Skip to main content

Platform Configuration

The Mondoo Platform is the central location to analyze risk across your fleet of assets, and where you will manage all of your cloud account integrations, policies, and access for team members.

Platform Library

Platform hierarchy

Every Mondoo account consists of a hierarchical structure of at least one Organization and one Space.

Organizations & Spaces

Organizations are the top-level structure of an account and provides a way to manage team members, and access to Spaces within the Organization.

Within Organizations, Spaces are used to integrate cloud accounts, apply policies to assets discovered in your cloud accounts, view reports, and setup alerts.

Additionally, Spaces provide another layer of access for team members so you can control who gets access to the data in a Space.

Every Space is a unique environment to integrate your Cloud environments. Within those cloud environments are all of your business critical assets such as servers, endpoints, containers, storage buckets, load balancers, kubernetes clusters, and more.

Every Space also has a Policy Hub of Policies that can be enabled as-is, or customized to meet your needs for that Space.

note

Policies enabled or customized in a given Space, only affect that Space

Enabling Policies

Enabling Policies

To configure Policies in a given Space, locate the policy, or policies you want to enable, check the checkbox, and then click the ENABLE button.

Understanding How Policies Are Applied

All Policies contain an "asset filter" which determines whether a policy should be executed for a given asset.

The following is an example of asset filter for the CIS Ubuntu Linux 20.04 LTS Benchmark:

- asset_filter:
query: |
platform.name == "ubuntu"
platform.release == "20.04"

The asset filter for the CIS VMware ESXi 6.0 Benchmark Level 1 Profile

- asset_filter:
query:
platform.name == "vmware-esxi"
platform.release == /^6\./

Once a policy is enabled in a given Space, any assets matching the asset filter in the policy will run the policy.

Managing Team Members

Team Members can be invited at the Organization level, or at an individual Space level.

Team Members of an Organization have access to all of the Spaces under that Organization, as well any additional Spaces created in the future.

Team Members of invidividual Spaces only have access to the Spaces they are invited to.

Role Based Access Control

Team members of Organizations and Spaces are granted one of the following role based access controls:

  • Viewer - Read-only access
  • Editor - Manage integrations, assets, policies, spaces and team members
  • Owner - Editor + the ability to manage organizations

Next Steps

Detailed information on managing your Mondoo Platform accout can be found in the Platform Overview documentation.