Compliance Hub results, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

OCI asset configuration overview data​

Mondoo now shows configuration data for Oracle Cloud Infrastructure (OCI) Tenancies.

Filter compliance results by asset type​

Compliance Hub now has buttons that let you quickly filter compliance assets by platform type. Because these group buttons in the fleet view were so helpful to users, we added them to compliance as well.

🧹 IMPROVEMENTS​

Improved Compliance Hub framework completion calculations​

When we set out to build Compliance Hub, we wanted to enable teams to quickly asses their compliance posture and track progress as they worked to secure systems and services. After launching Compliance Hub, we received insightful feedback from our users. Based on that feedback, this week we've improved how we report progress towards compliance completion.

Previously we calculated a space's compliance completion by the percentage of all assets that were 100% compliant. In some circumstances, the completion status could remain 0% until the team deployed one last magical fix that made all assets compliant.

Compliance Hub now calculates a space's completion as the average of all control completion percentages. Teams can now see incremental progress with each security improvement they deploy. We think this better reflects the true state of compliance and gives users the small wins they deserve as they work to secure their environments.

Improved CIS policy results​

We've reworked many of our bundled CIS benchmark policies to make them more resilient and improve the rendering of scan results:

• Rework queries in CIS AWS Foundations to improve rendering of results.
• Improve reliability of Auditd, SELinux, and AppArmor checks in Linux policies.
• Improve the reliability of the Ensure audit_backlog_limit is sufficient check.
• Prevent failures in the Ensure permissions on /etc/gshadow are configured check when the file does not exist.
• Prevent failures in the Ensure cron is restricted to authorized users check when /etc/cron.allow does not exist.
• Expand the Ensure HTTP server is not installed check for Nginx and lighttpd in addition to Apache2.
• Add two additional controls to the CIS AWS Foundations benchmark policy.
• Improve reliability and result output of queries in the CIS GCP and GKE policies.
• Improve the query output of failing Kubernetes namespaces in the Ensure that all Namespaces have Network Policies defined check.
• Add missing audit blocks to checks in Kubernetes policies.

🐛 BUG FIXES AND UPDATES​

• Improve rendering of GCP tiles in the fleet view when organizations, projects, and cloud assets have scanned.
• Fix sorting of assets by count in Security > Policies table when there are checks with 0 assets.
• Don't show empty Manufacturer or Product configuration data on cloud assets.
• Add the July 31, 2023 EOL date for FreeBSD 13.1.
• Remove the unused user settings option "Send me space alerts."
• Improve performance of reporting first time asset scans.
• Improve error messages when scanning GCP VM instances/snapshots outside of a GCP environment.
• Rename Oracle Cloud Infrastructure assets to Oracle Cloud Infrastructure Tenancy to better reflect that these are the OCI tenancies.
• Show policy descriptions in the registry.
• Show audit content in asset check pages.

🥳 Mondoo 8.25 is out! This release includes improvements to Compliance Hub, updated CIS Debian Linux 2.0 Benchmark, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🧹 IMPROVEMENTS​

Improved Compliance Hub experience​

We've been busy this week rolling out fixes and improvements to make Compliance Hub an even better experience.

• The first exception on the compliance exceptions tab now automatically expands for easier viewing.
• Compliance control pages now include tooltips for the completion column.
• Controls listed in exceptions now link to the individual control pages.
• The completion column in control pages now supports ascending and descending sorting.
• The completion percentage shown for frameworks now better reflects progress.
• There are improved recommendations when there are no checks or assets in a control.
• Compliance completion bars in Firefox now size properly at all window dimensions.

CIS Debian Linux 10 Benchmark 2.0​

CIS Debian Linux 10 Benchmark is updated from 1.0 to 2.0. This is a massive update to the CIS benchmarks for Debian that includes the following changes:

• 38 controls now have improved descriptions, audit instructions, and remediation steps.
• 34 new controls now follow the "Ensure service X is not installed" method instead of "Ensure service X is disabled".
• 58 legacy controls have been removed, including the existing "Ensure service X is disabled" controls mentioned above.

🐛 BUG FIXES AND UPDATES​

• Don't show duplicate checks in the registry when a policy uses variants.
• Remove a black box displayed in the registry when a policy uses policy variants.
• Add three additional controls to the CIS Amazon Linux 2023 policies.
• Improved descriptions and remediation steps in the CIS Distribution Independent Linux Benchmark policies.
• Log errors for missing API support when scanning GCP organization and projects instead of failing.
• Give a unique name to gcp-subnetwork assets that includes the region in the name.
• Fix the grouping of GCP organizations and projects in the fleet view.
• Don't attempt to discover GCP projects that are marked for deletion.
• Don't detect GCP VM instances as VM images.

🥳 Mondoo 8.24 is out! This release includes NIST SP 800-171 compliance, CIS AWS Foundations Benchmark 2.0, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

NIST SP 800-171 Framework​

Mondoo Compliance Hub now includes the NIST SP 800-171 framework, raising the total number of out-of-the-box compliance frameworks to ten. Each of the 110 controls in this framework automatically map to the checks in your infrastructure, so with a flip of a switch you can start your NIST SP 800-171 and see where you stand.

🧹 IMPROVEMENTS​

Improved asset configuration data for GCP projects​

GCP project assets in the fleet now include additional asset configuration data, so you can always understand what's being scanned at a quick glance.

CIS Amazon Web Services (AWS) Foundations Benchmark 2.0​

The CIS Amazon Web Services (AWS) Foundations Benchmark is updated to the latest 2.0 release. This updated benchmark includes a number of important updates to make securing your AWS environment easier:

• Adds a new check to ensure that EC2 metadata service requires IMDSv2
• Adds a new check to restrict the usage of AWS CloudShell
• Removes the check that ensures all S3 buckets have encryption at rest enabled because this feature is now enabled automatically
• 22 updated checks with improved audit and remediation steps

🐛 BUG FIXES AND UPDATES​

• Fix errors determining cloud configuration for containers.
• Improve slow scan times while waiting on policy data.
• Resolve a panic loading some queries in the resource explorer.
• Fix organization overview dashboard to ignore data below 0.
• Improve reliability of queries in the CIS Distribution Independent Linux Benchmark policy.
• Update CIS Windows policy scoring to match that of non-Windows CIS benchmarks.
• Improve the reliability of the GitHub Organization Security and GitHub Repository Security policy SECURITY.md checks.
• Fix incorrect text on the org and space level service account pages.
• Improve padding in the asset page configuration tiles.
• Improve the display of various compliance pages when there is not data.
• Fix an error in the asset overview data when the cloud could not be properly detected.
• Fix failures scanning OCI via the integration.
• Adjust impact scores in the Mondoo Linux Security and CIS Distribution Independent Linux Benchmark policies.
• Don't show buttons to create new spaces when users only have Viewer privileges.
• Fix the Kubernetes operator to properly garbage collect old node scans when only node scanning is enabled.
• Display CVSS 3.1 CVE scores when available.

🥳 Mondoo 8.23 is out! This release includes Mondoo Compliance Hub, improved asset configuration data, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

Compliance Hub​

Are you struggling to achieve compliance with frameworks such as SOC 2, HIPAA, BSI, or PCI? Let the new Mondoo Compliance Hub do the heavy lifting for you. It automatically maps all of your existing security scans into the top compliance frameworks, allowing you to quickly view your progress towards compliance. And best of all, you'll never have to take a screenshot for manual evidence gathering again.

Learn more in our Simplifying Compliance: Introducing the Mondoo Compliance Hub blog post.

🧹 IMPROVEMENTS​

Improved asset configuration data​

Last week we added new asset configuration data to the console, so you can quickly understand what Mondoo is scanning and where to find it in your infrastructure. This week we've improved that experience with an updated layout on the asset pages, improved DB type names for AWS RDS instances, and new data collection on Slack and Okta assets.

VMware policy improvements​

• Update CIS VMware ESXi 6.7 Benchmark from 1.2 to 1.3 with improved audit and remediation steps.
• Rework queries in CIS ESXi 6.7 and 7.0 benchmarks for improved reliability.

🐛 BUG FIXES AND UPDATES​

• Fix failures loading AWS assets in the console.
• Fix failure applying MS365 policies.
• Update the VMware appliance to Debian 12.
• Improve Linux OpenSSH checks to only run when OpenSSH is installed.
• Improve Ensure SSH Protocol is set to 2 Linux query to only run on the appropriate OpenSSH releases.
• Improve Ensure access to the su command is restricted Linux query to account for admin or mondoo users.
• Improve Postfix queries to also ensure that Postfix is running.
• Update Linux policies to use the port resource instead of the deprecated socketstats resource.
• Use bool value and not pointer in aws.ec2.networkacl.entry.egress resource.
• Fix an issue that made MQL query compilation non-deterministic.
• Improve support for services on SUSE systems.
• Fix some package queries hanging on SUSE systems.
• Don't include ignored checks in the asset "Top Recommended Actions" tile.

🥳 Mondoo 8.22 is out! This release includes new asset configuration data, updated CIS policies, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

New asset configuration insights​

Have you ever struggled to respond to a security alert because you couldn't locate the asset in your infrastructure? Now with Mondoo, you can quickly track down assets in your environment, thanks to new asset configuration information available in the Mondoo Console. This new configuration data includes important asset metadata such as accounts and regions for cloud assets or make, model, and serial number for physical assets. Mondoo automatically collects this data so you don't have to worry about enabling additional policies or query packs.

Example cloud asset:

Example physical asset:

🧹 IMPROVEMENTS​

See who set up integrations​

Want to know whom to thank for setting up infrastructure integrations in Mondoo? Each integration in Mondoo now shows the creator so you can quickly see who's been busy securing infrastructure in your organization.

CIS AWS Foundations Benchmark 2.0​

Mondoo now includes the CIS AWS Foundations Benchmark policy version 2.0. This updated release includes two new controls to ensure AWS CloudShell access is restricted and to ensure that instances only allow metadata access via IMDSv2. The policy also includes 22 updated controls with improved audit and remediation steps.

CIS Amazon EKS Benchmark 1.3.0​

Mondoo now includes the CIS AWS EKS Benchmark policy 1.3.0. This updated release replaces checks for the deprecated Pod Security Policy system with Pod Security Standards instead. It also includes six updated controls with improved audit and remediation steps.

aws.rds.dbinstance Automatic Upgrade field​

The aws.rds.dbinstance MQL resource now includes a new autoMinorVersionUpgrade field that identifies if automatic minor version upgrades are enabled for the RDS instance.

🐛 BUG FIXES AND UPDATES​

• Don't hang waiting on Zypper CLI input when scanning SUSE hosts.
• Detect SUSE 11 and earlier platforms where /etc/os-release is absent.
• Fix failures scanning containers on the latest Docker releases.
• Prevent cnspec service checks from potentially rebooting sys-v init based SUSE 11 and earlier.
• Fix failures scanning new AWS instances created from the AWS Lambda integration.
• Fix failing ECR image scans from the AWS Lambda integration.
• Don't display the Show all policies button on assets when all policies are already showing.
• Improve the display of current AWS resources from within the AWS Integration page.
• Stop the packages list in the asset Platform Vulnerabilities tab from reloading twice.
• Fix a double refresh when selecting asset CVEs.
• Improve alignment of data on the Platform Vulnerabilities page.
• Fix Load More pagination on the CVEs page.
• Fix query results that returned cannot convert primitive with NO type information.
• Remove empty Impact sections from CIS benchmark policies.
• Improve MQL query formatting in policies to improve readability.
• Add a friendly message when an asset has no annotations so it's more clear how to create an annotation.
• Warn before leaving Risk Actions midway through creating a plan.
• Fix panics loading some asset data.
• Improve the display of organization dashboard graphs on tablets.
• Improve several AWS platform titles.
• Fix failures using hashi-vault with local inventory files.

🥳 Mondoo 8.21 is out! This release includes loads of new CIS policies, performance improvements, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

New CIS policies for OCI, OpenShift, and Amazon 2023​

We've been busy pulling in the latest CIS policies for your growing infrastructure, with five new policies this week to help you secure the latest platforms:

• CIS Red Hat OpenShift Container Platform v4 Benchmark - Level 1
• CIS Red Hat OpenShift Container Platform v4 Benchmark - Level 2
• CIS Amazon 2023 Benchmark - Level 1
• CIS Amazon 2023 Benchmark - Level 2
• CIS Oracle Cloud Infrastructure Foundation Benchmark - Level 1

🧹 IMPROVEMENTS​

Improved policy formatting​

The cnspec bundle lint command has seen improvements to better handle multi-line queries. These queries will now automatically format on individual lines so you can more easily read your policies.

Before:

mql: "users.where(\n  shell.contains(\"nologin\") == false && shell.contains(\"false\") == false\n  && name != \"sync\" && name != \"shutdown\" && name != \"halt\" \n).list {\n  file(home) {exists}\n}\n"

After:

mql: |
  users.where(
    shell.contains("nologin") == false && shell.contains("false") == false
    && name != "sync" && name != "shutdown" && name != "halt"
  ).list {
    file(home) {exists}
  }

Improved performance​

Who doesn't like getting the same thing, only faster? We optimized how we deliver policy data from Mondoo Platform to our clients to make your scans even quicker. Expect to save around 1.5 seconds on each scan. We hope you make the best of this time windfall.

🐛 BUG FIXES AND UPDATES​

• Accept Jira project IDs in any case.
• Suggest CIS GitHub Benchmark policy after setting up a GitHub integration.
• Show Debian 11/12 security update repository packages in CVE scan results.
• Fix assets failing to load in the console under some circumstances.
• Fix CIS Amazon Linux 2 benchmark policies incorrectly applying to Amazon Linux 2023 hosts.
• Fix failures when EBS volume scanning Amazon 2023 instances.
• Fix Oracle Linux 8/9 vulnerability scans showing already installed updates for some packages.
• Fix typos in the Okta Organization Security policy’s query UIDs. Thanks @moeterich.
• Improve reliability of data exports when data is malformed.
• Improve reliability of queries in CIS Windows Benchmark policies.
• Improve reliability of the chrony and timesyncd checks in the Operational Best Practices for Time Synchronization policy.
• Improve Jira host validation during the integration setup.
• Improve policy search results in the registry.
• Improve consistency of CIS benchmark names and query UIDs.
• Improve queries in CIS Kubernetes Benchmark policies.
• Rework CIS policies to include groups for better display in the registry.
• Show an error if a policy cannot be removed from the registry.

🥳 Mondoo 8.20 is out! This release includes Azure Blob Storage exports, updated asset inventory data, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

Azure Blob Storage exports​

Continuously export your Mondoo security scan data to Azure storage blobs where external systems like Splunk can consume it.

🧹 IMPROVEMENTS​

Expanded Linux / macOS inventory packs​

The macOS Inventory Pack and Linux Inventory Pack now include additional information to better identify systems in your infrastructure with CPU, memory, storage, and hardware model data collection.

Example output on macOS:

Retrieve the amount of physical memory:
parse.json.params[SPHardwareDataType].first[physical_memory]: "16 GB"

Retrieve the hostname:
os.hostname: "Tim-Smith.local"

Retrieve the machine model identifier:
parse.json.params[SPHardwareDataType].first[machine_model]: "MacBookPro18,3"

Retrieve the machine model name:
parse.json.params[SPHardwareDataType].first[machine_name]: "MacBook Pro"

Retrieve the model part number:
parse.json.params[SPHardwareDataType].first[model_number]: "MKGQ3LL/A"

Retrieve the system serial number:
parse.json.params[SPHardwareDataType].first[serial_number]: "GGJXG21234"

Retrieve the type of CPU:
parse.json.params[SPHardwareDataType].first[chip_type]: "Apple M1 Pro"

Example output on Linux:

Retrieve the size and filesystem type of the root volume:
command.stdout.trim: "56G ext4"

Retrieve the system manufacturer:
machine.baseboard.manufacturer: "ASUSTeK COMPUTER INC."

Retrieve the system product name:
machine.baseboard.product: "H87I-PLUS"

Retrieve the type of CPU:
command.stdout.trim: "Intel(R) Core(TM) i7-4785T CPU @ 2.20GHz"

Retrieve the amount of physical memory:
command.stdout.trim.+: "16636M"

🐛 BUG FIXES AND UPDATES​

• Discover private repos when scanning GitHub organizations.
• Add --discover organization to the GitHub provider to scan just the organization itself, not repos within the organization.
• Remove unnecessary AWS tag collection from the AWS global DynamoDB table discovery.
• Don't collect the root user in "Collect regular user" query pack queries.
• Add missing impact to CIS GKE Benchmark Level 1.
• Don't show the unnecessary Mondoo Job Environment platform overview information for Kubernetes assets.
• Fix the Mondoo Kubernetes Operator to properly report container scanning status.
• Don't fail a data export if CVE data cannot be found.
• Ensure that all JSON data in exports can be properly parsed by Splunk.
• Ensure Azure question packs in the registry show the correct icons.

🥳 Mondoo 8.19 is out! This release includes continuous OCI scanning, organization-wide service accounts, massive Windows performance improvements, and more!​

Get this release: Installation Docs | Package Downloads | Docker Container

🎉 NEW FEATURES​

Continuous OCI scanning​

Continuously scan your Oracle Cloud Infrastructure (OCI) services, all without an agent installation. Set up continuous scanning using your existing local OCI configuration file, and we'll do the rest with full infrastructure scans every 4 hours.

Organization-wide service accounts​

Need a service account for all your spaces? Now you can create one with organization-wide service accounts, available on the organization settings page. Create new accounts or manage existing accounts with an improved UI to help with cross-team collaboration.

Scan AWS using assumed roles​

Now you can scan your AWS infrastructure by assuming an AWS role:

cnspec scan aws --option role-arn=ROLEARN
cnspec scan aws --option role-arn=ROLEARN --option external-id=EXTERNALID

CIS GitHub Benchmark policy​

Secure your GitHub organizations and repos with Mondoo and the new CIS GitHub Benchmark 1.0 policy.

🧹 IMPROVEMENTS​

4.5x Windows speedup with registry improvements​

What's better than improvements to the Windows registrykey resource? How about improvements that also make CIS benchmark scans on Windows nearly 4.5 times faster, all while using 25% less memory? It seems like a tall order, but we've entirely reworked registrykey under the hood to give you some huge new benefits Mondoo-wide.

First off, there's a whole new way to interact with registry data. The registrykey resource includes a new items property that greatly improves how data is returned (versus the now deprecated properties field). This new format allows us to return more than just string values, including new binary and multi-line registry value support.

The existing registrykey.properties data that returned just key/value data:

cnspec> registrykey(path: 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters').properties
registrykey.properties: {
  EnableAuthenticateUserSharing: "0"
  Guid: ""
  NullSessionPipes: ""
  ServiceDll: "%SystemRoot%\\system32\\srvsvc.dll"
  ServiceDllUnloadOnStop: "1"
  autodisconnect: "15"
  enableforcedlogoff: "1"
  enablesecuritysignature: "0"
  requiresecuritysignature: "0"
  restrictnullsessaccess: "1"
}

With registrykey.items you'll get back a wealth of data on each registry key that looks more familiar to regedit users:

cnspec> registrykey(path: 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters').items { * }
registrykey.items: [
  0: {
    value: "0"
    type: "dword"
    name: "EnableAuthenticateUserSharing"
    path: "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\LanManServer\\Parameters"
    data: 0
    exists: true
  }
  1: {
    value: ""
    type: "multistring"
    name: "NullSessionPipes"
    path: "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\LanManServer\\Parameters"
    data: [
      0: ""
    ]
    exists: true
  }
  2: {
    value: "%SystemRoot%\\system32\\srvsvc.dll"
    type: "expandstring"
    name: "ServiceDll"
    path: "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\LanManServer\\Parameters"
    data: "%SystemRoot%\\system32\\srvsvc.dll"
    exists: true
  }
  3: {
    value: "1"
    type: "dword"
    name: "ServiceDllUnloadOnStop"
    path: "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\LanManServer\\Parameters"
    data: 1
    exists: true
  }
...

What about those under-the-hood improvements? registrykey is entirely rewritten to natively query the Windows registry directly instead of going through PowerShell. This increases performance, reduces memory usage, and works better with antivirus systems that could block Mondoo's use of PowerShell.

Execution of the CIS Windows 2022 Level 1 Member Benchmarks policy running on an AWS t2.large instance:

Updated CIS AKS Benchmark policy​

Both the CIS AKS Benchmark policies are updated from 1.2.0 to 1.3.0. These new versions improve audit/remediation steps and remove checks for the deprecated --protect-kernel-defaults kubelet flag.

🐛 BUG FIXES AND UPDATES​

• Add missing impact scores to CIS GKE policy.
• Support policy variants in query packs.
• Improve check titles in Mondoo inventory packs.
• Improve search results in the security registry.
• Resolve errors loading CI scan results.
• Fix errors executing local policies containing variants.
• Display the create time for export integrations.
• Fix incorrect EOL date for Windows 2016.
• Fix failures when setting plans in Risk Actions.
• Resolve occasional failures logging in using Safari.
• Fix a failure in certain uses of files.find in policies.