{ "$schema": "https://json-structure.org/meta/core/v0/#", "$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/cloud-ngfw-api-security-rule-structure.json", "name": "SecurityRule", "description": "A security rule within a Cloud NGFW rule stack.", "type": "object", "properties": { "Priority": { "type": "int32", "description": "Rule evaluation priority (lower numbers evaluated first)." }, "RuleEntry": { "type": "object", "properties": { "RuleName": { "type": "string" }, "Description": { "type": "string" }, "Enabled": { "type": "boolean", "default": true }, "Source": { "type": "object", "description": "Traffic source matching criteria for a security rule.", "properties": { "Cidrs": { "type": "array", "description": "Source CIDR blocks (e.g., 10.0.0.0/8).", "items": { "type": "string" } }, "Countries": { "type": "array", "description": "Source country codes (ISO 3166-1 alpha-2).", "items": { "type": "string" } }, "Feeds": { "type": "array", "description": "Threat intelligence feed names.", "items": { "type": "string" } }, "PrefixLists": { "type": "array", "description": "Names of prefix lists defined in the rule stack.", "items": { "type": "string" } } } }, "NegateSource": { "type": "boolean", "default": false }, "Destination": { "type": "object", "description": "Traffic destination matching criteria for a security rule.", "properties": { "Cidrs": { "type": "array", "description": "Destination CIDR blocks.", "items": { "type": "string" } }, "Countries": { "type": "array", "description": "Destination country codes.", "items": { "type": "string" } }, "Feeds": { "type": "array", "items": { "type": "string" } }, "FqdnLists": { "type": "array", "description": "Names of FQDN lists defined in the rule stack.", "items": { "type": "string" } }, "PrefixLists": { "type": "array", "items": { "type": "string" } } } }, "NegateDestination": { "type": "boolean", "default": false }, "Applications": { "type": "array", "description": "Application names to match (use any for all applications).", "items": { "type": "string" } }, "Category": { "type": "object", "properties": { "URLCategoryNames": { "type": "array", "items": { "type": "string" } }, "Feeds": { "type": "array", "items": { "type": "string" } } } }, "Protocol": { "type": "string", "enum": [ "APPLICATION-DEFAULT", "TCP", "UDP", "ICMP", "ANY" ] }, "Action": { "type": "string", "enum": [ "Allow", "DenyResetBoth", "DenyResetServer", "DenySilent" ] }, "DecryptionRuleType": { "type": "string", "enum": [ "SSLOutboundInspection", "None" ] }, "AuditComment": { "type": "string" } } } } }