{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "title": "RuntimePolicy",
  "description": "RuntimePolicy schema from Palo Alto Networks Prisma Cloud Compute API",
  "$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/prisma-cloud-compute-api-runtime-policy-schema.json",
  "type": "object",
  "properties": {
    "rules": {
      "type": "array",
      "description": "Container runtime defense rules.",
      "items": {
        "type": "object",
        "properties": {
          "name": {
            "type": "string"
          },
          "collections": {
            "type": "array",
            "items": {
              "type": "string"
            }
          },
          "processes": {
            "type": "object",
            "properties": {
              "effect": {
                "type": "string",
                "enum": [
                  "ignore",
                  "alert",
                  "block"
                ]
              },
              "whitelist": {
                "type": "array",
                "items": {
                  "type": "string"
                }
              },
              "blacklist": {
                "type": "array",
                "items": {
                  "type": "string"
                }
              }
            }
          },
          "network": {
            "type": "object",
            "properties": {
              "effect": {
                "type": "string",
                "enum": [
                  "ignore",
                  "alert",
                  "block"
                ]
              }
            }
          },
          "filesystem": {
            "type": "object",
            "properties": {
              "effect": {
                "type": "string",
                "enum": [
                  "ignore",
                  "alert",
                  "block"
                ]
              }
            }
          }
        }
      }
    }
  }
}