{
  "$schema": "https://json-structure.org/meta/core/v0/#",
  "$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/cloud-ngfw-api-security-rule-request-structure.json",
  "name": "SecurityRuleRequest",
  "description": "SecurityRuleRequest schema from Palo Alto Networks Cloud NGFW for AWS REST API",
  "type": "object",
  "properties": {
    "Priority": {
      "type": "int32",
      "minimum": 1,
      "maximum": 65535
    },
    "RuleEntry": {
      "type": "object",
      "properties": {
        "RuleName": {
          "type": "string"
        },
        "Description": {
          "type": "string"
        },
        "Enabled": {
          "type": "boolean",
          "default": true
        },
        "Source": {
          "type": "object",
          "description": "Traffic source matching criteria for a security rule.",
          "properties": {
            "Cidrs": {
              "type": "array",
              "description": "Source CIDR blocks (e.g., 10.0.0.0/8).",
              "items": {
                "type": "string"
              }
            },
            "Countries": {
              "type": "array",
              "description": "Source country codes (ISO 3166-1 alpha-2).",
              "items": {
                "type": "string"
              }
            },
            "Feeds": {
              "type": "array",
              "description": "Threat intelligence feed names.",
              "items": {
                "type": "string"
              }
            },
            "PrefixLists": {
              "type": "array",
              "description": "Names of prefix lists defined in the rule stack.",
              "items": {
                "type": "string"
              }
            }
          }
        },
        "Destination": {
          "type": "object",
          "description": "Traffic destination matching criteria for a security rule.",
          "properties": {
            "Cidrs": {
              "type": "array",
              "description": "Destination CIDR blocks.",
              "items": {
                "type": "string"
              }
            },
            "Countries": {
              "type": "array",
              "description": "Destination country codes.",
              "items": {
                "type": "string"
              }
            },
            "Feeds": {
              "type": "array",
              "items": {
                "type": "string"
              }
            },
            "FqdnLists": {
              "type": "array",
              "description": "Names of FQDN lists defined in the rule stack.",
              "items": {
                "type": "string"
              }
            },
            "PrefixLists": {
              "type": "array",
              "items": {
                "type": "string"
              }
            }
          }
        },
        "Applications": {
          "type": "array",
          "items": {
            "type": "string"
          }
        },
        "Protocol": {
          "type": "string",
          "enum": [
            "APPLICATION-DEFAULT",
            "ANY"
          ]
        },
        "Action": {
          "type": "string",
          "enum": [
            "Allow",
            "DenyResetBoth",
            "DenyResetServer",
            "DenySilent"
          ]
        }
      },
      "required": [
        "RuleName",
        "Action"
      ]
    }
  },
  "required": [
    "Priority",
    "RuleEntry"
  ]
}