Cisco
Login
Search
Software Secure Workload
Activity Configure

Secure Workload OpenAPIs Workspaces and Security Policies Conversations Search Conversations in a Policy Discovery Run

Last updated: Jun 09, 2025

Search Conversations in a Policy Discovery Run

This end point enables you to search the conversations in an automatic policy discovery run for a given workspace. You can also specify a subset of supported dimensions and metrics which you may want to see as part of the downloaded conversations. Optionally, you can query for a subset of conversations using filters on supported dimensions and metrics.

POST /openapi/v1/conversations/{application_id}

The query consists of a JSON body with the following keys.

Name

Type

Description

version

integer

Version of the automatic policy discovery run

filter

JSON

(optional) Query filter. If filter is empty (i.e. {}), then query matches all the conversations. More specific conversations can be downloaded using filters on supported dimensions and metrics. For the syntax on filters refer to filters .

dimensions

array

(optional) List of dimensions to be returned for the downloaded conversations. The list of supported dimension can be found here .

metrics

array

(optional) List of metrics to be returned for the downloaded conversations. The list of supported metrics can be found here .

limit

integer

(optional) Number of conversations to be returned in a single API response.

offset

string

(optional) Offset received from previous response – useful for pagination.

The body of the request should be a JSON formatted query. An example of a query body is shown below.


    {
        "version": 1,
        "filter": {
            "type": "and",
            "filters":[
                {
                    "type": "eq",
                    "field": "excluded",
                    "value": False
                },
                {
                    "type": "eq",
                    "field": "protocol",
                    "value": "TCP"
                },
            ]
        },
        "dimensions": ["src_ip", "dst_ip", "port"],
        "metrics": ["byte_count", "packet_count"],
        "limit" : 2,
        "offset": <offset-object>
    }

Response

The response is a JSON object in the body with the following properties.

Keys

Values

offset

Response offset to be passed for the next page of results

results

List of results

To generate the next page of results, take the object received by the response in offset and pass it as the value for the offset of the next query.


   req_payload = {"version": 1,
                  "limit": 10,
                  "filter": {"type": "and",
                      "filters": [
                          {"type": "eq", "field": "excluded", "value": False},
                          {"type": "eq", "field": "protocol", "value": "TCP"}
                       ]
                  }
    }

    resp = restclient.post('/conversations/{application_id}', json_body=json.dumps(req_payload))
    print resp.status_code
    if resp.status_code == 200:
        parsed_resp = json.loads(resp.content)
        print json.dumps(parsed_resp, indent=4, sort_keys=True)
Previous topic Conversations Next topic Top N Conversations in a Policy Discovery Run