Skip to content
Untitled design-Aug-24-2022-05-32-19-93-PM
Dominik RichterMay 10, 20224 min read

ICYMI: Mondoo Release Highlights for April 2022 (version 5.37)

Mondoo-april-2022

Welcome to the April 2022 recap of Mondoo releases. There are many updates that we hope you will like, including:

  • AWS volume-based instance scanning
  • Windows platform support
  • Asset search and annotations
  • Expanded insights in the Mondoo UI
  • Mondoo domain change​
  • Policy updates - 3 new policies, 2 policies newly certified, 5 policies improved

Log in or sign up to get started with the latest functionality

AWS volume-based instance scanning

The Mondoo AWS integration now includes the ability to scan instances using instance EBS volume data. This method does not require credentials or a client installation, and can even scan stopped instances. On the AWS integration configuration page, users can enable this feature and change how scanning occurs.

aws volume scanning

Windows platform support

We have expanded our support for Microsoft Windows across a number of operating systems:

  • Updated CIS policies for Windows 2016, Windows 2019, and Windows 10
  • Added security advisories for Windows 10 and Windows 11
  • Added End-of-Life detection for Windows 10 and Windows 11

We have also added a few custom resources for Windows:

  • Windows BitLocker Volume
  • Windows Security Health
  • Windows Security Product

windows-10-advisories

Asset search and annotations

The search box on the FLEET page now filters assets by tags and annotations. This simple feature adds a lot of power! For example, you can now search across multiple AWS accounts for assets with the same tag.

As cool as this is, we'll do you one better: you can also search across multiple cloud providers, or GitHub accounts, or... you get the idea.

Mondoo automatically imports tags for these assets during the integration setup. Also, Mondoo now automatically gathers more CI environment labels on GitLab, GitHub Actions, and Travis-CI.

To create custom annotations for any assets when scanning them via the Mondoo agent, you can configure them either in the UI or the CLI.

In the UI, you can configure custom annotations in each asset’s configuration tab:

custom-annotations

For the CLI-based approach, you configure the desired annotations in your agent’s configuration file. Here is an example:

---
annotations:
mdm: by-bob

This will add all provided annotations to these assets and allow you to use them in custom searches.

Expanded insights in the Mondoo UI

The Mondoo Web Console has two new sets of graphs to help you see the state of your assets at a glance!

First, the new radial graphs now show the breakdown of your assets by score. Mouse hovers provide more detailed information from the dashboard.

spaces overview

Second, on the FLEET page, you'll see a new bar graph showing the same distribution of assets by letter grade.

fleet view

This graph provides fast insights about your assets and fleet, and it also looks great!

Mondoo domain change​

Mondoo has moved to .com! As of April 12th, we’ve officially migrated our web console to https://console.mondoo.com and our API to https://us.api.mondoo.com. The previous URLs will redirect to the new locations until they reach EOL later this year. We encourage you to update your bookmarks and Mondoo Client configurations. All new configurations generated by Mondoo will use the new API location.

Mondoo 5.34.1 includes a migrate sub-command that can automatically update your Mondoo configuration to the new API endpoint:

## Check which API Endpoint we're using:
$ cat .config/mondoo/mondoo.yml | yq .api_endpoint
https://api.mondoo.app

## Upgrade the config:
$ mondoo migrate
→ Migrate Mondoo CLI configuration:
→ loaded configuration from /home/benr/.config/mondoo/mondoo.yml
→ saving mondoo config path=/home/benr/.config/mondoo/mondoo.yml
→ migrated configuration successfully

## Check the new API endpoint:
$ cat .config/mondoo/mondoo.yml | yq .api_endpoint
https://us.api.mondoo.com # <-- Good!

Policy updates

We released 3 new policies:

  • CIS Windows 11
  • CIS Windows Server 2022
  • CIS Rocky Linux

Additionally, Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8 have now both been CIS-certified, alongside Ubuntu 20.04.

Vulnerability and advisory detection has been expanded to:

  • Ubuntu 22.04 and the upcoming Ubuntu 22.10 release
  • Windows 10 and Windows 11

EOL detection has been expanded to:

  • VMware Photon / Oracle Linux
  • Windows 10 and Windows 11
  • Updated EOL checks for Ubuntu, Scientific Linux, Fedora, and macOS

Additionally we updated the following policies:

  • CIS Windows 2016 updated to version 1.3.0
  • CIS Windows 2019 updated to version 1.3.0
  • CIS Windows 10 updated to version 1.12.0
  • Kubernetes Application Benchmark by Mondoo (now displays pod names and namespaces in its output)
  • Mondoo Security Baselines (more reliable auditd, better output, improved scanning on containers, and bugfixes)

You can find all of these policies in your Policy Hub by clicking “Add Policies.”

Improvements

Mondoo Kubernetes Operator Improvements​

The Mondoo Kubernetes Operator has been updated with Kubernetes Workload and Deployment scanning and the ability to scan Rancher-provisioned control plane and etcd nodes.

The Mondoo Kubernetes operator's admission controller now includes full scanning of each Kubernetes deployment and pod. With the admission controller enabled, these scans display on the FLEET page.

Additionally:

  • Operator pods now include readiness probes.
  • Users can now skip the resolution of the Mondoo client container image if necessary.
  • Operator resource limits have been lowered to limit cluster impact.

See the mondoo-operator repo for more details. Stay tuned for a guided operator setup and improved UI experience coming soon.

New ssh-host-key id-detector

You can now identify the system you're scanning through the ssh-host-key with the --id-detector CLI flag.

mondoo scan --id-detector ssh-host-key

Colorblind mode

A new user setting allows you to change the entire UI to a color palette accessible to users with deuteranomaly, tritanomaly, or protanomaly.

colorblind mode

Pop!_OS support

Mondoo now detects and scans the Pop!_OS Linux distribution by System76.

Updated output in Mondoo policy commands​

The mondoo policy describe and mondoo policy list commands have been updated with a fresh new output format to improve readability. mondoo policy list now also includes policy version information, and a new --list-all flag lets you list all private, public, and enabled policies at once.

New call-to-action

avatar

Dominik Richter

Dom is a founder, coder, and hacker and one of the creators of Mondoo. He helped shape the DevOps and security space with projects like InSpec and Dev-Sec.io. Dom worked in security and automation at companies like Google, Chef, and Deutsche Telekom. Beyond his work, he loves to dive deep into hacker and nerd culture, science and the mind, and making colorful pasta from scratch.

RELATED ARTICLES

view raw