Cisco
Login
Search
Software Secure Workload
Activity Configure

Secure Workload OpenAPIs Software Agents Software agent configuration using Intents

Last updated: Jun 09, 2025

Software agent configuration using Intents

This API workflow uses few REST endpoints defined below.

Creating an inventory filter

This endpoint is used to specify criteria that match agent hosts on which user wants to configure software agents.

POST /openapi/v1/filters/inventories

Parameters:

Name

Type

Description

app_scope_id

string

The scope ID to assign to the inventory filter.

name

string

A name for the inventory filter.

query

json

Filter or match criteria for agent host.

Sample python code 


   # app_scope_id can be retrieved by /app_scopes API
   req_payload = {
      "app_scope_id": <app_scope_id>,
      "name": "sensor_config_inventory_filter",
      "query": {
         "type": "eq",
         "field": "ip",
         "value": <sensor_interface_ip>
      }
   }
   resp = restclient.post('/filters/inventories',
                  json_body=json.dumps(req_payload)))
   print resp.status_code
   # returned response will contain the created filter and it's ID.

Creating a software agent configuration profile

This endpoint is used to specify the set of configuration options to apply to target set of software agents.

POST /openapi/v1/inventory_config/profiles

Following configuration options can be specified as part of agent configuration profile:

  • allow_broadcast: option to allow/disallow broadcast traffic (default value of this option is True).

  • allow_multicast: option to allow/disallow multicast traffic (default value of this option is True).

  • allow_link_local: option to allow/disallow link local traffic (default value of this option is True).

  • auto_upgrade_opt_out: if true, agents are not auto-upgraded during upgrade of Secure Workload cluster.

  • cpu_quota_mode & cpu_quota_us: these options are used to police the amount of CPU quota to give to agent on the end host.

  • data_plane_disabled: if true, agent stops reporting flows to Secure Workload.

  • enable_conversation_flows: option to enable conversation mode on all agents.

  • enable_forensics: option to enable collection of forensic events on the workload (agent uses more CPU as a result).

  • enable_meltdown: enables Meltdown Exploit detection on the workload (agent uses more CPU as a result).

  • enable_pid_lookup: if true, agent tries to attach process information to flows. Note this config option uses more CPU on the end host.

  • enforcement_disabled: can be used to disable enforcement on hosts running enforcement agents.

  • preserve_existing_rules: option to specify whether to preserve existing iptable rules.

  • windows_enforcement_mode: option to use WAF (Windows Advanced Firewall) or WFP (Windows Filtering Platform) (default option is WAF).

For more details about the configuration options, refer to Software Agent Config

Sample python code 


  # Define profile to disable data_plane on agent
  req_payload = {
     "root_app_scope_id": <root_app_scope_id>,
     "data_plane_disabled": True,
     "name": "sensor_config_profile_1",
     "enable_pid_lookup": True,
     "enforcement_disabled": False
  }
  resp = restclient.post('/inventory_config/profiles',
                 json_body=json.dumps(req_payload))
  print resp.status_code
  # returned response will contain the created profile and it's ID.
  parsed_resp = json.loads(resp.content)

Get software agent configuration profiles

This endpoint returns a list of software agent configuration profiles visible to the user.

GET /openapi/v1/inventory_config/profiles

Parameters: None

Get specific software agent configuration profile

This endpoint returns an instance of software agent configuration profile.

GET /openapi/v1/inventory_config/profiles/{profile_id}

Returns the software agent configuration profile object associated with the specified ID.

Update a software agent configuration profile

This endpoint updates a software agent configuration profile.

PUT /openapi/v1/inventory_config/profiles/{profile_id}

Following configuration options can be specified as part of agent configuration profile:

  • allow_broadcast: option to allow/disallow broadcast traffic (default value of this option is True).

  • allow_multicast: option to allow/disallow multicast traffic (default value of this option is True).

  • allow_link_local: option to allow/disallow link local traffic (default value of this option is True).

  • auto_upgrade_opt_out: if true, agents are not auto-upgraded during upgrade of Secure Workload cluster.

  • cpu_quota_mode & cpu_quota_us: these options are used to police the amount of CPU quota to give to agent on the end host.

  • data_plane_disabled: if true, agent stops reporting flows to Secure Workload.

  • enable_conversation_flows: option to enable conversation mode on all agents.

  • enable_forensics: option to enable collection of forensic events on the workload (agent uses more CPU as a result).

  • enable_meltdown: enables Meltdown Exploit detection on the workload (agent uses more CPU as a result).

  • enable_pid_lookup: if true, agent tries to attach process information to flows. Note this config option uses more CPU on the end host.

  • enforcement_disabled: can be used to disable enforcement on hosts running enforcement agents.

  • preserve_existing_rules: option to specify whether to preserve existing iptable rules.

  • windows_enforcement_mode: option to use WAF (Windows Advanced Firewall) or WFP (Windows Filtering Platform) (default option is WAF).

For more details about the configuration options, refer to Software Agent Config

Returns the modified software agent configuration profile object associate with the specified ID.

Delete a software agent configuration profile

This endpoint deletes the specified software agent configuration profile.

DELETE /openapi/v1/inventory_config/profiles/{profile_id}

Creating a software agent configuration intent

This endpoint is used to specify the intent to apply set of configuration options to specified set of software agents. This will create the intent and updates the intent order by adding the newly created intent to the order.

POST /openapi/v1/inventory_config/intents

Sample python code 


  req_payload = {
    "inventory_config_profile_id": <>,
    "inventory_filter_id": <>
  }
  resp = restclient.post('/inventory_config/intents',
                 json_body=json.dumps(req_payload))
  print resp.status_code
  # returned response will contain the created intent object and it's ID.

Specifying order of intents

This endpoint is used to specify the ordering of various software agent configuration intents. For example, there could be two intents – one to enable process ID lookup on development machines and second one to disable process ID lookup on windows machines. If the first intent has higher priority, then development windows machines will have process ID lookup enabled. NOTE: By default, when intent is created, it is added to the beginning of intent orders list. This endpoint is only to be used if end user needs to modify the existing order of intents.

POST /openapi/v1/inventory_config/orders

Sample python code 


  # Read the agent config intents ordered list
  resp = restclient.get('/inventory_config/orders')
  order_result_json = json.loads(resp.content)

  # Modify the list by prepending the new intent in the list
  order_rslt_json['intent_ids'].insert(0,<intent_id>)

  # Post the new ordering back to the server
  resp = restclient.post('/inventory_config/orders',
                 json_body=json.dumps(order_rslt_json))

Remove agent config intent

This endpoint is used to remove a specific agent configuration intent.

DELETE /openapi/v1/inventory_config/intents/{intent_id}

Sample python code 


  intent_id = '588a51dcb5b30d0ee6da084a'
  resp = restclient.delete('/inventory_config/intents/%s' % intent_id)
Previous topic Agent APIs Next topic Interface Config Intents