{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "title": "RuleSource",
  "description": "Traffic source matching criteria for a security rule.",
  "$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/cloud-ngfw-api-rule-source-schema.json",
  "type": "object",
  "properties": {
    "Cidrs": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "Source CIDR blocks (e.g., 10.0.0.0/8)."
    },
    "Countries": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "Source country codes (ISO 3166-1 alpha-2)."
    },
    "Feeds": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "Threat intelligence feed names."
    },
    "PrefixLists": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "Names of prefix lists defined in the rule stack."
    }
  }
}