We blew the lid off cases 

Remember in July how excited we were to introduce cases? This quick and easy way to create security tasks and track them to completion has been a huge help to our customers who use Jira. With just a couple of clicks, cases turn a security finding into a Jira issue with a detailed description and remediation instructions already included. 

Well that was only the beginning! We've released so many new capabilities for cases that now we look back at the July release and coo, "Awww, that was so cute." 

We added support for more ticket systems, automatic drift detection, smoother synchronization of workflows, and the ability to group findings on multiple assets into one case. Here are the details:

Zendesk, GitLab, GitHub, and more

In addition to Jira issues, Mondoo can now create Zendesk tickets, GitLab issues, and GitHub issues. Once you integrate Mondoo with the ticket system of your choice, Mondoo automatically creates a ticket or issue each time you create a case.

Is your project management or ticket system not in our expanded list of integrations? Don't worry—with email-based ticket integrations, we've got you covered. You can configure one or more email addresses to receive a message whenever you create a new case. Use this option to send email to your ticket system's automated listener, such as Monday's email to board, ServiceNow's inbound email, or HappyFox's email ticketing. Based on the message Mondoo sends, your ticket system adds a task to your team's project.

Automatically create cases on drift

With all the work you do to improve security, it hurts to drift backwards. But sometimes changes occur that increase an asset's exposure to attack. When that happens, you need to know about it right away.

Mondoo can now automatically detect drift and create a case—and an issue in your ticket system—describing how to resolve the problem. Mondoo monitors for these types of changes that make an asset less secure:

• An asset previously passed a check in a policy but is now failing that check
• Mondoo previously did not detect a vulnerability on an asset, but now does detect that vulnerability

When Mondoo detects that drift has occurred, it creates a new case with the issue description and remediation details. It also adds a ticket or issue to your ticket system and/or sends email so you can be aware of the change and track the work on resolving the problem.

One case for multiple assets with the same finding

If multiple assets fail the same check or have the same vulnerability, you have a choice: Track the work of fixing each asset in a separate case or combine them in a single case. Choose the option that best fits how your team works on tickets or issues in your regular workflow.

Similarly, if the same drift occurs on multiple assets, you can create a separate case for each asset or you can combine multiple assets with the same drift into a single case. When Mondoo detects drift on an asset, it can wait a configurable period of time before creating an issue or ticket in your ticket system. That waiting period gives Mondoo time to complete more scan results in your infrastructure, detect if the same drift has occurred on other assets, and add those assets to the case and the issue/ticket.

Synchronized workflows

Now when you close a Mondoo-created ticket or issue in Jira, Zendesk, GitHub Issues, or GitLab Issues, the corresponding case closes in Mondoo.

You can choose whether to automatically close a Mondoo-created ticket or issue in Jira, Zendesk, GitHub Issues, or GitLab Issues when you close the corresponding case in Mondoo.

Get the scoop on vulnerabilities quickly

Who has time to study every vulnerability in detail? We improved the vulnerability page so that you can quickly assess the risk a CVE poses to your organization. 

Software pages

New risk summary boxes on software pages help you make informed decisions when it comes to prioritizing software updates in your infrastructure. The summary includes:

• Risk
• CVSS score
• EPSS score
• Risk factors
• Blast radius 

Vulnerability pages

Vulnerability pages now show whether the CVE has a related advisory. Now you can dive deeper into specific vendor recommendations when evaluating the impact of CVEs on your infrastructure.

Also on vulnerability pages, we changed the background color of risk summary boxes to reflect the risk level.

Resource updates

Of course, we added loads of new resources and fields this month to help you collect all the data that is essential to securing your infrastructure;

atlassian.jira.issue​

• New projectKey field
• New creator field
• New typeName field

azure.subscription​

• New iot field using new azure.subscription.iotService resource

azure.subscription.keyVaultService.vault​

• New autorotation field using the new azure.subscription.keyVaultService.key.autorotation resource

azure.subscription.networkservice.applicationGateway​

• New wafConfiguration field using the new azure.subscription.networkService.wafConfig resource

azure.subscription.webService.appsite​

• New diagnosticSettings field
• New functions field using the new azure.subscription.webService.function resource

github.file​

• New exists field

github.repository​

• New codeOfConductFile field
• New supportFile field
• New securityFile field

microsoft.conditionalAccess​

• New resource with namedLocations field

microsoft.conditionalAccess.ipNamedLocation​

• New resource with name and trusted fields

Dive into compliance evidence on query pages

Now you can view compliance evidence gathered by Mondoo without leaving the Compliance Hub. Now Compliance Hub query pages show evidence for each scanned asset right on the page. Reviewing evidence no longer requires opening each asset.

‍

Track policy risk space-wide

The Assets tab on policy pages now shows asset risk scores, risk factors, and last updated times. You get the big picture plus the most important details that affect your security posture.

New and updated policies

• Brand new CIS Ubuntu 24.04 level 1 & 2 benchmark policies include 295 total checks to secure your critical Ubuntu systems.
• The new Mondoo Microsoft Entra ID Security policy includes essential checks to keep your directory data secure.
• The CIS Azure Foundations 3.0 policy includes 15 all-new checks and 69 updated checks. Additions include checks to ensure that:some text
  • Azure Key Vault rotation is configured
  • AppService HTTP logs are enabled
  • Guest users in Entra ID are further restricted
  • Storage accounts have logging

Expanded EOL detection support

We added FreeBSD 13.2, 13.4, and 14.1 to our EOL detection. There are also updated dates for AlmaLinux 8 and Ubuntu 24.04.

‍