Red Hat Insights is a managed service that gathers and analyzes platforms and applications’ data to predict risk, recommend actions, and track costs. Insights alerts administrators with warnings and/or optimizations covering the domains of operations (e.g. an outage is about to occur), security (e.g. a new CVE is discovered for your systems), and business (e.g. overspending is happening). Insights is included as part of your Red Hat subscription, and is accessible through Red Hat Hybrid Cloud Console.
For those users who try to reduce management tools proliferation, Red Hat Insights offers multiple ways of integrating and/or querying its data. This can be used to consolidate an existing configuration management database (CMDB), feed a unified monitoring or observability solution, or even trigger the creation of support tickets with relevant data in an IT service management (ITSM) platform. There are lots of options when it comes to integrating, and how you want to embed Insights into your operational workflow is often unique to your organization.
In this article we review different ways to integrate Red Hat Insights into your organization’s workflows. This can be done by querying Insights APIs to get specific data or build reports, by subscribing to streams of alerts using webhook integrations and notifications, by enabling bespoke application integration services provided by Red Hat, or simply by downloading data exports manually from its web console user interface (UI).
Accessing your Insights data and key findings can be done at multiple levels depending on your integration needs and operational workflows. We invite you to review the Red Hat Insights Data & Security page which documents the collection procedures in place as well as the data protection, user access controls and regulations in place to safeguard your data.
Using Insights APIs
We are often surprised to hear that Red Hat Insights users don't know much about its application programming interface (API) capabilities. Built as a software as a service (SaaS) platform, Insights’ architecture includes a frontend component that interacts with the backend through its API endpoints. Everything you see in the Insights user interface is a response from an API request from the frontend to the backend. Each application or service provides its own set of APIs that are publicly available and can be queried from any authenticated client (via Role Based Access Controls (RBAC)).
These APIs provide the ability to query for data (e.g. list all inventory systems, all relevant advisories, etc.), but also to perform actions of specific services (e.g. Create, Read, Update and Delete operations on baselines, policies, etc.). The Red Hat Insights API documentation describes all available endpoints by application or service, and lets you try them out using curl command or the in-browser client.
The Red Hat Insights cheatsheet published on developers.redhat.com covers the use of Insights APIs and provides a couple of examples that will help you get started with authentication and querying the endpoints. While most of the examples use the curl command, we also include sample code for clients written in Python, as well as an Ansible playbook performing similar operations.
Note that responses to Insights API queries are returned as JSON formatted. It is also possible to obtain CSV formatted responses for some endpoints by specifying the additional 'accept: text/csv' header on the request. An example of such a CSV export using curl command and the Drift API endpoint is provided as part of Using the REST API for the Insights for RHEL drift service documentation.
Integrating using the Insights API requires writing your own client. There are many frameworks available to assist and auto-generate code by pointing at the Insights OpenAPI definition. This is the most powerful way to integrate as it provides granularity on the data you get and the operations you perform. However, it involves the most work as coding is required.
Using Insights webhook integration capabilities
For applications allowing inbound requests (e.g. exposed webhook), Red Hat Insights can be configured to send POST messages to specific endpoints. The capability works in conjunction with the Notifications service, and allows specific streams of Insights events to be forwarded from each application to the endpoint(s) of your choice. For example, new Advisor recommendations can be automatically forwarded to your application as soon as they get discovered in Insights.
In order to use webhooks, your application endpoint must be registered in Insights under Settings > Integrations. Only secured HTTPS endpoints are supported (mandatory), and an authentication token can be specified (optional, but strongly recommended for production workload) to use between Insights and your application when forwarding events.
Once defined, your integration endpoint can be used as part of your Notifications configuration under Settings > Notifications. This allows notifications administrators for the account to define how to handle each Insights event and which action(s) to take (e.g. forwarding to a webhook integration endpoint, or emailing a list of users). This is done by defining Behavior Group(s) listing actions, and assigning them to events. From then on, each new Insights event triggers a HTTPS POST request message to your defined webhook integration endpoint.
With this setup, you can subscribe to a stream of Insights events and forward it to the webhook endpoint(s) of your choice. Each event contains additional metadata which can be used to process the event and perform specific actions and/or trigger responses as part of your operational workflow. This is very powerful and relatively simple to implement as you get a stream of selected events forwarded to your application. How to handle the information is up to the implementation on your side, which provides additional flexibility.
More information on Integrations and Notifications services, and how to get started configuring them in your account, can be found in the Configuring notifications and integrations on the Red Hat Hybrid Cloud Console documentation.
Using bespoke application integrations
Going a step further, Red Hat Insights also provides bespoke application integrations that deal with forwarding events and performing tasks in specific third party applications. At the time of writing, Red Hat Insights maintains a Splunk integration capability to forward selected Insights events to Splunk. The aim of these integrations is to provide an easy way to surface Insights data and plug it into your existing workflows.
This integration is enabled by installing the Red Hat Insights application for Splunk directly from the Splunk Marketplace (available in beta around Red Hat Summit 2022), and following configuration steps, which are mostly automated. The application seamlessly integrates with Red Hat Insights, so that you focus on handling the data on the Splunk application side, in the same way you deal with other sources of data.
The provided Splunk application handles all initial configuration for you and offers sample dashboards that you can extend for your needs and/or reuse as part of other dashboards across your organization. The project is open source and we welcome contributions or feedback on its repository.
Under the hood, these bespoke integrations either use Insights APIs to collect data and perform tasks in a similar way that you would get by writing your own client, or to subscribe to streams of Insights events, depending on the targeted use case. We plan to extend the library of supported bespoke applications over time to help you benefit from Insights data and findings by embedding them into the existing operational workflow in your organization. Integrations with management and communication tools like ServiceNow, Slack, or Ansible Controller are already in the pipeline.
Downloading Insights data exports from the web console UI
It is sometimes unnecessary to fully integrate applications, with a simple export file sufficient in some cases. Red Hat Insights provides the capability of downloading a CSV, JSON, or PDF export from most tables in the web console UI. Note that this functionality is WYSIWYG (What You See Is What You Get) and honors the filters set on the table you are getting an export from.
Finally, Red Hat Insights also offers reports for specific services (currently Advisor, Vulnerability and Compliance). These reports are PDF-generated summaries and provide another way to check the state of the account/inventory on a regular basis. These reports can be generated from a “Download executive report” link in each of the applications providing this feature.
These manual tasks are not integrations per se, but can become part of your workflow and play a role in the management of your systems, including providing reports aimed at auditing and risk management for your organization.
In this article, we reviewed different ways to integrate Red Hat Insights and access its data, as well as consume its streams of findings and recommendations. There is no one-size-fits-all solution when it comes to integrations, but selecting the most appropriate method depends on the use case and task you are trying to achieve as part of your integration initiative.
Ultimately, Red Hat Insights collections and findings can become a source of data and contribute to the overall operational workflow of your organization. Its proactive recommendations can be used as part of on-going security or automation initiatives, and serve as a complement to other tooling you might already use for this purpose.
We are always looking for additional use cases and welcome any feedback that can help the product grow and respond to your challenges. Feel free to suggest integrations you would like us to address, or a vendor or community we should start collaborating with. Product suggestions can be submitted using the Red Hat Customer Portal feedback form.