Skip to main content

Pre-validate Policy Rule



Pre-validates a policy rule without creating an actual policy.

The only request body parameters for this request are:

  • policyType - Only the following are valid values for policyType:

    • "config"
    • "network"
    • "audit_event"
    • "iam"
  • rule - The rule.criteria value is the RQL search query for the rule you want to validate. Validation of this rule implies validation of a policy you might create with this rule.

Only the parameters above apply to this request, and both of these parameters are required.

The JSON below is an example of valid request body parameters:

"policyType": "config",
"rule": {
"criteria": "config from cloud.resource where cloud.type = '\''azure'\'' AND = '\''azure-security-center-settings'\'' AND json.rule = '\''autoProvisioningSettings[*].name equals default and (autoProvisioningSettings[*].properties.autoProvision equals Off or autoProvisioningSettings[*] does not exist)'\''"




Model for Policy

    cloudType string

    Possible values: [ALL, AWS, AZURE, GCP, ALIBABA_CLOUD, OCI, IBM]

    Cloud type (Required for config policies). Not case-sensitive. Default is ALL.

    complianceMetadata object[]

    List of compliance data. Each item has compliance standard, requirement, and/or section information.

  • Array [
  • complianceId string

    Compliance Section UUID

    customAssigned boolean
    policyId string

    Policy ID

    requirementDescription string

    Requirement description

    requirementId string

    Requirement ID

    requirementName string

    Requirement name

    sectionDescription string

    Section name

    sectionId string

    Section Id

    sectionLabel string

    Section Label

    standardDescription string

    Compliance standard description

    standardId string
    standardName string

    Compliance standard name

  • ]
  • description string

    Policy description

    enabled boolean

    true=enabled. false=disabled.

    findingTypes string[]

    Finding Type

    labels string[]


    name stringrequired

    Policy name

    policyType stringrequired

    Possible values: [config, network, audit_event, anomaly, data, iam, workload_vulnerability, workload_incident, api, attack_path, malware, grayware]

    Policy type. Policy type anomaly is read-only.

    recommendation string

    Remediation recommendation

    remediation object

    Model for Remediation

    actions object[]

    Policy Action

  • Array [
  • operation string
    payload string
  • ]
  • cliScriptTemplate string

    CLI Script Template

    description string


    rule objectrequired

    Model for Rule

    criteria stringrequired

    Saved search ID that defines the rule criteria.

    dataCriteria object

    Criteria for Rule

    classificationResult string

    Data policy. Required for DLP rule criteria.

    exposure string

    Possible values: [private, public, conditional]

    File exposure

    extension string[]

    File extensions

    name stringrequired


    parameters objectrequired

    Parameters (e.g. {"savedSearch": "true"})

    property name* string
    type stringrequired

    Possible values: [Config, Network, AuditEvent, DLP, IAM, NetworkConfig]

    Type of rule or RQL query

    severity stringrequired

    Possible values: [high, medium, low]



successful operation