asyncapi: 2.6.0 info: title: Red Hat Hybrid Cloud Console Notifications Events description: >- The Red Hat Hybrid Cloud Console notifications service delivers event-driven notifications when significant events occur across Insights services, including advisor recommendations, vulnerability alerts, compliance changes, patch advisories, and inventory updates. Events can be forwarded via webhook integrations to third-party applications, email notifications, or integration endpoints such as Splunk, ServiceNow, and PagerDuty. version: '1.0' contact: name: Red Hat Support url: https://access.redhat.com/support license: name: Red Hat Terms of Use url: https://www.redhat.com/en/about/terms-use servers: hybridCloudConsole: url: https://console.redhat.com protocol: https description: >- Red Hat Hybrid Cloud Console notifications service. Events are delivered as HTTP POST requests to configured webhook endpoints when subscribed events occur across Insights services. security: - bearerAuth: [] defaultContentType: application/json channels: advisor.newRecommendation: description: >- Triggered when the Advisor service identifies a new recommendation for one or more registered RHEL systems based on rule evaluation. subscribe: operationId: onAdvisorNewRecommendation summary: New advisor recommendation description: >- Receives a notification when a new Advisor recommendation becomes active for registered systems, indicating a configuration risk, security issue, or performance concern. tags: - name: Advisor - name: Insights Events message: $ref: '#/components/messages/AdvisorRecommendationEvent' advisor.resolvedRecommendation: description: >- Triggered when an Advisor recommendation is resolved on systems, either through remediation or configuration change. subscribe: operationId: onAdvisorResolvedRecommendation summary: Advisor recommendation resolved description: >- Receives a notification when a previously active Advisor recommendation is resolved on one or more systems. tags: - name: Advisor - name: Insights Events message: $ref: '#/components/messages/AdvisorResolvedEvent' vulnerability.newCve: description: >- Triggered when a new CVE is detected affecting registered systems through the Vulnerability service. subscribe: operationId: onVulnerabilityNewCve summary: New CVE detected description: >- Receives a notification when the Vulnerability service identifies a new CVE affecting one or more registered RHEL systems. tags: - name: Vulnerability - name: Insights Events message: $ref: '#/components/messages/VulnerabilityNewCveEvent' vulnerability.cveSeverityChange: description: >- Triggered when the severity rating of a CVE affecting registered systems changes. subscribe: operationId: onVulnerabilityCveSeverityChange summary: CVE severity changed description: >- Receives a notification when the severity of an existing CVE is updated by Red Hat security. tags: - name: Vulnerability - name: Insights Events message: $ref: '#/components/messages/VulnerabilitySeverityChangeEvent' compliance.policyViolation: description: >- Triggered when a system fails compliance against an assigned SCAP policy profile. subscribe: operationId: onCompliancePolicyViolation summary: Compliance policy violation description: >- Receives a notification when a system's compliance scan results indicate a policy violation against an assigned SCAP profile. tags: - name: Compliance - name: Insights Events message: $ref: '#/components/messages/CompliancePolicyViolationEvent' patch.newAdvisory: description: >- Triggered when new errata advisories become applicable to registered systems through the Patch service. subscribe: operationId: onPatchNewAdvisory summary: New patch advisory description: >- Receives a notification when new security, bugfix, or enhancement advisories become applicable to registered systems. tags: - name: Patch - name: Insights Events message: $ref: '#/components/messages/PatchNewAdvisoryEvent' inventory.systemRegistered: description: >- Triggered when a new system is registered with Red Hat Insights through the Inventory service. subscribe: operationId: onInventorySystemRegistered summary: System registered description: >- Receives a notification when a new RHEL system registers with Red Hat Insights. tags: - name: Inventory - name: Insights Events message: $ref: '#/components/messages/InventorySystemRegisteredEvent' inventory.systemBecameStale: description: >- Triggered when a registered system becomes stale after failing to check in within the configured stale period. subscribe: operationId: onInventorySystemBecameStale summary: System became stale description: >- Receives a notification when a registered system has not checked in and is now considered stale. tags: - name: Inventory - name: Insights Events message: $ref: '#/components/messages/InventorySystemStaleEvent' components: securitySchemes: bearerAuth: type: http scheme: bearer description: >- OAuth 2.0 Bearer token for managing notification preferences and integration configurations through the Hybrid Cloud Console API. messages: AdvisorRecommendationEvent: name: AdvisorRecommendationEvent title: Advisor New Recommendation Event summary: A new Advisor recommendation was identified for systems. description: >- Payload delivered when the Advisor service identifies a new recommendation for one or more registered RHEL systems. contentType: application/json payload: $ref: '#/components/schemas/AdvisorRecommendationPayload' examples: - name: NewRecommendation payload: id: evt-abc123 bundle: rhel application: advisor event_type: new-recommendation timestamp: '2024-06-15T10:30:00Z' org_id: '12345' events: - metadata: {} payload: rule_id: network_tcp_keepalive|NETWORK_TCP_KEEPALIVE rule_description: TCP keepalive not configured optimally total_risk: 3 affected_systems: 5 AdvisorResolvedEvent: name: AdvisorResolvedEvent title: Advisor Recommendation Resolved Event summary: An Advisor recommendation was resolved. contentType: application/json payload: $ref: '#/components/schemas/AdvisorResolvedPayload' VulnerabilityNewCveEvent: name: VulnerabilityNewCveEvent title: New CVE Detected Event summary: A new CVE was detected affecting systems. contentType: application/json payload: $ref: '#/components/schemas/VulnerabilityNewCvePayload' examples: - name: NewCveDetected payload: id: evt-def456 bundle: rhel application: vulnerability event_type: new-cve timestamp: '2024-06-15T14:00:00Z' org_id: '12345' events: - metadata: {} payload: cve_id: CVE-2024-1234 severity: Important affected_systems: 12 synopsis: Buffer overflow in kernel module VulnerabilitySeverityChangeEvent: name: VulnerabilitySeverityChangeEvent title: CVE Severity Change Event summary: A CVE severity rating was changed. contentType: application/json payload: $ref: '#/components/schemas/VulnerabilitySeverityChangePayload' CompliancePolicyViolationEvent: name: CompliancePolicyViolationEvent title: Compliance Policy Violation Event summary: A compliance policy violation was detected. contentType: application/json payload: $ref: '#/components/schemas/CompliancePolicyViolationPayload' PatchNewAdvisoryEvent: name: PatchNewAdvisoryEvent title: New Patch Advisory Event summary: New patch advisories are available for systems. contentType: application/json payload: $ref: '#/components/schemas/PatchNewAdvisoryPayload' InventorySystemRegisteredEvent: name: InventorySystemRegisteredEvent title: System Registered Event summary: A new system was registered with Insights. contentType: application/json payload: $ref: '#/components/schemas/InventorySystemRegisteredPayload' InventorySystemStaleEvent: name: InventorySystemStaleEvent title: System Became Stale Event summary: A system became stale after missing check-ins. contentType: application/json payload: $ref: '#/components/schemas/InventorySystemStalePayload' schemas: NotificationEventBase: type: object description: >- Base structure shared by all Hybrid Cloud Console notification event payloads. required: - id - bundle - application - event_type - timestamp - org_id - events properties: id: type: string description: Unique identifier for this notification event. bundle: type: string description: The product bundle that generated the event. example: rhel application: type: string description: The Insights application that generated the event. example: advisor event_type: type: string description: The specific event type identifier. timestamp: type: string format: date-time description: The ISO 8601 timestamp when the event occurred. org_id: type: string description: The Red Hat organization ID associated with the event. context: type: object description: Additional context metadata for the event. additionalProperties: true events: type: array description: The list of sub-events in this notification. items: type: object properties: metadata: type: object additionalProperties: true payload: type: object additionalProperties: true AdvisorRecommendationPayload: allOf: - $ref: '#/components/schemas/NotificationEventBase' - type: object description: Payload for new Advisor recommendation events. properties: events: type: array items: type: object properties: payload: type: object properties: rule_id: type: string description: The Advisor rule identifier. rule_description: type: string description: A description of what the rule detects. total_risk: type: integer description: The total risk score (1-4). affected_systems: type: integer description: The number of affected systems. AdvisorResolvedPayload: allOf: - $ref: '#/components/schemas/NotificationEventBase' - type: object description: Payload for resolved Advisor recommendation events. properties: events: type: array items: type: object properties: payload: type: object properties: rule_id: type: string resolved_systems: type: integer VulnerabilityNewCvePayload: allOf: - $ref: '#/components/schemas/NotificationEventBase' - type: object description: Payload for new CVE detection events. properties: events: type: array items: type: object properties: payload: type: object properties: cve_id: type: string description: The CVE identifier. severity: type: string description: The severity rating. enum: - Critical - Important - Moderate - Low affected_systems: type: integer synopsis: type: string description: A brief description of the vulnerability. VulnerabilitySeverityChangePayload: allOf: - $ref: '#/components/schemas/NotificationEventBase' - type: object description: Payload for CVE severity change events. properties: events: type: array items: type: object properties: payload: type: object properties: cve_id: type: string previous_severity: type: string new_severity: type: string CompliancePolicyViolationPayload: allOf: - $ref: '#/components/schemas/NotificationEventBase' - type: object description: Payload for compliance policy violation events. properties: events: type: array items: type: object properties: payload: type: object properties: policy_name: type: string description: The name of the compliance policy. policy_id: type: string system_id: type: string format: uuid compliance_score: type: number description: The compliance score as a percentage. PatchNewAdvisoryPayload: allOf: - $ref: '#/components/schemas/NotificationEventBase' - type: object description: Payload for new patch advisory events. properties: events: type: array items: type: object properties: payload: type: object properties: advisory_id: type: string description: The advisory identifier (e.g., RHSA-2024:1234). advisory_type: type: string enum: - security - bugfix - enhancement severity: type: string affected_systems: type: integer synopsis: type: string InventorySystemRegisteredPayload: allOf: - $ref: '#/components/schemas/NotificationEventBase' - type: object description: Payload for system registration events. properties: events: type: array items: type: object properties: payload: type: object properties: system_id: type: string format: uuid display_name: type: string rhel_version: type: string InventorySystemStalePayload: allOf: - $ref: '#/components/schemas/NotificationEventBase' - type: object description: Payload for system stale events. properties: events: type: array items: type: object properties: payload: type: object properties: system_id: type: string format: uuid display_name: type: string last_seen: type: string format: date-time stale_since: type: string format: date-time