Release Notes

Red Hat Insights 2021

Release Notes for Red Hat Insights

Red Hat Insights Documentation Team

Abstract

These release notes highlight the latest features and improvements implemented in the Red Hat Insights application and services.
Providing Feedback: If you have a suggestion to improve this documentation, or find an error, submit a Bugzilla report at http://bugzilla.redhat.com. Select the Cloud Software Services (cloud.redhat.com) product and use the Documentation component.

Chapter 1. Introduction to Red Hat Insights

Red Hat Insights is a Software-as-a-Service (SaaS) application, included with your Red Hat Enterprise Linux (RHEL) subscription, that provides continuous, in-depth analysis of your RHEL infrastructure to proactively identify issues across multiple included services:

  • advisor
  • compliance
  • vulnerability
  • drift
  • policies
  • patch
  • Resource optimization (beta)
  • Image builder (beta)

Powered by predictive analytics, Insights gets smarter with every additional piece of intelligence and data. It can automatically discover relevant insights, recommend tailored, proactive, next actions and even automate tasks. Using Insights, customers can benefit from the experience and technical knowledge of Red Hat Certified Engineers, making it easier to identify, prioritize and resolve issues before business operations are affected.

As a SaaS offering, Red Hat Insights is regularly updated and expands its knowledge base in real time to reflect new IT challenges that can impact the stability of mission-critical systems.

1.1. Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright’s message.

1.2. Required Entitlements

As of May 2019, Red Hat Insights is free, offered as part of the value of your Red Hat Enterprise Linux subscription. No additional entitlements are required to use Insights.

Chapter 2. Red Hat Summit - 2021

2.1. Red Hat Insights

This release includes the following enhancements:

Redesigned cloud.redhat landing page & Insights navigation

The experience when visiting cloud.redhat.com for both authenticated and unauthenticated visitors has been redesigned to provide you with additional information about our hosted offerings as well as actionable information across your connected estate from our various applications. Additionally the primary navigation has been improved based on how various roles within organizations use all the platforms within the Red Hat portfolio. Headers have also been added to group Insights services into key areas of focus (Operations Insights, Security Insights, and Business Insights).

Register ONCE with the new Red Hat connector

The RHEL 8.4 nightly builds now include Red Hat connector. (RHC + RHC worker playbook rpms.) This optional way to register systems with Red Hat Insights and Subscription Manager will ship as Supported with RHEL 8.4 GA. The command line interface includes scenarios such as: Registering systems with Red Hat Insights that are already using subscription manager Registering simultaneously to both subscription manager and Red Hat Insights Leveraging Cloud Connector remediation capabilities without deploying a Red Hat Satellite

We encourage you to try the command line interface in the nightly builds and give us some feedback! Once this ships officially on May 11th, it will support cloud connector via direct connect (ie smart management remediations for customers that have not deployed Red Hat Satellite). RHC registration is available to anyone with a RHEL subscription, however cloud connector remediation abilities will only be available for accounts with Smart Management.

Resource optimization service

Resource optimization is a new Insights service that helps identify incorrectly sized RHEL systems used in the public cloud in order to optimize resource utilization.This service is in active development and is in a private beta. If you are interested in more information about joining upcoming public betas, please contact: Sergey Goncharov (sgonchar@redhat.com).

Image builder service

Image Builder is a new Insights service that allows you to create consistent RHEL images for deployment across all footprints, directly within the Red Hat Insights application. This service is in active development and is in a private beta. If you are interested in more information about joining upcoming public betas, please contact: Terry Bowling (tbowling@redhat.com).

Custom roles for user access

Role Based Access Control (RBAC) on cloud.redhat.com has been expanded to include Custom Roles & Permissions. This new enhancement provides the ability to use granular permissions (e.g. read only) to grant or restrict access to specific capabilities for one or more Insights services.

Red Hat Insights dashboard enhancements

The Insights dashboard now provides additional information from the various Insights services. New enhancements include:

  • The vulnerability card identifies security rules and known exploits impacting systems.
  • A new section prominently displayed at the top of the dashboard, “Latest critical notifications,” surfaces the most critical issues affecting your systems from among the Insights services. These issues should be considered the highest priority for remediation.
  • There is additional guidance for setting up Insights services.

2.2. Advisor

This release includes the following enhancements:

This release includes the following enhancements:

Dynamic Weekly Email

The advisor weekly email has new enhancements providing additional actionable information directly to your inbox. This email will now identify stale systems that are no longer checking in to Insights and may need additional attention, incidents detected, as well as “Prioritized Recommendations” that dynamically highlight the highest severity items detected. If you are already subscribed to the weekly email, these enhancements will be updated automatically and no changes are necessary on your end.

Insights recommendations

Recommendations are constantly being added to the advisor service for detection & remediation. Some key themes of new recommendations include:

  • Integration with Performance Co-Pilot (PCP)
  • RHEL 8 Performance Tuning Guide
  • Microsoft SQL Server performance best practices
  • Identification of performance degradations when running RHEL on Azure
  • Out of date configurations of the Insights client.

Read more about key themes for recommendations.

2.3. Compliance

This release includes the following enhancements:

End of support for policies NOT defined within the Insights compliance service

Support for policies that do not originate within the Insights compliance service was dropped in Feb 2021, including removal of any reports associated with those policies. This change was announced at Red Hat Summit 2020. Customers need to create their SCAP policies within the compliance service to ensure accurate reporting for their systems. Additional details are available in Deprecation of reports for SCAP policies NOT defined within Insights Compliance.

Identification of systems with unsupported configurations

Accurate compliance reporting requires that the supported version of SCAP Security Guide (SSG) be deployed on RHEL systems. The supported versions of SSG for each RHEL minor version are identified in Assessing and Monitoring Security Policy Compliance of RHEL Systems, Supported configurations, Table 1.1. The compliance service now highlights unsupported configurations, systems with an unsupported version of SSG installed, enabling customers to address the issue and generate accurate reporting.

Ability to edit policy rules after a policy has been created

The ability to edit the set of rules included in a policy once the policy has been created is now supported in the compliance service. Rule editing is available per minor version of each RHEL system included in the policy, which will lead to accurate results. When rules need to be edited for a policy, the rule set will align with the RHEL minor version. When deploying a SCAP policy at scale, this approach not only leads to accurate results but is efficient in terms of the time and effort required for configuration of the policy.

Systems prefiltered by RHEL OS major version in Create SCAP Policy wizard

The list of systems previously displayed in the policy creation wizard included all systems registered with Insights, regardless of the RHEL major version selected for the policy. This list now displays only the Insights-registered systems appropriate for the policy resulting in an easier, more intuitive process for the user.

2.4. Vulnerability

This release includes the following enhancements:

Threat intelligence for known exploits

Users will now have additional threat intelligence to help them prioritize and focus on those CVEs that can potentially have the most risk associated with them. As of this release, a “Known exploits” label will be added to those CVEs that are determined by Red Hat to have known public exploits. This label will help users to prioritize and focus on the most critical issues. Read more about known exploits.

Improved visibility of security rules

Security rules within the Insights vulnerability service are those CVEs that have gone through an additional level of scrutiny by the Red Hat Product Security Group, as described in this article. These CVEs may present an elevated security risk and should be considered a higher priority for remediation. These CVEs, now with their own severity rating on the CVE details page, are more visible in the Insights dashboard and in the vulnerability service in CVEs lists, filters, and in the executive report.

2.5. Drift

This release includes the following enhancements:

Highlighting obfuscated values in comparisons

Obfuscated values are now highlighted in comparisons with a grey background and an icon for clearer indication. The comparison state is set to Incomplete data whenever one value is obfuscated in the comparison. More information on configuring obfuscation settings for the Insights client can be found in the Client Configuration Guide for Red Hat Insights documentation.

Installed packages now support multiple values

Facts for installed_packages now support multiple values. This feature addresses the need to provide more than a single value for a given package name. For example, multiple architectures of the same package can be installed on a system (e.g. noarch, x86_64, i686). Similarly, multiple versions of the same package can be present on a system (e.g. different versions of kernel packages, libraries, etc). Drift handles the list of values and presents them to the user for comparison.

Filtering by fact name now supports multiple values

Users can now filter their comparisons with multiple filters by specifying strings the fact names should match. Category filtering is still supported and can be used as part of a multiple-value filter; e.g. filter for [installed_packages, tags, os_kernel_version, fqdn].

Filters and Sort Parameters are now part of Drift URL

Drift URLs now provide the ability to specify filter[name], filter[state] and sort parameters, in addition to system_ids, baselines_ids, hsp_ids and reference_id.

For example, a comparison with a filter by name set to "bios" and "arch", a filter by state set to "same", "different", "incomplete_data" and a sort descending by "state" and ascending by "fact name" would result in: insights/drift/?baseline_ids=<baseline-id>&system_ids=<system-id>&hsp_ids=<hsp-id>&filter[name]=bios,arch&filter[state]=same,different,incomplete_data&sort=-state,fact

This feature allows users to generate custom URLs for their specific requirements and troubleshooting needs, as well as store commonly used comparisons with filters and sort already set.

Additional facts - CPU model type added to system profile

A new fact labelled cpu_model is now available on the system_profile. Its value reports the CPU model type on the given system (e.g. "cpu_model": "Intel® Core™ i5-4670 CPU @ 3.40GHz").

Bug Fixes & Enhancements

  • Facts with no value are now consistently displayed as an empty string
  • Tags with no value are now displayed as (no value)
  • Bulk selector for system selection modal is now available
  • Baseline search is now case insensitive (both lower/uppercase names are returned)
  • Names for enabled_services are now correctly parsed (previously ending with ‘@’ character for some services)
  • Tooltips with description are now present on all UI icons
  • Global filter selection is now indicated on the Inventory selection modal
  • Implementation of first time-user tour for an improved onboarding experience

2.6. Policies

The policies service includes the following enhancements:

Installed packages now support multiple values

Facts for installed_packages now support multiple values. The system profile and Inventory API include a new installed_package_delta field containing all additional multiple-value facts. This can be used as part of conditions for policies (e.g. query for multiple kernel version installed on a system with: facts.installed_packages_delta contains "kernel").

Triggered policy notifications

The policies service now makes use of the new notifications functionality in the Red Hat Insights application, allowing account administrators to define and manage notifications (e.g. email alert & summary, webhook) for all users in the account. Account settings will apply to all triggered policies.

Bug Fixes & Enhancements

  • Type-ahead for new conditions now offers SELinux, Tuned, and SAP facts
  • Improvements to toolbar, pagination, filters & page titles

2.7. Patch

The patch service includes the following enhancements:

Expanded package reporting

Leveraging the previous release of system-level package reporting, Insights patch now provides reporting of packages across your entire RHEL infrastructure, including views of every system with a given package installed, current installed version, and latest version available. Users can quickly identify packages that are only installed on a handful of hosts or hosts that are running a different version of a package from other similar systems.

Simple patch lifecycle management

With the introduction of remediation for multiple systems at a time, and building on the previous release of system grouping by tag, users who have tagged their systems by environment (i.e. “Pre-Production” and “Production”) can efficiently select and build remediation playbooks for each environment on the same day to apply consistent content regardless of when each system group is patched. Additionally, systems that are subscribed to extended update support are visually noted and the applicable advisories are limited to that RHEL version lock.

Enhanced Security Information

Views of Red Hat security advisories now include additional information, including more visible severity designations, a list of CVEs addressed by an advisory with severity and CVSS scores, and links to Insights vulnerability views of those CVEs.

Chapter 3. More Information About Red Hat Insights

Learn more about Red Hat Insights from the following resources:

Revised on 2021-04-22 13:42:36 UTC

Legal Notice

Copyright © 2021 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.