Red Hat Lightspeed (formerly Red Hat Insights) has long helped operations teams detect risks, open tickets, and share findings with the right tools, connecting proactive intelligence to everyday workflows.

Much has changed, not only in Red Hat Lightspeed itself, but also in how organizations are using it. Across industries, teams have built custom dashboards, reporting portals, and IT service management (ITSM) integrations powered by the Red Hat Lightspeed API. Others have connected Red Hat Lightspeed data into continuous integration and delivery (CI/CD) pipelines, monitoring environments, and automated remediation workflows, turning operational intelligence into action.

Today, that vision has expanded. Integrations have matured, authentication has evolved, and new automation paths now let you go beyond “alerting” toward closed-loop, intelligent remediation—where Red Hat Lightspeed findings can directly trigger actions across your automation and observability stack.

This post explores what’s new in 2025, including token-based authentication, updated integrations, Event-Driven Ansible, and the new Model Context Protocol (MCP) server, and how these security-focused capabilities help you connect insight to action.

Security-focused, scalable API access with service account authentication

The Red Hat Lightspeed team has modernized its API authentication model to support service account–based, token-driven access, marking a major step forward in both security and automation flexibility.

Previously, API integrations relied on user credentials and basic authentication. While functional at the time, this approach made it difficult to automate at scale or enforce consistent access controls across multiple systems. Basic authentication has since been deprecated and is no longer supported, reinforcing a shift toward more security-focused, scalable, token-based access.

Today, you can use service accounts to generate and manage access tokens that authenticate to Red Hat Lightspeed APIs without needing a user session. This approach aligns with Red Hat’s broader move toward security-focused, headless automation across hybrid environments.

Key benefits

• Improved security capabilities: Tokens are tied to a service account, not an individual user, reducing exposure of personal credentials. Access can be scoped and revoked centrally through Red Hat Hybrid Cloud Console service account management.
• Automation-ready design: Tokens can be issued programmatically, making it easier to connect Red Hat Lightspeed APIs to CI/CD systems, monitoring tools, and Red Hat Ansible Automation Platform workflows.
• Scalable, consistent authentication: Because service accounts are independent of personal access, they support predictable integrations across teams and environments, from development pipelines to production automation.
• Foundation for new automation capabilities: Token-based authentication now powers advanced integrations such as the Red Hat Lightspeed MCP server, enabling security-focused, agent-based access to Red Hat Lightspeed data and unlocking new AI- and event-driven workflows.

The latest Red Hat Lightspeed API cheatsheet includes detailed examples of how to authenticate using service accounts and bearer tokens. These examples can help you start building security-focused, automated workflows that query system data, retrieve vulnerabilities, or integrate Red Hat Lightspeed directly with third-party tools like Splunk, ServiceNow, or custom dashboards.

Introducing the MCP Server: A new way to connect Red Hat Lightspeed and AI workflows

A major 2025 update extends the Red Hat Lightspeed integration story into the emerging era of agentic AI.

With the introduction of the MCP server, Red Hat is providing a standardized way for AI agents and automation systems to communicate with external APIs, including Red Hat Lightspeed services. MCP offers a consistent interface that allows applications, agents, and tools to exchange structured information without needing custom connectors for every system.

The Red Hat Lightspeed MCP server exposes key Red Hat Lightspeed capabilities, such as inventory, advisor, and vulnerability data, through this open protocol. This means AI or automation agents can now query Red Hat Lightspeed for system health, analyze findings, and take informed actions with security and context.

Imagine this workflow: Red Hat Lightspeed detects a vulnerability → MCP server provides structured data to an AI agent → the agent opens a ServiceNow incident and triggers an Ansible Automation Platform playbook for remediation.

You can explore the Red Hat Lightspeed MCP project on GitHub to see how this new integration layer works and how it connects Red Hat Lightspeed with emerging agentic and automation frameworks.

As Red Hat continues to evolve its automation and observability ecosystem, the MCP approach lays the groundwork for even deeper interoperability, helping Red Hat Lightspeed to become not only a source of operational intelligence but also an active participant in AI-driven decision-making and response.

Expanded integrations across ITSM, observability, and automation

Red Hat Lightspeed continues to expand its ecosystem of integrations, helping operations teams connect proactive intelligence with the tools they already know and use. Over the past few releases, these integrations have evolved from simple data-sharing to context-rich automation points, bridging the gap between detection, visibility, and action. 

Here’s a closer look at what’s new and updated.

ServiceNow flow templates for Red Hat Lightspeed

The latest certified version of the ServiceNow application for Red Hat Lightspeed provides flow templates that make it easier to automate IT service management (ITSM) tasks directly from Red Hat Lightspeed findings.

These templates extend the application’s capabilities beyond simple ticket creation, providing:

• Prebuilt flows that can be used to automatically open, enrich, or close incidents based on new Red Hat Lightspeed recommendations or resolved issues.
• A single source of truth across security, compliance, and operations allowing contextual expansion of corresponding configuration items (CI) through CMDB integration.
• A basic template for custom workflow support, so organizations can adapt to their own change management or escalation processes.

Splunk application for Red Hat Lightspeed

The certified Splunk application for Red Hat Lightspeed has also seen significant updates, improving how Red Hat Lightspeed data is visualized and correlated within enterprise monitoring environments. Highlights include:

• Enhanced event ingestion, providing detailed Red Hat Lightspeed findings to be indexed in Splunk for advanced analytics.
• Refined dashboards that display trends across security advisories, vulnerability exposure, and system compliance for Red Hat Enterprise Linux (RHEL).
• Integration with Splunk alerts and workflows, allowing teams to detect anomalies or prioritize remediation directly from within Splunk.

By integrating Red Hat Lightspeed telemetry with broader observability data, teams can cross-reference system health, patch levels, and performance indicators, providing a more complete operational picture of hybrid environments.

PagerDuty integration

A newer addition to the Red Hat Lightspeed ecosystem, the PagerDuty integration proactively sends alerts to operations and on-call workflows.

When Red Hat Lightspeed detects critical vulnerabilities, configuration drifts, or compliance issues, these events can now directly trigger PagerDuty incidents. This notifies the right teams immediately, with context-rich details from Red Hat Lightspeed findings.

The integration supports customizable routing and escalation policies, allowing organizations to align Red Hat Lightspeed alerts with their existing operational response models.

Event-Driven Ansible collection

One of the most impactful additions, the Event-Driven Ansible collection for Red Hat Lightspeed enables fully automated, closed-loop remediation workflows.

With Event-Driven Ansible, Red Hat Lightspeed events can directly trigger playbooks in your Ansible Automation Platform environment. For example:

• Automatically patch affected systems when a vulnerability is detected.
• Restart services or apply configuration changes when drift is identified.
• Update CMDB entries or log changes after remediation.

This event-driven model turns Red Hat Lightspeed findings into actionable automation events, accelerating response times and reducing manual intervention.

Red Hat Satellite and Ansible Automation Platform integrations

For organizations managing RHEL at scale, Red Hat Lightspeed integrates deeply with both Satellite and Ansible Automation Platform:

• Red Hat Satellite integration provides visibility into system health, compliance, and vulnerabilities directly within the Satellite user interface (UI), helping administrators plan remediations based on Red Hat Lightspeed recommendations.
• Ansible Automation Platform integration (via the Inventory and Remediations services) connects detected issues to Ansible Playbooks that can be executed directly from the Ansible interface, streamlining the remediation process.

Together, these integrations create a unified workflow, from detection in Red Hat Lightspeed, to system targeting in Satellite, to automated resolution through Ansible Automation Platform.

Find the latest list of supported integrations and connectors in the Red Hat Lightspeed integrations knowledgebase article, which continues to expand with each product release.

Putting it all together

Modern operations teams can now weave Red Hat Lightspeed directly into their day-to-day workflows, connecting detection, visibility, and remediation across tools and platforms.

Many organizations are already using Red Hat Lightspeed APIs to power internal dashboards, populate ITSM records, or feed data into monitoring and reporting pipelines, extending Red Hat Lightspeed visibility beyond the console and into their broader operational ecosystem.

These integrations come together in practice through:

• ITSM automation: Red Hat Lightspeed findings trigger ServiceNow incidents that are tracked through resolution, with configuration items linked directly to detected issues.
• Monitoring and visibility: Red Hat Lightspeed events flow into Splunk dashboards, where teams can correlate findings with performance and security trends across their infrastructure.
• Alerting: Red Hat Lightspeed findings generate PagerDuty notifications for immediate awareness and response, keeping on-call teams informed of critical risks.
• Closed-loop remediation: Red Hat Lightspeed events initiate Event-Driven Ansible playbooks through Ansible Automation Platform, helping automate remediation of known risks.
• AI-assisted operations: Red Hat Lightspeed data is now accessible through the MCP server, allowing AI agents to analyze findings and trigger actions with intelligence and security.

Together, these integrations transform Red Hat Lightspeed from a monitoring and advisory service into a central decision hub for proactive, automated IT operations, and bridging people, processes, and platforms across hybrid environments.

Looking ahead

The integration landscape for Red Hat Lightspeed continues to evolve alongside the broader automation and observability ecosystem. With new capabilities such as token-based authentication, Event-Driven Ansible, and the MCP server, Red Hat Lightspeed is becoming an even more central part of how organizations connect insight to action.

As new integration opportunities emerge—from IT service management platforms like ServiceNow to observability tools such as Splunk and alerting systems like PagerDuty—Red Hat will continue to highlight practical ways to bring these connections together. Future content may also explore how teams are using Ansible Automation Platform and event-driven workflows to close the loop between detection and remediation.

The goal remains the same: to simplify and enhance security capabilities for operations teams, enabling them to transform Red Hat Lightspeed data and recommendations into automated, reliable, and proactive IT operations, moving confidently from insight to action.