Cisco
Login
Search
Software Secure Workload
Activity Configure

Secure Workload OpenAPIs Workspaces and Security Policies Policies Policy Statistics

Last updated: Jun 09, 2025

Policy Statistics

This endpoint returns the number of packets, bytes, and conversations observed for a policy over a time interval. A conversation can be broadly described as a flow observation matching a policy that is aggregated with a granularity of one hour. The number of conversations that are measured for a given policy within one hour represents the number of distinct pairs of consumer and provider inventory items that have communicated over the network during that one hour.

Although this endpoint accepts Policy Identifier Parameters as input, we recommend you to use policy and L4 parameter IDs from a published version of the workspace.


 

After a new version of the application workspace is published, it can take up to 6 hours before results become available. All the timestamp resolutions will also have a minimum granularity of 6 hours.

To get the policy statistics for a policy across enforced versions of an application workspace the URL path is:

POST /openapi/v1/policies/stats/enforced

To get the policy statistics for a policy across analyzed versions of an application workspace the URL path is:

POST /openapi/v1/policies/stats/analyzed

The query body consists of a JSON body with the following schema:

Name

Type

Description

application_id

string

The ID of the application workspace.

t0

string

The beginning of the time interval in RFC-3339 format.

t1

string

(optional) The end of the time interval in RFC-3339 format; defaults to current time if left unspecified.

policy_id

string

The ID of the policy; not required if the policy identifier is present.

l4_param_id

string

The ID of the l4 parameter; not required if the policy identifier is present, or for “CATCH_ALL” policies.

policy_identifier

object

Fields that make up the consistent policy identifier.

The policy identifier fields are made up using the following schema:

Name

Type

Description

consumer_consistent_uuid

string

Consistent UUID of the consumer or source.

provider_consistent_uuid

string

Consistent UUID of the provider or destination.

rank

string

Policy rank has to be one of “DEFAULT” or “ABSOUTE”.

action

string

Policy action has to be one of “ALLOW” or “DENY”.

priority

integer

Priority value for the policy.

protocol

integer

IP protocol number (0-255) for the policy.

start_port

integer

(optional) Start of port range (0-65535); defaults to 0 when unspecified

end_port

integer

(optional) End of port range (0-65535); defaults to 65535 if start_port is 0 or else to the start_prot.

Sample Python code 


  application_id = '5f88ca1e755f0222f85ce85c'
  consumer_id = '5f88ca1e755f0222f85ce85d'
  provider_id = '5f88ca1e755f0222f85ce85d'
  action = 'ALLOW'
  rank = 'DEFAULT'
  protocol = 6
  start_port = 80
  priority = 100

  req_body = f'''
  {{
      "application_id": "{application_id}",
      "t0":"2022-07-06T00:00:00Z",
      "t1":"2022-07-28T19:00:00Z",
      "policy_identifier": {{
          "consumer_consistent_uuid": "{consumer_id}",
          "provider_consistent_uuid": "{provider_id}",
          "rank": "{rank}",
          "priority": {priority},
          "action": "{action}",
          "protocol": "{protocol}",
          "start_port": "{start_port}"
      }}
  }}'''
  restclient.post('/policies/stats/analyzed', json_body=req_body)

  # For CATCH_ALL policies:
  root_app_scope_id = '6f88ca1e755f0222f85ce85e'
  rank = 'CATCH_ALL'
  action = 'DENY'
  req_body = f'''
  {{
      "application_id": "{application_id}",
      "t0":"2022-07-06T00:00:00Z",
      "t1":"2022-07-28T19:00:00Z",
      "policy_identifier": {{
          "consumer_consistent_uuid": "{root_app_scope_id}",
          "provider_consistent_uuid": "{root_app_scope_id}",
          "rank": "{rank}",
          "action": "{action}"
      }}
  }}'''

  restclient.post('/policies/stats/analyzed', json_body=req_body)

Sample response

The response is a JSON object in the body with the following properties.

Keys

Values

conversation_count

The number of conversations that are observed for the specified duration and policy.

packet_count

The number of packets that are observed for the specified duration and policy.

byte_count

The number of bytes observed for the specified duration and policy.

first_seen_at

The timestamp (in RFC-3339 format) when we first observed flows for this policy.

last_seen_at

The timestamp (in RFC-3339 format) when we last observed flows for this policy.

agg_start_version

The earliest published version of this policy on record from time t0 onwards.

agg_start_time

The timestamp the agg_start_version was published.

 

    {
      "conversation_count": 72,
      "packet_count": 800,
      "byte_count": 1960,
      "first_seen_at": "2022-09-09T11:00:00.000Z",
      "last_seen_at": "2022-09-09T11:00:00.000Z",
      "agg_start_version": 4,
      "agg_start_time": "2022-08-10T23:00:00.000Z"
    }
Previous topic Policy Quick Analysis Next topic Unused Policies