Announcing Red Hat Insights Tasks with preupgrade analysis

You can perform simple analyses on your Insights connected hosts through Red Hat Hybrid Cloud Console. Use Insights Tasks to run a preupgrade analysis on your RHEL 7 or RHEL 8 hosts to identify and remediate known issues. Quickly assess your connected hosts and get clean reporting on next steps.

Additional Resources

Hybrid Cloud Console Tasks

View Insights Recommendations as in-cluster alerts and in Cluster history

Advisor recommendations for OpenShift are now visible in multiple places. Reviewing these recommendations is a suggested first step when troubleshooting cluster issues. It is also wise to monitor them for potential issues. Here are several methods for monitoring:

Risk of change

Advisor recommendations for OpenShift Container Platform now include the risk of change field. This provides you with information on the impact of changes included in particular recommendations, ranging from low (no impact to cluster and/or workload) to high (cluster outage required).

Oracle cloud infrastructure

Oracle Cloud has been added where accounts and services are aggregated. Distribution of OCI costs to OpenShift entities such as clusters, nodes and projects have not been completed. This feature is intended for Hybrid Committed Spend.

AWS customer filtered data

If you use Cost Management functionality and have a large number of systems, clusters, and third-party services this feature will be impactful for you. You can restrict how much data you share with Red Hat by filtering out specific systems, services, and other resources.

Upload existing data on operator installation

The Cost Management Metrics Operator (CMMO) gathers Prometheus metrics from the cluster and uploads them to Cost Management. Since Prometheus is configured by default to store two weeks of data, we have enhanced the operator so all data in Prometheus will be uploaded. This means if you install the CMMO on an existing cluster we will be able to provide cost information for two weeks from day 1.

Upgrade risk predictions

Upgrade Risk Prediction is a machine learning feature that estimates the failure rate of cluster upgrades. It also highlighs potential upgrade issues.

Bug fixes and user interface enhancements

The following user interface features are now available in Notifications:

Bug Fixes & UI Enhancements

A couple of minor bug fixes & enhancements are now available in Drift, including:

General Availability blog posted

We announced the general availability of the Malware Detection with a post to the Red Hat public blog: Red Hat Insights malware detection service is now generally available

Integration of Insights recommendations with cluster history

Service Log (shown under the Cluster history tab after clicking on a single cluster) is a main communication channel between Red Hat SRE and our managed-services customers.

Insight Advisor recommendations as in-cluster alerts

With the release of OpenShift Container Platform 4.12, the advisor service exposes recommendations in the form of information alerts, leading users to steps required to remediate cluster problems.

Health checks based on deployment validation operator and kube-linter project

A new type of recommendation has been introduced for customers of managed clusters. Cluster issues caused by improper configuration of workloads cause the majority of TOIL for the Red Hat SRE team.

Bucketing “Platform costs” for OpenShift

OpenShift runs a number of kube-<something> and openshift-<something> projects as part of the control plane to run the cluster. This is a cost that someone, either IT or the end customers, has to pay for.

Cost of unallocated capacity

When running an OpenShift cluster, you need to be prepared for peaks, new workloads, etc, so you cannot run it at 100% of its capacity. This means the cluster will always have some unallocated capacity (typically, from 33% to 50% of the total capacity!), which has a cost that someone has to pay for.

Savings plan for OCP on AWS

AWS has three ways of reporting costs: blended, unblended, and amortized. In a nutshell: use amortized if you have savings plans; unblended otherwise. Blended is deprecated.

Change distribution to resource usage for project

The cost-management service used to distribute costs in a slightly different manner depending on the grouping mode selected by the user. As a consequence, users saw one set of costs and total costs when grouping by project, and an entirely different set and total when they grouped by tag, even when that tag was in use by all of the projects of interest. While this made sense, it was confusing and hard to explain.

Amortized monthly cost model costs

We used to show monthly costs as an upfront fee. When a cost model has a cost per cluster/node/PVC count, we used to calculate the count and attribute that cost to the first day of the month, causing a significant spike on that day.

Cost Management Metrics Operator 1.2.0

This version adds the "node_role" metric to the reports, which was critical to a large defense-industry customer that uses the cost management service in disconnected mode.

Splunk certified application v0.17 is released

A new version of the Insights for Red Hat Enterprise Linux application for Splunk is now available on the Splunkbase marketplace. This version no longer requires navigating through the setup process when upgrading the application.

Bug fixes and user interface enhancements

The following user interface features are now available in Notifications:

New filtering option for Remote Host Configuration (RHC)

A new filter enables you to list systems on console.rehat.com. This makes it easier to figure out which systems can be remediated using RHC.

Improvements to the registration process

Adjustments were made to the registration and unregistration procedures. These changes will prevent duplicate hosts in your Insights Inventory. The specific functionality includes the following:

ROS in status.redhat.com

The availability of the resource optimization is now reported in status.redhat.com, under console.redhat.com.

Slack integration is now available in Service Preview

An integration between Red Hat Insights and Slack is now available as Service Preview. Every time Insights triggers an event, this feature forwards the event and its data to a Slack receiver and posts the message to the appropriate channel.

Splunk certified application v0.16 is released

A new version of the Red Hat Insights application for Splunk is now available on the Splunkbase marketplace. This v0.16 update includes:

New recommendations for preventing kernel panics, memory leaks, and more

Insights advisor published eight new rules:

Service Preview of Flow Templates for the Red Hat Insights application is now available on ServiceNow Store

Flow Templates for Red Hat Insights, an application that facilitates ingestion and handling of Insights events, is now available in Service Preview. The certified application is available for download in the ServiceNow Store at Flow Templates for Red Hat Insights.

New notification event from the inventory service

The inventory service is now triggering Insights events. When a data upload from a host is rejected, a Validation Error Insights event is triggered with all relevant data, and handled according to the configured Behavior Group. This may be useful for further troubleshooting missing hosts from the Inventory.

Recommendations are now compatible with RHEL for Edge

All existing rules are fully compatible with RHEL for Edge, including tailored remediation steps. You can find more details in the blog post, Edge-compatible recommendations now available in Red Hat Insights Advisor

The First impacted column shows the date the rule started impacting a system

Until now the prominent date in the advisor service was the publish date. In response to user feedback indicating that the publish date is confusing, the advisor service UI contains a new column in the list of impacted systems to highlight the date when a rule started impacting a system. This adds value to your advisor service experience because it communicates the relationship to your environment and shows correlation with other events (for example, a noticeable performance drop).

Security Rule for Retbleed added to Red Hat Insights Vulnerability

A new security rule brings advanced Retbleed vulnerability detection to Red Hat Insights Vulnerability (CVE-2022-29900/CVE-2022-23816, CVE-2022-29901, CVE-2022-23825). Although Retbleed was not a major Incident, it remains an extremely complex vulnerability that can, if left unresolved, result in information disclosure, similar to the Spectre v2 incident.

Updating existing policies within Insights Compliance is now easier

Some enhancements have been made to the Insights compliance service to make the process of editing policies post-initial creation easier by delivering in-line editing capabilities.

Bug fixes and UI enhancements

A couple of small bug fixes and enhancements are now available in the drift service, including:

Currency support

Cost Management now handles accounts in all of the major currencies supported by hyperscalers.

Marketplace services reported using name instead of hash

An enhancement now reports marketplace services by name, instead of the previous hash provided by hyperscalers that was difficult to understand.

Red Hat Insights Vulnerability for OpenShift is now Generally Available (GA)

New functionality is available to help you manage the security of your Red Hat OpenShift Container Platform infrastructure through using the new vulnerability service for Insights for OpenShift. The first iteration of the service provides you with a similar user experience as your Red Hat Insights for Red Hat Enterprise Linux vulnerability service experience. The blog article, Red Hat OpenShift security portfolio grows with new Red Hat Insights Vulnerability service provides additional context and use cases that are covered by the service and also describes how it compares and contrasts with Red Hat Advanced Cluster Security (ACS) for Kubernetes. You can access this new service at Red Hat Hybrid Cloud Console > OpenShift > Vulnerability > CVEs.

New notification events from integrations and resource optimization

Integrations and Resource Optimization services are now triggering Insights events:

Integrations are now disabled after 10 consecutive failed attempts and/or one client error

Integrations failing for 10 consecutive attempts (5xx) and/or one client error (4xx) are now disabled, and a new Integrations disabled event is triggered from the Integrations service. In turn, this prompts a notification email to go out to the organization administrator of the account (default behavior group on integrations disabled event).

Un-registration improvement

When unregistering a client using the insights-client command, the machine-id file is now removed to prevent duplication scenarios with VM cloning, etc. This was completed as of an RFE via BZ 1919570.

New recommendations released

We added nine new rules, including a kernel panic hashtab rule that resulted in over 17,000 rule hits and an rsyslog “Max Open Files” rule that resulted in over 2,000 rule hits.

Yara RPMs included in RHEL 8 and 9 beta appstream

The Yara RPMs are now available in the appstream repositories of both the RHEL 8.7 and RHEL 9.1 beta releases. On a RHEL 8.7 or 9.1 beta install, setting up Malware Detection is now as easy as running:

Support for Red Hat Satellite and Satellite Capsule Server

The Subscriptions service recently added support for Red Hat Satellite and Satellite Capsule Servers. You can now see the usage of these two products to aid you in understanding your deployments and assist in planning for any upgrades or architectural changes.

Support for the Developer Subscription for Teams is now available

The Subscriptions service has added support for Red Hat Developer Subscription for Teams. Users of this subscription will see an increase in their subscription capacity for Red Hat Enterprise Linux as of 27-Sep-2022. You can view your usage of this subscription type by filtering with the Usage > Development/Test option on the RHEL product page.

New-suggestions notification

The Resource Optimization service can now generate daily notifications when new suggestions are available. When receiving notifications over e-mail, a link to view new suggestions in Insights is included.

GCP enhancements

Optimizations went into the GCP backend, making it much faster and able to ingest more data.

Vulnerability for OpenShift is in beta

The Insights Vulnerability for OpenShift service is in BETA. In the first iteration of this service, we have started laying down the foundation for enabling users to assess and prioritize vulnerability exposure of their OpenShift clusters at the infrastructure level. Over time we will be building out this service further to enhance the management and security of OpenShift infrastructure and are collaborating with the OpenShift teams to ensure a comprehensive user experience, including integration with Red Hat Advanced Cluster Security (ACS) for Kubernetes.

New notification events from Malware and Cost Management

Malware and Cost Management services are now triggering Insights events:

Bug fixes and UI enhancements

A few small bug fixes & enhancements are now available in Notifications, including:

RHC manager updated UI

The RHC Manager configuration UI introduces a new option that allows you to disable the management of configuration sent to the host. This allows you to benefit from the Insights remediation features via RHC, while having the possibility to manage your Insights configuration with your internal solution.

Pathways (GA)

After several months of hard work by Advisor engineering, Insights front-end team, UXD team, CEE Insights rule development team, and many others, we’ve promoted pathways from beta to the Insights production environment for general availability. It’s a huge milestone and a great added value for large-scale customers looking to address as many of our recommendations as possible. The most impactful pathways are highlighted on the Advisor main page, along with the new pathways tab in the recommendations table.

Performance improvements for Satellite / Advisor integration

There is improved the performance of the integration between Satellite and Advisor, which improves the responsiveness when you view Advisor results in the Satellite interface.

Newly developed recommendations

Seven new rules were released in August. A key one to highlight is the Decreased security when "sudo" is not configured as per the best practice of SAP as a result of Red Hat Enterprise Linux Security Hardening Guide for SAP HANA 2.0 analysis along with the following additional recommendations released:

Support for 3rd-party package updates

System package views now support the display of 3rd party package updates. Third-party packages are defined as any package from a repository that is not on the Red Hat CDN. This could include vendor repositories, custom rpm repositories, or locally-synced-and-renamed Red Hat repositories. To see these results, your host must be running RHEL 7, RHEL 8.6+ or RHEL 9, and it must maintain a fresh yum/dnf cache.

Malware-detection blog post

We published a blog post announcing the public beta of the Malware Detection service: https://www.redhat.com/en/blog/getting-started-red-hat-insights-malware-detection.

Insights tour

Resource Optimization has been added to the Insights Product Tour:

Notifications

Cost Management added two notifications:

Announcing beta availability

The Insights Vulnerability service for OpenShift service is now available in beta. In the first iteration of this service, we have started laying down the foundation for enabling users to assess and prioritize vulnerability exposure of their OpenShift clusters at the infrastructure level. Over time we will be building out this service further to enhance the management and security of OpenShift infrastructure and are collaborating with the OpenShift teams to ensure a comprehensive user experience, including integration with Red Hat Advanced Cluster Security (ACS) for Kubernetes.

Displaying Satellite-managed systems in Insights Advisor by default

You no longer have the ability to hide Satellite-managed systems in Advisor because all accounts were changed to show these systems in the Advisor application by default. This feature had previously resided under Settings - Applications - Advisor: Show Satellite-managed hosts. See the Displaying Satellite-managed systems in Insights Advisor by default - Red Hat Customer Portal knowledge article for additional information.

Disabled recommendation in response to the retbleed vulnerability

Product Security analysis showed that the new Retbleed vulnerability could be exploited on some systems when retpoline is enabled. In response, Red Hat Insights disabled an existing performance recommendation that encouraged using retpoline as mitigation for Spectre v2.

RBAC update, new roles, etc.

The compliance service now supports granular permissions along with two canned roles that are provided: The Compliance Admin role and the Compliance read-only role. With the release of this feature, you can grant custom-level permissions per your organizational needs. See the Insights Compliance — improvements to role-based access control - Red Hat Customer Portal knowledge article and Insights Compliance - upcoming improvements to RBAC - Red Hat Customer Portal discussion for additional information.

Improvements to PDF reports

Significant updates were made to the PDF reports within the compliance service to handle large amounts of data. Because larger organizations are adopting the service, this is a necessary step that improves the overall experience.

Bug fixes and UI enhancements

A couple of small bug fixes and enhancements are now available in Drift, including:

RHC single-step registration

With the rhc client, you can now register systems to both Red Hat Subscription Management (RHSM) and Insights for Red Hat Enterprise Linux using the # rhc connect command.

New wizard for creating and editing notifications behavior group(s)

Behavior group(s) creation and association of events now follow a step-by-step wizard. This provides additional functionality, such as associating multiple events to a behavior group at once (including selecting all events). This wizard is also used when editing an existing behavior group.

New notification events from vulnerability, patch, and compliance services

In addition to Advisor, Drift, and Policies, new events are now triggered from vulnerability, patch and compliance services. These events can be used for email and webhook notifications and with our Splunk integration, which was released last month. These new events are:

Support for RHEL 9

With the release of RHEL 9, the compliance service has also added the ability to deploy OpenSCAP policies for RHEL 9 systems.

Alerts and Notifications

The compliance service now supports the ability for users to subscribe to various events that may require immediate attention. The ability of Insights to alert users when these conditions are triggered makes for efficient and effective processes. The details of how this feature works is described in detail in a new blog that was released: Save time and money with Red Hat Insights Compliance reporting by Mohit Goyal and Marley Stipich (June 14, 2022)

Service preview of Red Hat Insights application for Splunk is now available on Splunkbase marketplace

Insights for Red Hat Enterprise Linux extends its ecosystem and integration capabilities by providing a bespoke Splunk application on the Splunkbase marketplace. This new feature facilitates ingestion and visualization of Insights events in Splunk and provides a quick, simple and secure path to drive Red Hat Insights adoption.

New alert for Update to RBAC default access group default behavior group

A new Update to RBAC default access group default behavior group is provided by default in each account, allowing Org. Admin users to receive updates on RBAC changes when a new role is added, removed, or updated. In order to receive those updates, each admin user needs to be subscribed to RBAC events in User Preferences.

Bug fixes and UI enhancements

A couple of small bug fixes and enhancements are now available in Notifications, including:

Executive report

The Executive Report provides executive decision makers with a summary of the status of their RHEL infrastructure, including system performance and the most common issues on non-optimized systems. It is available as a PDF. Because it targets users who may not be familiar with the exact terminology used by the resource optimization service, it includes a brief definition of those terms. This adds to the system list report and the historical data view previously introduced. These reports target our operations users. More enhancements to the executive report will be released soon.

UI enhancements

The Last Seen date in inventory has been replaced by Last Reported (last time Resource Optimization metrics from the client were received) in the system details page.

Granular permissions support (RBAC)

The vulnerability service now supports granular permissions along with two canned roles that are provided: The Vulnerability administrator role and the Vulnerability viewer role. With the release of this feature, you can grant custom-level permissions per your organizational needs.

Insights Operator conditional gathering - service for update of conditional gatherers

The developed service enables Insights Operator to be remotely updated with new conditional gatherers that will trigger additional data collection in case a condition triggers it. This enables new types of recommendations to be created while still limiting the collected data set to be as minimal as possible.

Analysis of Hypershift clusters

Hypershift architecture changes the behavior of the monitoring stack. As part of the feature, verification and adjustments to enable the architecture occurred so you can receive our recommendations.

Default admin group

The "Cost Administrator" is now included as part of the Default admin group in User Access.

Subscription Inventory

The subscriptions service now provides an Subscription Inventory page (Beta) so that you can identify your purchased subscriptions.

Activation Keys

Activation keys (which are used to connect systems in lieu of username/password) are now available at console.redhat.com, and will include new features such as the ability to set System Purpose attributes. The activation key UI at RHSM is deprecated and will be removed in a future release.

Export of systems impacted by a recommendation

When viewing the details of an advisor recommendation, you can click the Export data icon to download a list of systems impacted by that recommendation. The list is available in CSV and JSON formats.

Ten new advisor recommendations

The advisor service released ten new recommendations. A few recommendations to note are:

Alerts and Notifications

The compliance service now supports the ability to receive alerts and notifications, which are sent when certain conditions are met. This functionality includes the ability to be notified when systems fall below a specific compliance threshold or when they fail to report. This feature makes it easier for you to keep track of both your compliance status and program. Set these new alerts in the Red Hat Hybrid Cloud Console > Settings > Notifications > Red Hat Enterprise Linux menu.

Inventory filters and indicators for systems without the Insights-client installed

Filter your inventory to show systems with, or without, the Insights client installed. Systems without the Insights client installed display a visual indicator, , making it easier to identify and install the Insights client on those systems.

Global filtering for Ansible Automation Platform and Microsoft SQL Server

Red Hat Insights now provides support for global filtering of two additional workloads: Ansible Automation Platform and Microsoft SQL Server. This support enhances the existing SAP workload capabilities released in 2021. You can access these workloads under the “Filter by Status” functionality located in the top bar.

Set User Access groups as recipients of email notifications

You can now use custom User Access groups on your account as recipients for email notifications. In addition to the option of sending the notifications to just administrators, or to all members of the group, the recipient list for email notifications can include User Access groups and target a specific list of users, as defined in User Access for your account. Notifications administrators can now create and assign targeted Behavior Groups based on their User Access configuration.

Microsoft SQL Server (MSSQL) facts autocompletion in conditions builder

Microsoft SQL Server facts that are collected as part of a system profile are now shown in policies and can be used to create conditions and send notifications about MSSQL workloads.

Access to the resource optimization service is now available on the Red Hat Insights dashboard

The resource optimization service is now available on the Insights overview dashboard. You can locate, access, and get started with the resource optimization service much easier.

RHEL version displayed in two new ways

The operating system (OS) version is now displayed in the system list and system details views, where it can be sorted and filtered. OS information is also available from the API.

New dashbar in CVE list view

The vulnerability service has a new feature called the dashbar which appears at the top of the CVEs page. The dashbar aims to help prioritize and navigate findings easier by showing the number of, and links to, CVEs that are typically associated with higher risk to your enterprise. You have easier visibility and access to CVEs with:

Remediation with Insights and Red Hat connector

With the release of RHEL 8.5, you can connect your system using the Red Hat connector utility. The Red Hat connector utility consists of a command-line interface and daemon that enable users, within the Insights for Red Hat Enterprise Linux application, to execute Insights remediation playbooks directly on the host (console.redhat.com/insights). For more information, refer to the Red Hat Connector Configuration Guide.

RHEL minor version visible in systems and inventory lists

In advisor service systems lists, users can see the RHEL minor version running on each system. In the general and recommendation-specific systems lists, users can filter by the OS minor version to allow customers to quickly narrow down the list of affected systems by the version of RHEL they are interested in.

Advisor event notifications

The advisor service enables the notifications functionality on the Red Hat Hybrid Cloud Console platform. This feature enables notifications administrators to define notification behavior groups and integrations so users can more easily monitor for advisor service and OpenShift events. Triggered events are handled based on the Notifications configuration at the account level (for example, email alert & summary, or integration with webhooks).

Microsoft SQL Server workload management

Red Hat Insights now provides functionality and controls to assist in managing Microsoft SQL Server workloads hosted on Red Hat Enterprise Linux. Red Hat Insights automatically profiles and identifies registered hosts running SQL Server and enables additional filtration capabilities within the Insights services. SQL Server-specific recommendations are available within Advisor, and additional SQL Server facts are available in the drift service comparison and baseline functionality, policy creation, and information available via Inventory. Red Hat Insights can be further extended through integration with the Microsoft SQL Assessment API, providing additional detection and recommendation capabilities.

Onboarding tour

An onboarding tour will help visitors and new advisor-service users navigate the application and understand its basic workflow, from identifying the most critical issue in a RHEL infrastructure to creating a remediation playbook to resolve it. To view the onboarding tour, visit the Insights Resource Center (light bulb in bottom right corner) in the advisor service application.

Insights-operator improvements for OpenShift

Insights operator now leverages conditional data gathering, which reduces the size of the insights-operator archive while allowing the Insights for Red Hat Enterprise Linux application to collect specific information only when really needed.

In-service tag filtering

The compliance service now supports filters within various views specific to the compliance service. Unlike global tag filtering (Filter by status) available throughout the Insights for Red Hat Enterprise Linux application, compliance service tags are set within systems list views; for example, in report details for a policy, policy details Systems tab, and in the Compliance > Systems page.

PDF report by policy

A PDF report is now available for policies that executed successfully and reported status. This report makes it easier to share results of scans with auditors, risk and compliance teams, or others within the organization. Users will have some control on the sort of data they would like to see within the report.

Notifications for “drift from baseline detected” events

The drift service now makes use of the notifications functionality, allowing entitled users to define systems to monitor for drift-from-baselines events. Triggered events are handled based on the notifications configuration at the account level (for example, email alert & summary, or integration with webhooks).

New event types

New event types are available for users to get (email and webhook) notifications about:

Behavior groups

Notifications administrators can now define multiple Behavior Groups to simplify the assignment of actions to event types. This new feature extends the previous Default behavior functionality, allowing Notifications administrators to define as many Behavior Groups as they want.

Behavior group, send-email action now supports admin-only recipients

‘Users: All’ and ‘Users: Admins’ are now both supported as recipients for sending email notifications. With this additional feature, Notifications administrators can configure notifications to target account Organization administrators when events trigger email actions.

Notifications event log

The event log lists all previously triggered events on the account and actions taken according to the configured behavior groups. The list is filterable by event, bundle, and application. The event log helps Notifications administrators troubleshoot notification configurations and ensure that the service performs as expected.

Bug fixes and UI enhancements

A couple of small bug fixes and enhancements are available in the integrations and notifications services:

Introduction of patch status

View a summary of how many hosts are up-to-date, how many hosts have patches available, and click to filter just those lists. Summary totals update based on filters. This lets customers get these quick summaries for tagged groups, workloads, or RHEL product versions.

Expanded scope for patch analysis

Analyze and report on applicability for EPEL packages and advisories for RHEL 7 and RHEL 8.

Visibility of most-impactful advisories

Review the top four most-impactful advisories based on type and number of hosts affected. Each of these highlighted advisories are presented with basic summary information, including the type/severity, brief description, number of hosts affected, and whether or not a reboot is required.

Enhanced package analysis and remediation

Gain a better understanding of packages deployed across your RHEL infrastructure and take the following actions:

Use of Red Hat OVAL feed

The vulnerability service is using OVAL behind the scenes for vulnerability analysis. This leads to a more comprehensive set of reporting, and customers may see a change in CVEs being reported. Additional details can be found in this KCS article.

Filtering by RHEL minor version

The vulnerability service now supports filters by RHEL minor versions for systems. Filtering by RHEL minor versions has been added throughout any list of systems within the vulnerability service. This leads to finer triaging and reporting.