Palo Alto Networks · JSON Structure

Dlp Api Data Pattern Structure

DataPattern schema from Palo Alto Networks Enterprise DLP API

Type: object Properties: 9
Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR

DataPattern is a JSON Structure definition published by Palo Alto Networks, describing 9 properties. It conforms to the https://json-structure.org/meta/core/v0/# meta-schema.

Properties

id name description type category confidence detection_rules enabled incident_count

Meta-schema: https://json-structure.org/meta/core/v0/#

JSON Structure

Raw ↑ 
{
  "$schema": "https://json-structure.org/meta/core/v0/#",
  "$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/dlp-api-data-pattern-structure.json",
  "name": "DataPattern",
  "description": "DataPattern schema from Palo Alto Networks Enterprise DLP API",
  "type": "object",
  "properties": {
    "id": {
      "type": "string",
      "description": "Unique data pattern identifier."
    },
    "name": {
      "type": "string",
      "description": "Display name of the data pattern."
    },
    "description": {
      "type": "string",
      "description": "Human-readable description of what the pattern detects."
    },
    "type": {
      "type": "string",
      "description": "Whether the pattern is predefined or custom.",
      "enum": [
        "predefined",
        "custom"
      ]
    },
    "category": {
      "type": "string",
      "description": "Pattern category (e.g., PII, PCI, HIPAA, Financial)."
    },
    "confidence": {
      "type": "string",
      "description": "Confidence threshold for the pattern.",
      "enum": [
        "high",
        "medium",
        "low"
      ]
    },
    "detection_rules": {
      "type": "array",
      "description": "Detection rule definitions for the pattern.",
      "items": {
        "type": "object",
        "properties": {
          "rule_type": {
            "type": "string",
            "enum": [
              "regex",
              "keyword",
              "dictionary",
              "file_property"
            ]
          },
          "value": {
            "type": "string"
          },
          "proximity": {
            "type": "int32"
          }
        }
      }
    },
    "enabled": {
      "type": "boolean",
      "description": "Whether the data pattern is active."
    },
    "incident_count": {
      "type": "int32",
      "description": "Total number of incidents triggered by this pattern."
    }
  }
}