{ "$schema": "https://json-schema.org/draft/2020-12/schema", "title": "SecurityRule", "description": "A security rule within a Cloud NGFW rule stack.", "$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/cloud-ngfw-api-security-rule-schema.json", "type": "object", "properties": { "Priority": { "type": "integer", "description": "Rule evaluation priority (lower numbers evaluated first)." }, "RuleEntry": { "type": "object", "properties": { "RuleName": { "type": "string" }, "Description": { "type": "string" }, "Enabled": { "type": "boolean", "default": true }, "Source": { "type": "object", "description": "Traffic source matching criteria for a security rule.", "properties": { "Cidrs": { "type": "array", "items": { "type": "string" }, "description": "Source CIDR blocks (e.g., 10.0.0.0/8)." }, "Countries": { "type": "array", "items": { "type": "string" }, "description": "Source country codes (ISO 3166-1 alpha-2)." }, "Feeds": { "type": "array", "items": { "type": "string" }, "description": "Threat intelligence feed names." }, "PrefixLists": { "type": "array", "items": { "type": "string" }, "description": "Names of prefix lists defined in the rule stack." } } }, "NegateSource": { "type": "boolean", "default": false }, "Destination": { "type": "object", "description": "Traffic destination matching criteria for a security rule.", "properties": { "Cidrs": { "type": "array", "items": { "type": "string" }, "description": "Destination CIDR blocks." }, "Countries": { "type": "array", "items": { "type": "string" }, "description": "Destination country codes." }, "Feeds": { "type": "array", "items": { "type": "string" } }, "FqdnLists": { "type": "array", "items": { "type": "string" }, "description": "Names of FQDN lists defined in the rule stack." }, "PrefixLists": { "type": "array", "items": { "type": "string" } } } }, "NegateDestination": { "type": "boolean", "default": false }, "Applications": { "type": "array", "items": { "type": "string" }, "description": "Application names to match (use any for all applications)." }, "Category": { "type": "object", "properties": { "URLCategoryNames": { "type": "array", "items": { "type": "string" } }, "Feeds": { "type": "array", "items": { "type": "string" } } } }, "Protocol": { "type": "string", "enum": [ "APPLICATION-DEFAULT", "TCP", "UDP", "ICMP", "ANY" ] }, "Action": { "type": "string", "enum": [ "Allow", "DenyResetBoth", "DenyResetServer", "DenySilent" ] }, "DecryptionRuleType": { "type": "string", "enum": [ "SSLOutboundInspection", "None" ] }, "AuditComment": { "type": "string" } } } } }