{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "title": "SecurityRuleRequest",
  "description": "SecurityRuleRequest schema from Palo Alto Networks Cloud NGFW for AWS REST API",
  "$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/cloud-ngfw-api-security-rule-request-schema.json",
  "type": "object",
  "properties": {
    "Priority": {
      "type": "integer",
      "minimum": 1,
      "maximum": 65535
    },
    "RuleEntry": {
      "type": "object",
      "required": [
        "RuleName",
        "Action"
      ],
      "properties": {
        "RuleName": {
          "type": "string"
        },
        "Description": {
          "type": "string"
        },
        "Enabled": {
          "type": "boolean",
          "default": true
        },
        "Source": {
          "type": "object",
          "description": "Traffic source matching criteria for a security rule.",
          "properties": {
            "Cidrs": {
              "type": "array",
              "items": {
                "type": "string"
              },
              "description": "Source CIDR blocks (e.g., 10.0.0.0/8)."
            },
            "Countries": {
              "type": "array",
              "items": {
                "type": "string"
              },
              "description": "Source country codes (ISO 3166-1 alpha-2)."
            },
            "Feeds": {
              "type": "array",
              "items": {
                "type": "string"
              },
              "description": "Threat intelligence feed names."
            },
            "PrefixLists": {
              "type": "array",
              "items": {
                "type": "string"
              },
              "description": "Names of prefix lists defined in the rule stack."
            }
          }
        },
        "Destination": {
          "type": "object",
          "description": "Traffic destination matching criteria for a security rule.",
          "properties": {
            "Cidrs": {
              "type": "array",
              "items": {
                "type": "string"
              },
              "description": "Destination CIDR blocks."
            },
            "Countries": {
              "type": "array",
              "items": {
                "type": "string"
              },
              "description": "Destination country codes."
            },
            "Feeds": {
              "type": "array",
              "items": {
                "type": "string"
              }
            },
            "FqdnLists": {
              "type": "array",
              "items": {
                "type": "string"
              },
              "description": "Names of FQDN lists defined in the rule stack."
            },
            "PrefixLists": {
              "type": "array",
              "items": {
                "type": "string"
              }
            }
          }
        },
        "Applications": {
          "type": "array",
          "items": {
            "type": "string"
          }
        },
        "Protocol": {
          "type": "string",
          "enum": [
            "APPLICATION-DEFAULT",
            "ANY"
          ]
        },
        "Action": {
          "type": "string",
          "enum": [
            "Allow",
            "DenyResetBoth",
            "DenyResetServer",
            "DenySilent"
          ]
        }
      }
    }
  },
  "required": [
    "Priority",
    "RuleEntry"
  ]
}