Cisco
Login
Search
Software Secure Workload
Activity Configure

Manage Policy Lifecycle in Secure Workload Review and Analyze Policies Review Automatically Discovered Policies

Last updated: Jun 09, 2025

Review Automatically Discovered Policies

Review policy discovery results on the Policies page of the workspace in which you discovered policies.

Start your review here

We recommend that you start by checking to see if policies address each of the following areas, in this suggested order:

  • Critical, common ports

  • Internet-facing traffic

  • Traffic between different applications (These flows may involve workloads in different scopes)

  • Traffic within the same application (These flows are likely to involve workloads in the same scope)

Helpful tools for reviewing policies

  • To make this effort more manageable, filter and sort the policies so you can review related policies as a group.

    • Click table headings to sort the columns, for example by consumer, provider, or port/protocol.

    • Use the filter at the top of the policies list to view specific subsets.

      To see a list of properties that you can filter on, click the (i) button in the Filter Policies box.

  • Look at the graphical representation of the generated policies:

    Click the Policy Visual View button (Policy Visual View button).

    For more information, see Policy Visual Representation.

  • To search or filter the rows based on ports, click the Ungrouped button.

  • By default, the policies are grouped by consumer/provider/action. To return to this view, click the Grouped button.

  • Use the External? filter option to find policies in which the provider is in a different scope from the scope in which you discovered policies.

    Create policies for this traffic using one of the methods described in When Consumer and Provider Are in Different Scopes: Policy Options.

  • Look at the confidence level of the generated policies. See Address Low-Confidence Policies.

  • Look at the Workload Profile for detailed information about a workload. Click the IP address, then click View Workload Profile in the pane on the right.

  • To view the traffic flows that were used to produce a particular policy, click the value in the Protocols and Ports column for that policy, then click View Conversations in the side panel that opens.

    See Conversations for more information.

    If needed, you can drill down further by clicking Flow Search to view the flows for a conversation.

Other things to do and check

  • Identify unknown IP addresses (such as failover or other floating IPs) and tag them with labels so you know what they are.

    You may find helpful details on the Inventory Profile page. Click the IP address, then click View Inventory Profile in the pane on the right.

  • Look for anything that is obviously not desirable or does not make sense.

  • Group workloads using inventory filters so a single policy can address multiple workloads. See Create an Inventory Filter.

  • Investigate and contact other network administrators as needed to understand the need for the policies you see.

  • See the topics under Address Policy Complexities, which can involve manual and approved policies as well as automatically discovered policies.

  • In general, it is recommended that the maximum number of policies in a scope is not larger than about 500. If you have many more than this, see if you can consolidate similar policies or consider splitting the scope.

  • As you review, approve any policies that you know are correct as-is to preserve them in future discovery runs.

Previous topic Review and Analyze Policies Next topic Address Low-Confidence Policies