There are many updates that we hope you will like, including:
- AWS volume-based instance scanning
- Windows platform support
- Asset search and annotations
- Expanded insights in the Mondoo UI
- Mondoo domain change
- Policy updates - 3 new policies, 2 policies newly certified, 5 policies improved
Log in or sign up to get started with the latest functionality
AWS volume-based instance scanning
The Mondoo AWS integration now includes the ability to scan instances using instance EBS volume data. This method does not require credentials or a client installation, and can even scan stopped instances. On the AWS integration configuration page, users can enable this feature and change how scanning occurs.
Windows platform support
We have expanded our support for Microsoft Windows across a number of operating systems:
- Updated CIS policies for Windows 2016, Windows 2019, and Windows 10
- Added security advisories for Windows 10 and Windows 11
- Added End-of-Life detection for Windows 10 and Windows 11
We have also added a few custom resources for Windows:
- Windows BitLocker Volume
- Windows Security Health
- Windows Security Product
Asset search and annotations
The search box on the FLEET page now filters assets by tags and annotations. This simple feature adds a lot of power! For example, you can now search across multiple AWS accounts for assets with the same tag.
As cool as this is, we'll do you one better: you can also search across multiple cloud providers, or GitHub accounts, or... you get the idea.
Mondoo automatically imports tags for these assets during the integration setup. Also, Mondoo now automatically gathers more CI environment labels on GitLab, GitHub Actions, and Travis-CI.
To create custom annotations for any assets when scanning them via the Mondoo agent, you can configure them either in the UI or the CLI.
In the UI, you can configure custom annotations in each asset’s configuration tab:
For the CLI-based approach, you configure the desired annotations in your agent’s configuration file. Here is an example:
---
annotations:
mdm: by-bob
This will add all provided annotations to these assets and allow you to use them in custom searches.
Find and fix the security risks that pose the biggest threat to your business.
Expanded insights in the Mondoo UI
The Mondoo Web Console has two new sets of graphs to help you see the state of your assets at a glance!
First, the new radial graphs now show the breakdown of your assets by score. Mouse hovers provide more detailed information from the dashboard.
Second, on the FLEET page, you'll see a new bar graph showing the same distribution of assets by letter grade.
This graph provides fast insights about your assets and fleet, and it also looks great!
Mondoo domain change
Mondoo has moved to .com! As of April 12th, we’ve officially migrated our web console to https://console.mondoo.com and our API to https://us.api.mondoo.com
. The previous URLs will redirect to the new locations until they reach EOL later this year. We encourage you to update your bookmarks and Mondoo Client configurations. All new configurations generated by Mondoo will use the new API location.
Mondoo 5.34.1 includes a migrate
sub-command that can automatically update your Mondoo configuration to the new API endpoint:
## Check which API Endpoint we're using:
$ cat .config/mondoo/mondoo.yml | yq .api_endpointhttps://api.mondoo.app
## Upgrade the config:
$ mondoo migrate
→ Migrate Mondoo CLI configuration:
→ loaded configuration from /home/benr/.config/mondoo/mondoo.yml
→ saving mondoo config path=/home/benr/.config/mondoo/mondoo.yml
→ migrated configuration successfully
## Check the new API endpoint:
$ cat .config/mondoo/mondoo.yml | yq .api_endpointhttps://us.api.mondoo.com # <-- Good!
Policy updates
We released 3 new policies:
- CIS Windows 11
- CIS Windows Server 2022
- CIS Rocky Linux
Additionally, Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8 have now both been CIS-certified, alongside Ubuntu 20.04.
Vulnerability and advisory detection has been expanded to:
- Ubuntu 22.04 and the upcoming Ubuntu 22.10 release
- Windows 10 and Windows 11
EOL detection has been expanded to:
- VMware Photon / Oracle Linux
- Windows 10 and Windows 11
- Updated EOL checks for Ubuntu, Scientific Linux, Fedora, and macOS
Additionally we updated the following policies:
- CIS Windows 2016 updated to version 1.3.0
- CIS Windows 2019 updated to version 1.3.0
- CIS Windows 10 updated to version 1.12.0
- Kubernetes Application Benchmark by Mondoo (now displays pod names and namespaces in its output)
- Mondoo Security Baselines (more reliable auditd, better output, improved scanning on containers, and bug fixes)
You can find all of these policies in your Policy Hub by clicking “Add Policies.”
Improvements
Mondoo Kubernetes Operator Improvements
The Mondoo Kubernetes Operator has been updated with Kubernetes Workload and Deployment scanning and the ability to scan Rancher-provisioned control plane and etcd nodes.
The Mondoo Kubernetes operator's admission controller now includes full scanning of each Kubernetes deployment and pod. With the admission controller enabled, these scans display on the FLEET page.
Additionally:
- Operator pods now include readiness probes.
- Users can now skip the resolution of the Mondoo client container image if necessary.
- Operator resource limits have been lowered to limit cluster impact.
See the mondoo-operator repo for more details. Stay tuned for a guided operator setup and improved UI experience coming soon.
New ssh-host-key id-detector
You can now identify the system you're scanning through the ssh-host-key with the --id-detector CLI flag.
mondoo scan --id-detector ssh-host-key
Colorblind mode
A new user setting allows you to change the entire UI to a color palette accessible to users with deuteranomaly, tritanomaly, or protanomaly.
Pop!_OS support
Mondoo now detects and scans the Pop!_OS Linux distribution by System76.
Updated output in Mondoo policy commands
The mondoo policy describe
and mondoo policy list
commands have been updated with a fresh new output format to improve readability. mondoo policy list
now also includes policy version information, and a new --list-all
flag lets you list all private, public, and enabled policies at once.