v2.20.0

What's Changed

• 🧹 Improving azure policies - Blob storage by @HRouhani in #440
• 🧹 Improving azure policies by @HRouhani in #441
• Azure version Update by @HRouhani in #442
• Sync over the latest and greatest spellcheck config by @tas50 in #443
• Bump check-spelling/check-spelling from 0.0.23 to 0.0.24 by @dependabot in #444
• 🧹 Fix a couple auditd-related checks by @mm-weber in #445
• Improve formatting + checks in Mondoo Linux policy by @tas50 in #446
• More updates to the Linux policy by @tas50 in #447
• Fix aide setup instruction + SSH v2 check by @tas50 in #448
• Improve formatting of remediation steps by @tas50 in #449

Full Changelog: v2.19.0...v2.20.0

v2.19.0

What's Changed

• Bump contributor-assistant/github-action from 2.5.1 to 2.6.0 by @dependabot in #435
• 🧹 fix: Ensure root group is empty by @mm-weber in #437
• 🧹 Update github policies to use new resource fields by @jaym in #436
• Bump contributor-assistant/github-action from 2.6.0 to 2.6.1 by @dependabot in #438
• fix sentinelone check in edr policy by @atomic111 in #439

Full Changelog: v2.18.0...v2.19.0

v2.18.0

What's Changed

• add Cortex XDR check by @atomic111 in #430
• fix double quote in Cortex check by @atomic111 in #431
• 🧹 Make titles consistently use Mondoo and not policy by @misterpantz in #432
• Rename the TLS/SSL policy to match our names by @tas50 in #433
• Update AWS policy to not use deprecated field by @tas50 in #434

Full Changelog: v2.17.0...v2.18.0

v2.17.0

What's Changed

• 🧹 Fix: Container image pull should be consistent by @mm-weber in #406
• 🧹 Fix pq: unsupported Unicode escape sequence in Kubernetes Cluster and Workload Security by @mm-weber in #408
• fix powershell remediation script by @atomic111 in #410
• 🧹 Minor windows improvements by @HRouhani in #411
• 🧹 K8s: Update checks related to workload and securityContext by @mm-weber in #412
• Adds support for Wazuh to EDR policy by @scottford-io in #413
• 🧹 Fixes double mql issues: Mondoo Linux Policy by @mm-weber in #415
• 🧹 quick fix props: by @mm-weber in #417
• 🧹 Improving windows policies by @HRouhani in #418
• Discretionary access control permission regex rule not consistent with remediation by @ceso in #404
• add titles for each edr variant by @atomic111 in #419
• Removed check for running sentineld-shell by @marcelhuth in #422
• 🧹 Mondoo Linux Policy - Fix: Don't run kernel.parameters checks from inside containers by @mm-weber in #424
• ⭐️ introduce property for gh release branches by @chris-rock in #423
• ⭐️ Add Sophos Endpoint Defense to EDR Policy by @tomtrix in #421
• ⭐️ Adding Dockerfile best Security practices by @HRouhani in #426
• Bump contributor-assistant/github-action from 2.4.0 to 2.5.1 by @dependabot in #428
• 🧹 update aws policy asset filter by @chris-rock in #429
• ⭐️ add recommendations from OWASP HTTP Security Response Headers by @chris-rock in #427

New Contributors

• @ceso made their first contribution in #404
• @marcelhuth made their first contribution in #422

Full Changelog: v2.16.0...v2.17.0

v2.16.0

What's Changed

• Running ESET under MacOS: Modified ESET-service by @marlin-ortner-verkehrsbuero in #390
• Update spelling config + copyright dates by @tas50 in #389
• Add expected words to spelling by @tas50 in #391
• slack policy with domain validation for users of channels by @chris-rock in #371
• 🧹 Improving Linux policies to fit for Container images as well by @HRouhani in #392
• 🧹 Improving openssl policy by @HRouhani in #393
• Bump hashicorp/setup-copywrite from 1.1.2 to 1.1.3 by @dependabot in #395
• Bump contributor-assistant/github-action from 2.3.2 to 2.4.0 by @dependabot in #394
• remove senitnelone updater service from macos check by @atomic111 in #399
• ✨ Mondoo Azure Security : Adding flexible SQL Server checks by @mm-weber in #400
• Don't apply http security to anything with a cert by @tas50 in #402
• Updates numbered scoring system to named by @scottford-io in #401
• ⭐️ Add Support for Microsoft Defender in EDR Policy by @HRouhani in #405

New Contributors

• @marlin-ortner-verkehrsbuero made their first contribution in #390

Full Changelog: v2.15.0...v2.16.0

v2.15.0

What's Changed

• 🧹 migrate deprecated github fields by @mm-weber in #384
• 🧹 removed old k8s data queries by @mm-weber in #386
• 🧹 Updating AWS Policies to Align with Recent Developments by @HRouhani in #385
• 🧹 Fix issue in aws - compile by @HRouhani in #387
• 🧹 Fixing the Pipeline Lint Issue by @HRouhani in #383

Full Changelog: v2.14.0...v2.15.0

v2.14.0

What's Changed

• ✨ Mondoo Email Security- added: Ensure Reverse IP Lookup PTR record is set by @mm-weber in #346
• Bump peter-evans/repository-dispatch from 2 to 3 by @dependabot in #343
• ✨ Update to v9/variants: Google Cloud (GCP) Security by @mm-weber in #347
• Update platform metadata for the registry by @tas50 in #350
• ⭐️ update macos policy by @atomic111 in #349
• added subject alternate name support by @schnipschnap in #351
• ⭐ Update Mondoo Azure Policy to variants: by @mm-weber in #348
• 🧹 Increasing the min password length by @HRouhani in #353
• add check to test if macOS is up to date by @atomic111 in #356
• Fix docs link + update spellcheck by @tas50 in #357
• guid for powershell commands by @schnipschnap in #358
• adding discrimination between DC and MS by @schnipschnap in #355
• update the macOS up to date query, get actionable output by @atomic111 in #360
• New policy to check if the EDR solution is running by @atomic111 in #359
• Add more forbidden patterns to spellcheck by @tas50 in #354
• Updates to the spellcheck patterns by @tas50 in #362
• Be more specific in the EDR filter by @tas50 in #361
• improve asset filter for email security policy by @atomic111 in #363
• Bump softprops/action-gh-release from 1 to 2 by @dependabot in #364
• Simplify asset check filters by @tas50 in #365
• 🧹 Azure NSG checks - Fix bug by @mm-weber in #367
• Bump contributor-assistant/github-action from 2.3.1 to 2.3.2 by @dependabot in #368
• 🧹 Windows : change from OsLocale to OsLanguage by @HRouhani in #369
• Remove dead link to open registry + spellcheck updates by @tas50 in #370
• add ESET solution to edr policy by @atomic111 in #372
• add policy to identify xz backdoor by @atomic111 in #373
• fix title of the check in xz vuln policy by @atomic111 in #376
• ignore deactivated users in Slack 2FA check by @jaybrueder in #375
• 🧹 Fix MacOS issues: Ensure Bluetooth Sharing Is Disabled && more by @mm-weber in #377
• 🧹 macOS: Improve desc: Enable FileVault by @mm-weber in #379
• fix http policy to produce better output by @atomic111 in #380
• add policy to check the if the hardware is windows 11 compatible by @atomic111 in #374
• Fix name of policy file by @tas50 in #381
• 🧹 Updating Azure Policies to Align with Recent Azure Ecosystem Developments by @HRouhani in #378
• 🧹 Fixing Azure Lint issue - extra mql by @HRouhani in #382

New Contributors

• @jaybrueder made their first contribution in #375

Full Changelog: v2.13.0...v2.14.0

v2.13.0

What's Changed

• Update links in policies to avoid 301s by @tas50 in #318
• ⭐️ add powershell scripts for remediation by @atomic111 in #309
• Use ensure for titles in SNMP policy by @tas50 in #315
• Fix capitalization of PowerShell by @tas50 in #319
• Fix the GitHub ref by @tas50 in #320
• Use HCL syntax highlighting for TF examples by @tas50 in #316
• remove data queries from policy by @atomic111 in #322
• update the windows workstation policy by @atomic111 in #321
• rebuild the mail security policy by @atomic111 in #323
• 🧹 fix two powershell remediation by @atomic111 in #324
• 🧹 Fix: Ensure sudo logging is enabled by @mm-weber in #325
• 🧹 Fixes: Ensure sudo logging is enabled by @mm-weber in #326
• add german language to windows auditpol checks by @atomic111 in #328
• 🎉 update ms365 policy by @atomic111 in #329
• 🧹 remove slack query that is not useful by @chris-rock in #332
• 🧹 replace deprecated k8s.kubelet with kubelet by @chris-rock in #331
• Support the v10 platform of aws-ebs-snapshot by @tas50 in #330
• ⭐ More AWS Variants by @mm-weber in #327
• GUID + FMT + Version number by @schnipschnap in #335
• Update text in the email policy by @tas50 in #338
• 🧹 Fix: Several Linux Checks by @mm-weber in #334
• Backport a fix to prevent failures in the aws policy by @tas50 in #339
• Improving azure policy by @HRouhani in #341
• 🧹 Changing Azure version to 1.4 by @HRouhani in #345

New Contributors

• @schnipschnap made their first contribution in #335

Full Changelog: v2.12.0...v2.13.0

v2.12.0

What's Changed

• 🎉 introduce props for Windows RDP max idle time check by @atomic111 in #307
• Fix remediation for sshd ClientAliveInterval by @tomtrix in #308
• Improve the titles of AWS checks by @tas50 in #311
• Update more titles for consistency by @tas50 in #312
• Capitalize Terraform in policies by @tas50 in #313
• Add spaces to headers by @tas50 in #314
• Improve codeblocks in the k8s policy by @tas50 in #317
• Update impact scores for Chef policies by @tas50 in #310

New Contributors

• @tomtrix made their first contribution in #308

Full Changelog: v2.11.0...v2.12.0

v2.11.0

What's Changed

• ⭐️ rerwork the windows audit policies queries to match the os language by @atomic111 in #302
• Add a few more checks to the HTTP policy by @tas50 in #303
• 🎉 add Italian language support for all windows audit policy checks by @atomic111 in #304
• Bump github/codeql-action from 2 to 3 by @dependabot in #305

Full Changelog: v2.10.1...v2.11.0