Skip to content

Commit

Permalink
Add 10.6 release notes
Browse files Browse the repository at this point in the history 
Docs for the 10.6 release

Signed-off-by: Tim Smith <[email protected]>
  • Loading branch information
@tas50
tas50 committed Mar 5, 2024
1 parent f807a95 commit 82990f1
Show file tree
Hide file tree
Showing 11 changed files with 172 additions and 43 deletions.
1 change: 1 addition & 0 deletions .github/actions/spelling/expect.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,7 @@ dbf
dcea
Ddos
debconf
deliverychannel
dfw
dgrrz
DHE
Expand Down
7 changes: 4 additions & 3 deletions docs/mql/resources/aws-pack/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,9 +44,10 @@ In this pack:
| [aws.cloudwatch.metricstatistics](aws.cloudwatch.metricstatistics.md) | Amazon CloudWatch metric statistics |
| [aws.codebuild](aws.codebuild.md) | AWS CodeBuild for building and testing code |
| [aws.codebuild.project](aws.codebuild.project.md) | AWS CodeBuild project |
| [aws.config](aws.config.md) | AWS config |
| [aws.config.recorder](aws.config.recorder.md) | AWS config recorder |
| [aws.config.rule](aws.config.rule.md) | AWS config rule |
| [aws.config](aws.config.md) | AWS Config |
| [aws.config.deliverychannel](aws.config.deliverychannel.md) | AWS Config delivery channel |
| [aws.config.recorder](aws.config.recorder.md) | AWS Config recorder |
| [aws.config.rule](aws.config.rule.md) | AWS Config rule |
| [aws.dms](aws.dms.md) | AWS Database Migration Service (DMS) |
| [aws.dynamodb](aws.dynamodb.md) | Amazon DynamoDB |
| [aws.dynamodb.globaltable](aws.dynamodb.globaltable.md) | Amazon DynamoDB global table |
Expand Down
29 changes: 29 additions & 0 deletions docs/mql/resources/aws-pack/aws.config.deliverychannel.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
---
title: aws.config.deliverychannel
id: aws.config.deliverychannel
sidebar_label: aws.config.deliverychannel
displayed_sidebar: MQL
description: AWS Config delivery channel
---

# aws.config.deliverychannel

**Supported platform**

- aws

**Description**

AWS Config delivery channel

The `aws.config.deliverychannel` resource provides fields representing an individual AWS Config delivery channel configured within an account. For usage, read the `aws.config` resource documentation.

**Fields**

| ID | TYPE | DESCRIPTION |
| ------------ | ------ | -------------------------------------------------------------------- |
| name | string | Name of the delivery channel |
| s3BucketName | string | S3 bucket name where configuration snapshots are delivered |
| s3KeyPrefix | string | Prefix for the S3 bucket where configuration snapshots are delivered |
| snsTopicARN | string | ARN of the SNS topic that AWS Config delivers notifications to |
| region | string | Region for the delivery channel |
13 changes: 7 additions & 6 deletions docs/mql/resources/aws-pack/aws.config.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ title: aws.config
id: aws.config
sidebar_label: aws.config
displayed_sidebar: MQL
description: AWS config
description: AWS Config
---

# aws.config
Expand All @@ -14,16 +14,17 @@ description: AWS config

**Description**

AWS config
AWS Config

Use the `aws.config` resource to assess the configuration of the AWS Config service. The resource provides the `.recorders` field, which returns a list of `aws.config.recorder` resources representing all AWS Config recorders configured across all enabled regions, as well as the `.rules` field, which returns a list of `aws.config.rule` resources representing all AWS Config rules configured across all enabled regions in the account.

**Fields**

| ID | TYPE | DESCRIPTION |
| --------- | ------------------------------------------------------- | -------------------------------------------------------------- |
| recorders | &#91;&#93;[aws.config.recorder](aws.config.recorder.md) | List of configuration recorders for each region in the account |
| rules | &#91;&#93;[aws.config.rule](aws.config.rule.md) | List of AWS Config rules |
| ID | TYPE | DESCRIPTION |
| ---------------- | --------------------------------------------------------------------- | -------------------------------------------------------------- |
| recorders | &#91;&#93;[aws.config.recorder](aws.config.recorder.md) | List of configuration recorders for each region in the account |
| rules | &#91;&#93;[aws.config.rule](aws.config.rule.md) | List of AWS Config rules |
| deliveryChannels | &#91;&#93;[aws.config.deliverychannel](aws.config.deliverychannel.md) | List of delivery channels for each region in the account |

**Examples**

Expand Down
4 changes: 2 additions & 2 deletions docs/mql/resources/aws-pack/aws.config.recorder.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ title: aws.config.recorder
id: aws.config.recorder
sidebar_label: aws.config.recorder
displayed_sidebar: MQL
description: AWS config recorder
description: AWS Config recorder
---

# aws.config.recorder
Expand All @@ -14,7 +14,7 @@ description: AWS config recorder

**Description**

AWS config recorder
AWS Config recorder

The `aws.config.recorder` resource provides fields representing an individual AWS Config recorder configured within an account. For usage, read the `aws.config` resource documentation.

Expand Down
4 changes: 2 additions & 2 deletions docs/mql/resources/aws-pack/aws.config.rule.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ title: aws.config.rule
id: aws.config.rule
sidebar_label: aws.config.rule
displayed_sidebar: MQL
description: AWS config rule
description: AWS Config rule
---

# aws.config.rule
Expand All @@ -14,7 +14,7 @@ description: AWS config rule

**Description**

AWS config rule
AWS Config rule

The `aws.config.rule` resource provides fields representing an individual AWS Config rule configured within an account. For usage, read the `aws.config` resource documentation.

Expand Down
17 changes: 9 additions & 8 deletions docs/mql/resources/aws-pack/aws.iam.role.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,12 @@ The `aws.iam.role` provides fields for assessing the configuration of individual

**Fields**

| ID | TYPE | DESCRIPTION |
| ----------- | ----------------- | ------------------------------ |
| arn | string | ARN of the role |
| id | string | ID of the role |
| name | string | Name of the role |
| description | string | Description of the role |
| tags | map[string]string | Tags associated with the role |
| createDate | time | Time when the role was created |
| ID | TYPE | DESCRIPTION |
| ------------------------ | ----------------- | ----------------------------------------------------------------------- |
| arn | string | ARN of the role |
| id | string | ID of the role |
| name | string | Name of the role |
| description | string | Description of the role |
| tags | map[string]string | Tags associated with the role |
| createDate | time | Time when the role was created |
| assumeRolePolicyDocument | dict | The policy document that grants an entity permission to assume the role |
6 changes: 3 additions & 3 deletions docs/mql/resources/gcp-pack/gcp.project.bigqueryservice.dataset.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,9 +31,9 @@ GCP BigQuery dataset
| tags | map[string]string | Tags associated with this dataset |
| kmsName | string | Cloud KMS encryption key that will be used to protect BigQuery table |
| access | &#91;&#93;[gcp.project.bigqueryService.dataset.accessEntry](gcp.project.bigqueryservice.dataset.accessentry.md) | Access permissions |
| tables | &#91;&#93;[gcp.project.bigqueryService.table](gcp.project.bigqueryservice.table.md) | Returns tables in the Dataset |
| models | &#91;&#93;[gcp.project.bigqueryService.model](gcp.project.bigqueryservice.model.md) | Returns models in the Dataset |
| routines | &#91;&#93;[gcp.project.bigqueryService.routine](gcp.project.bigqueryservice.routine.md) | Returns routines in the Dataset |
| tables | &#91;&#93;[gcp.project.bigqueryService.table](gcp.project.bigqueryservice.table.md) | Returns tables in the dataset |
| models | &#91;&#93;[gcp.project.bigqueryService.model](gcp.project.bigqueryservice.model.md) | Returns models in the dataset |
| routines | &#91;&#93;[gcp.project.bigqueryService.routine](gcp.project.bigqueryservice.routine.md) | Returns routines in the dataset |

**References**

Expand Down
32 changes: 16 additions & 16 deletions docs/mql/resources/os-pack/package.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,19 +18,19 @@ package(name string)

**Fields**

| ID | TYPE | DESCRIPTION |
| ----------- | --------------------------------------- | ------------------------------------------------- |
| name | string | Name of the package |
| description | string | Package description |
| version | string | Current version of the package |
| arch | string | Architecture of this package |
| epoch | string | Epoch of this package |
| format | string | Format of this package (e.g., rpm, deb) |
| status | string | Status of this package (e.g., if it is needed) |
| purl | string | Package URL |
| cpes | &#91;&#93;core.cpe | Common Platform Enumeration (CPE) for the package |
| origin | string | Package origin (optional) |
| available | string | Available version |
| installed | bool | Whether the package is installed |
| outdated | bool | Whether the package is outdated |
| files | &#91;&#93;[pkgFileInfo](pkgfileinfo.md) | Package files |
| ID | TYPE | DESCRIPTION |
| ----------- | --------------------------------------- | ----------------------------------------------------------- |
| name | string | Name of the package |
| description | string | Package description |
| version | string | Current version of the package |
| arch | string | Architecture of this package |
| epoch | string | Epoch of this package |
| format | string | Format of this package (e.g., rpm, deb) |
| status | string | Status of this package (e.g., if it is needed) |
| purl | string | Package URL |
| cpes | &#91;&#93;core.cpe | Common Platform Enumeration (CPE) for the package |
| origin | string | Package origin, may include version if available (optional) |
| available | string | Available version |
| installed | bool | Whether the package is installed |
| outdated | bool | Whether the package is outdated |
| files | &#91;&#93;[pkgFileInfo](pkgfileinfo.md) | Package files |
96 changes: 96 additions & 0 deletions releases/2024-03-06-mondoo-10.6-is-out.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
---
slug: mondoo-10.6-is-out/
title: Mondoo 10.6 is out!
author: Tim Smith
author_title: Mondoo Core Team
author_url: https://github.com/tas50
tags: [release, mondoo]
---

## 🥳 Mondoo 10.6 is out! This release includes a new EDR policy, additional MQL capabilities, and more!

Check failure on line 10 in releases/2024-03-06-mondoo-10.6-is-out.md

View workflow job for this annotation

GitHub Actions / Run spell check 

`EDR` is not a recognized word. (unrecognized-spelling)

Get this release: [Installation Docs](https://mondoo.com/docs/cnspec/) | [Package Downloads](https://releases.mondoo.com/cnspec/) | [Docker Container](https://hub.docker.com/r/mondoo/cnspec)

---

## 🎉 NEW FEATURES

### Endpoint Detection and Response (EDR) Policy

Check failure on line 18 in releases/2024-03-06-mondoo-10.6-is-out.md

View workflow job for this annotation

GitHub Actions / Run spell check 

`EDR` is not a recognized word. (unrecognized-spelling)

https://github.com/mondoohq/server/blob/e122f8c0fd5a546b65d6dee8ed72ddc217a4bd11/policy/bundles-cnspec/mondoo-edr-policy.mql.yaml

### Convert types in MQL

https://github.com/mondoohq/cnquery/pull/3463

### Open source Mondoo documentation

DEETS

Check failure on line 28 in releases/2024-03-06-mondoo-10.6-is-out.md

View workflow job for this annotation

GitHub Actions / Run spell check 

`DEETS` is not a recognized word. (unrecognized-spelling)

## 🧹 IMPROVEMENTS

### Resource improvements

#### aws.cloudtrail.trails

- Add support for advanced selectors in the `eventSelectors` field

#### aws.config

- New `deliveryChannels` field

#### aws.config.deliverychannel

- A new resource with fields representing an individual AWS Config delivery channel configured within an account.

#### aws.iam.role

- New `assumeRolePolicyDocument` field

#### package

- Add new `originVersion` field on Debian Linux based assets.
- Include version data in the `origin` field for source packages on Debian Linux based assets.

### Filter AWS scans by region

https://github.com/mondoohq/cnquery/pull/3225

```bash
cnquery shell aws --filters all:region=us-east-2
cnquery shell aws --filters region=us-east-2
cnquery shell aws --filters ec2:region=us-east-2
```

### Improved policy check impact scores

https://github.com/mondoohq/cnspec-enterprise-policies/pull/709

### Improved AWS policies

- https://github.com/mondoohq/cnspec-enterprise-policies/pull/703
- https://github.com/mondoohq/cnspec-enterprise-policies/pull/747
- https://github.com/mondoohq/cnspec-enterprise-policies/pull/701
- https://github.com/mondoohq/cnspec-enterprise-policies/pull/742
- https://github.com/mondoohq/cnspec-enterprise-policies/pull/719
- https://github.com/mondoohq/cnspec-enterprise-policies/pull/711
- https://github.com/mondoohq/cnspec-enterprise-policies/pull/715

## 🐛 BUG FIXES AND UPDATES

- Improve reliability of fetching CVE data for assets.
- Only show unresolved CVEs in the asset CVE list.
- Fix package CVE false positives for some Debian packages.
- Fix CVEs not showing after the first asset scan.
- Fix failures scanning a GitHub organization if the supplied token cannot access all repositories.
- Only show the options to add new integrations when the user has the appropriate permissions for the space.
- Change documentation links in the console to go directly to Mondoo Platform documentation.
- Improve how space owners are listed in the Organization dashboard's CVE list.
- Fix policy recommendation during the Kubernetes integration setup.
- Show EPSS scores with a single decimal point in all locations.
- Don't fail scanning if the location of an S3 bucket cannot be determined.
- Return more than 100 Microsoft 365 users in queries.
- Improve output of the `Ensure macOS is up to date` check in the macOS Security policy.
- Distinguish between domain controllers and member servers in Windows Security policy checks.
- Improve empty states for software, CVE, and advisory asset page tabs.
- Improve rendering of columns in the asset page's advisories tab.
6 changes: 3 additions & 3 deletions yarn.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3824,9 +3824,9 @@ [email protected]:
integrity sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==

electron-to-chromium@^1.4.668:
version "1.4.691"
resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.4.691.tgz#e3c49de174b36b2bb96d09f44c81ff8ba273d775"
integrity sha512-vJ+/LmKja/St8Ofq4JGMFVZuwG7ECU6akjNSn2/g6nv8xbIBOWGlEs+WA8/3XaWkU0Nlyu0iFGgOxC4mpgFjgA==
version "1.4.692"
resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.4.692.tgz#82139d20585a4b2318a02066af7593a3e6bec993"
integrity sha512-d5rZRka9n2Y3MkWRN74IoAsxR0HK3yaAt7T50e3iT9VZmCCQDT3geXUO5ZRMhDToa1pkCeQXuNo+0g+NfDOVPA==

emoji-regex@^8.0.0:
version "8.0.0"
Expand Down

0 comments on commit 82990f1

Please sign in to comment.