Search

Chapter 7. Integrating with ServiceNow

download PDF

You can configure Red Hat Advanced Cluster Security for Kubernetes to send events to ServiceNow by configuring a generic webhook integration in RHACS.

The following steps represent a high-level workflow for integrating RHACS with ServiceNow:

  1. In ServiceNow, configure a REST API endpoint to use in RHACS. For more information that includes steps for ServiceNow configuration, see How to integrate Red Hat Advanced Cluster Security for Kubernetes with ServiceNow.
  2. In RHACS:

    1. Configure the generic webhook.
    2. Identify policies for which you want to send notifications, and update the notification settings for those policies.

7.1. Configuring integrations by using webhooks

Create a new integration in Red Hat Advanced Cluster Security for Kubernetes by using the webhook URL.

Procedure

  1. On the RHACS portal, navigate to Platform Configuration Integrations.
  2. Scroll down to the Notifier Integrations section and select Generic Webhook.
  3. Click New integration.
  4. Enter a name for Integration name.
  5. Enter the webhook URL in the Endpoint field.
  6. If your webhook receiver uses an untrusted certificate, enter a CA certificate in the CA certificate field. Otherwise, leave it blank.

    Note

    The server certificate used by the webhook receiver must be valid for the endpoint DNS name. You can click Skip TLS verification to ignore this validation. Red Hat does not suggest turning off TLS verification. Without TLS verification, data could be intercepted by an unintended recipient.

  7. Optional: Click Enable audit logging to receive alerts about all the changes made in Red Hat Advanced Cluster Security for Kubernetes.

    Note

    Red Hat suggests using separate webhooks for alerts and audit logs to handle these messages differently.

  8. To authenticate with the webhook receiver, enter details for one of the following:

    • Username and Password for basic HTTP authentication
    • Custom Header, for example: Authorization: Bearer <access_token>
  9. Use Extra fields to include additional key-value pairs in the JSON object that Red Hat Advanced Cluster Security for Kubernetes sends. For example, if your webhook receiver accepts objects from multiple sources, you can add "source": "rhacs" as an extra field and filter on this value to identify all alerts from Red Hat Advanced Cluster Security for Kubernetes.
  10. Select Test to send a test message to verify that the integration with your generic webhook is working.
  11. Select Save to create the configuration.

7.2. Configuring policy notifications

Enable alert notifications for system policies.

Procedure

  1. On the RHACS portal, navigate to Platform Configuration Policies.
  2. Select one or more policies for which you want to send alerts.
  3. Under Bulk actions, select Enable notification.
  4. In the Enable notification window, select the webhook notifier.

    Note

    If you have not configured any other integrations, the system displays a message that no notifiers are configured.

  5. Click Enable.
Note
  • Red Hat Advanced Cluster Security for Kubernetes sends notifications on an opt-in basis. To receive notifications, you must first assign a notifier to the policy.
  • Notifications are only sent once for a given alert. If you have assigned a notifier to a policy, you will not receive a notification unless a violation generates a new alert.
  • Red Hat Advanced Cluster Security for Kubernetes creates a new alert for the following scenarios:

    • A policy violation occurs for the first time in a deployment.
    • A runtime-phase policy violation occurs in a deployment after you resolved the previous runtime alert for a policy in that deployment.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.