{"name":"zia","displayName":"Zscaler Internet Access","version":"1.2.0","description":"A Pulumi package for creating and managing zia cloud resources.","keywords":["pulumi","zia","zscaler","category/cloud"],"homepage":"https://www.zscaler.com","license":"MIT","attribution":"This Pulumi package is based on the [`zia` Terraform Provider](https://github.com/zscaler/terraform-provider-zia).","repository":"https://github.com/zscaler/pulumi-zia","logoUrl":"https://raw.githubusercontent.com/zscaler/pulumi-zia/master/assets/zscaler.png","pluginDownloadURL":"github://api.github.com/zscaler","publisher":"Zscaler","meta":{"moduleFormat":"(.*)(?:/[^/]*)"},"language":{"csharp":{"packageReferences":{"Pulumi":"3.*"},"compatibility":"tfbridge20","rootNamespace":"zscaler.PulumiPackage"},"go":{"importBasePath":"github.com/zscaler/pulumi-zia/sdk/go/zia","generateResourceContainerTypes":true,"generateExtraInputTypes":true},"nodejs":{"packageName":"@bdzscaler/pulumi-zia","packageDescription":"A Pulumi package for creating and managing zia cloud resources.","readme":"\u003e This provider is a derived work of the [Terraform Provider](https://github.com/zscaler/terraform-provider-zia)\n\u003e distributed under [MIT](https://mit-license.org/). If you encounter a bug or missing feature,\n\u003e first check the [`pulumi-zia` repo](https://github.com/zscaler/pulumi-zia/issues); however, if that doesn't turn up anything,\n\u003e please consult the source [`terraform-provider-zia` repo](https://github.com/zscaler/terraform-provider-zia/issues).","dependencies":{"@pulumi/pulumi":"^3.0.0"},"devDependencies":{"@types/mime":"^2.0.0","@types/node":"^10.0.0"},"compatibility":"tfbridge20","disableUnionOutputTypes":true},"python":{"packageName":"zscaler_pulumi_zia","requires":{"pulumi":"\u003e=3.0.0,\u003c4.0.0"},"readme":"\u003e This provider is a derived work of the [Terraform Provider](https://github.com/zscaler/terraform-provider-zia)\n\u003e distributed under [MIT](https://mit-license.org/). If you encounter a bug or missing feature,\n\u003e first check the [`pulumi-zia` repo](https://github.com/zscaler/pulumi-zia/issues); however, if that doesn't turn up anything,\n\u003e please consult the source [`terraform-provider-zia` repo](https://github.com/zscaler/terraform-provider-zia/issues).","compatibility":"tfbridge20","pyproject":{}}},"config":{"variables":{"apiKey":{"type":"string","defaultInfo":{"environment":["ZIA_API_KEY"]},"secret":true},"clientId":{"type":"string","description":"zpa client id","defaultInfo":{"environment":["ZSCALER_CLIENT_ID"]}},"clientSecret":{"type":"string","description":"zpa client secret","defaultInfo":{"environment":["ZSCALER_CLIENT_SECRET"]},"secret":true},"httpProxy":{"type":"string","description":"Alternate HTTP proxy of scheme://hostname or scheme://hostname:port format"},"maxRetries":{"type":"integer","description":"maximum number of retries to attempt before erroring out."},"parallelism":{"type":"integer","description":"Number of concurrent requests to make within a resource where bulk operations are not possible. Take note of https://help.zscaler.com/oneapi/understanding-rate-limiting."},"password":{"type":"string","defaultInfo":{"environment":["ZIA_PASSWORD"]},"secret":true},"privateKey":{"type":"string","description":"zpa private key","defaultInfo":{"environment":["ZSCALER_PRIVATE_KEY"]},"secret":true},"requestTimeout":{"type":"integer","description":"Timeout for single request (in seconds) which is made to Zscaler, the default is \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e (means no limit is set). The maximum value can be \u003cspan pulumi-lang-nodejs=\"`300`\" pulumi-lang-dotnet=\"`300`\" pulumi-lang-go=\"`300`\" pulumi-lang-python=\"`300`\" pulumi-lang-yaml=\"`300`\" pulumi-lang-java=\"`300`\"\u003e`300`\u003c/span\u003e."},"sandboxCloud":{"type":"string","description":"Zscaler Sandbox Cloud","defaultInfo":{"environment":["ZSCALER_SANDBOX_CLOUD"]},"secret":true},"sandboxToken":{"type":"string","description":"Zscaler Sandbox Token","defaultInfo":{"environment":["ZSCALER_SANDBOX_TOKEN"]},"secret":true},"useLegacyClient":{"type":"boolean","defaultInfo":{"environment":["ZSCALER_USE_LEGACY_CLIENT"]}},"username":{"type":"string","defaultInfo":{"environment":["ZIA_USERNAME"]}},"vanityDomain":{"type":"string","description":"Zscaler Vanity Domain","defaultInfo":{"environment":["ZSCALER_VANITY_DOMAIN"]},"secret":true},"ziaCloud":{"type":"string","defaultInfo":{"environment":["ZIA_CLOUD"]}},"zscalerCloud":{"type":"string","description":"Zscaler Cloud Name","defaultInfo":{"environment":["ZSCALER_CLOUD"]},"secret":true}}},"types":{"zia:index/AdminUsersAdminScopeEntities:AdminUsersAdminScopeEntities":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/AdminUsersRole:AdminUsersRole":{"properties":{"id":{"type":"integer"}},"type":"object"},"zia:index/BandwidthControlRuleBandwidthClasses:BandwidthControlRuleBandwidthClasses":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(Number) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/BandwidthControlRuleLabels:BandwidthControlRuleLabels":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(Number) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/BandwidthControlRuleLocationGroups:BandwidthControlRuleLocationGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(Number) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/BandwidthControlRuleLocations:BandwidthControlRuleLocations":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(Number) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/BandwidthControlRuleTimeWindows:BandwidthControlRuleTimeWindows":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(Number) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/BrowserControlPolicySmartIsolationGroups:BrowserControlPolicySmartIsolationGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"A unique identifier for an entity.\n"}},"type":"object"},"zia:index/BrowserControlPolicySmartIsolationProfile:BrowserControlPolicySmartIsolationProfile":{"properties":{"id":{"type":"string","description":"The universally unique identifier (UUID) for the browser isolation profile\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["id"]}}},"zia:index/BrowserControlPolicySmartIsolationUsers:BrowserControlPolicySmartIsolationUsers":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"A unique identifier for an entity.\n"}},"type":"object"},"zia:index/BrowserControlSettingsSmartIsolationGroups:BrowserControlSettingsSmartIsolationGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"A unique identifier for an entity.\n"}},"type":"object"},"zia:index/BrowserControlSettingsSmartIsolationProfile:BrowserControlSettingsSmartIsolationProfile":{"properties":{"id":{"type":"string","description":"The universally unique identifier (UUID) for the browser isolation profile\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["id"]}}},"zia:index/BrowserControlSettingsSmartIsolationUsers:BrowserControlSettingsSmartIsolationUsers":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"A unique identifier for an entity.\n"}},"type":"object"},"zia:index/CasbDlpRuleAuditorNotification:CasbDlpRuleAuditorNotification":{"properties":{"id":{"type":"integer"}},"type":"object"},"zia:index/CasbDlpRuleBuckets:CasbDlpRuleBuckets":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CasbDlpRuleCasbEmailLabel:CasbDlpRuleCasbEmailLabel":{"properties":{"id":{"type":"integer"}},"type":"object"},"zia:index/CasbDlpRuleCasbTombstoneTemplate:CasbDlpRuleCasbTombstoneTemplate":{"properties":{"id":{"type":"integer"}},"type":"object"},"zia:index/CasbDlpRuleCloudAppTenants:CasbDlpRuleCloudAppTenants":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CasbDlpRuleCriteriaDomainProfiles:CasbDlpRuleCriteriaDomainProfiles":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CasbDlpRuleDepartments:CasbDlpRuleDepartments":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CasbDlpRuleDlpEngines:CasbDlpRuleDlpEngines":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CasbDlpRuleEmailRecipientProfiles:CasbDlpRuleEmailRecipientProfiles":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CasbDlpRuleEntityGroups:CasbDlpRuleEntityGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CasbDlpRuleExcludedDomainProfiles:CasbDlpRuleExcludedDomainProfiles":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CasbDlpRuleGroups:CasbDlpRuleGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CasbDlpRuleIncludedDomainProfiles:CasbDlpRuleIncludedDomainProfiles":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CasbDlpRuleLabels:CasbDlpRuleLabels":{"properties":{"id":{"type":"integer"}},"type":"object"},"zia:index/CasbDlpRuleObjectTypes:CasbDlpRuleObjectTypes":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CasbDlpRuleReceiver:CasbDlpRuleReceiver":{"properties":{"id":{"type":"string","description":"Unique identifier for the receiver\n"},"name":{"type":"string","description":"Name of the receiver\n"},"tenant":{"$ref":"#/types/zia:index/CasbDlpRuleReceiverTenant:CasbDlpRuleReceiverTenant","description":"Tenant information for the receiver\n"},"type":{"type":"string","description":"Type of the receiver\n"}},"type":"object","required":["id"]},"zia:index/CasbDlpRuleReceiverTenant:CasbDlpRuleReceiverTenant":{"properties":{"id":{"type":"string","description":"Unique identifier for the tenant\n"},"name":{"type":"string","description":"Name of the tenant\n"}},"type":"object"},"zia:index/CasbDlpRuleRedactionProfile:CasbDlpRuleRedactionProfile":{"properties":{"id":{"type":"integer"}},"type":"object"},"zia:index/CasbDlpRuleTag:CasbDlpRuleTag":{"properties":{"id":{"type":"integer"}},"type":"object"},"zia:index/CasbDlpRuleUsers:CasbDlpRuleUsers":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CasbDlpRuleWatermarkProfile:CasbDlpRuleWatermarkProfile":{"properties":{"id":{"type":"integer"}},"type":"object"},"zia:index/CasbDlpRuleZscalerIncidentReceiver:CasbDlpRuleZscalerIncidentReceiver":{"properties":{"id":{"type":"integer"}},"type":"object"},"zia:index/CasbDlpRulesAuditorNotification:CasbDlpRulesAuditorNotification":{"properties":{"id":{"type":"integer"}},"type":"object"},"zia:index/CasbDlpRulesBuckets:CasbDlpRulesBuckets":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CasbDlpRulesCasbEmailLabel:CasbDlpRulesCasbEmailLabel":{"properties":{"id":{"type":"integer"}},"type":"object"},"zia:index/CasbDlpRulesCasbTombstoneTemplate:CasbDlpRulesCasbTombstoneTemplate":{"properties":{"id":{"type":"integer"}},"type":"object"},"zia:index/CasbDlpRulesCloudAppTenants:CasbDlpRulesCloudAppTenants":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CasbDlpRulesCriteriaDomainProfiles:CasbDlpRulesCriteriaDomainProfiles":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CasbDlpRulesDepartments:CasbDlpRulesDepartments":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CasbDlpRulesDlpEngines:CasbDlpRulesDlpEngines":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CasbDlpRulesEmailRecipientProfiles:CasbDlpRulesEmailRecipientProfiles":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CasbDlpRulesEntityGroups:CasbDlpRulesEntityGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CasbDlpRulesExcludedDomainProfiles:CasbDlpRulesExcludedDomainProfiles":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CasbDlpRulesGroups:CasbDlpRulesGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CasbDlpRulesIncludedDomainProfiles:CasbDlpRulesIncludedDomainProfiles":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CasbDlpRulesLabels:CasbDlpRulesLabels":{"properties":{"id":{"type":"integer"}},"type":"object"},"zia:index/CasbDlpRulesObjectTypes:CasbDlpRulesObjectTypes":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CasbDlpRulesReceiver:CasbDlpRulesReceiver":{"properties":{"id":{"type":"string","description":"Unique identifier for the receiver\n"},"name":{"type":"string","description":"Name of the receiver\n"},"tenant":{"$ref":"#/types/zia:index/CasbDlpRulesReceiverTenant:CasbDlpRulesReceiverTenant","description":"Tenant information for the receiver\n"},"type":{"type":"string","description":"Type of the receiver\n"}},"type":"object","required":["id"]},"zia:index/CasbDlpRulesReceiverTenant:CasbDlpRulesReceiverTenant":{"properties":{"id":{"type":"string","description":"Unique identifier for the tenant\n"},"name":{"type":"string","description":"Name of the tenant\n"}},"type":"object"},"zia:index/CasbDlpRulesRedactionProfile:CasbDlpRulesRedactionProfile":{"properties":{"id":{"type":"integer"}},"type":"object"},"zia:index/CasbDlpRulesTag:CasbDlpRulesTag":{"properties":{"id":{"type":"integer"}},"type":"object"},"zia:index/CasbDlpRulesUsers:CasbDlpRulesUsers":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CasbDlpRulesWatermarkProfile:CasbDlpRulesWatermarkProfile":{"properties":{"id":{"type":"integer"}},"type":"object"},"zia:index/CasbDlpRulesZscalerIncidentReceiver:CasbDlpRulesZscalerIncidentReceiver":{"properties":{"id":{"type":"integer"}},"type":"object"},"zia:index/CasbMalwareRuleBuckets:CasbMalwareRuleBuckets":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CasbMalwareRuleCasbEmailLabel:CasbMalwareRuleCasbEmailLabel":{"properties":{"id":{"type":"integer"}},"type":"object"},"zia:index/CasbMalwareRuleCasbTombstoneTemplate:CasbMalwareRuleCasbTombstoneTemplate":{"properties":{"id":{"type":"integer"}},"type":"object"},"zia:index/CasbMalwareRuleCloudAppTenantIds:CasbMalwareRuleCloudAppTenantIds":{"properties":{"id":{"type":"integer"}},"type":"object"},"zia:index/CasbMalwareRuleCloudAppTenants:CasbMalwareRuleCloudAppTenants":{"properties":{"id":{"type":"integer"}},"type":"object"},"zia:index/CasbMalwareRuleLabels:CasbMalwareRuleLabels":{"properties":{"id":{"type":"integer"}},"type":"object"},"zia:index/CasbMalwareRulesBuckets:CasbMalwareRulesBuckets":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CasbMalwareRulesCasbEmailLabel:CasbMalwareRulesCasbEmailLabel":{"properties":{"id":{"type":"integer"}},"type":"object"},"zia:index/CasbMalwareRulesCasbTombstoneTemplate:CasbMalwareRulesCasbTombstoneTemplate":{"properties":{"id":{"type":"integer"}},"type":"object"},"zia:index/CasbMalwareRulesCloudAppTenantIds:CasbMalwareRulesCloudAppTenantIds":{"properties":{"id":{"type":"integer"}},"type":"object"},"zia:index/CasbMalwareRulesCloudAppTenants:CasbMalwareRulesCloudAppTenants":{"properties":{"id":{"type":"integer"}},"type":"object"},"zia:index/CasbMalwareRulesLabels:CasbMalwareRulesLabels":{"properties":{"id":{"type":"integer"}},"type":"object"},"zia:index/CloudAppControlRuleCbiProfile:CloudAppControlRuleCbiProfile":{"properties":{"id":{"type":"string"},"name":{"type":"string"},"url":{"type":"string","description":"The browser isolation profile URL\n"}},"type":"object"},"zia:index/CloudAppControlRuleCloudAppInstances:CloudAppControlRuleCloudAppInstances":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CloudAppControlRuleCloudAppRiskProfile:CloudAppControlRuleCloudAppRiskProfile":{"properties":{"id":{"type":"integer"}},"type":"object"},"zia:index/CloudAppControlRuleDepartments:CloudAppControlRuleDepartments":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CloudAppControlRuleDeviceGroups:CloudAppControlRuleDeviceGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CloudAppControlRuleDevices:CloudAppControlRuleDevices":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CloudAppControlRuleGroups:CloudAppControlRuleGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CloudAppControlRuleLabels:CloudAppControlRuleLabels":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CloudAppControlRuleLocationGroups:CloudAppControlRuleLocationGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CloudAppControlRuleLocations:CloudAppControlRuleLocations":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CloudAppControlRuleTenancyProfileIds:CloudAppControlRuleTenancyProfileIds":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CloudAppControlRuleTimeWindows:CloudAppControlRuleTimeWindows":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CloudAppControlRuleUsers:CloudAppControlRuleUsers":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CloudApplicationInstanceInstanceIdentifier:CloudApplicationInstanceInstanceIdentifier":{"properties":{"identifierType":{"type":"string","description":"Type of the cloud application instance.\n"},"instanceId":{"type":"integer","description":"Unique identifier for the cloud application instance.\n"},"instanceIdentifier":{"type":"string","description":"Unique identifying string for the instance.\n"},"instanceIdentifierName":{"type":"string","description":"Unique identifying string for the instance.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["instanceId"]}}},"zia:index/CloudNSSFeedBuckets:CloudNSSFeedBuckets":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CloudNSSFeedCasbTenant:CloudNSSFeedCasbTenant":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CloudNSSFeedDepartments:CloudNSSFeedDepartments":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CloudNSSFeedDlpDictionaries:CloudNSSFeedDlpDictionaries":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CloudNSSFeedDlpEngines:CloudNSSFeedDlpEngines":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CloudNSSFeedExternalCollaborators:CloudNSSFeedExternalCollaborators":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CloudNSSFeedExternalOwners:CloudNSSFeedExternalOwners":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CloudNSSFeedInternalCollaborators:CloudNSSFeedInternalCollaborators":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CloudNSSFeedItsmObjectType:CloudNSSFeedItsmObjectType":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CloudNSSFeedLocationGroups:CloudNSSFeedLocationGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CloudNSSFeedLocations:CloudNSSFeedLocations":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CloudNSSFeedNwServices:CloudNSSFeedNwServices":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CloudNSSFeedRules:CloudNSSFeedRules":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CloudNSSFeedSenderName:CloudNSSFeedSenderName":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CloudNSSFeedUrlCategories:CloudNSSFeedUrlCategories":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CloudNSSFeedUsers:CloudNSSFeedUsers":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/CloudNSSFeedVpnCredentials:CloudNSSFeedVpnCredentials":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/DLPDictionariesExactDataMatchDetail:DLPDictionariesExactDataMatchDetail":{"properties":{"dictionaryEdmMappingId":{"type":"integer","description":"The unique identifier for the EDM mapping\n"},"primaryFields":{"type":"array","items":{"type":"integer"},"description":"The EDM template's primary field.\n"},"schemaId":{"type":"integer","description":"The unique identifier for the EDM template (or schema).\n"},"secondaryFieldMatchOn":{"type":"string","description":"The EDM secondary field to match on.\n"},"secondaryFields":{"type":"array","items":{"type":"integer"},"description":"The EDM template's secondary fields.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["dictionaryEdmMappingId","primaryFields","schemaId","secondaryFields"]}}},"zia:index/DLPDictionariesIdmProfileMatchAccuracy:DLPDictionariesIdmProfileMatchAccuracy":{"properties":{"adpIdmProfiles":{"type":"array","items":{"$ref":"#/types/zia:index/DLPDictionariesIdmProfileMatchAccuracyAdpIdmProfile:DLPDictionariesIdmProfileMatchAccuracyAdpIdmProfile"},"description":"The action applied to a DLP dictionary using patterns\n"},"matchAccuracy":{"type":"string","description":"The IDM template match accuracy.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["adpIdmProfiles","matchAccuracy"]}}},"zia:index/DLPDictionariesIdmProfileMatchAccuracyAdpIdmProfile:DLPDictionariesIdmProfileMatchAccuracyAdpIdmProfile":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Extensions map\n"},"id":{"type":"integer","description":"Identifier that uniquely identifies an entity\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["extensions","id"]}}},"zia:index/DLPDictionariesPattern:DLPDictionariesPattern":{"properties":{"action":{"type":"string","description":"The action applied to a DLP dictionary using patterns\n"},"pattern":{"type":"string","description":"DLP dictionary pattern\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["action","pattern"]}}},"zia:index/DLPDictionariesPhrase:DLPDictionariesPhrase":{"properties":{"action":{"type":"string"},"phrase":{"type":"string","description":"DLP dictionary phrase (0-128 characters)\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["action","phrase"]}}},"zia:index/DLPWebRulesAuditor:DLPWebRulesAuditor":{"properties":{"id":{"type":"integer"}},"type":"object"},"zia:index/DLPWebRulesDepartments:DLPWebRulesDepartments":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/DLPWebRulesDlpEngines:DLPWebRulesDlpEngines":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/DLPWebRulesExcludedDepartments:DLPWebRulesExcludedDepartments":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/DLPWebRulesExcludedDomainProfiles:DLPWebRulesExcludedDomainProfiles":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/DLPWebRulesExcludedGroups:DLPWebRulesExcludedGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/DLPWebRulesExcludedUsers:DLPWebRulesExcludedUsers":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/DLPWebRulesFileTypeCategories:DLPWebRulesFileTypeCategories":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/DLPWebRulesGroups:DLPWebRulesGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/DLPWebRulesIcapServer:DLPWebRulesIcapServer":{"properties":{"id":{"type":"integer"}},"type":"object"},"zia:index/DLPWebRulesIncludedDomainProfiles:DLPWebRulesIncludedDomainProfiles":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/DLPWebRulesLabels:DLPWebRulesLabels":{"properties":{"id":{"type":"integer"}},"type":"object"},"zia:index/DLPWebRulesLocationGroups:DLPWebRulesLocationGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/DLPWebRulesLocations:DLPWebRulesLocations":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/DLPWebRulesNotificationTemplate:DLPWebRulesNotificationTemplate":{"properties":{"id":{"type":"integer"}},"type":"object"},"zia:index/DLPWebRulesReceiver:DLPWebRulesReceiver":{"properties":{"id":{"type":"string","description":"Unique identifier for the receiver\n"},"name":{"type":"string","description":"Name of the receiver\n"},"tenant":{"$ref":"#/types/zia:index/DLPWebRulesReceiverTenant:DLPWebRulesReceiverTenant","description":"Tenant information for the receiver\n"},"type":{"type":"string","description":"Type of the receiver\n"}},"type":"object","required":["id"]},"zia:index/DLPWebRulesReceiverTenant:DLPWebRulesReceiverTenant":{"properties":{"id":{"type":"string","description":"Unique identifier for the tenant\n"},"name":{"type":"string","description":"Name of the tenant\n"}},"type":"object"},"zia:index/DLPWebRulesSourceIpGroups:DLPWebRulesSourceIpGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/DLPWebRulesTimeWindows:DLPWebRulesTimeWindows":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/DLPWebRulesUrlCategories:DLPWebRulesUrlCategories":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/DLPWebRulesUsers:DLPWebRulesUsers":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/DLPWebRulesWorkloadGroup:DLPWebRulesWorkloadGroup":{"properties":{"id":{"type":"integer","description":"The unique identifier for the resource.\n"},"name":{"type":"string","description":"The name of the resource.\n"}},"type":"object","required":["id"]},"zia:index/ExtranetExtranetDnsList:ExtranetExtranetDnsList":{"properties":{"id":{"type":"integer","description":"(Integer) The unique identifier for the extranet.\n"},"name":{"type":"string","description":"(String) The name of the IP pool.\n"},"primaryDnsServer":{"type":"string","description":"(String) The IP address of the primary DNS server.\n"},"secondaryDnsServer":{"type":"string","description":"(String) The IP address of the secondary DNS server.\n"},"useAsDefault":{"type":"boolean","description":"(Boolean) Whether this IP pool is the designated default.\n"}},"type":"object","required":["name","primaryDnsServer"],"language":{"nodejs":{"requiredOutputs":["id","name","primaryDnsServer"]}}},"zia:index/ExtranetExtranetIpPoolList:ExtranetExtranetIpPoolList":{"properties":{"id":{"type":"integer","description":"(Integer) The unique identifier for the extranet.\n"},"ipEnd":{"type":"string","description":"(String) The ending IP address of the pool.\n"},"ipStart":{"type":"string","description":"(String) The starting IP address of the pool.\n"},"name":{"type":"string","description":"(String) The name of the IP pool.\n"},"useAsDefault":{"type":"boolean","description":"(Boolean) Whether this IP pool is the designated default.\n"}},"type":"object","required":["ipEnd","ipStart","name"],"language":{"nodejs":{"requiredOutputs":["id","ipEnd","ipStart","name"]}}},"zia:index/FileTypeControlRulesDepartments:FileTypeControlRulesDepartments":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/FileTypeControlRulesDeviceGroups:FileTypeControlRulesDeviceGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/FileTypeControlRulesDevices:FileTypeControlRulesDevices":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/FileTypeControlRulesGroups:FileTypeControlRulesGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/FileTypeControlRulesLabels:FileTypeControlRulesLabels":{"properties":{"id":{"type":"integer"}},"type":"object"},"zia:index/FileTypeControlRulesLocationGroups:FileTypeControlRulesLocationGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/FileTypeControlRulesLocations:FileTypeControlRulesLocations":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/FileTypeControlRulesTimeWindows:FileTypeControlRulesTimeWindows":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/FileTypeControlRulesUsers:FileTypeControlRulesUsers":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/FileTypeControlRulesZpaAppSegment:FileTypeControlRulesZpaAppSegment":{"properties":{"externalId":{"type":"string","description":"External ID of the application segment.\n"},"name":{"type":"string","description":"Name of the application segment.\n"}},"type":"object","required":["externalId","name"]},"zia:index/FirewallDNSRuleApplicationGroups:FirewallDNSRuleApplicationGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"Unique identifier for the Firewall Filtering policy rule\n"}},"type":"object"},"zia:index/FirewallDNSRuleDepartments:FirewallDNSRuleDepartments":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"Unique identifier for the Firewall Filtering policy rule\n"}},"type":"object"},"zia:index/FirewallDNSRuleDestIpGroups:FirewallDNSRuleDestIpGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"Unique identifier for the Firewall Filtering policy rule\n"}},"type":"object"},"zia:index/FirewallDNSRuleDestIpv6Groups:FirewallDNSRuleDestIpv6Groups":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"Unique identifier for the Firewall Filtering policy rule\n"}},"type":"object"},"zia:index/FirewallDNSRuleDeviceGroups:FirewallDNSRuleDeviceGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"Unique identifier for the Firewall Filtering policy rule\n"}},"type":"object"},"zia:index/FirewallDNSRuleDevices:FirewallDNSRuleDevices":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"Unique identifier for the Firewall Filtering policy rule\n"}},"type":"object"},"zia:index/FirewallDNSRuleDnsGateway:FirewallDNSRuleDnsGateway":{"properties":{"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["id"]},"zia:index/FirewallDNSRuleEdnsEcsObject:FirewallDNSRuleEdnsEcsObject":{"properties":{"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["id"]},"zia:index/FirewallDNSRuleGroups:FirewallDNSRuleGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"Unique identifier for the Firewall Filtering policy rule\n"}},"type":"object"},"zia:index/FirewallDNSRuleLabels:FirewallDNSRuleLabels":{"properties":{"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"}},"type":"object"},"zia:index/FirewallDNSRuleLocationGroups:FirewallDNSRuleLocationGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"Unique identifier for the Firewall Filtering policy rule\n"}},"type":"object"},"zia:index/FirewallDNSRuleLocations:FirewallDNSRuleLocations":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"Unique identifier for the Firewall Filtering policy rule\n"}},"type":"object"},"zia:index/FirewallDNSRuleSrcIpGroups:FirewallDNSRuleSrcIpGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"Unique identifier for the Firewall Filtering policy rule\n"}},"type":"object"},"zia:index/FirewallDNSRuleSrcIpv6Groups:FirewallDNSRuleSrcIpv6Groups":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"Unique identifier for the Firewall Filtering policy rule\n"}},"type":"object"},"zia:index/FirewallDNSRuleTimeWindows:FirewallDNSRuleTimeWindows":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"Unique identifier for the Firewall Filtering policy rule\n"}},"type":"object"},"zia:index/FirewallDNSRuleUsers:FirewallDNSRuleUsers":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"Unique identifier for the Firewall Filtering policy rule\n"}},"type":"object"},"zia:index/FirewallDNSRuleZpaIpGroup:FirewallDNSRuleZpaIpGroup":{"properties":{"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["id"]},"zia:index/FirewallFilteringNetworkServicesDestTcpPort:FirewallFilteringNetworkServicesDestTcpPort":{"properties":{"end":{"type":"integer"},"start":{"type":"integer"}},"type":"object"},"zia:index/FirewallFilteringNetworkServicesDestUdpPort:FirewallFilteringNetworkServicesDestUdpPort":{"properties":{"end":{"type":"integer"},"start":{"type":"integer"}},"type":"object"},"zia:index/FirewallFilteringNetworkServicesSrcTcpPort:FirewallFilteringNetworkServicesSrcTcpPort":{"properties":{"end":{"type":"integer"},"start":{"type":"integer"}},"type":"object"},"zia:index/FirewallFilteringNetworkServicesSrcUdpPort:FirewallFilteringNetworkServicesSrcUdpPort":{"properties":{"end":{"type":"integer"},"start":{"type":"integer"}},"type":"object"},"zia:index/FirewallFilteringRuleAppServiceGroups:FirewallFilteringRuleAppServiceGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/FirewallFilteringRuleAppServices:FirewallFilteringRuleAppServices":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/FirewallFilteringRuleDepartments:FirewallFilteringRuleDepartments":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/FirewallFilteringRuleDestIpGroups:FirewallFilteringRuleDestIpGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/FirewallFilteringRuleDeviceGroups:FirewallFilteringRuleDeviceGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/FirewallFilteringRuleDevices:FirewallFilteringRuleDevices":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/FirewallFilteringRuleGroups:FirewallFilteringRuleGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/FirewallFilteringRuleLabels:FirewallFilteringRuleLabels":{"properties":{"id":{"type":"integer"}},"type":"object"},"zia:index/FirewallFilteringRuleLocationGroups:FirewallFilteringRuleLocationGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/FirewallFilteringRuleLocations:FirewallFilteringRuleLocations":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/FirewallFilteringRuleNwApplicationGroups:FirewallFilteringRuleNwApplicationGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/FirewallFilteringRuleNwServiceGroups:FirewallFilteringRuleNwServiceGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/FirewallFilteringRuleNwServices:FirewallFilteringRuleNwServices":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/FirewallFilteringRuleSrcIpGroups:FirewallFilteringRuleSrcIpGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/FirewallFilteringRuleTimeWindows:FirewallFilteringRuleTimeWindows":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/FirewallFilteringRuleUsers:FirewallFilteringRuleUsers":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/FirewallFilteringRuleWorkloadGroup:FirewallFilteringRuleWorkloadGroup":{"properties":{"id":{"type":"integer","description":"The unique identifier for the resource.\n"},"name":{"type":"string","description":"The name of the resource.\n"}},"type":"object","required":["id"]},"zia:index/FirewallFilteringRuleZpaAppSegment:FirewallFilteringRuleZpaAppSegment":{"properties":{"externalId":{"type":"string","description":"External ID of the application segment.\n"},"name":{"type":"string","description":"Name of the application segment.\n"}},"type":"object","required":["externalId","name"]},"zia:index/FirewallFilteringServiceGroupsService:FirewallFilteringServiceGroupsService":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object","required":["ids"]},"zia:index/ForwardingControlProxiesCert:ForwardingControlProxiesCert":{"properties":{"id":{"type":"integer","description":"(Integer) Identifier that uniquely identifies the certificate\n"}},"type":"object"},"zia:index/ForwardingControlRuleAppServiceGroups:ForwardingControlRuleAppServiceGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(int) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/ForwardingControlRuleDepartments:ForwardingControlRuleDepartments":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(int) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/ForwardingControlRuleDestIpGroups:ForwardingControlRuleDestIpGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(int) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/ForwardingControlRuleDestIpv6Groups:ForwardingControlRuleDestIpv6Groups":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(int) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/ForwardingControlRuleDeviceGroups:ForwardingControlRuleDeviceGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(int) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/ForwardingControlRuleEcGroups:ForwardingControlRuleEcGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(int) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/ForwardingControlRuleGroups:ForwardingControlRuleGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(int) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/ForwardingControlRuleLabels:ForwardingControlRuleLabels":{"properties":{"id":{"type":"integer","description":"(int) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/ForwardingControlRuleLocationGroups:ForwardingControlRuleLocationGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(int) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/ForwardingControlRuleLocations:ForwardingControlRuleLocations":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(int) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/ForwardingControlRuleNwApplicationGroups:ForwardingControlRuleNwApplicationGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(int) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/ForwardingControlRuleNwServiceGroups:ForwardingControlRuleNwServiceGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(int) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/ForwardingControlRuleNwServices:ForwardingControlRuleNwServices":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(int) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/ForwardingControlRuleProxyGateway:ForwardingControlRuleProxyGateway":{"properties":{"id":{"type":"integer","description":"(int) Identifier that uniquely identifies an entity\n"},"name":{"type":"string","description":"(string) The configured name of the entity\n"}},"type":"object","required":["id"]},"zia:index/ForwardingControlRuleSrcIpGroups:ForwardingControlRuleSrcIpGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(int) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/ForwardingControlRuleSrcIpv6Groups:ForwardingControlRuleSrcIpv6Groups":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(int) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/ForwardingControlRuleUsers:ForwardingControlRuleUsers":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(int) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/ForwardingControlRuleZpaAppSegment:ForwardingControlRuleZpaAppSegment":{"properties":{"externalId":{"type":"string","description":"(int) Identifier that uniquely identifies an entity\n"},"name":{"type":"string","description":"(string) The configured name of the entity\n"}},"type":"object","required":["externalId","name"]},"zia:index/ForwardingControlRuleZpaApplicationSegmentGroups:ForwardingControlRuleZpaApplicationSegmentGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(int) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/ForwardingControlRuleZpaApplicationSegments:ForwardingControlRuleZpaApplicationSegments":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(int) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/ForwardingControlRuleZpaGateway:ForwardingControlRuleZpaGateway":{"properties":{"id":{"type":"integer","description":"(int) Identifier that uniquely identifies an entity\n"},"name":{"type":"string","description":"(string) The configured name of the entity\n"}},"type":"object","required":["id"]},"zia:index/ForwardingControlZPAGatewayZpaAppSegment:ForwardingControlZPAGatewayZpaAppSegment":{"properties":{"externalId":{"type":"string","description":"An external identifier used for an entity that is managed outside of ZIA. Examples include zpaServerGroup and zpaAppSegments. This field is not applicable to ZIA-managed entities.\n"},"name":{"type":"string","description":"The configured name of the entity\n"}},"type":"object","required":["externalId","name"]},"zia:index/ForwardingControlZPAGatewayZpaServerGroup:ForwardingControlZPAGatewayZpaServerGroup":{"properties":{"externalId":{"type":"string","description":"An external identifier used for an entity that is managed outside of ZIA. Examples include zpaServerGroup and zpaAppSegments. This field is not applicable to ZIA-managed entities.\n"},"name":{"type":"string","description":"The configured name of the entity\n"}},"type":"object","required":["externalId","name"]},"zia:index/IPSFirewallRuleDepartments:IPSFirewallRuleDepartments":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(Integer) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/IPSFirewallRuleDestIpGroups:IPSFirewallRuleDestIpGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(Integer) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/IPSFirewallRuleDestIpv6Groups:IPSFirewallRuleDestIpv6Groups":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(Integer) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/IPSFirewallRuleDeviceGroups:IPSFirewallRuleDeviceGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(Integer) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/IPSFirewallRuleDevices:IPSFirewallRuleDevices":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(Integer) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/IPSFirewallRuleGroups:IPSFirewallRuleGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(Integer) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/IPSFirewallRuleLabels:IPSFirewallRuleLabels":{"properties":{"id":{"type":"integer","description":"(Integer) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/IPSFirewallRuleLocationGroups:IPSFirewallRuleLocationGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(Integer) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/IPSFirewallRuleLocations:IPSFirewallRuleLocations":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(Integer) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/IPSFirewallRuleNwServiceGroups:IPSFirewallRuleNwServiceGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(Integer) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/IPSFirewallRuleNwServices:IPSFirewallRuleNwServices":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(Integer) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/IPSFirewallRuleSrcIpGroups:IPSFirewallRuleSrcIpGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(Integer) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/IPSFirewallRuleSrcIpv6Groups:IPSFirewallRuleSrcIpv6Groups":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(Integer) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/IPSFirewallRuleThreatCategories:IPSFirewallRuleThreatCategories":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(Integer) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/IPSFirewallRuleTimeWindows:IPSFirewallRuleTimeWindows":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(Integer) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/IPSFirewallRuleUsers:IPSFirewallRuleUsers":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(Integer) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/IPSFirewallRuleZpaAppSegment:IPSFirewallRuleZpaAppSegment":{"properties":{"externalId":{"type":"string","description":"External ID of the application segment.\n"},"name":{"type":"string","description":"Name of the application segment.\n"}},"type":"object","required":["externalId","name"]},"zia:index/LocationManagementExtranet:LocationManagementExtranet":{"properties":{"id":{"type":"integer"}},"type":"object"},"zia:index/LocationManagementExtranetDn:LocationManagementExtranetDn":{"properties":{"id":{"type":"integer"}},"type":"object"},"zia:index/LocationManagementExtranetIpPool:LocationManagementExtranetIpPool":{"properties":{"id":{"type":"integer"}},"type":"object"},"zia:index/LocationManagementStaticLocationGroups:LocationManagementStaticLocationGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/LocationManagementVpnCredential:LocationManagementVpnCredential":{"properties":{"fqdn":{"type":"string"},"id":{"type":"integer"},"ipAddress":{"type":"string"},"preSharedKey":{"type":"string","secret":true},"type":{"type":"string"}},"type":"object","language":{"nodejs":{"requiredOutputs":["fqdn","id","type"]}}},"zia:index/NatControlRulesDepartments:NatControlRulesDepartments":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/NatControlRulesDestIpGroups:NatControlRulesDestIpGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/NatControlRulesDestIpv6Groups:NatControlRulesDestIpv6Groups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/NatControlRulesDeviceGroups:NatControlRulesDeviceGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/NatControlRulesDevices:NatControlRulesDevices":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/NatControlRulesGroups:NatControlRulesGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/NatControlRulesLabels:NatControlRulesLabels":{"properties":{"id":{"type":"integer"}},"type":"object"},"zia:index/NatControlRulesLocationGroups:NatControlRulesLocationGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/NatControlRulesLocations:NatControlRulesLocations":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/NatControlRulesNwServiceGroups:NatControlRulesNwServiceGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/NatControlRulesNwServices:NatControlRulesNwServices":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/NatControlRulesSrcIpGroups:NatControlRulesSrcIpGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/NatControlRulesSrcIpv6Groups:NatControlRulesSrcIpv6Groups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/NatControlRulesTimeWindows:NatControlRulesTimeWindows":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/NatControlRulesUsers:NatControlRulesUsers":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/RiskProfilesCustomTags:RiskProfilesCustomTags":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object","required":["ids"]},"zia:index/SSLInspectionRulesAction:SSLInspectionRulesAction":{"properties":{"decryptSubActions":{"type":"array","items":{"$ref":"#/types/zia:index/SSLInspectionRulesActionDecryptSubAction:SSLInspectionRulesActionDecryptSubAction"},"description":"(Block List) - Action taken when enabling SSL intercept\n"},"doNotDecryptSubActions":{"type":"array","items":{"$ref":"#/types/zia:index/SSLInspectionRulesActionDoNotDecryptSubAction:SSLInspectionRulesActionDoNotDecryptSubAction"},"description":"(Block List) - Action taken when bypassing SSL intercept\n"},"overrideDefaultCertificate":{"type":"boolean","description":"(Boolean) - Whether to override the default SSL interception certificate.\n"},"showEun":{"type":"boolean","description":"(Boolean) - Enable this setting to display end user notifications.\n"},"showEunatp":{"type":"boolean","description":"(Boolean) - Whether to display the EUN ATP page.\n"},"sslInterceptionCerts":{"type":"array","items":{"$ref":"#/types/zia:index/SSLInspectionRulesActionSslInterceptionCert:SSLInspectionRulesActionSslInterceptionCert"},"description":"has the following attributes:\n**NOTE** This block can only be set when \u003cspan pulumi-lang-nodejs=\"`overrideDefaultCertificate`\" pulumi-lang-dotnet=\"`OverrideDefaultCertificate`\" pulumi-lang-go=\"`overrideDefaultCertificate`\" pulumi-lang-python=\"`override_default_certificate`\" pulumi-lang-yaml=\"`overrideDefaultCertificate`\" pulumi-lang-java=\"`overrideDefaultCertificate`\"\u003e`override_default_certificate`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e\n"},"type":{"type":"string","description":"(String) - The action type for this rule. Possible values: `BLOCK`.\n"}},"type":"object"},"zia:index/SSLInspectionRulesActionDecryptSubAction:SSLInspectionRulesActionDecryptSubAction":{"properties":{"blockSslTrafficWithNoSniEnabled":{"type":"boolean","description":"(Boolean) - Whether to block SSL traffic when SNI is not present.\n"},"blockUndecrypt":{"type":"boolean","description":"(Boolean) - Enable to block traffic from servers that use non-standard encryption methods or require mutual TLS authentication.\n"},"http2Enabled":{"type":"boolean","description":"(Boolean)\n"},"minClientTlsVersion":{"type":"string","description":"(String) - The minimum TLS version allowed on the client side: Supported Values are: `CLIENT_TLS_1_0`, `CLIENT_TLS_1_1`, `CLIENT_TLS_1_2`,  `CLIENT_TLS_1_3`.\n"},"minServerTlsVersion":{"type":"string","description":"(String) - The minimum TLS version allowed on the server side: Supported Values are: `SERVER_TLS_1_0`, `SERVER_TLS_1_1`, `SERVER_TLS_1_2`,  `SERVER_TLS_1_3`.\n"},"ocspCheck":{"type":"boolean","description":"(Boolean) - Whether to enable OCSP check.\n"},"serverCertificates":{"type":"string","description":"(String) - Action to take on server certificates. Valid values might include `ALLOW`, `BLOCK`, or `PASS_THRU`.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["minClientTlsVersion","minServerTlsVersion"]}}},"zia:index/SSLInspectionRulesActionDoNotDecryptSubAction:SSLInspectionRulesActionDoNotDecryptSubAction":{"properties":{"blockSslTrafficWithNoSniEnabled":{"type":"boolean","description":"(Boolean) - Whether to block SSL traffic when SNI is not present.\n"},"bypassOtherPolicies":{"type":"boolean","description":"(Boolean) - Whether to bypass other policies when action is set to `DO_NOT_DECRYPT`.\n"},"minTlsVersion":{"type":"string","description":"(String) -  The minimum TLS version allowed on the server side: Supported Values are: `SERVER_TLS_1_0`, `SERVER_TLS_1_1`, `SERVER_TLS_1_2`,  `SERVER_TLS_1_3`.\n**NOTE** \u003cspan pulumi-lang-nodejs=\"`minTlsVersion`\" pulumi-lang-dotnet=\"`MinTlsVersion`\" pulumi-lang-go=\"`minTlsVersion`\" pulumi-lang-python=\"`min_tls_version`\" pulumi-lang-yaml=\"`minTlsVersion`\" pulumi-lang-java=\"`minTlsVersion`\"\u003e`min_tls_version`\u003c/span\u003e and \u003cspan pulumi-lang-nodejs=\"`serverCertificates`\" pulumi-lang-dotnet=\"`ServerCertificates`\" pulumi-lang-go=\"`serverCertificates`\" pulumi-lang-python=\"`server_certificates`\" pulumi-lang-yaml=\"`serverCertificates`\" pulumi-lang-java=\"`serverCertificates`\"\u003e`server_certificates`\u003c/span\u003e CANNOT be set if \u003cspan pulumi-lang-nodejs=\"`bypassOtherPolicies`\" pulumi-lang-dotnet=\"`BypassOtherPolicies`\" pulumi-lang-go=\"`bypassOtherPolicies`\" pulumi-lang-python=\"`bypass_other_policies`\" pulumi-lang-yaml=\"`bypassOtherPolicies`\" pulumi-lang-java=\"`bypassOtherPolicies`\"\u003e`bypass_other_policies`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e\n"},"ocspCheck":{"type":"boolean","description":"(Boolean) - Whether to enable OCSP check.\n"},"serverCertificates":{"type":"string","description":"(String) - Action to take on server certificates. Valid values might include `ALLOW`, `BLOCK`, or `PASS_THRU`.\n"}},"type":"object"},"zia:index/SSLInspectionRulesActionSslInterceptionCert:SSLInspectionRulesActionSslInterceptionCert":{"properties":{"id":{"type":"integer","description":"(Integer) - A unique identifier assigned to the workload group\n"}},"type":"object"},"zia:index/SSLInspectionRulesDepartments:SSLInspectionRulesDepartments":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(Integer) - A unique identifier assigned to the workload group\n"}},"type":"object"},"zia:index/SSLInspectionRulesDestIpGroups:SSLInspectionRulesDestIpGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(Integer) - A unique identifier assigned to the workload group\n"}},"type":"object"},"zia:index/SSLInspectionRulesDeviceGroups:SSLInspectionRulesDeviceGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(Integer) - A unique identifier assigned to the workload group\n"}},"type":"object"},"zia:index/SSLInspectionRulesDevices:SSLInspectionRulesDevices":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(Integer) - A unique identifier assigned to the workload group\n"}},"type":"object"},"zia:index/SSLInspectionRulesGroups:SSLInspectionRulesGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(Integer) - A unique identifier assigned to the workload group\n"}},"type":"object"},"zia:index/SSLInspectionRulesLabels:SSLInspectionRulesLabels":{"properties":{"id":{"type":"integer","description":"(Integer) - A unique identifier assigned to the workload group\n"}},"type":"object"},"zia:index/SSLInspectionRulesLocationGroups:SSLInspectionRulesLocationGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(Integer) - A unique identifier assigned to the workload group\n"}},"type":"object"},"zia:index/SSLInspectionRulesLocations:SSLInspectionRulesLocations":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(Integer) - A unique identifier assigned to the workload group\n"}},"type":"object"},"zia:index/SSLInspectionRulesProxyGateways:SSLInspectionRulesProxyGateways":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(Integer) - A unique identifier assigned to the workload group\n"}},"type":"object"},"zia:index/SSLInspectionRulesSourceIpGroups:SSLInspectionRulesSourceIpGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(Integer) - A unique identifier assigned to the workload group\n"}},"type":"object"},"zia:index/SSLInspectionRulesTimeWindows:SSLInspectionRulesTimeWindows":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(Integer) - A unique identifier assigned to the workload group\n"}},"type":"object"},"zia:index/SSLInspectionRulesUsers:SSLInspectionRulesUsers":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(Integer) - A unique identifier assigned to the workload group\n"}},"type":"object"},"zia:index/SSLInspectionRulesWorkloadGroup:SSLInspectionRulesWorkloadGroup":{"properties":{"id":{"type":"integer","description":"(Integer) - A unique identifier assigned to the workload group\n"},"name":{"type":"string","description":"The name of the resource.\n"}},"type":"object","required":["id"]},"zia:index/SSLInspectionRulesZpaAppSegment:SSLInspectionRulesZpaAppSegment":{"properties":{"externalId":{"type":"string","description":"External ID of the application segment.\n"},"name":{"type":"string","description":"Name of the application segment.\n"}},"type":"object","required":["externalId","name"]},"zia:index/SandboxRulesDepartments:SandboxRulesDepartments":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(Integer) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/SandboxRulesGroups:SandboxRulesGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(Integer) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/SandboxRulesLabels:SandboxRulesLabels":{"properties":{"id":{"type":"integer","description":"(Integer) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/SandboxRulesLocationGroups:SandboxRulesLocationGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(Integer) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/SandboxRulesLocations:SandboxRulesLocations":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(Integer) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/SandboxRulesUsers:SandboxRulesUsers":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"(Integer) Identifier that uniquely identifies an entity\n"}},"type":"object"},"zia:index/SandboxRulesZpaAppSegment:SandboxRulesZpaAppSegment":{"properties":{"externalId":{"type":"string","description":"External ID of the application segment.\n"},"name":{"type":"string","description":"Name of the application segment.\n"}},"type":"object","required":["externalId","name"]},"zia:index/SubCloudDc:SubCloudDc":{"properties":{"country":{"type":"string","description":"(String) Country where the excluded data center is located.\n"},"id":{"type":"integer","description":"(Integer) Unique identifier for the datacenter.\n"},"name":{"type":"string","description":"(String) Datacenter name.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["country","id","name"]}}},"zia:index/SubCloudExclusion:SubCloudExclusion":{"properties":{"country":{"type":"string","description":"(String) Country where the excluded data center is located.\n"},"datacenter":{"$ref":"#/types/zia:index/SubCloudExclusionDatacenter:SubCloudExclusionDatacenter","description":"(List) The excluded datacenter reference.\n"},"endTime":{"type":"integer","description":"(Integer, Optional) Exclusion end time (Unix timestamp). Either \u003cspan pulumi-lang-nodejs=\"`endTime`\" pulumi-lang-dotnet=\"`EndTime`\" pulumi-lang-go=\"`endTime`\" pulumi-lang-python=\"`end_time`\" pulumi-lang-yaml=\"`endTime`\" pulumi-lang-java=\"`endTime`\"\u003e`end_time`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`endTimeUtc`\" pulumi-lang-dotnet=\"`EndTimeUtc`\" pulumi-lang-go=\"`endTimeUtc`\" pulumi-lang-python=\"`end_time_utc`\" pulumi-lang-yaml=\"`endTimeUtc`\" pulumi-lang-java=\"`endTimeUtc`\"\u003e`end_time_utc`\u003c/span\u003e must be set.\n"},"endTimeUtc":{"type":"string","description":"(String, Optional) Data center disabled until (UTC). Format: `MM/DD/YYYY HH:MM:SS am/pm`. If set, overrides \u003cspan pulumi-lang-nodejs=\"`endTime`\" pulumi-lang-dotnet=\"`EndTime`\" pulumi-lang-go=\"`endTime`\" pulumi-lang-python=\"`end_time`\" pulumi-lang-yaml=\"`endTime`\" pulumi-lang-java=\"`endTime`\"\u003e`end_time`\u003c/span\u003e.\n"}},"type":"object","required":["country","datacenter"],"language":{"nodejs":{"requiredOutputs":["country","datacenter","endTime","endTimeUtc"]}}},"zia:index/SubCloudExclusionDatacenter:SubCloudExclusionDatacenter":{"properties":{"country":{"type":"string","description":"(String) Country where the excluded data center is located.\n"},"id":{"type":"integer","description":"(Integer) Unique identifier for the datacenter.\n"},"name":{"type":"string","description":"(String) Datacenter name.\n"}},"type":"object","required":["id"]},"zia:index/TrafficCaptureRulesAppServiceGroups:TrafficCaptureRulesAppServiceGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/TrafficCaptureRulesDepartments:TrafficCaptureRulesDepartments":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/TrafficCaptureRulesDestIpGroups:TrafficCaptureRulesDestIpGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/TrafficCaptureRulesDeviceGroups:TrafficCaptureRulesDeviceGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/TrafficCaptureRulesDevices:TrafficCaptureRulesDevices":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/TrafficCaptureRulesGroups:TrafficCaptureRulesGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/TrafficCaptureRulesLabels:TrafficCaptureRulesLabels":{"properties":{"id":{"type":"integer"}},"type":"object"},"zia:index/TrafficCaptureRulesLocationGroups:TrafficCaptureRulesLocationGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/TrafficCaptureRulesLocations:TrafficCaptureRulesLocations":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/TrafficCaptureRulesNwApplicationGroups:TrafficCaptureRulesNwApplicationGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/TrafficCaptureRulesNwServiceGroups:TrafficCaptureRulesNwServiceGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/TrafficCaptureRulesNwServices:TrafficCaptureRulesNwServices":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/TrafficCaptureRulesSrcIpGroups:TrafficCaptureRulesSrcIpGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/TrafficCaptureRulesTimeWindows:TrafficCaptureRulesTimeWindows":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/TrafficCaptureRulesUsers:TrafficCaptureRulesUsers":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/TrafficCaptureRulesWorkloadGroup:TrafficCaptureRulesWorkloadGroup":{"properties":{"id":{"type":"integer","description":"The unique identifier for the resource.\n"},"name":{"type":"string","description":"The name of the resource.\n"}},"type":"object","required":["id"]},"zia:index/TrafficForwardingGRETunnelPrimaryDestVip:TrafficForwardingGRETunnelPrimaryDestVip":{"properties":{"datacenter":{"type":"string","description":"Data center information\n"},"id":{"type":"integer","description":"GRE cluster virtual IP ID\n"},"virtualIp":{"type":"string","description":"GRE cluster virtual IP address (VIP)\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["datacenter","id","virtualIp"]}}},"zia:index/TrafficForwardingGRETunnelSecondaryDestVip:TrafficForwardingGRETunnelSecondaryDestVip":{"properties":{"datacenter":{"type":"string","description":"Data center information\n"},"id":{"type":"integer","description":"GRE cluster virtual IP ID\n"},"virtualIp":{"type":"string","description":"GRE cluster virtual IP address (VIP)\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["datacenter","id","virtualIp"]}}},"zia:index/URLCategoriesPredefinedUrlKeywordCount:URLCategoriesPredefinedUrlKeywordCount":{"properties":{"retainParentKeywordCount":{"type":"integer","description":"Count of total keywords with retain parent category.\n"},"retainParentUrlCount":{"type":"integer","description":"Count of URLs with retain parent category.\n"},"totalKeywordCount":{"type":"integer","description":"Total keyword count for the category.\n"},"totalUrlCount":{"type":"integer","description":"Custom URL count for the category.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["retainParentKeywordCount","retainParentUrlCount","totalKeywordCount","totalUrlCount"]}}},"zia:index/URLCategoriesScope:URLCategoriesScope":{"properties":{"scopeEntities":{"$ref":"#/types/zia:index/URLCategoriesScopeScopeEntities:URLCategoriesScopeScopeEntities","description":"list of scope IDs\n"},"scopeGroupMemberEntities":{"$ref":"#/types/zia:index/URLCategoriesScopeScopeGroupMemberEntities:URLCategoriesScopeScopeGroupMemberEntities","description":"list of scope group member IDs\n"},"type":{"type":"string"}},"type":"object","language":{"nodejs":{"requiredOutputs":["scopeEntities","scopeGroupMemberEntities"]}}},"zia:index/URLCategoriesScopeScopeEntities:URLCategoriesScopeScopeEntities":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object","required":["ids"]},"zia:index/URLCategoriesScopeScopeGroupMemberEntities:URLCategoriesScopeScopeGroupMemberEntities":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object","required":["ids"]},"zia:index/URLCategoriesUrlKeywordCounts:URLCategoriesUrlKeywordCounts":{"properties":{"retainParentKeywordCount":{"type":"integer","description":"Count of total keywords with retain parent category.\n"},"retainParentUrlCount":{"type":"integer","description":"Count of URLs with retain parent category.\n"},"totalKeywordCount":{"type":"integer","description":"Total keyword count for the category.\n"},"totalUrlCount":{"type":"integer","description":"Custom URL count for the category.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["retainParentKeywordCount","retainParentUrlCount","totalKeywordCount","totalUrlCount"]}}},"zia:index/URLFilteringRulesCbiProfile:URLFilteringRulesCbiProfile":{"properties":{"id":{"type":"string"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"},"profileSeq":{"type":"integer"},"url":{"type":"string","description":"The browser isolation profile URL\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["profileSeq"]}}},"zia:index/URLFilteringRulesDepartments:URLFilteringRulesDepartments":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/URLFilteringRulesDeviceGroups:URLFilteringRulesDeviceGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/URLFilteringRulesDevices:URLFilteringRulesDevices":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/URLFilteringRulesGroups:URLFilteringRulesGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/URLFilteringRulesLabels:URLFilteringRulesLabels":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/URLFilteringRulesLocationGroups:URLFilteringRulesLocationGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/URLFilteringRulesLocations:URLFilteringRulesLocations":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/URLFilteringRulesOverrideGroups:URLFilteringRulesOverrideGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/URLFilteringRulesOverrideUsers:URLFilteringRulesOverrideUsers":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/URLFilteringRulesSourceIpGroups:URLFilteringRulesSourceIpGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/URLFilteringRulesTimeWindows:URLFilteringRulesTimeWindows":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/URLFilteringRulesUsers:URLFilteringRulesUsers":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object"},"zia:index/URLFilteringRulesWorkloadGroup:URLFilteringRulesWorkloadGroup":{"properties":{"id":{"type":"integer","description":"The unique identifier for the resource.\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["id"]},"zia:index/UserManagementDepartment:UserManagementDepartment":{"properties":{"comments":{"type":"string","description":"Additional information about this department\n"},"deleted":{"type":"boolean"},"id":{"type":"integer","description":"Department ID\n\n!\u003e **WARNING:** The password parameter is considered sensitive information and is omitted in case terraform output is configured.\n"},"idpId":{"type":"integer","description":"Identity provider (IdP) ID\n"},"name":{"type":"string","description":"User name. This appears when choosing users for policies.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["comments","deleted","idpId","name"]}}},"zia:index/UserManagementGroups:UserManagementGroups":{"properties":{"ids":{"type":"array","items":{"type":"integer"},"description":"Unique identfier for the group\n"}},"type":"object"},"zia:index/VirtualServiceEdgeClusterVirtualZenNodes:VirtualServiceEdgeClusterVirtualZenNodes":{"properties":{"ids":{"type":"array","items":{"type":"integer"}}},"type":"object","required":["ids"]},"zia:index/WorkloadGroupsExpressionJson:WorkloadGroupsExpressionJson":{"properties":{"expressionContainers":{"type":"array","items":{"$ref":"#/types/zia:index/WorkloadGroupsExpressionJsonExpressionContainer:WorkloadGroupsExpressionJsonExpressionContainer"},"description":"(List) Contains one or more tag types (and associated tags) combined using logical operators within a workload group.\n"}},"type":"object"},"zia:index/WorkloadGroupsExpressionJsonExpressionContainer:WorkloadGroupsExpressionJsonExpressionContainer":{"properties":{"operator":{"type":"string","description":"(String) The logical operator (either AND or OR) used to combine the tags within a tag type. Returned values are: `AND`, `OR`.\n"},"tagContainers":{"type":"array","items":{"$ref":"#/types/zia:index/WorkloadGroupsExpressionJsonExpressionContainerTagContainer:WorkloadGroupsExpressionJsonExpressionContainerTagContainer"},"description":"(List) Contains one or more tags and the logical operator used to combine the tags within a tag type.\n"},"tagType":{"type":"string","description":"(String) The tag type selected from a predefined list. Returned values are: `ANY`, `VPC`, `SUBNET`, `VM`, `ENI`, `ATTR`.\n"}},"type":"object"},"zia:index/WorkloadGroupsExpressionJsonExpressionContainerTagContainer:WorkloadGroupsExpressionJsonExpressionContainerTagContainer":{"properties":{"operator":{"type":"string","description":"(String) The logical operator (either AND or OR) used to combine the tags within a tag type. Returned values are: `AND`, `OR`.\n"},"tags":{"type":"array","items":{"$ref":"#/types/zia:index/WorkloadGroupsExpressionJsonExpressionContainerTagContainerTag:WorkloadGroupsExpressionJsonExpressionContainerTagContainerTag"},"description":"(List) One or more tags, each consisting of a key-value pair, selected within a tag type. If multiple tags are present within a tag type, they are combined using a logical operator. Note: A maximum of 8 tags can be added to a workload group, irrespective of the number of tag types present.\n"}},"type":"object"},"zia:index/WorkloadGroupsExpressionJsonExpressionContainerTagContainerTag:WorkloadGroupsExpressionJsonExpressionContainerTagContainerTag":{"properties":{"key":{"type":"string","description":"(String) The key component present in the key-value pair contained in a tag.\n"},"value":{"type":"string","description":"(String) The value component present in the key-value pair contained in a tag.\n"}},"type":"object"},"zia:index/getAdminUsersAdminScope:getAdminUsersAdminScope":{"properties":{"scopeEntities":{"type":"array","items":{"$ref":"#/types/zia:index/getAdminUsersAdminScopeScopeEntity:getAdminUsersAdminScopeScopeEntity"},"description":"(String) Based on the admin scope type, the entities can be the ID/name pair of departments, locations, or location groups.\n"},"scopeGroupMemberEntities":{"type":"array","items":{"$ref":"#/types/zia:index/getAdminUsersAdminScopeScopeGroupMemberEntity:getAdminUsersAdminScopeScopeGroupMemberEntity"},"description":"(Number) Only applicable for the LOCATION_GROUP admin scope type, in which case this attribute gives the list of ID/name pairs of locations within the location group.\n"},"type":{"type":"string","description":"(String) The admin scope type. The attribute name is subject to change.\n"}},"type":"object","required":["scopeEntities","scopeGroupMemberEntities","type"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getAdminUsersAdminScopeScopeEntity:getAdminUsersAdminScopeScopeEntity":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"The ID of the admin user to be exported.\n"},"name":{"type":"string","description":"(String)\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getAdminUsersAdminScopeScopeGroupMemberEntity:getAdminUsersAdminScopeScopeGroupMemberEntity":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"The ID of the admin user to be exported.\n"},"name":{"type":"string","description":"(String)\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getAdminUsersExecMobileAppToken:getAdminUsersExecMobileAppToken":{"properties":{"cloud":{"type":"string","description":"(String)\n"},"createTime":{"type":"integer","description":"(Number)\n"},"deviceId":{"type":"string","description":"(String)\n"},"deviceName":{"type":"string","description":"(String)\n"},"name":{"type":"string","description":"(String)\n"},"orgId":{"type":"integer","description":"(Number)\n"},"token":{"type":"string","description":"(String)\n"},"tokenExpiry":{"type":"integer","description":"(Number)\n"},"tokenId":{"type":"string","description":"(String)\n"}},"type":"object","required":["cloud","createTime","deviceId","deviceName","name","orgId","token","tokenExpiry","tokenId"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getAdminUsersRole:getAdminUsersRole":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"The ID of the admin user to be exported.\n"},"name":{"type":"string","description":"(String)\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getBandwidthControlRuleBandwidthClass:getBandwidthControlRuleBandwidthClass":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"System-generated identifier for bandwidth control rule\n"},"name":{"type":"string","description":"Rule name.\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getBandwidthControlRuleLabel:getBandwidthControlRuleLabel":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"System-generated identifier for bandwidth control rule\n"},"name":{"type":"string","description":"Rule name.\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getBandwidthControlRuleLastModifiedBy:getBandwidthControlRuleLastModifiedBy":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"System-generated identifier for bandwidth control rule\n"},"name":{"type":"string","description":"Rule name.\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getBandwidthControlRuleLocation:getBandwidthControlRuleLocation":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"System-generated identifier for bandwidth control rule\n"},"name":{"type":"string","description":"Rule name.\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getBandwidthControlRuleLocationGroup:getBandwidthControlRuleLocationGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"System-generated identifier for bandwidth control rule\n"},"name":{"type":"string","description":"Rule name.\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getBandwidthControlRuleTimeWindow:getBandwidthControlRuleTimeWindow":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"System-generated identifier for bandwidth control rule\n"},"name":{"type":"string","description":"Rule name.\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getBrowserControlPolicySmartIsolationProfile:getBrowserControlPolicySmartIsolationProfile":{"properties":{"defaultProfile":{"type":"boolean","description":"Indicates whether this is a default browser isolation profile. Zscaler sets this field.\n"},"id":{"type":"string","description":"(int) A unique identifier for an entity.\n"},"name":{"type":"string","description":"Name of the browser isolation profile\n"},"url":{"type":"string","description":"The browser isolation profile URL\n"}},"type":"object","required":["defaultProfile","id","name","url"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getBrowserControlSettingsSmartIsolationProfile:getBrowserControlSettingsSmartIsolationProfile":{"properties":{"defaultProfile":{"type":"boolean","description":"Indicates whether this is a default browser isolation profile. Zscaler sets this field.\n"},"id":{"type":"string","description":"(int) A unique identifier for an entity.\n"},"name":{"type":"string","description":"Name of the browser isolation profile\n"},"url":{"type":"string","description":"The browser isolation profile URL\n"}},"type":"object","required":["defaultProfile","id","name","url"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCasbDlpRulesAuditorNotification:getCasbDlpRulesAuditorNotification":{"properties":{"id":{"type":"integer","description":"System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule.\n"},"name":{"type":"string","description":"Rule name.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCasbDlpRulesBucket:getCasbDlpRulesBucket":{"properties":{"id":{"type":"integer","description":"System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule.\n"},"name":{"type":"string","description":"Rule name.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCasbDlpRulesCasbEmailLabel:getCasbDlpRulesCasbEmailLabel":{"properties":{"id":{"type":"integer","description":"System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule.\n"},"name":{"type":"string","description":"Rule name.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCasbDlpRulesCasbTombstoneTemplate:getCasbDlpRulesCasbTombstoneTemplate":{"properties":{"id":{"type":"integer","description":"System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule.\n"},"name":{"type":"string","description":"Rule name.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCasbDlpRulesCloudAppTenant:getCasbDlpRulesCloudAppTenant":{"properties":{"id":{"type":"integer","description":"System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule.\n"},"name":{"type":"string","description":"Rule name.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCasbDlpRulesCriteriaDomainProfile:getCasbDlpRulesCriteriaDomainProfile":{"properties":{"id":{"type":"integer","description":"System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule.\n"},"name":{"type":"string","description":"Rule name.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCasbDlpRulesDepartment:getCasbDlpRulesDepartment":{"properties":{"id":{"type":"integer","description":"System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule.\n"},"name":{"type":"string","description":"Rule name.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCasbDlpRulesDlpEngine:getCasbDlpRulesDlpEngine":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String) Optional metadata for the DLP engine.\n"},"id":{"type":"integer","description":"System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule.\n"},"name":{"type":"string","description":"Rule name.\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCasbDlpRulesEmailRecipientProfile:getCasbDlpRulesEmailRecipientProfile":{"properties":{"id":{"type":"integer","description":"System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule.\n"},"name":{"type":"string","description":"Rule name.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCasbDlpRulesEntityGroup:getCasbDlpRulesEntityGroup":{"properties":{"id":{"type":"integer","description":"System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule.\n"},"name":{"type":"string","description":"Rule name.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCasbDlpRulesExcludedDomainProfile:getCasbDlpRulesExcludedDomainProfile":{"properties":{"id":{"type":"integer","description":"System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule.\n"},"name":{"type":"string","description":"Rule name.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCasbDlpRulesGroup:getCasbDlpRulesGroup":{"properties":{"id":{"type":"integer","description":"System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule.\n"},"name":{"type":"string","description":"Rule name.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCasbDlpRulesIncludedDomainProfile:getCasbDlpRulesIncludedDomainProfile":{"properties":{"id":{"type":"integer","description":"System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule.\n"},"name":{"type":"string","description":"Rule name.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCasbDlpRulesLabel:getCasbDlpRulesLabel":{"properties":{"id":{"type":"integer","description":"System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule.\n"},"name":{"type":"string","description":"Rule name.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCasbDlpRulesObjectType:getCasbDlpRulesObjectType":{"properties":{"id":{"type":"integer","description":"System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule.\n"},"name":{"type":"string","description":"Rule name.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCasbDlpRulesReceiver:getCasbDlpRulesReceiver":{"properties":{"id":{"type":"integer","description":"System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule.\n"},"name":{"type":"string","description":"Rule name.\n"},"tenants":{"type":"array","items":{"$ref":"#/types/zia:index/getCasbDlpRulesReceiverTenant:getCasbDlpRulesReceiverTenant"},"description":"Tenant information for the receiver\n"},"type":{"type":"string","description":"The type of SaaS Security Data at Rest Scanning DLP rule.\n* `OFLCASB_DLP_FILE`\n* `OFLCASB_DLP_EMAIL`\n* `OFLCASB_DLP_CRM`\n* `OFLCASB_DLP_ITSM`\n* `OFLCASB_DLP_COLLAB`\n* `OFLCASB_DLP_REPO`\n* `OFLCASB_DLP_STORAGE`\n* `OFLCASB_DLP_GENAI`\n"}},"type":"object","required":["id","name","tenants","type"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCasbDlpRulesReceiverTenant:getCasbDlpRulesReceiverTenant":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String) Optional metadata for the DLP engine.\n"},"externalId":{"type":"string","description":"External identifier for the tenant\n"},"id":{"type":"integer","description":"System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule.\n"},"name":{"type":"string","description":"Rule name.\n"}},"type":"object","required":["extensions","externalId","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCasbDlpRulesRedactionProfile:getCasbDlpRulesRedactionProfile":{"properties":{"id":{"type":"integer","description":"System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule.\n"},"name":{"type":"string","description":"Rule name.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCasbDlpRulesTag:getCasbDlpRulesTag":{"properties":{"id":{"type":"integer","description":"System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule.\n"},"name":{"type":"string","description":"Rule name.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCasbDlpRulesUser:getCasbDlpRulesUser":{"properties":{"id":{"type":"integer","description":"System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule.\n"},"name":{"type":"string","description":"Rule name.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCasbDlpRulesWatermarkProfile:getCasbDlpRulesWatermarkProfile":{"properties":{"id":{"type":"integer","description":"System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule.\n"},"name":{"type":"string","description":"Rule name.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCasbDlpRulesZscalerIncidentReceiver:getCasbDlpRulesZscalerIncidentReceiver":{"properties":{"id":{"type":"integer","description":"System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule.\n"},"name":{"type":"string","description":"Rule name.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCasbMalwareRulesBucket:getCasbMalwareRulesBucket":{"properties":{"id":{"type":"integer","description":"The type of SaaS Security Data at Rest Scanning Malware ruleData at Rest Scanning DLP rule.\n"},"name":{"type":"string","description":"Rule name.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCasbMalwareRulesCasbEmailLabel:getCasbMalwareRulesCasbEmailLabel":{"properties":{"id":{"type":"integer","description":"The type of SaaS Security Data at Rest Scanning Malware ruleData at Rest Scanning DLP rule.\n"},"name":{"type":"string","description":"Rule name.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCasbMalwareRulesCasbTombstoneTemplate:getCasbMalwareRulesCasbTombstoneTemplate":{"properties":{"id":{"type":"integer","description":"The type of SaaS Security Data at Rest Scanning Malware ruleData at Rest Scanning DLP rule.\n"},"name":{"type":"string","description":"Rule name.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCasbMalwareRulesCloudAppTenant:getCasbMalwareRulesCloudAppTenant":{"properties":{"id":{"type":"integer","description":"The type of SaaS Security Data at Rest Scanning Malware ruleData at Rest Scanning DLP rule.\n"},"name":{"type":"string","description":"Rule name.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCasbMalwareRulesCloudAppTenantId:getCasbMalwareRulesCloudAppTenantId":{"properties":{"id":{"type":"integer","description":"The type of SaaS Security Data at Rest Scanning Malware ruleData at Rest Scanning DLP rule.\n"},"name":{"type":"string","description":"Rule name.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCasbMalwareRulesLabel:getCasbMalwareRulesLabel":{"properties":{"id":{"type":"integer","description":"The type of SaaS Security Data at Rest Scanning Malware ruleData at Rest Scanning DLP rule.\n"},"name":{"type":"string","description":"Rule name.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCasbMalwareRulesLastModifiedBy:getCasbMalwareRulesLastModifiedBy":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional information about the entity\n"},"id":{"type":"integer","description":"The type of SaaS Security Data at Rest Scanning Malware ruleData at Rest Scanning DLP rule.\n"},"name":{"type":"string","description":"Rule name.\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCasbTenantZscalerAppTenantId:getCasbTenantZscalerAppTenantId":{"properties":{"id":{"type":"integer","description":"Identifier that uniquely identifies an entity\n"},"name":{"type":"string","description":"The configured name of the entity\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCloudAppControlRuleCbiProfile:getCloudAppControlRuleCbiProfile":{"properties":{"defaultProfile":{"type":"boolean","description":"The browser isolation profile URL\n"},"id":{"type":"string","description":"The universally unique identifier (UUID) for the browser isolation profile\n"},"name":{"type":"string","description":"Name of the browser isolation profile\n"},"sandboxMode":{"type":"boolean","description":"The browser isolation profile URL\n"},"url":{"type":"string","description":"The browser isolation profile URL\n"}},"type":"object","required":["defaultProfile","id","name","sandboxMode","url"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCloudAppControlRuleDepartment:getCloudAppControlRuleDepartment":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer"},"name":{"type":"string"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCloudAppControlRuleDevice:getCloudAppControlRuleDevice":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer"},"name":{"type":"string"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCloudAppControlRuleDeviceGroup:getCloudAppControlRuleDeviceGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer"},"name":{"type":"string"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCloudAppControlRuleGroup:getCloudAppControlRuleGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer"},"name":{"type":"string"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCloudAppControlRuleLabel:getCloudAppControlRuleLabel":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer"},"name":{"type":"string"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCloudAppControlRuleLocation:getCloudAppControlRuleLocation":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer"},"name":{"type":"string"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCloudAppControlRuleLocationGroup:getCloudAppControlRuleLocationGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer"},"name":{"type":"string"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCloudAppControlRuleUser:getCloudAppControlRuleUser":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer"},"name":{"type":"string"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCloudApplicationInstanceInstanceIdentifier:getCloudApplicationInstanceInstanceIdentifier":{"properties":{"identifierType":{"type":"string","description":"Type of the cloud application instance\n"},"instanceId":{"type":"integer","description":"Unique identifier for the cloud application instance\n"},"instanceIdentifier":{"type":"string","description":"Unique identifying string for the instance\n"},"instanceIdentifierName":{"type":"string","description":"Unique identifying string for the instance\n"},"lastModifiedBies":{"type":"array","items":{"$ref":"#/types/zia:index/getCloudApplicationInstanceInstanceIdentifierLastModifiedBy:getCloudApplicationInstanceInstanceIdentifierLastModifiedBy"},"description":"The admin that modified the instance last.\n"},"modifiedAt":{"type":"integer","description":"Timestamp of when the instance was last modified.\n"}},"type":"object","required":["identifierType","instanceId","instanceIdentifier","instanceIdentifierName","lastModifiedBies","modifiedAt"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCloudApplicationInstanceInstanceIdentifierLastModifiedBy:getCloudApplicationInstanceInstanceIdentifierLastModifiedBy":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"Identifier that uniquely identifies an entity\n"},"name":{"type":"string","description":"The configured name of the entity\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCloudApplicationInstanceLastModifiedBy:getCloudApplicationInstanceLastModifiedBy":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"Identifier that uniquely identifies an entity\n"},"name":{"type":"string","description":"The configured name of the entity\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCloudApplicationsApplication:getCloudApplicationsApplication":{"properties":{"app":{"type":"string","description":"(String) Application enum constant\n"},"appName":{"type":"string","description":"(String) Cloud application name\n"},"parent":{"type":"string","description":"(String) pplication category enum constant\n"},"parentName":{"type":"string","description":"(String) Name of the cloud application category\n"}},"type":"object","required":["app","appName","parent","parentName"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCloudNSSFeedBucket:getCloudNSSFeedBucket":{"properties":{"deleted":{"type":"boolean","description":"(bool) Indicates if the VPN credential is deleted\n"},"description":{"type":"string","description":"(string) Description of the VPN credential\n"},"getlId":{"type":"integer","description":"(int) GETL identifier for the VPN credential\n"},"id":{"type":"integer","description":"The unique identifier for the nss server\n"},"name":{"type":"string","description":"The name of the cloud NSS feed\n"},"pid":{"type":"integer","description":"(int) Parent identifier for the VPN credential\n"}},"type":"object","required":["deleted","description","getlId","id","name","pid"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCloudNSSFeedCasbTenant:getCloudNSSFeedCasbTenant":{"properties":{"deleted":{"type":"boolean","description":"(bool) Indicates if the VPN credential is deleted\n"},"description":{"type":"string","description":"(string) Description of the VPN credential\n"},"getlId":{"type":"integer","description":"(int) GETL identifier for the VPN credential\n"},"id":{"type":"integer","description":"The unique identifier for the nss server\n"},"name":{"type":"string","description":"The name of the cloud NSS feed\n"},"pid":{"type":"integer","description":"(int) Parent identifier for the VPN credential\n"}},"type":"object","required":["deleted","description","getlId","id","name","pid"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCloudNSSFeedDepartment:getCloudNSSFeedDepartment":{"properties":{"deleted":{"type":"boolean","description":"(bool) Indicates if the VPN credential is deleted\n"},"description":{"type":"string","description":"(string) Description of the VPN credential\n"},"getlId":{"type":"integer","description":"(int) GETL identifier for the VPN credential\n"},"id":{"type":"integer","description":"The unique identifier for the nss server\n"},"name":{"type":"string","description":"The name of the cloud NSS feed\n"},"pid":{"type":"integer","description":"(int) Parent identifier for the VPN credential\n"}},"type":"object","required":["deleted","description","getlId","id","name","pid"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCloudNSSFeedDlpDictionary:getCloudNSSFeedDlpDictionary":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String) Optional metadata for the entity\n"},"id":{"type":"integer","description":"The unique identifier for the nss server\n"},"name":{"type":"string","description":"The name of the cloud NSS feed\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCloudNSSFeedDlpEngine:getCloudNSSFeedDlpEngine":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String) Optional metadata for the entity\n"},"id":{"type":"integer","description":"The unique identifier for the nss server\n"},"name":{"type":"string","description":"The name of the cloud NSS feed\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCloudNSSFeedExternalCollaborator:getCloudNSSFeedExternalCollaborator":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String) Optional metadata for the entity\n"},"id":{"type":"integer","description":"The unique identifier for the nss server\n"},"name":{"type":"string","description":"The name of the cloud NSS feed\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCloudNSSFeedExternalOwner:getCloudNSSFeedExternalOwner":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String) Optional metadata for the entity\n"},"id":{"type":"integer","description":"The unique identifier for the nss server\n"},"name":{"type":"string","description":"The name of the cloud NSS feed\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCloudNSSFeedInternalCollaborator:getCloudNSSFeedInternalCollaborator":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String) Optional metadata for the entity\n"},"id":{"type":"integer","description":"The unique identifier for the nss server\n"},"name":{"type":"string","description":"The name of the cloud NSS feed\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCloudNSSFeedItsmObjectType:getCloudNSSFeedItsmObjectType":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String) Optional metadata for the entity\n"},"id":{"type":"integer","description":"The unique identifier for the nss server\n"},"name":{"type":"string","description":"The name of the cloud NSS feed\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCloudNSSFeedLocation:getCloudNSSFeedLocation":{"properties":{"deleted":{"type":"boolean","description":"(bool) Indicates if the VPN credential is deleted\n"},"description":{"type":"string","description":"(string) Description of the VPN credential\n"},"getlId":{"type":"integer","description":"(int) GETL identifier for the VPN credential\n"},"id":{"type":"integer","description":"The unique identifier for the nss server\n"},"name":{"type":"string","description":"The name of the cloud NSS feed\n"},"pid":{"type":"integer","description":"(int) Parent identifier for the VPN credential\n"}},"type":"object","required":["deleted","description","getlId","id","name","pid"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCloudNSSFeedLocationGroup:getCloudNSSFeedLocationGroup":{"properties":{"deleted":{"type":"boolean","description":"(bool) Indicates if the VPN credential is deleted\n"},"description":{"type":"string","description":"(string) Description of the VPN credential\n"},"getlId":{"type":"integer","description":"(int) GETL identifier for the VPN credential\n"},"id":{"type":"integer","description":"The unique identifier for the nss server\n"},"name":{"type":"string","description":"The name of the cloud NSS feed\n"},"pid":{"type":"integer","description":"(int) Parent identifier for the VPN credential\n"}},"type":"object","required":["deleted","description","getlId","id","name","pid"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCloudNSSFeedNwService:getCloudNSSFeedNwService":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String) Optional metadata for the entity\n"},"id":{"type":"integer","description":"The unique identifier for the nss server\n"},"name":{"type":"string","description":"The name of the cloud NSS feed\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCloudNSSFeedRule:getCloudNSSFeedRule":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String) Optional metadata for the entity\n"},"id":{"type":"integer","description":"The unique identifier for the nss server\n"},"name":{"type":"string","description":"The name of the cloud NSS feed\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCloudNSSFeedSenderName:getCloudNSSFeedSenderName":{"properties":{"deleted":{"type":"boolean","description":"(bool) Indicates if the VPN credential is deleted\n"},"description":{"type":"string","description":"(string) Description of the VPN credential\n"},"getlId":{"type":"integer","description":"(int) GETL identifier for the VPN credential\n"},"id":{"type":"integer","description":"The unique identifier for the nss server\n"},"name":{"type":"string","description":"The name of the cloud NSS feed\n"},"pid":{"type":"integer","description":"(int) Parent identifier for the VPN credential\n"}},"type":"object","required":["deleted","description","getlId","id","name","pid"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCloudNSSFeedUrlCategory:getCloudNSSFeedUrlCategory":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String) Optional metadata for the entity\n"},"id":{"type":"integer","description":"The unique identifier for the nss server\n"},"name":{"type":"string","description":"The name of the cloud NSS feed\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCloudNSSFeedUser:getCloudNSSFeedUser":{"properties":{"deleted":{"type":"boolean","description":"(bool) Indicates if the VPN credential is deleted\n"},"description":{"type":"string","description":"(string) Description of the VPN credential\n"},"getlId":{"type":"integer","description":"(int) GETL identifier for the VPN credential\n"},"id":{"type":"integer","description":"The unique identifier for the nss server\n"},"name":{"type":"string","description":"The name of the cloud NSS feed\n"},"pid":{"type":"integer","description":"(int) Parent identifier for the VPN credential\n"}},"type":"object","required":["deleted","description","getlId","id","name","pid"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getCloudNSSFeedVpnCredential:getCloudNSSFeedVpnCredential":{"properties":{"deleted":{"type":"boolean","description":"(bool) Indicates if the VPN credential is deleted\n"},"description":{"type":"string","description":"(string) Description of the VPN credential\n"},"getlId":{"type":"integer","description":"(int) GETL identifier for the VPN credential\n"},"id":{"type":"integer","description":"The unique identifier for the nss server\n"},"name":{"type":"string","description":"The name of the cloud NSS feed\n"},"pid":{"type":"integer","description":"(int) Parent identifier for the VPN credential\n"}},"type":"object","required":["deleted","description","getlId","id","name","pid"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDCExclusionsExclusion:getDCExclusionsExclusion":{"properties":{"dcId":{"type":"integer","description":"(Integer) Datacenter ID (dcid) for the exclusion.\n"},"dcName":{"type":"string","description":"(String) Datacenter name from the dcName reference.\n"},"dcNameId":{"type":"integer","description":"(Integer) Datacenter ID from the dcName reference.\n"},"description":{"type":"string","description":"(String) Description of the DC exclusion.\n"},"endTime":{"type":"integer","description":"(Integer) Unix timestamp when the exclusion window ends.\n"},"expired":{"type":"boolean","description":"(Boolean) Whether the exclusion has expired.\n"},"id":{"type":"string","description":"(String) The exclusion identifier (datacenter ID as string). Matches the\u003cspan pulumi-lang-nodejs=\" zia.DCExclusions \" pulumi-lang-dotnet=\" zia.DCExclusions \" pulumi-lang-go=\" DCExclusions \" pulumi-lang-python=\" DCExclusions \" pulumi-lang-yaml=\" zia.DCExclusions \" pulumi-lang-java=\" zia.DCExclusions \"\u003e zia.DCExclusions \u003c/span\u003eresource id.\n"},"startTime":{"type":"integer","description":"(Integer) Unix timestamp when the exclusion window starts.\n"}},"type":"object","required":["dcId","dcName","dcNameId","description","endTime","expired","id","startTime"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDLPDictionariesExactDataMatchDetail:getDLPDictionariesExactDataMatchDetail":{"properties":{"dictionaryEdmMappingId":{"type":"integer","description":"The unique identifier for the EDM mapping\n"},"primaryField":{"type":"integer","description":"The EDM template's primary field.\n"},"schemaId":{"type":"integer","description":"The unique identifier for the EDM template (or schema).\n"},"secondaryFieldMatchOn":{"type":"string","description":"The EDM secondary field to match on.\n"},"secondaryFields":{"type":"array","items":{"type":"integer"}}},"type":"object","required":["dictionaryEdmMappingId","primaryField","schemaId","secondaryFieldMatchOn","secondaryFields"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDLPDictionariesIdmProfileMatchAccuracy:getDLPDictionariesIdmProfileMatchAccuracy":{"properties":{"adpIdmProfiles":{"type":"array","items":{"$ref":"#/types/zia:index/getDLPDictionariesIdmProfileMatchAccuracyAdpIdmProfile:getDLPDictionariesIdmProfileMatchAccuracyAdpIdmProfile"},"description":"The action applied to a DLP dictionary using patterns\n"},"matchAccuracy":{"type":"string","description":"The IDM template match accuracy.\n"}},"type":"object","required":["adpIdmProfiles","matchAccuracy"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDLPDictionariesIdmProfileMatchAccuracyAdpIdmProfile:getDLPDictionariesIdmProfileMatchAccuracyAdpIdmProfile":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"Unique identifier for the DLP dictionary\n"},"name":{"type":"string","description":"DLP dictionary name\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDLPDictionariesPattern:getDLPDictionariesPattern":{"properties":{"action":{"type":"string","description":"(String) The action applied to a DLP dictionary using patterns\n"},"pattern":{"type":"string","description":"(String) DLP dictionary pattern\n"}},"type":"object","required":["action","pattern"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDLPDictionariesPhrase:getDLPDictionariesPhrase":{"properties":{"action":{"type":"string","description":"(String) The action applied to a DLP dictionary using patterns\n"},"phrase":{"type":"string"}},"type":"object","required":["action","phrase"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDLPEDMSchemaCreatedBy:getDLPEDMSchemaCreatedBy":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"Identifier that uniquely identifies an entity\n"},"name":{"type":"string","description":"The configured name of the entity\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDLPEDMSchemaEdmClient:getDLPEDMSchemaEdmClient":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"Identifier that uniquely identifies an entity\n"},"name":{"type":"string","description":"The configured name of the entity\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDLPEDMSchemaLastModifiedBy:getDLPEDMSchemaLastModifiedBy":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"Identifier that uniquely identifies an entity\n"},"name":{"type":"string","description":"The configured name of the entity\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDLPEDMSchemaSchedule:getDLPEDMSchemaSchedule":{"properties":{"scheduleDayOfMonths":{"type":"array","items":{"type":"string"},"description":"The day of the month that the IDM template is scheduled for. This attribute is required by PUT and POST requests, and when scheduleType is set to MONTHLY.\n"},"scheduleDayOfWeeks":{"type":"array","items":{"type":"string"},"description":"The day of the week the IDM template is scheduled for. This attribute is required by PUT and POST requests, and when scheduleType is set to WEEKLY.\n"},"scheduleDisabled":{"type":"boolean","description":"If set to true, the schedule for the IDM template is temporarily in a disabled state. This attribute is required by PUT requests in order to disable or enable a schedule.\n"},"scheduleTime":{"type":"integer","description":"The time of the day (in minutes) that the IDM template is scheduled for. For example: at 3am= 180 mins. This attribute is required by PUT and POST requests.\n"},"scheduleType":{"type":"string","description":"The schedule type for the IDM template's schedule (i.e., Monthly, Weekly, Daily, or None). This attribute is required by PUT and POST requests.\n"}},"type":"object","required":["scheduleDayOfMonths","scheduleDayOfWeeks","scheduleDisabled","scheduleTime","scheduleType"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDLPEDMSchemaTokenList:getDLPEDMSchemaTokenList":{"properties":{"colLengthBitmap":{"type":"integer","description":"The length of the column bitmap in the hashed file.\n"},"hashFileColumnOrder":{"type":"integer","description":"The column position for the token in the hashed file, starting from 1.\n"},"name":{"type":"string","description":"The token (i.e., criteria) name. This attribute is required by PUT and POST requests.\n"},"originalColumn":{"type":"integer","description":"The column position for the token in the original CSV file uploaded to the Index Tool, starting from 1. This attribue required by PUT and POST requests.\n"},"primaryKey":{"type":"boolean","description":"Indicates whether the token is a primary key.\n"},"type":{"type":"string","description":"The token (i.e., criteria) name. This attribute is required by PUT and POST requests.\n"}},"type":"object","required":["colLengthBitmap","hashFileColumnOrder","name","originalColumn","primaryKey","type"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDLPIDMProfileLiteClientVm:getDLPIDMProfileLiteClientVm":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"Identifier that uniquely identifies an entity\n"},"name":{"type":"string","description":"The configured name of the entity\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDLPIDMProfileLiteLastModifiedBy:getDLPIDMProfileLiteLastModifiedBy":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"Identifier that uniquely identifies an entity\n"},"name":{"type":"string","description":"The configured name of the entity\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDLPIDMProfilesIdmClient:getDLPIDMProfilesIdmClient":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"The configured name of the entity\n"},"id":{"type":"integer","description":"Identifier that uniquely identifies an entity\n"},"name":{"type":"string","description":"The configured name of the entity\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDLPIDMProfilesLastModifiedBy:getDLPIDMProfilesLastModifiedBy":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"The configured name of the entity\n"},"id":{"type":"integer","description":"Identifier that uniquely identifies an entity\n"},"name":{"type":"string","description":"The configured name of the entity\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDLPWebRulesDepartment:getDLPWebRulesDepartment":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional properties for the tenant\n"},"id":{"type":"integer","description":"Identifier that uniquely identifies an entity\n"},"name":{"type":"string","description":"Identifier that uniquely identifies an entity\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDLPWebRulesDlpEngine:getDLPWebRulesDlpEngine":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional properties for the tenant\n"},"id":{"type":"integer","description":"Identifier that uniquely identifies an entity\n"},"name":{"type":"string","description":"Identifier that uniquely identifies an entity\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDLPWebRulesExcludedDepartment:getDLPWebRulesExcludedDepartment":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional properties for the tenant\n"},"id":{"type":"integer","description":"Identifier that uniquely identifies an entity\n"}},"type":"object","required":["extensions","id"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDLPWebRulesExcludedGroup:getDLPWebRulesExcludedGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional properties for the tenant\n"},"id":{"type":"integer","description":"Identifier that uniquely identifies an entity\n"}},"type":"object","required":["extensions","id"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDLPWebRulesExcludedUser:getDLPWebRulesExcludedUser":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional properties for the tenant\n"},"id":{"type":"integer","description":"Identifier that uniquely identifies an entity\n"}},"type":"object","required":["extensions","id"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDLPWebRulesFileTypeCategory:getDLPWebRulesFileTypeCategory":{"properties":{"id":{"type":"integer","description":"Identifier that uniquely identifies an entity\n"},"name":{"type":"string","description":"Identifier that uniquely identifies an entity\n"},"parent":{"type":"string","description":"Parent category of the file type\n"}},"type":"object","required":["id","name","parent"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDLPWebRulesGroup:getDLPWebRulesGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional properties for the tenant\n"},"id":{"type":"integer","description":"Identifier that uniquely identifies an entity\n"},"name":{"type":"string","description":"Identifier that uniquely identifies an entity\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDLPWebRulesIncludedDomainProfile:getDLPWebRulesIncludedDomainProfile":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional properties for the tenant\n"},"id":{"type":"integer","description":"Identifier that uniquely identifies an entity\n"},"name":{"type":"string","description":"The name of the workload group\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDLPWebRulesLabel:getDLPWebRulesLabel":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional properties for the tenant\n"},"id":{"type":"integer","description":"Identifier that uniquely identifies an entity\n"},"name":{"type":"string","description":"Identifier that uniquely identifies an entity\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDLPWebRulesLastModifiedBy:getDLPWebRulesLastModifiedBy":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional properties for the tenant\n"},"id":{"type":"integer","description":"Identifier that uniquely identifies an entity\n"},"name":{"type":"string","description":"Identifier that uniquely identifies an entity\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDLPWebRulesLocation:getDLPWebRulesLocation":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional properties for the tenant\n"},"id":{"type":"integer","description":"Identifier that uniquely identifies an entity\n"},"name":{"type":"string","description":"Identifier that uniquely identifies an entity\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDLPWebRulesLocationGroup:getDLPWebRulesLocationGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional properties for the tenant\n"},"id":{"type":"integer","description":"Identifier that uniquely identifies an entity\n"},"name":{"type":"string","description":"Identifier that uniquely identifies an entity\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDLPWebRulesReceiver:getDLPWebRulesReceiver":{"properties":{"id":{"type":"integer","description":"Unique identifier for the receiver\n"},"name":{"type":"string","description":"Name of the receiver\n"},"tenants":{"type":"array","items":{"$ref":"#/types/zia:index/getDLPWebRulesReceiverTenant:getDLPWebRulesReceiverTenant"},"description":"Tenant information for the receiver\n"},"type":{"type":"string","description":"Type of the receiver\n"}},"type":"object","required":["id","name","tenants","type"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDLPWebRulesReceiverTenant:getDLPWebRulesReceiverTenant":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional properties for the tenant\n"},"externalId":{"type":"string","description":"External identifier for the tenant\n"},"id":{"type":"integer","description":"Unique identifier for the tenant\n"},"name":{"type":"string","description":"Name of the tenant\n"}},"type":"object","required":["extensions","externalId","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDLPWebRulesSourceIpGroup:getDLPWebRulesSourceIpGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional properties for the tenant\n"},"id":{"type":"integer","description":"Identifier that uniquely identifies an entity\n"},"name":{"type":"string","description":"Identifier that uniquely identifies an entity\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDLPWebRulesTimeWindow:getDLPWebRulesTimeWindow":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional properties for the tenant\n"},"id":{"type":"integer","description":"Identifier that uniquely identifies an entity\n"},"name":{"type":"string","description":"Identifier that uniquely identifies an entity\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDLPWebRulesUrlCategory:getDLPWebRulesUrlCategory":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional properties for the tenant\n"},"id":{"type":"integer","description":"Identifier that uniquely identifies an entity\n"},"name":{"type":"string","description":"Identifier that uniquely identifies an entity\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDLPWebRulesUser:getDLPWebRulesUser":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional properties for the tenant\n"},"id":{"type":"integer","description":"Identifier that uniquely identifies an entity\n"},"name":{"type":"string","description":"Identifier that uniquely identifies an entity\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDLPWebRulesWorkloadGroup:getDLPWebRulesWorkloadGroup":{"properties":{"description":{"type":"string","description":"The description of the workload group\n"},"id":{"type":"integer","description":"A unique identifier assigned to the workload group\n"},"lastModifiedBies":{"type":"array","items":{"$ref":"#/types/zia:index/getDLPWebRulesWorkloadGroupLastModifiedBy:getDLPWebRulesWorkloadGroupLastModifiedBy"},"description":"The admin that modified the DLP policy rule last.\n"},"lastModifiedTime":{"type":"integer","description":"Timestamp when the DLP policy rule was last modified.\n"},"name":{"type":"string","description":"The name of the workload group\n"}},"type":"object","required":["description","id","lastModifiedBies","lastModifiedTime","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDLPWebRulesWorkloadGroupLastModifiedBy:getDLPWebRulesWorkloadGroupLastModifiedBy":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional properties for the tenant\n"},"id":{"type":"integer"},"name":{"type":"string"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDatacentersDatacenter:getDatacentersDatacenter":{"properties":{"city":{"type":"string","description":"(String) City where the datacenter is located.\n"},"createTime":{"type":"integer","description":"(Integer) Timestamp when the datacenter was created.\n"},"dontProvision":{"type":"boolean","description":"(Boolean) Whether the datacenter should not be provisioned.\n"},"dontPublish":{"type":"boolean","description":"(Boolean) Whether the datacenter should not be published.\n"},"downloadBandwidth":{"type":"integer","description":"(Integer) Download bandwidth in bytes per second.\n"},"forFutureUse":{"type":"boolean","description":"(Boolean) Whether the datacenter is reserved for future use.\n"},"govOnly":{"type":"boolean","description":"(Boolean) Whether this is a government-only datacenter.\n"},"id":{"type":"integer","description":"(Integer) Unique identifier for the datacenter.\n"},"lastModifiedTime":{"type":"integer","description":"(Integer) Timestamp when the datacenter was last modified.\n"},"lat":{"type":"integer","description":"(Integer) Latitude coordinate (legacy field).\n"},"latitude":{"type":"number","description":"(Float) Latitude coordinate.\n"},"longi":{"type":"integer","description":"(Integer) Longitude coordinate (legacy field).\n"},"longitude":{"type":"number","description":"(Float) Longitude coordinate.\n"},"managedBcp":{"type":"boolean","description":"(Boolean) Whether the datacenter is managed by BCP.\n"},"name":{"type":"string","description":"(String) Zscaler data center name.\n"},"notReadyForUse":{"type":"boolean","description":"(Boolean) Whether the datacenter is not ready for use.\n"},"ownedByCustomer":{"type":"boolean","description":"(Boolean) Whether the datacenter is owned by the customer.\n"},"provider":{"type":"string","description":"(String) Provider of the datacenter.\n"},"regionalSurcharge":{"type":"boolean","description":"(Boolean) Whether there is a regional surcharge for this datacenter.\n"},"thirdPartyCloud":{"type":"boolean","description":"(Boolean) Whether this is a third-party cloud datacenter.\n"},"timezone":{"type":"string","description":"(String) Timezone of the datacenter.\n"},"uploadBandwidth":{"type":"integer","description":"(Integer) Upload bandwidth in bytes per second.\n"},"virtual":{"type":"boolean","description":"(Boolean) Whether this is a virtual datacenter.\n"}},"type":"object","required":["city","createTime","dontProvision","dontPublish","downloadBandwidth","forFutureUse","govOnly","id","lastModifiedTime","lat","latitude","longi","longitude","managedBcp","name","notReadyForUse","ownedByCustomer","provider","regionalSurcharge","thirdPartyCloud","timezone","uploadBandwidth","virtual"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDeviceGroupsList:getDeviceGroupsList":{"properties":{"description":{"type":"string","description":"(String) The device group's description.\n"},"deviceCount":{"type":"integer","description":"(int) The number of devices within the group.\n"},"deviceNames":{"type":"string","description":"(String) The names of devices that belong to the device group. The device names are comma-separated.\n"},"groupType":{"type":"string","description":"(String) The device group type. i.e ``ZCC_OS``, ``NON_ZCC``, ``CBI``\n"},"id":{"type":"integer","description":"(String) The unique identifer for the device group.\n"},"name":{"type":"string","description":"The name of the device group to be exported. If not provided, all device groups will be returned.\n"},"osType":{"type":"string","description":"(String) The operating system (OS).\n"},"predefined":{"type":"boolean","description":"(Boolean) Indicates whether this is a predefined device group. If this value is set to true, the group is predefined.\n"}},"type":"object","required":["description","deviceCount","deviceNames","groupType","id","name","osType","predefined"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDlpCloudToCloudIrLastModifiedBy:getDlpCloudToCloudIrLastModifiedBy":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map) Additional properties for the Zscaler app tenant\n"},"externalId":{"type":"string","description":"(String) External identifier for the Zscaler app tenant.\n"},"id":{"type":"integer","description":"(Number) Unique identifier for the Zscaler app tenant.\n"},"name":{"type":"string","description":"(String) Name of the Zscaler app tenant.\n"}},"type":"object","required":["extensions","externalId","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDlpCloudToCloudIrLastValidationMsg:getDlpCloudToCloudIrLastValidationMsg":{"properties":{"errorCode":{"type":"integer","description":"(Number) Error code from validation.\n"},"errorMsg":{"type":"string","description":"(String) Error message from validation.\n"}},"type":"object","required":["errorCode","errorMsg"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDlpCloudToCloudIrOnboardableEntity:getDlpCloudToCloudIrOnboardableEntity":{"properties":{"application":{"type":"string","description":"(String) Application name (e.g., `SLACK`).\n"},"enterpriseTenantId":{"type":"string","description":"(String) Enterprise tenant ID.\n"},"id":{"type":"integer","description":"(Number) Unique identifier for the Zscaler app tenant.\n"},"lastValidationMsgs":{"type":"array","items":{"$ref":"#/types/zia:index/getDlpCloudToCloudIrOnboardableEntityLastValidationMsg:getDlpCloudToCloudIrOnboardableEntityLastValidationMsg"},"description":"(List) Last validation message for the onboardable entity.\n"},"name":{"type":"string","description":"(String) Name of the Zscaler app tenant.\n"},"tenantAuthorizationInfos":{"type":"array","items":{"$ref":"#/types/zia:index/getDlpCloudToCloudIrOnboardableEntityTenantAuthorizationInfo:getDlpCloudToCloudIrOnboardableEntityTenantAuthorizationInfo"},"description":"(List) Tenant authorization information.\n"},"type":{"type":"string","description":"(String) Authorization type (e.g., `SLACK_BOT`).\n"},"zscalerAppTenantIds":{"type":"array","items":{"$ref":"#/types/zia:index/getDlpCloudToCloudIrOnboardableEntityZscalerAppTenantId:getDlpCloudToCloudIrOnboardableEntityZscalerAppTenantId"},"description":"(List) Zscaler app tenant ID information.\n"}},"type":"object","required":["application","enterpriseTenantId","id","lastValidationMsgs","name","tenantAuthorizationInfos","type","zscalerAppTenantIds"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDlpCloudToCloudIrOnboardableEntityLastValidationMsg:getDlpCloudToCloudIrOnboardableEntityLastValidationMsg":{"properties":{"errorCode":{"type":"integer","description":"(Number) Error code from validation.\n"},"errorMsg":{"type":"string","description":"(String) Error message from validation.\n"}},"type":"object","required":["errorCode","errorMsg"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDlpCloudToCloudIrOnboardableEntityTenantAuthorizationInfo:getDlpCloudToCloudIrOnboardableEntityTenantAuthorizationInfo":{"properties":{"accessToken":{"type":"string","description":"(String) Access token for authorization.\n"},"apicp":{"type":"string","description":"(String) API CP configuration.\n"},"botId":{"type":"string","description":"(String) Bot ID for authorization.\n"},"botToken":{"type":"string","description":"(String) Bot token for authorization.\n"},"clientId":{"type":"string","description":"(String) Client ID for authorization.\n"},"clientSecret":{"type":"string","description":"(String) Client secret for authorization.\n"},"cloudTrailBucketName":{"type":"string","description":"(String) Cloud trail bucket name.\n"},"credJson":{"type":"string","description":"(String) Credential JSON.\n"},"credentials":{"type":"string","description":"(String) Credentials for authorization.\n"},"dlpQtnLibName":{"type":"string","description":"(String) DLP quarantine library name.\n"},"enterpriseId":{"type":"string","description":"(String) Enterprise identifier.\n"},"env":{"type":"string","description":"(String) Environment (e.g., `SALESFORCE_PRODUCTION`).\n"},"externalId":{"type":"string","description":"(String) External identifier for the Zscaler app tenant.\n"},"featuresSupporteds":{"type":"array","items":{"type":"string"},"description":"(List of String) Supported features (e.g., `CASB`).\n"},"instanceUrl":{"type":"string","description":"(String) Instance URL for the tenant.\n"},"malQtnLibName":{"type":"string","description":"(String) Malware quarantine library name.\n"},"orgApiKey":{"type":"string","description":"(String) Organization API key.\n"},"organizationId":{"type":"string","description":"(String) Organization identifier.\n"},"qtnChannelUrl":{"type":"string","description":"(String) Quarantine channel URL.\n"},"qtnInfoCleared":{"type":"boolean","description":"(Boolean) Whether quarantine information is cleared.\n"},"qtnInfos":{"type":"array","items":{"$ref":"#/types/zia:index/getDlpCloudToCloudIrOnboardableEntityTenantAuthorizationInfoQtnInfo:getDlpCloudToCloudIrOnboardableEntityTenantAuthorizationInfoQtnInfo"},"description":"(List) Quarantine information.\n"},"quarantineBucketName":{"type":"string","description":"(String) Quarantine bucket name.\n"},"redirectUrl":{"type":"string","description":"(String) Redirect URL for authorization.\n"},"restApiEndpoint":{"type":"string","description":"(String) REST API endpoint.\n"},"role":{"type":"string","description":"(String) Role for authorization (e.g., `READ`).\n"},"roleArn":{"type":"string","description":"(String) Role ARN for authorization.\n"},"secretToken":{"type":"string","description":"(String) Secret token for authorization.\n"},"smirBucketConfigs":{"type":"array","items":{"$ref":"#/types/zia:index/getDlpCloudToCloudIrOnboardableEntityTenantAuthorizationInfoSmirBucketConfig:getDlpCloudToCloudIrOnboardableEntityTenantAuthorizationInfoSmirBucketConfig"},"description":"(List) SMIR bucket configuration.\n"},"subdomain":{"type":"string","description":"(String) Subdomain for the tenant.\n"},"tempAuthCode":{"type":"string","description":"(String) Temporary authorization code.\n"},"tokenEndpoint":{"type":"string","description":"(String) Token endpoint for authorization.\n"},"type":{"type":"string","description":"(String) Authorization type (e.g., `SLACK_BOT`).\n"},"userName":{"type":"string","description":"(String) Username for authorization.\n"},"userPwd":{"type":"string","description":"(String) User password for authorization.\n"},"workspaceId":{"type":"string","description":"(String) Workspace identifier.\n"},"workspaceName":{"type":"string","description":"(String) Workspace name.\n"}},"type":"object","required":["accessToken","apicp","botId","botToken","clientId","clientSecret","cloudTrailBucketName","credJson","credentials","dlpQtnLibName","enterpriseId","env","externalId","featuresSupporteds","instanceUrl","malQtnLibName","orgApiKey","organizationId","qtnChannelUrl","qtnInfos","qtnInfoCleared","quarantineBucketName","redirectUrl","restApiEndpoint","role","roleArn","secretToken","smirBucketConfigs","subdomain","tempAuthCode","tokenEndpoint","type","userName","userPwd","workspaceId","workspaceName"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDlpCloudToCloudIrOnboardableEntityTenantAuthorizationInfoQtnInfo:getDlpCloudToCloudIrOnboardableEntityTenantAuthorizationInfoQtnInfo":{"properties":{"adminId":{"type":"string","description":"(String) Administrator identifier.\n"},"modTime":{"type":"integer","description":"(Number) Modification time.\n"},"qtnFolderPath":{"type":"string","description":"(String) Quarantine folder path.\n"}},"type":"object","required":["adminId","modTime","qtnFolderPath"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDlpCloudToCloudIrOnboardableEntityTenantAuthorizationInfoSmirBucketConfig:getDlpCloudToCloudIrOnboardableEntityTenantAuthorizationInfoSmirBucketConfig":{"properties":{"configName":{"type":"string","description":"(String) Configuration name for the bucket.\n"},"dataBucketName":{"type":"string","description":"(String) Data bucket name URL.\n"},"id":{"type":"integer","description":"(Number) Unique identifier for the Zscaler app tenant.\n"},"metadataBucketName":{"type":"string","description":"(String) Metadata bucket name URL.\n"}},"type":"object","required":["configName","dataBucketName","id","metadataBucketName"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getDlpCloudToCloudIrOnboardableEntityZscalerAppTenantId:getDlpCloudToCloudIrOnboardableEntityZscalerAppTenantId":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map) Additional properties for the Zscaler app tenant\n"},"externalId":{"type":"string","description":"(String) External identifier for the Zscaler app tenant.\n"},"id":{"type":"integer","description":"(Number) Unique identifier for the Zscaler app tenant.\n"},"name":{"type":"string","description":"(String) Name of the Zscaler app tenant.\n"}},"type":"object","required":["extensions","externalId","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getExtranetExtranetDnsList:getExtranetExtranetDnsList":{"properties":{"id":{"type":"integer","description":"(Integer) The ID generated for the IP pool configuration.\n"},"name":{"type":"string","description":"(String) The name of the IP pool.\n"},"primaryDnsServer":{"type":"string","description":"(String) The IP address of the primary DNS server.\n"},"secondaryDnsServer":{"type":"string","description":"(String) The IP address of the secondary DNS server.\n"},"useAsDefault":{"type":"boolean","description":"(Boolean) Whether this IP pool is the designated default.\n"}},"type":"object","required":["id","name","primaryDnsServer","secondaryDnsServer","useAsDefault"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getExtranetExtranetIpPoolList:getExtranetExtranetIpPoolList":{"properties":{"id":{"type":"integer","description":"(Integer) The ID generated for the IP pool configuration.\n"},"ipEnd":{"type":"string","description":"(String) The ending IP address of the pool.\n"},"ipStart":{"type":"string","description":"(String) The starting IP address of the pool.\n"},"name":{"type":"string","description":"(String) The name of the IP pool.\n"},"useAsDefault":{"type":"boolean","description":"(Boolean) Whether this IP pool is the designated default.\n"}},"type":"object","required":["id","ipEnd","ipStart","name","useAsDefault"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFileTypeCategoriesCategory:getFileTypeCategoriesCategory":{"properties":{"id":{"type":"integer","description":"(Integer) File type category ID\n"},"name":{"type":"string","description":"(String) File type category name\n"},"parent":{"type":"string","description":"(String) Parent category of the file type\n"}},"type":"object","required":["id","name","parent"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFileTypeControlRulesDepartment:getFileTypeControlRulesDepartment":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional information about the entity\n"},"id":{"type":"integer","description":"A unique identifier for an entity\n"},"name":{"type":"string","description":"The configured name of the entity\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFileTypeControlRulesDevice:getFileTypeControlRulesDevice":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional information about the entity\n"},"id":{"type":"integer","description":"A unique identifier for an entity\n"},"name":{"type":"string","description":"The configured name of the entity\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFileTypeControlRulesDeviceGroup:getFileTypeControlRulesDeviceGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional information about the entity\n"},"id":{"type":"integer","description":"A unique identifier for an entity\n"},"name":{"type":"string","description":"The configured name of the entity\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFileTypeControlRulesGroup:getFileTypeControlRulesGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional information about the entity\n"},"id":{"type":"integer","description":"A unique identifier for an entity\n"},"name":{"type":"string","description":"The configured name of the entity\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFileTypeControlRulesLabel:getFileTypeControlRulesLabel":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional information about the entity\n"},"id":{"type":"integer","description":"A unique identifier for an entity\n"},"name":{"type":"string","description":"The configured name of the entity\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFileTypeControlRulesLastModifiedBy:getFileTypeControlRulesLastModifiedBy":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional information about the entity\n"},"id":{"type":"integer","description":"A unique identifier for an entity\n"},"name":{"type":"string","description":"The configured name of the entity\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFileTypeControlRulesLocation:getFileTypeControlRulesLocation":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional information about the entity\n"},"id":{"type":"integer","description":"A unique identifier for an entity\n"},"name":{"type":"string","description":"The configured name of the entity\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFileTypeControlRulesLocationGroup:getFileTypeControlRulesLocationGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional information about the entity\n"},"id":{"type":"integer","description":"A unique identifier for an entity\n"},"name":{"type":"string","description":"The configured name of the entity\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFileTypeControlRulesTimeWindow:getFileTypeControlRulesTimeWindow":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional information about the entity\n"},"id":{"type":"integer","description":"A unique identifier for an entity\n"},"name":{"type":"string","description":"The configured name of the entity\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFileTypeControlRulesUser:getFileTypeControlRulesUser":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional information about the entity\n"},"id":{"type":"integer","description":"A unique identifier for an entity\n"},"name":{"type":"string","description":"The configured name of the entity\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFileTypeControlRulesZpaAppSegment:getFileTypeControlRulesZpaAppSegment":{"properties":{"externalId":{"type":"string","description":"Indicates the external ID. Applicable only when this reference is of an external entity.\n"},"id":{"type":"integer","description":"A unique identifier assigned to the Application Segment\n"},"name":{"type":"string","description":"The name of the Application Segment\n"}},"type":"object","required":["externalId","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallDNSRulesApplicationGroup:getFirewallDNSRulesApplicationGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallDNSRulesDepartment:getFirewallDNSRulesDepartment":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallDNSRulesDestIpGroup:getFirewallDNSRulesDestIpGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallDNSRulesDestIpv6Group:getFirewallDNSRulesDestIpv6Group":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallDNSRulesDevice:getFirewallDNSRulesDevice":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallDNSRulesDeviceGroup:getFirewallDNSRulesDeviceGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallDNSRulesGroup:getFirewallDNSRulesGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallDNSRulesLabel:getFirewallDNSRulesLabel":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallDNSRulesLastModifiedBy:getFirewallDNSRulesLastModifiedBy":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallDNSRulesLocation:getFirewallDNSRulesLocation":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallDNSRulesLocationGroup:getFirewallDNSRulesLocationGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallDNSRulesSrcIpGroup:getFirewallDNSRulesSrcIpGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallDNSRulesSrcIpv6Group:getFirewallDNSRulesSrcIpv6Group":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallDNSRulesTimeWindow:getFirewallDNSRulesTimeWindow":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallDNSRulesUser:getFirewallDNSRulesUser":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallFilteringNetworkServiceGroupsService:getFirewallFilteringNetworkServiceGroupsService":{"properties":{"description":{"type":"string","description":"(String)\n"},"id":{"type":"integer","description":"The ID of the ip source group to be exported.\n"},"isNameL10nTag":{"type":"boolean","description":"(Bool) - Default: false\n"},"name":{"type":"string","description":"The name of the ip source group to be exported.\n"}},"type":"object","required":["description","id","isNameL10nTag"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallFilteringNetworkServicesDestTcpPort:getFirewallFilteringNetworkServicesDestTcpPort":{"properties":{"end":{"type":"integer","description":"(Number)\n"},"start":{"type":"integer","description":"(Number)\n"}},"type":"object","required":["end","start"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallFilteringNetworkServicesDestUdpPort:getFirewallFilteringNetworkServicesDestUdpPort":{"properties":{"end":{"type":"integer","description":"(Number)\n"},"start":{"type":"integer","description":"(Number)\n"}},"type":"object","required":["end","start"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallFilteringNetworkServicesSrcTcpPort:getFirewallFilteringNetworkServicesSrcTcpPort":{"properties":{"end":{"type":"integer","description":"(Number)\n"},"start":{"type":"integer","description":"(Number)\n"}},"type":"object","required":["end","start"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallFilteringNetworkServicesSrcUdpPort:getFirewallFilteringNetworkServicesSrcUdpPort":{"properties":{"end":{"type":"integer","description":"(Number)\n"},"start":{"type":"integer","description":"(Number)\n"}},"type":"object","required":["end","start"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallFilteringRuleAppService:getFirewallFilteringRuleAppService":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallFilteringRuleAppServiceGroup:getFirewallFilteringRuleAppServiceGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallFilteringRuleDepartment:getFirewallFilteringRuleDepartment":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallFilteringRuleDestIpGroup:getFirewallFilteringRuleDestIpGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallFilteringRuleDevice:getFirewallFilteringRuleDevice":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallFilteringRuleDeviceGroup:getFirewallFilteringRuleDeviceGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallFilteringRuleGroup:getFirewallFilteringRuleGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallFilteringRuleLabel:getFirewallFilteringRuleLabel":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallFilteringRuleLastModifiedBy:getFirewallFilteringRuleLastModifiedBy":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallFilteringRuleLocation:getFirewallFilteringRuleLocation":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallFilteringRuleLocationGroup:getFirewallFilteringRuleLocationGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallFilteringRuleNwApplicationGroup:getFirewallFilteringRuleNwApplicationGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallFilteringRuleNwService:getFirewallFilteringRuleNwService":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallFilteringRuleNwServiceGroup:getFirewallFilteringRuleNwServiceGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallFilteringRuleSrcIpGroup:getFirewallFilteringRuleSrcIpGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallFilteringRuleTimeWindow:getFirewallFilteringRuleTimeWindow":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallFilteringRuleUser:getFirewallFilteringRuleUser":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallFilteringRuleWorkloadGroup:getFirewallFilteringRuleWorkloadGroup":{"properties":{"description":{"type":"string","description":"(Optional) Enter additional notes or information. The description cannot exceed 10,240 characters.\n"},"expression":{"type":"string","description":"The description of the workload group\n"},"expressionJsons":{"type":"array","items":{"$ref":"#/types/zia:index/getFirewallFilteringRuleWorkloadGroupExpressionJson:getFirewallFilteringRuleWorkloadGroupExpressionJson"}},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"lastModifiedBies":{"type":"array","items":{"$ref":"#/types/zia:index/getFirewallFilteringRuleWorkloadGroupLastModifiedBy:getFirewallFilteringRuleWorkloadGroupLastModifiedBy"}},"lastModifiedTime":{"type":"integer","description":"(Number)\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["description","expression","expressionJsons","id","lastModifiedBies","lastModifiedTime","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallFilteringRuleWorkloadGroupExpressionJson:getFirewallFilteringRuleWorkloadGroupExpressionJson":{"properties":{"expressionContainers":{"type":"array","items":{"$ref":"#/types/zia:index/getFirewallFilteringRuleWorkloadGroupExpressionJsonExpressionContainer:getFirewallFilteringRuleWorkloadGroupExpressionJsonExpressionContainer"}}},"type":"object","required":["expressionContainers"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallFilteringRuleWorkloadGroupExpressionJsonExpressionContainer:getFirewallFilteringRuleWorkloadGroupExpressionJsonExpressionContainer":{"properties":{"operator":{"type":"string"},"tagContainers":{"type":"array","items":{"$ref":"#/types/zia:index/getFirewallFilteringRuleWorkloadGroupExpressionJsonExpressionContainerTagContainer:getFirewallFilteringRuleWorkloadGroupExpressionJsonExpressionContainerTagContainer"}},"tagType":{"type":"string"}},"type":"object","required":["operator","tagContainers","tagType"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallFilteringRuleWorkloadGroupExpressionJsonExpressionContainerTagContainer:getFirewallFilteringRuleWorkloadGroupExpressionJsonExpressionContainerTagContainer":{"properties":{"operator":{"type":"string"},"tags":{"type":"array","items":{"$ref":"#/types/zia:index/getFirewallFilteringRuleWorkloadGroupExpressionJsonExpressionContainerTagContainerTag:getFirewallFilteringRuleWorkloadGroupExpressionJsonExpressionContainerTagContainerTag"}}},"type":"object","required":["operator","tags"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallFilteringRuleWorkloadGroupExpressionJsonExpressionContainerTagContainerTag:getFirewallFilteringRuleWorkloadGroupExpressionJsonExpressionContainerTagContainerTag":{"properties":{"key":{"type":"string"},"value":{"type":"string"}},"type":"object","required":["key","value"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallFilteringRuleWorkloadGroupLastModifiedBy:getFirewallFilteringRuleWorkloadGroupLastModifiedBy":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getFirewallFilteringRuleZpaAppSegment:getFirewallFilteringRuleZpaAppSegment":{"properties":{"externalId":{"type":"string","description":"Indicates the external ID. Applicable only when this reference is of an external entity.\n"},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["externalId","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getForwardingControlProxiesCert:getForwardingControlProxiesCert":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"externalId":{"type":"string","description":"The configured name of the entity\n"},"id":{"type":"integer","description":"Unique identifier for the third-party proxy services\n"},"name":{"type":"string","description":"Proxy name for the third-party proxy services\n"}},"type":"object","required":["extensions","externalId","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getForwardingControlProxiesLastModifiedBy:getForwardingControlProxiesLastModifiedBy":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"externalId":{"type":"string","description":"The configured name of the entity\n"},"id":{"type":"integer","description":"Unique identifier for the third-party proxy services\n"},"name":{"type":"string","description":"Proxy name for the third-party proxy services\n"}},"type":"object","required":["extensions","externalId","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getForwardingControlProxyGatewayLastModifiedBy:getForwardingControlProxyGatewayLastModifiedBy":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"The ID of the forwarding control Proxy Gateway resource.\n"},"name":{"type":"string","description":"The name of the forwarding control Proxy Gateway to be exported.\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getForwardingControlProxyGatewayPrimaryProxy:getForwardingControlProxyGatewayPrimaryProxy":{"properties":{"id":{"type":"integer","description":"The ID of the forwarding control Proxy Gateway resource.\n"},"name":{"type":"string","description":"The name of the forwarding control Proxy Gateway to be exported.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getForwardingControlProxyGatewaySecondaryProxy:getForwardingControlProxyGatewaySecondaryProxy":{"properties":{"id":{"type":"integer","description":"The ID of the forwarding control Proxy Gateway resource.\n"},"name":{"type":"string","description":"The name of the forwarding control Proxy Gateway to be exported.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getForwardingControlRuleDepartment:getForwardingControlRuleDepartment":{"properties":{"id":{"type":"integer","description":"A unique identifier assigned to the forwarding rule.\n"},"name":{"type":"string","description":"The name of the forwarding rule.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getForwardingControlRuleDestIpGroup:getForwardingControlRuleDestIpGroup":{"properties":{"id":{"type":"integer","description":"A unique identifier assigned to the forwarding rule.\n"},"name":{"type":"string","description":"The name of the forwarding rule.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getForwardingControlRuleDestIpv6Group:getForwardingControlRuleDestIpv6Group":{"properties":{"id":{"type":"integer","description":"A unique identifier assigned to the forwarding rule.\n"},"name":{"type":"string","description":"The name of the forwarding rule.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getForwardingControlRuleDevice:getForwardingControlRuleDevice":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"A unique identifier assigned to the forwarding rule.\n"},"name":{"type":"string","description":"The name of the forwarding rule.\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getForwardingControlRuleDeviceGroup:getForwardingControlRuleDeviceGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"A unique identifier assigned to the forwarding rule.\n"},"name":{"type":"string","description":"The name of the forwarding rule.\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getForwardingControlRuleEcGroup:getForwardingControlRuleEcGroup":{"properties":{"id":{"type":"integer","description":"A unique identifier assigned to the forwarding rule.\n"},"name":{"type":"string","description":"The name of the forwarding rule.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getForwardingControlRuleGroup:getForwardingControlRuleGroup":{"properties":{"id":{"type":"integer","description":"A unique identifier assigned to the forwarding rule.\n"},"name":{"type":"string","description":"The name of the forwarding rule.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getForwardingControlRuleLabel:getForwardingControlRuleLabel":{"properties":{"id":{"type":"integer","description":"A unique identifier assigned to the forwarding rule.\n"},"name":{"type":"string","description":"The name of the forwarding rule.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getForwardingControlRuleLocation:getForwardingControlRuleLocation":{"properties":{"id":{"type":"integer","description":"A unique identifier assigned to the forwarding rule.\n"},"name":{"type":"string","description":"The name of the forwarding rule.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getForwardingControlRuleLocationGroup:getForwardingControlRuleLocationGroup":{"properties":{"id":{"type":"integer","description":"A unique identifier assigned to the forwarding rule.\n"},"name":{"type":"string","description":"The name of the forwarding rule.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getForwardingControlRuleNwApplicationGroup:getForwardingControlRuleNwApplicationGroup":{"properties":{"id":{"type":"integer","description":"A unique identifier assigned to the forwarding rule.\n"},"name":{"type":"string","description":"The name of the forwarding rule.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getForwardingControlRuleNwService:getForwardingControlRuleNwService":{"properties":{"id":{"type":"integer","description":"A unique identifier assigned to the forwarding rule.\n"},"name":{"type":"string","description":"The name of the forwarding rule.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getForwardingControlRuleNwServiceGroup:getForwardingControlRuleNwServiceGroup":{"properties":{"id":{"type":"integer","description":"A unique identifier assigned to the forwarding rule.\n"},"name":{"type":"string","description":"The name of the forwarding rule.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getForwardingControlRuleProxyGateway:getForwardingControlRuleProxyGateway":{"properties":{"id":{"type":"integer","description":"A unique identifier assigned to the forwarding rule.\n"},"name":{"type":"string","description":"The name of the forwarding rule.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getForwardingControlRuleSrcIpGroup:getForwardingControlRuleSrcIpGroup":{"properties":{"id":{"type":"integer","description":"A unique identifier assigned to the forwarding rule.\n"},"name":{"type":"string","description":"The name of the forwarding rule.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getForwardingControlRuleSrcIpv6Group:getForwardingControlRuleSrcIpv6Group":{"properties":{"id":{"type":"integer","description":"A unique identifier assigned to the forwarding rule.\n"},"name":{"type":"string","description":"The name of the forwarding rule.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getForwardingControlRuleUser:getForwardingControlRuleUser":{"properties":{"id":{"type":"integer","description":"A unique identifier assigned to the forwarding rule.\n"},"name":{"type":"string","description":"The name of the forwarding rule.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getForwardingControlRuleZpaAppSegment:getForwardingControlRuleZpaAppSegment":{"properties":{"externalId":{"type":"string","description":"(int) Identifier that uniquely identifies an entity\n"},"id":{"type":"integer","description":"A unique identifier assigned to the forwarding rule.\n"},"name":{"type":"string","description":"The name of the forwarding rule.\n"}},"type":"object","required":["externalId","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getForwardingControlRuleZpaApplicationSegment:getForwardingControlRuleZpaApplicationSegment":{"properties":{"ddescription":{"type":"string","description":"Additional information about the Application Segment\n"},"deleted":{"type":"boolean","description":"ID of the ZPA tenant where the Application Segment is configured\n"},"id":{"type":"integer","description":"A unique identifier assigned to the forwarding rule.\n"},"name":{"type":"string","description":"The name of the forwarding rule.\n"},"zpaId":{"type":"integer","description":"ID of the ZPA tenant where the Application Segment is configured\n"}},"type":"object","required":["ddescription","deleted","id","name","zpaId"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getForwardingControlRuleZpaApplicationSegmentGroup:getForwardingControlRuleZpaApplicationSegmentGroup":{"properties":{"deleted":{"type":"boolean","description":"Indicates whether the ZPA Application Segment Group has been deleted\n"},"id":{"type":"integer","description":"A unique identifier assigned to the forwarding rule.\n"},"name":{"type":"string","description":"The name of the forwarding rule.\n"},"zpaAppSegmentsCount":{"type":"integer","description":"The number of ZPA Application Segments in the group\n"},"zpaId":{"type":"integer","description":"Indicates the external ID. Applicable only when this reference is of an external entity.\n"}},"type":"object","required":["deleted","id","name","zpaAppSegmentsCount","zpaId"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getForwardingControlRuleZpaGateway:getForwardingControlRuleZpaGateway":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"A unique identifier assigned to the forwarding rule.\n"},"name":{"type":"string","description":"The name of the forwarding rule.\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getForwardingControlZPAGatewayLastModifiedBy:getForwardingControlZPAGatewayLastModifiedBy":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"The ID of the forwarding control ZPA Gateway resource.\n"},"name":{"type":"string","description":"The name of the forwarding control ZPA Gateway to be exported.\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getForwardingControlZPAGatewayZpaAppSegment:getForwardingControlZPAGatewayZpaAppSegment":{"properties":{"externalId":{"type":"string","description":"(string) An external identifier used for an entity that is managed outside of ZIA. Examples include zpaServerGroup and zpaAppSegments. This field is not applicable to ZIA-managed entities.\n"},"name":{"type":"string","description":"The name of the forwarding control ZPA Gateway to be exported.\n"}},"type":"object","required":["externalId","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getForwardingControlZPAGatewayZpaServerGroup:getForwardingControlZPAGatewayZpaServerGroup":{"properties":{"externalId":{"type":"string","description":"(string) An external identifier used for an entity that is managed outside of ZIA. Examples include zpaServerGroup and zpaAppSegments. This field is not applicable to ZIA-managed entities.\n"},"name":{"type":"string","description":"The name of the forwarding control ZPA Gateway to be exported.\n"}},"type":"object","required":["externalId","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getForwardingProxyGatewayLastModifiedBy:getForwardingProxyGatewayLastModifiedBy":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"The ID of the forwarding control Proxy Gateway resource.\n"},"name":{"type":"string","description":"The name of the forwarding control Proxy Gateway to be exported.\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getForwardingProxyGatewayPrimaryProxy:getForwardingProxyGatewayPrimaryProxy":{"properties":{"id":{"type":"integer","description":"The ID of the forwarding control Proxy Gateway resource.\n"},"name":{"type":"string","description":"The name of the forwarding control Proxy Gateway to be exported.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getForwardingProxyGatewaySecondaryProxy:getForwardingProxyGatewaySecondaryProxy":{"properties":{"id":{"type":"integer","description":"The ID of the forwarding control Proxy Gateway resource.\n"},"name":{"type":"string","description":"The name of the forwarding control Proxy Gateway to be exported.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getIPSFirewallRuleDepartment:getIPSFirewallRuleDepartment":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getIPSFirewallRuleDestIpGroup:getIPSFirewallRuleDestIpGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getIPSFirewallRuleDestIpv6Group:getIPSFirewallRuleDestIpv6Group":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getIPSFirewallRuleDevice:getIPSFirewallRuleDevice":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getIPSFirewallRuleDeviceGroup:getIPSFirewallRuleDeviceGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getIPSFirewallRuleGroup:getIPSFirewallRuleGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getIPSFirewallRuleLabel:getIPSFirewallRuleLabel":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getIPSFirewallRuleLastModifiedBy:getIPSFirewallRuleLastModifiedBy":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getIPSFirewallRuleLocation:getIPSFirewallRuleLocation":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getIPSFirewallRuleLocationGroup:getIPSFirewallRuleLocationGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getIPSFirewallRuleNwService:getIPSFirewallRuleNwService":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getIPSFirewallRuleNwServiceGroup:getIPSFirewallRuleNwServiceGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getIPSFirewallRuleSrcIpGroup:getIPSFirewallRuleSrcIpGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getIPSFirewallRuleSrcIpv6Group:getIPSFirewallRuleSrcIpv6Group":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getIPSFirewallRuleThreatCategory:getIPSFirewallRuleThreatCategory":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getIPSFirewallRuleTimeWindow:getIPSFirewallRuleTimeWindow":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getIPSFirewallRuleUser:getIPSFirewallRuleUser":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getIPSFirewallRuleZpaAppSegment:getIPSFirewallRuleZpaAppSegment":{"properties":{"externalId":{"type":"string","description":"Indicates the external ID. Applicable only when this reference is of an external entity.\n"},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object","required":["externalId","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getLocationGroupsDynamicLocationGroupCriteria:getLocationGroupsDynamicLocationGroupCriteria":{"properties":{"cities":{"type":"array","items":{"$ref":"#/types/zia:index/getLocationGroupsDynamicLocationGroupCriteriaCity:getLocationGroupsDynamicLocationGroupCriteriaCity"},"description":"(Block List)\n"},"countries":{"type":"array","items":{"type":"string"},"description":"(List of String) One or more countries from a predefined set\n"},"enableBandwidthControl":{"type":"boolean","description":"(Boolean) Enable Bandwidth Control. When set to true, Bandwidth Control is enabled for the location.\n"},"enableCaution":{"type":"boolean","description":"(Boolean) Enable Caution. When set to true, a caution notifcation is enabled for the location.\n"},"enableXffForwarding":{"type":"boolean","description":"(Boolean) Enable `XFF` Forwarding. When set to true, traffic is passed to Zscaler Cloud via the X-Forwarded-For (XFF) header.\n"},"enforceAup":{"type":"boolean","description":"(Boolean) Enable AUP. When set to true, AUP is enabled for the location.\n"},"enforceAuthentication":{"type":"boolean","description":"(Boolean) Enforce Authentication. Required when ports are enabled, IP Surrogate is enabled, or Kerberos Authentication is enabled.\n"},"enforceFirewallControl":{"type":"boolean","description":"(Boolean) Enable Firewall. When set to true, Firewall is enabled for the location.\n"},"managedBies":{"type":"array","items":{"$ref":"#/types/zia:index/getLocationGroupsDynamicLocationGroupCriteriaManagedBy:getLocationGroupsDynamicLocationGroupCriteriaManagedBy"},"description":"(Block List)\n"},"names":{"type":"array","items":{"$ref":"#/types/zia:index/getLocationGroupsDynamicLocationGroupCriteriaName:getLocationGroupsDynamicLocationGroupCriteriaName"},"description":"Location group name\n"},"profiles":{"type":"array","items":{"type":"string"},"description":"(List of String) One or more location profiles from a predefined set\n"}},"type":"object","required":["enableBandwidthControl","enableCaution","enableXffForwarding","enforceAup","enforceAuthentication","enforceFirewallControl","managedBies"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getLocationGroupsDynamicLocationGroupCriteriaCity:getLocationGroupsDynamicLocationGroupCriteriaCity":{"properties":{"matchString":{"type":"string","description":"(String) String value to be matched or partially matched\n"},"matchType":{"type":"string","description":"(String) Operator that performs match action\n"}},"type":"object"},"zia:index/getLocationGroupsDynamicLocationGroupCriteriaManagedBy:getLocationGroupsDynamicLocationGroupCriteriaManagedBy":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"Unique identifier for the location group\n"},"name":{"type":"string","description":"Location group name\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getLocationGroupsDynamicLocationGroupCriteriaName:getLocationGroupsDynamicLocationGroupCriteriaName":{"properties":{"matchString":{"type":"string","description":"(String) String value to be matched or partially matched\n"},"matchType":{"type":"string","description":"(String) Operator that performs match action\n"}},"type":"object"},"zia:index/getLocationGroupsLastModUser:getLocationGroupsLastModUser":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"Unique identifier for the location group\n"},"name":{"type":"string","description":"Location group name\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getLocationGroupsLocation:getLocationGroupsLocation":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"Unique identifier for the location group\n"},"name":{"type":"string","description":"Location group name\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getLocationManagementExtranet:getLocationManagementExtranet":{"properties":{"id":{"type":"integer","description":"The ID of the location to be exported.\n"}},"type":"object","required":["id"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getLocationManagementExtranetDn:getLocationManagementExtranetDn":{"properties":{"id":{"type":"integer","description":"The ID of the location to be exported.\n"}},"type":"object","required":["id"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getLocationManagementExtranetIpPool:getLocationManagementExtranetIpPool":{"properties":{"id":{"type":"integer","description":"The ID of the location to be exported.\n"}},"type":"object","required":["id"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getLocationManagementVpnCredential:getLocationManagementVpnCredential":{"properties":{"comments":{"type":"string","description":"(String) Additional information about this VPN credential.\nAdditional information about this VPN credential.\n"},"fqdn":{"type":"string","description":"(String) Fully Qualified Domain Name. Applicable only to `UFQDN` or `XAUTH` (or `HOSTED_MOBILE_USERS`) auth type.\n"},"id":{"type":"integer","description":"The ID of the location to be exported.\n"},"locations":{"type":"array","items":{"$ref":"#/types/zia:index/getLocationManagementVpnCredentialLocation:getLocationManagementVpnCredentialLocation"},"description":"(List of Object)\n"},"managedBies":{"type":"array","items":{"$ref":"#/types/zia:index/getLocationManagementVpnCredentialManagedBy:getLocationManagementVpnCredentialManagedBy"},"description":"(List of Object)\n"},"preSharedKey":{"type":"string","description":"(String) Pre-shared key. This is a required field for `UFQDN` and IP auth type.\n","secret":true},"type":{"type":"string","description":"(String) VPN authentication type (i.e., how the VPN credential is sent to the server). It is not modifiable after VpnCredential is created.\n"}},"type":"object","required":["comments","fqdn","id","locations","managedBies","preSharedKey","type"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getLocationManagementVpnCredentialLocation:getLocationManagementVpnCredentialLocation":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"The ID of the location to be exported.\n"},"name":{"type":"string","description":"The name of the location to be exported.\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getLocationManagementVpnCredentialManagedBy:getLocationManagementVpnCredentialManagedBy":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"The ID of the location to be exported.\n"},"name":{"type":"string","description":"The name of the location to be exported.\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getNatControlRulesDepartment:getNatControlRulesDepartment":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"A unique identifier assigned to the forwarding rule.\n"},"name":{"type":"string","description":"The name of the forwarding rule.\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getNatControlRulesDestIpGroup:getNatControlRulesDestIpGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"A unique identifier assigned to the forwarding rule.\n"},"name":{"type":"string","description":"The name of the forwarding rule.\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getNatControlRulesDestIpv6Group:getNatControlRulesDestIpv6Group":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"A unique identifier assigned to the forwarding rule.\n"},"name":{"type":"string","description":"The name of the forwarding rule.\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getNatControlRulesDevice:getNatControlRulesDevice":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"A unique identifier assigned to the forwarding rule.\n"},"name":{"type":"string","description":"The name of the forwarding rule.\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getNatControlRulesDeviceGroup:getNatControlRulesDeviceGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"A unique identifier assigned to the forwarding rule.\n"},"name":{"type":"string","description":"The name of the forwarding rule.\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getNatControlRulesGroup:getNatControlRulesGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"A unique identifier assigned to the forwarding rule.\n"},"name":{"type":"string","description":"The name of the forwarding rule.\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getNatControlRulesLabel:getNatControlRulesLabel":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"A unique identifier assigned to the forwarding rule.\n"},"name":{"type":"string","description":"The name of the forwarding rule.\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getNatControlRulesLastModifiedBy:getNatControlRulesLastModifiedBy":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"A unique identifier assigned to the forwarding rule.\n"},"name":{"type":"string","description":"The name of the forwarding rule.\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getNatControlRulesLocation:getNatControlRulesLocation":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"A unique identifier assigned to the forwarding rule.\n"},"name":{"type":"string","description":"The name of the forwarding rule.\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getNatControlRulesLocationGroup:getNatControlRulesLocationGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"A unique identifier assigned to the forwarding rule.\n"},"name":{"type":"string","description":"The name of the forwarding rule.\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getNatControlRulesNwService:getNatControlRulesNwService":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"A unique identifier assigned to the forwarding rule.\n"},"name":{"type":"string","description":"The name of the forwarding rule.\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getNatControlRulesNwServiceGroup:getNatControlRulesNwServiceGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"A unique identifier assigned to the forwarding rule.\n"},"name":{"type":"string","description":"The name of the forwarding rule.\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getNatControlRulesSrcIpGroup:getNatControlRulesSrcIpGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"A unique identifier assigned to the forwarding rule.\n"},"name":{"type":"string","description":"The name of the forwarding rule.\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getNatControlRulesSrcIpv6Group:getNatControlRulesSrcIpv6Group":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"A unique identifier assigned to the forwarding rule.\n"},"name":{"type":"string","description":"The name of the forwarding rule.\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getNatControlRulesTimeWindow:getNatControlRulesTimeWindow":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"A unique identifier assigned to the forwarding rule.\n"},"name":{"type":"string","description":"The name of the forwarding rule.\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getNatControlRulesUser:getNatControlRulesUser":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"A unique identifier assigned to the forwarding rule.\n"},"name":{"type":"string","description":"The name of the forwarding rule.\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getRiskProfilesCustomTag:getRiskProfilesCustomTag":{"properties":{"id":{"type":"integer","description":"Unique identifier for the risk profile.\n"},"name":{"type":"string","description":"Cloud application risk profile name.\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getRiskProfilesLastModifiedBy:getRiskProfilesLastModifiedBy":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"Unique identifier for the risk profile.\n"},"name":{"type":"string","description":"Cloud application risk profile name.\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getRuleLabelsCreatedBy:getRuleLabelsCreatedBy":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"The unique identifer for the rule label.\n"},"name":{"type":"string","description":"The name of the rule label to be exported.\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getRuleLabelsLastModifiedBy:getRuleLabelsLastModifiedBy":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"integer","description":"The unique identifer for the rule label.\n"},"name":{"type":"string","description":"The name of the rule label to be exported.\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSSLInspectionRulesAction:getSSLInspectionRulesAction":{"properties":{"decryptSubActions":{"type":"array","items":{"$ref":"#/types/zia:index/getSSLInspectionRulesActionDecryptSubAction:getSSLInspectionRulesActionDecryptSubAction"}},"doNotDecryptSubActions":{"type":"array","items":{"$ref":"#/types/zia:index/getSSLInspectionRulesActionDoNotDecryptSubAction:getSSLInspectionRulesActionDoNotDecryptSubAction"},"description":"Action taken when bypassing SSL intercept\n"},"overrideDefaultCertificate":{"type":"boolean","description":"Whether to override the default SSL interception certificate.\n"},"showEun":{"type":"boolean","description":"Whether to show End User Notification (EUN).\n"},"showEunatp":{"type":"boolean","description":"Whether to display the EUN ATP page.\n"},"sslInterceptionCerts":{"type":"array","items":{"$ref":"#/types/zia:index/getSSLInspectionRulesActionSslInterceptionCert:getSSLInspectionRulesActionSslInterceptionCert"},"description":"Action taken when enabling SSL intercept\n"},"type":{"type":"string","description":"The action type for this rule. Possible values: `BLOCK`, `DECRYPT`, or `DO_NOT_DECRYPT`.\n"}},"type":"object","required":["doNotDecryptSubActions","overrideDefaultCertificate","showEun","showEunatp","sslInterceptionCerts","type"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSSLInspectionRulesActionDecryptSubAction:getSSLInspectionRulesActionDecryptSubAction":{"properties":{"blockSslTrafficWithNoSniEnabled":{"type":"boolean","description":"Whether to block SSL traffic when SNI is not present.\n"},"blockUndecrypt":{"type":"boolean"},"http2Enabled":{"type":"boolean"},"minClientTlsVersion":{"type":"string"},"minServerTlsVersion":{"type":"string"},"ocspCheck":{"type":"boolean","description":"Whether to enable OCSP check.\n"},"serverCertificates":{"type":"string","description":"Action to take on server certificates. Valid values might include `ALLOW`, `BLOCK`, or `PASS_THRU`.\n"}},"type":"object","required":["blockSslTrafficWithNoSniEnabled","blockUndecrypt","http2Enabled","minClientTlsVersion","minServerTlsVersion","ocspCheck","serverCertificates"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSSLInspectionRulesActionDoNotDecryptSubAction:getSSLInspectionRulesActionDoNotDecryptSubAction":{"properties":{"blockSslTrafficWithNoSniEnabled":{"type":"boolean","description":"Whether to block SSL traffic when SNI is not present.\n"},"bypassOtherPolicies":{"type":"boolean","description":"Whether to bypass other policies when action is set to `DO_NOT_DECRYPT`.\n"},"minTlsVersion":{"type":"string","description":"The minimum TLS version allowed when action is `DO_NOT_DECRYPT`.\n"},"ocspCheck":{"type":"boolean","description":"Whether to enable OCSP check.\n"},"serverCertificates":{"type":"string","description":"Action to take on server certificates. Valid values might include `ALLOW`, `BLOCK`, or `PASS_THRU`.\n"}},"type":"object","required":["blockSslTrafficWithNoSniEnabled","bypassOtherPolicies","minTlsVersion","ocspCheck","serverCertificates"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSSLInspectionRulesActionSslInterceptionCert:getSSLInspectionRulesActionSslInterceptionCert":{"properties":{"id":{"type":"integer","description":"Unique identifier for the SSL Inspection\n"}},"type":"object","required":["id"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSSLInspectionRulesDepartment:getSSLInspectionRulesDepartment":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional information about the time window.\n"},"id":{"type":"integer","description":"Unique identifier for the SSL Inspection\n"},"name":{"type":"string","description":"Name of the SSL Inspection\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSSLInspectionRulesDestIpGroup:getSSLInspectionRulesDestIpGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional information about the time window.\n"},"id":{"type":"integer","description":"Unique identifier for the SSL Inspection\n"},"name":{"type":"string","description":"Name of the SSL Inspection\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSSLInspectionRulesDevice:getSSLInspectionRulesDevice":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional information about the time window.\n"},"id":{"type":"integer","description":"Unique identifier for the SSL Inspection\n"},"name":{"type":"string","description":"Name of the SSL Inspection\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSSLInspectionRulesDeviceGroup:getSSLInspectionRulesDeviceGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional information about the time window.\n"},"id":{"type":"integer","description":"Unique identifier for the SSL Inspection\n"},"name":{"type":"string","description":"Name of the SSL Inspection\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSSLInspectionRulesGroup:getSSLInspectionRulesGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional information about the time window.\n"},"id":{"type":"integer","description":"Unique identifier for the SSL Inspection\n"},"name":{"type":"string","description":"Name of the SSL Inspection\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSSLInspectionRulesLabel:getSSLInspectionRulesLabel":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional information about the time window.\n"},"id":{"type":"integer","description":"Unique identifier for the SSL Inspection\n"},"name":{"type":"string","description":"Name of the SSL Inspection\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSSLInspectionRulesLastModifiedBy:getSSLInspectionRulesLastModifiedBy":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional information about the time window.\n"},"id":{"type":"integer","description":"Unique identifier for the SSL Inspection\n"},"name":{"type":"string","description":"Name of the SSL Inspection\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSSLInspectionRulesLocation:getSSLInspectionRulesLocation":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional information about the time window.\n"},"id":{"type":"integer","description":"Unique identifier for the SSL Inspection\n"},"name":{"type":"string","description":"Name of the SSL Inspection\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSSLInspectionRulesLocationGroup:getSSLInspectionRulesLocationGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional information about the time window.\n"},"id":{"type":"integer","description":"Unique identifier for the SSL Inspection\n"},"name":{"type":"string","description":"Name of the SSL Inspection\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSSLInspectionRulesProxyGateway:getSSLInspectionRulesProxyGateway":{"properties":{"id":{"type":"integer","description":"Unique identifier for the SSL Inspection\n"},"name":{"type":"string","description":"Name of the SSL Inspection\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSSLInspectionRulesSourceIpGroup:getSSLInspectionRulesSourceIpGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional information about the time window.\n"},"id":{"type":"integer","description":"Unique identifier for the SSL Inspection\n"},"name":{"type":"string","description":"Name of the SSL Inspection\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSSLInspectionRulesTimeWindow:getSSLInspectionRulesTimeWindow":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional information about the time window.\n"},"id":{"type":"integer","description":"Unique identifier for the SSL Inspection\n"},"name":{"type":"string","description":"Name of the SSL Inspection\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSSLInspectionRulesUser:getSSLInspectionRulesUser":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional information about the time window.\n"},"id":{"type":"integer","description":"Unique identifier for the SSL Inspection\n"},"name":{"type":"string","description":"Name of the SSL Inspection\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSSLInspectionRulesWorkloadGroup:getSSLInspectionRulesWorkloadGroup":{"properties":{"description":{"type":"string","description":"The description of the workload group\n"},"expression":{"type":"string","description":"The expression used within the workload group.\n"},"expressionJsons":{"type":"array","items":{"$ref":"#/types/zia:index/getSSLInspectionRulesWorkloadGroupExpressionJson:getSSLInspectionRulesWorkloadGroupExpressionJson"},"description":"A nested block describing the JSON expression for the workload group.\n"},"id":{"type":"integer","description":"Unique identifier for the SSL Inspection\n"},"lastModifiedBies":{"type":"array","items":{"$ref":"#/types/zia:index/getSSLInspectionRulesWorkloadGroupLastModifiedBy:getSSLInspectionRulesWorkloadGroupLastModifiedBy"},"description":"A nested block with details about who last modified the workload group.\n"},"lastModifiedTime":{"type":"integer","description":"Timestamp when the workload group was last modified.\n"},"name":{"type":"string","description":"Name of the SSL Inspection\n"}},"type":"object","required":["description","expression","expressionJsons","id","lastModifiedBies","lastModifiedTime","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSSLInspectionRulesWorkloadGroupExpressionJson:getSSLInspectionRulesWorkloadGroupExpressionJson":{"properties":{"expressionContainers":{"type":"array","items":{"$ref":"#/types/zia:index/getSSLInspectionRulesWorkloadGroupExpressionJsonExpressionContainer:getSSLInspectionRulesWorkloadGroupExpressionJsonExpressionContainer"},"description":"Contains one or more tag types (and associated tags) combined using logical operators within a workload group\n"}},"type":"object","required":["expressionContainers"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSSLInspectionRulesWorkloadGroupExpressionJsonExpressionContainer:getSSLInspectionRulesWorkloadGroupExpressionJsonExpressionContainer":{"properties":{"operator":{"type":"string","description":"The operator (either AND or OR) used to create logical relationships among tag types\n"},"tagContainers":{"type":"array","items":{"$ref":"#/types/zia:index/getSSLInspectionRulesWorkloadGroupExpressionJsonExpressionContainerTagContainer:getSSLInspectionRulesWorkloadGroupExpressionJsonExpressionContainerTagContainer"},"description":"Contains one or more tags and the logical operator used to combine the tags within a tag type\n"},"tagType":{"type":"string","description":"The tag type selected from a predefined list\n"}},"type":"object","required":["operator","tagContainers","tagType"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSSLInspectionRulesWorkloadGroupExpressionJsonExpressionContainerTagContainer:getSSLInspectionRulesWorkloadGroupExpressionJsonExpressionContainerTagContainer":{"properties":{"operator":{"type":"string","description":"The operator (either AND or OR) used to create logical relationships among tag types\n"},"tags":{"type":"array","items":{"$ref":"#/types/zia:index/getSSLInspectionRulesWorkloadGroupExpressionJsonExpressionContainerTagContainerTag:getSSLInspectionRulesWorkloadGroupExpressionJsonExpressionContainerTagContainerTag"}}},"type":"object","required":["operator","tags"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSSLInspectionRulesWorkloadGroupExpressionJsonExpressionContainerTagContainerTag:getSSLInspectionRulesWorkloadGroupExpressionJsonExpressionContainerTagContainerTag":{"properties":{"key":{"type":"string"},"value":{"type":"string"}},"type":"object","required":["key","value"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSSLInspectionRulesWorkloadGroupLastModifiedBy:getSSLInspectionRulesWorkloadGroupLastModifiedBy":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional information about the time window.\n"},"id":{"type":"integer","description":"Unique identifier for the SSL Inspection\n"},"name":{"type":"string","description":"Name of the SSL Inspection\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSSLInspectionRulesZpaAppSegment:getSSLInspectionRulesZpaAppSegment":{"properties":{"externalId":{"type":"string","description":"Indicates the external ID. Applicable only when this reference is of an external entity.\n"},"id":{"type":"integer","description":"Unique identifier for the SSL Inspection\n"},"name":{"type":"string","description":"Name of the SSL Inspection\n"}},"type":"object","required":["externalId","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSandboxReportClassification:getSandboxReportClassification":{"properties":{"category":{"type":"string"},"detectedMalware":{"type":"string"},"score":{"type":"integer"},"type":{"type":"string"}},"type":"object","required":["category","detectedMalware","score","type"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSandboxReportExploit:getSandboxReportExploit":{"properties":{"risk":{"type":"string"},"signature":{"type":"string"},"signatureSources":{"type":"array","items":{"type":"string"}}},"type":"object","required":["risk","signature","signatureSources"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSandboxReportFileProperty:getSandboxReportFileProperty":{"properties":{"digitalCerificate":{"type":"string"},"fileSize":{"type":"integer"},"fileType":{"type":"string"},"issuer":{"type":"string"},"md5":{"type":"string"},"rootCa":{"type":"string"},"sha1":{"type":"string"},"sha256":{"type":"string"},"ssdeep":{"type":"string"}},"type":"object","required":["digitalCerificate","fileSize","fileType","issuer","md5","rootCa","sha1","sha256","ssdeep"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSandboxReportNetworking:getSandboxReportNetworking":{"properties":{"risk":{"type":"string"},"signature":{"type":"string"},"signatureSources":{"type":"array","items":{"type":"string"}}},"type":"object","required":["risk","signature","signatureSources"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSandboxReportOrigin:getSandboxReportOrigin":{"properties":{"country":{"type":"string"},"language":{"type":"string"},"risk":{"type":"string"}},"type":"object","required":["country","language","risk"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSandboxReportPersistence:getSandboxReportPersistence":{"properties":{"risk":{"type":"string"},"signature":{"type":"string"},"signatureSources":{"type":"array","items":{"type":"string"}}},"type":"object","required":["risk","signature","signatureSources"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSandboxReportSecurityBypass:getSandboxReportSecurityBypass":{"properties":{"risk":{"type":"string"},"signature":{"type":"string"},"signatureSources":{"type":"array","items":{"type":"string"}}},"type":"object","required":["risk","signature","signatureSources"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSandboxReportSpyware:getSandboxReportSpyware":{"properties":{"risk":{"type":"string"},"signature":{"type":"string"},"signatureSources":{"type":"array","items":{"type":"string"}}},"type":"object","required":["risk","signature","signatureSources"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSandboxReportStealth:getSandboxReportStealth":{"properties":{"risk":{"type":"string"},"signature":{"type":"string"},"signatureSources":{"type":"array","items":{"type":"string"}}},"type":"object","required":["risk","signature","signatureSources"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSandboxReportSummary:getSandboxReportSummary":{"properties":{"category":{"type":"string"},"duration":{"type":"integer"},"fileType":{"type":"string"},"startTime":{"type":"integer"},"status":{"type":"string"}},"type":"object","required":["category","duration","fileType","startTime","status"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSandboxReportSystemSummary:getSandboxReportSystemSummary":{"properties":{"risk":{"type":"string"},"signature":{"type":"string"},"signatureSources":{"type":"array","items":{"type":"string"}}},"type":"object","required":["risk","signature","signatureSources"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSandboxRulesDepartment:getSandboxRulesDepartment":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional information about the entity\n"},"id":{"type":"integer","description":"Unique identifier for the Sandbox rule\n"},"name":{"type":"string","description":"Name of the Sandbox rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSandboxRulesGroup:getSandboxRulesGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional information about the entity\n"},"id":{"type":"integer","description":"Unique identifier for the Sandbox rule\n"},"name":{"type":"string","description":"Name of the Sandbox rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSandboxRulesLabel:getSandboxRulesLabel":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional information about the entity\n"},"id":{"type":"integer","description":"Unique identifier for the Sandbox rule\n"},"name":{"type":"string","description":"Name of the Sandbox rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSandboxRulesLastModifiedBy:getSandboxRulesLastModifiedBy":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional information about the entity\n"},"id":{"type":"integer","description":"Unique identifier for the Sandbox rule\n"},"name":{"type":"string","description":"Name of the Sandbox rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSandboxRulesLocation:getSandboxRulesLocation":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional information about the entity\n"},"id":{"type":"integer","description":"Unique identifier for the Sandbox rule\n"},"name":{"type":"string","description":"Name of the Sandbox rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSandboxRulesLocationGroup:getSandboxRulesLocationGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional information about the entity\n"},"id":{"type":"integer","description":"Unique identifier for the Sandbox rule\n"},"name":{"type":"string","description":"Name of the Sandbox rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSandboxRulesUser:getSandboxRulesUser":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"Additional information about the entity\n"},"id":{"type":"integer","description":"Unique identifier for the Sandbox rule\n"},"name":{"type":"string","description":"Name of the Sandbox rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSandboxRulesZpaAppSegment:getSandboxRulesZpaAppSegment":{"properties":{"externalId":{"type":"string","description":"Indicates the external ID. Applicable only when this reference is of an external entity.\n"},"id":{"type":"integer","description":"Unique identifier for the Sandbox rule\n"},"name":{"type":"string","description":"Name of the Sandbox rule\n"}},"type":"object","required":["externalId","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSubCloudDc:getSubCloudDc":{"properties":{"country":{"type":"string","description":"(String) Country where the data center is located. Enum with 245 predefined country values.\n"},"id":{"type":"integer","description":"(Integer) A unique identifier for an entity\n"},"name":{"type":"string","description":"(String) The configured name of the entity (read-only)\n"}},"type":"object","required":["country","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSubCloudExclusion:getSubCloudExclusion":{"properties":{"country":{"type":"string","description":"(String) Country where the data center is located. Enum with 245 predefined country values.\n"},"createTime":{"type":"integer","description":"(Integer) Timestamp when the data center exclusion was created\n"},"datacenters":{"type":"array","items":{"$ref":"#/types/zia:index/getSubCloudExclusionDatacenter:getSubCloudExclusionDatacenter"},"description":"(List) The data center associated with the subcloud. An immutable reference to an entity that mainly consists of \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e and \u003cspan pulumi-lang-nodejs=\"`name`\" pulumi-lang-dotnet=\"`Name`\" pulumi-lang-go=\"`name`\" pulumi-lang-python=\"`name`\" pulumi-lang-yaml=\"`name`\" pulumi-lang-java=\"`name`\"\u003e`name`\u003c/span\u003e.\n"},"disabledByOps":{"type":"boolean","description":"(Boolean) If set to true, this data center exclusion is disabled by Zscaler CloudOps\n"},"endTime":{"type":"integer","description":"(Integer) Timestamp when the data center exclusion was stopped\n"},"endTimeUtc":{"type":"string","description":"Exclusion end time (UTC). Format: MM/DD/YYYY HH:MM am/pm.\n"},"expired":{"type":"boolean","description":"(Boolean) The subcloud data center exclusion is disabled\n"},"lastModifiedTime":{"type":"integer","description":"(Integer) Timestamp when the data center exclusion entry was last modified\n"},"lastModifiedUsers":{"type":"array","items":{"$ref":"#/types/zia:index/getSubCloudExclusionLastModifiedUser:getSubCloudExclusionLastModifiedUser"},"description":"(List) Last user that modified the data center. An immutable reference to an entity that mainly consists of \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e and \u003cspan pulumi-lang-nodejs=\"`name`\" pulumi-lang-dotnet=\"`Name`\" pulumi-lang-go=\"`name`\" pulumi-lang-python=\"`name`\" pulumi-lang-yaml=\"`name`\" pulumi-lang-java=\"`name`\"\u003e`name`\u003c/span\u003e.\n"},"startTime":{"type":"integer","description":"(Integer) Timestamp when the data center exclusion was started\n"},"startTimeUtc":{"type":"string","description":"Exclusion start time (UTC). Format: MM/DD/YYYY HH:MM am/pm.\n"}},"type":"object","required":["country","createTime","datacenters","disabledByOps","endTime","endTimeUtc","expired","lastModifiedTime","lastModifiedUsers","startTime","startTimeUtc"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSubCloudExclusionDatacenter:getSubCloudExclusionDatacenter":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String) Extension attributes\n"},"id":{"type":"integer","description":"(Integer) A unique identifier for an entity\n"},"name":{"type":"string","description":"(String) The configured name of the entity (read-only)\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getSubCloudExclusionLastModifiedUser:getSubCloudExclusionLastModifiedUser":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String) Extension attributes\n"},"id":{"type":"integer","description":"(Integer) A unique identifier for an entity\n"},"name":{"type":"string","description":"(String) The configured name of the entity (read-only)\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getTrafficCaptureRulesAppServiceGroup:getTrafficCaptureRulesAppServiceGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"(Number) A unique identifier assigned to the workload group\n"},"name":{"type":"string","description":"(String) The name of the workload group\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getTrafficCaptureRulesDepartment:getTrafficCaptureRulesDepartment":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"(Number) A unique identifier assigned to the workload group\n"},"name":{"type":"string","description":"(String) The name of the workload group\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getTrafficCaptureRulesDestIpGroup:getTrafficCaptureRulesDestIpGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"(Number) A unique identifier assigned to the workload group\n"},"name":{"type":"string","description":"(String) The name of the workload group\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getTrafficCaptureRulesDevice:getTrafficCaptureRulesDevice":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"(Number) A unique identifier assigned to the workload group\n"},"name":{"type":"string","description":"(String) The name of the workload group\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getTrafficCaptureRulesDeviceGroup:getTrafficCaptureRulesDeviceGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"(Number) A unique identifier assigned to the workload group\n"},"name":{"type":"string","description":"(String) The name of the workload group\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getTrafficCaptureRulesGroup:getTrafficCaptureRulesGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"(Number) A unique identifier assigned to the workload group\n"},"name":{"type":"string","description":"(String) The name of the workload group\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getTrafficCaptureRulesLabel:getTrafficCaptureRulesLabel":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"(Number) A unique identifier assigned to the workload group\n"},"name":{"type":"string","description":"(String) The name of the workload group\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getTrafficCaptureRulesLastModifiedBy:getTrafficCaptureRulesLastModifiedBy":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"(Number) A unique identifier assigned to the workload group\n"},"name":{"type":"string","description":"(String) The name of the workload group\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getTrafficCaptureRulesLocation:getTrafficCaptureRulesLocation":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"(Number) A unique identifier assigned to the workload group\n"},"name":{"type":"string","description":"(String) The name of the workload group\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getTrafficCaptureRulesLocationGroup:getTrafficCaptureRulesLocationGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"(Number) A unique identifier assigned to the workload group\n"},"name":{"type":"string","description":"(String) The name of the workload group\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getTrafficCaptureRulesNwApplicationGroup:getTrafficCaptureRulesNwApplicationGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"(Number) A unique identifier assigned to the workload group\n"},"name":{"type":"string","description":"(String) The name of the workload group\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getTrafficCaptureRulesNwService:getTrafficCaptureRulesNwService":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"(Number) A unique identifier assigned to the workload group\n"},"name":{"type":"string","description":"(String) The name of the workload group\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getTrafficCaptureRulesNwServiceGroup:getTrafficCaptureRulesNwServiceGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"(Number) A unique identifier assigned to the workload group\n"},"name":{"type":"string","description":"(String) The name of the workload group\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getTrafficCaptureRulesSrcIpGroup:getTrafficCaptureRulesSrcIpGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"(Number) A unique identifier assigned to the workload group\n"},"name":{"type":"string","description":"(String) The name of the workload group\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getTrafficCaptureRulesTimeWindow:getTrafficCaptureRulesTimeWindow":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"(Number) A unique identifier assigned to the workload group\n"},"name":{"type":"string","description":"(String) The name of the workload group\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getTrafficCaptureRulesUser:getTrafficCaptureRulesUser":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"(Number) A unique identifier assigned to the workload group\n"},"name":{"type":"string","description":"(String) The name of the workload group\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getTrafficCaptureRulesWorkloadGroup:getTrafficCaptureRulesWorkloadGroup":{"properties":{"description":{"type":"string","description":"(String) Additional information about the rule. Cannot exceed 10,240 characters.\n"},"expression":{"type":"string","description":"The description of the workload group\n"},"expressionJsons":{"type":"array","items":{"$ref":"#/types/zia:index/getTrafficCaptureRulesWorkloadGroupExpressionJson:getTrafficCaptureRulesWorkloadGroupExpressionJson"}},"id":{"type":"integer","description":"(Number) A unique identifier assigned to the workload group\n"},"lastModifiedBies":{"type":"array","items":{"$ref":"#/types/zia:index/getTrafficCaptureRulesWorkloadGroupLastModifiedBy:getTrafficCaptureRulesWorkloadGroupLastModifiedBy"},"description":"(List) User who last modified the rule\n"},"lastModifiedTime":{"type":"integer","description":"(Integer) Timestamp when the rule was last modified\n"},"name":{"type":"string","description":"(String) The name of the workload group\n"}},"type":"object","required":["description","expression","expressionJsons","id","lastModifiedBies","lastModifiedTime","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getTrafficCaptureRulesWorkloadGroupExpressionJson:getTrafficCaptureRulesWorkloadGroupExpressionJson":{"properties":{"expressionContainers":{"type":"array","items":{"$ref":"#/types/zia:index/getTrafficCaptureRulesWorkloadGroupExpressionJsonExpressionContainer:getTrafficCaptureRulesWorkloadGroupExpressionJsonExpressionContainer"}}},"type":"object","required":["expressionContainers"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getTrafficCaptureRulesWorkloadGroupExpressionJsonExpressionContainer:getTrafficCaptureRulesWorkloadGroupExpressionJsonExpressionContainer":{"properties":{"operator":{"type":"string"},"tagContainers":{"type":"array","items":{"$ref":"#/types/zia:index/getTrafficCaptureRulesWorkloadGroupExpressionJsonExpressionContainerTagContainer:getTrafficCaptureRulesWorkloadGroupExpressionJsonExpressionContainerTagContainer"}},"tagType":{"type":"string"}},"type":"object","required":["operator","tagContainers","tagType"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getTrafficCaptureRulesWorkloadGroupExpressionJsonExpressionContainerTagContainer:getTrafficCaptureRulesWorkloadGroupExpressionJsonExpressionContainerTagContainer":{"properties":{"operator":{"type":"string"},"tags":{"type":"array","items":{"$ref":"#/types/zia:index/getTrafficCaptureRulesWorkloadGroupExpressionJsonExpressionContainerTagContainerTag:getTrafficCaptureRulesWorkloadGroupExpressionJsonExpressionContainerTagContainerTag"}}},"type":"object","required":["operator","tags"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getTrafficCaptureRulesWorkloadGroupExpressionJsonExpressionContainerTagContainerTag:getTrafficCaptureRulesWorkloadGroupExpressionJsonExpressionContainerTagContainerTag":{"properties":{"key":{"type":"string"},"value":{"type":"string"}},"type":"object","required":["key","value"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getTrafficCaptureRulesWorkloadGroupLastModifiedBy:getTrafficCaptureRulesWorkloadGroupLastModifiedBy":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"(Number) A unique identifier assigned to the workload group\n"},"name":{"type":"string","description":"(String) The name of the workload group\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getTrafficForwardingGREInternalIPRangeList:getTrafficForwardingGREInternalIPRangeList":{"properties":{"endIpAddress":{"type":"string","description":"(String) Starting IP address in the range\n"},"startIpAddress":{"type":"string","description":"(String) Ending IP address in the range\n"}},"type":"object","required":["endIpAddress","startIpAddress"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getTrafficForwardingGRETunnelLastModifiedBy:getTrafficForwardingGRETunnelLastModifiedBy":{"properties":{"id":{"type":"integer","description":"Unique identifier of the static IP address that is associated to a GRE tunnel\n"},"name":{"type":"string"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getTrafficForwardingGRETunnelManagedBy:getTrafficForwardingGRETunnelManagedBy":{"properties":{"id":{"type":"integer","description":"Unique identifier of the static IP address that is associated to a GRE tunnel\n"},"name":{"type":"string"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getTrafficForwardingGRETunnelPrimaryDestVip:getTrafficForwardingGRETunnelPrimaryDestVip":{"properties":{"city":{"type":"string"},"countryCode":{"type":"string","description":"(String) When\u003cspan pulumi-lang-nodejs=\" withinCountry \" pulumi-lang-dotnet=\" WithinCountry \" pulumi-lang-go=\" withinCountry \" pulumi-lang-python=\" within_country \" pulumi-lang-yaml=\" withinCountry \" pulumi-lang-java=\" withinCountry \"\u003e within_country \u003c/span\u003eis enabled, you must set this to the country code.\n"},"datacenter":{"type":"string"},"id":{"type":"integer","description":"Unique identifier of the static IP address that is associated to a GRE tunnel\n"},"latitude":{"type":"integer"},"longitude":{"type":"integer"},"privateServiceEdge":{"type":"boolean"},"region":{"type":"string"},"virtualIp":{"type":"string","description":"(String) GRE cluster virtual IP address (VIP)\n"}},"type":"object","required":["city","countryCode","datacenter","id","latitude","longitude","privateServiceEdge","region","virtualIp"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getTrafficForwardingGRETunnelSecondaryDestVip:getTrafficForwardingGRETunnelSecondaryDestVip":{"properties":{"city":{"type":"string"},"countryCode":{"type":"string","description":"(String) When\u003cspan pulumi-lang-nodejs=\" withinCountry \" pulumi-lang-dotnet=\" WithinCountry \" pulumi-lang-go=\" withinCountry \" pulumi-lang-python=\" within_country \" pulumi-lang-yaml=\" withinCountry \" pulumi-lang-java=\" withinCountry \"\u003e within_country \u003c/span\u003eis enabled, you must set this to the country code.\n"},"datacenter":{"type":"string"},"id":{"type":"integer","description":"Unique identifier of the static IP address that is associated to a GRE tunnel\n"},"latitude":{"type":"integer"},"longitude":{"type":"integer"},"privateServiceEdge":{"type":"boolean"},"region":{"type":"string"},"virtualIp":{"type":"string","description":"(String) GRE cluster virtual IP address (VIP)\n"}},"type":"object","required":["city","countryCode","datacenter","id","latitude","longitude","privateServiceEdge","region","virtualIp"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getTrafficForwardingStaticIPCity:getTrafficForwardingStaticIPCity":{"properties":{"id":{"type":"integer","description":"The unique identifier for the static IP address\n"},"name":{"type":"string","description":"(String) The configured name of the entity\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getTrafficForwardingStaticIPLastModifiedBy:getTrafficForwardingStaticIPLastModifiedBy":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"The unique identifier for the static IP address\n"},"name":{"type":"string","description":"(String) The configured name of the entity\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getTrafficForwardingStaticIPManagedBy:getTrafficForwardingStaticIPManagedBy":{"properties":{"id":{"type":"integer","description":"The unique identifier for the static IP address\n"},"name":{"type":"string","description":"(String) The configured name of the entity\n"}},"type":"object","required":["id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getTrafficForwardingVIPRecommendedListList:getTrafficForwardingVIPRecommendedListList":{"properties":{"city":{"type":"string","description":"(String) Data center city information\n"},"datacenter":{"type":"string","description":"(String) Data center information\n"},"id":{"type":"integer","description":"Unique identifer of the GRE virtual IP address (VIP)\n"},"latitude":{"type":"number","description":"(Number) The latitude coordinate of the GRE tunnel source.\n"},"longitude":{"type":"number","description":"(Number) The longitude coordinate of the GRE tunnel source.\n"},"privateServiceEdge":{"type":"boolean","description":"(Boolean) Set to true if the virtual IP address (VIP) is a ZIA Private Service Edge\n"},"region":{"type":"string","description":"(String) Data center region information.\n"},"virtualIp":{"type":"string","description":"(String) GRE cluster virtual IP address (VIP)\n"}},"type":"object","required":["city","latitude","longitude","region"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getTrafficForwardingVPNCredentialsLocation:getTrafficForwardingVPNCredentialsLocation":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"Unique identifer of the GRE virtual IP address (VIP)\n"},"name":{"type":"string","description":"(String) The configured name of the entity\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getTrafficForwardingVPNCredentialsManagedBy:getTrafficForwardingVPNCredentialsManagedBy":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"Unique identifer of the GRE virtual IP address (VIP)\n"},"name":{"type":"string","description":"(String) The configured name of the entity\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getURLCategoriesScope:getURLCategoriesScope":{"properties":{"scopeEntities":{"type":"array","items":{"$ref":"#/types/zia:index/getURLCategoriesScopeScopeEntity:getURLCategoriesScopeScopeEntity"},"description":"(List of Object)\n"},"scopeGroupMemberEntities":{"type":"array","items":{"$ref":"#/types/zia:index/getURLCategoriesScopeScopeGroupMemberEntity:getURLCategoriesScopeScopeGroupMemberEntity"},"description":"(List of Object) Only applicable for the LOCATION_GROUP admin scope type, in which case this attribute gives the list of ID/name pairs of locations within the location group. The attribute name is subject to change.\n"},"type":{"type":"string","description":"(String) The admin scope type. The attribute name is subject to change. `ORGANIZATION`, `DEPARTMENT`, `LOCATION`, `LOCATION_GROUP`\n"}},"type":"object","required":["scopeEntities","scopeGroupMemberEntities"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getURLCategoriesScopeScopeEntity:getURLCategoriesScopeScopeEntity":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"(String) Identifier that uniquely identifies an entity\n"},"name":{"type":"string","description":"(String) The configured name of the entity\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getURLCategoriesScopeScopeGroupMemberEntity:getURLCategoriesScopeScopeGroupMemberEntity":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"(String) Identifier that uniquely identifies an entity\n"},"name":{"type":"string","description":"(String) The configured name of the entity\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getURLCategoriesUrlKeywordCount:getURLCategoriesUrlKeywordCount":{"properties":{"retainParentKeywordCount":{"type":"integer","description":"(Number) Count of total keywords with retain parent category.\n"},"retainParentUrlCount":{"type":"integer","description":"(Number) Count of URLs with retain parent category.\n"},"totalKeywordCount":{"type":"integer","description":"(Number) Total keyword count for the category.\n"},"totalUrlCount":{"type":"integer","description":"(Number) Custom URL count for the category.\n"}},"type":"object","required":["retainParentKeywordCount","retainParentUrlCount","totalKeywordCount","totalUrlCount"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getURLFilteringRulesCbiProfile:getURLFilteringRulesCbiProfile":{"properties":{"id":{"type":"string","description":"URL Filtering Rule ID\n"},"name":{"type":"string","description":"Name of the URL Filtering policy rule\n"},"profileSeq":{"type":"integer","description":"The browser isolation profile URL\n"},"url":{"type":"string","description":"(String) The browser isolation profile URL\n"}},"type":"object","required":["id","name","profileSeq","url"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getURLFilteringRulesDepartment:getURLFilteringRulesDepartment":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"URL Filtering Rule ID\n"},"name":{"type":"string","description":"Name of the URL Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getURLFilteringRulesDevice:getURLFilteringRulesDevice":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"URL Filtering Rule ID\n"},"name":{"type":"string","description":"Name of the URL Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getURLFilteringRulesDeviceGroup:getURLFilteringRulesDeviceGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"URL Filtering Rule ID\n"},"name":{"type":"string","description":"Name of the URL Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getURLFilteringRulesGroup:getURLFilteringRulesGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"URL Filtering Rule ID\n"},"name":{"type":"string","description":"Name of the URL Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getURLFilteringRulesLabel:getURLFilteringRulesLabel":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"URL Filtering Rule ID\n"},"name":{"type":"string","description":"Name of the URL Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getURLFilteringRulesLastModifiedBy:getURLFilteringRulesLastModifiedBy":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"URL Filtering Rule ID\n"},"name":{"type":"string","description":"Name of the URL Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getURLFilteringRulesLocation:getURLFilteringRulesLocation":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"URL Filtering Rule ID\n"},"name":{"type":"string","description":"Name of the URL Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getURLFilteringRulesLocationGroup:getURLFilteringRulesLocationGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"URL Filtering Rule ID\n"},"name":{"type":"string","description":"Name of the URL Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getURLFilteringRulesOverrideGroup:getURLFilteringRulesOverrideGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"URL Filtering Rule ID\n"},"name":{"type":"string","description":"Name of the URL Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getURLFilteringRulesOverrideUser:getURLFilteringRulesOverrideUser":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"URL Filtering Rule ID\n"},"name":{"type":"string","description":"Name of the URL Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getURLFilteringRulesSourceIpGroup:getURLFilteringRulesSourceIpGroup":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"URL Filtering Rule ID\n"},"name":{"type":"string","description":"Name of the URL Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getURLFilteringRulesTimeWindow:getURLFilteringRulesTimeWindow":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"URL Filtering Rule ID\n"},"name":{"type":"string","description":"Name of the URL Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getURLFilteringRulesUser:getURLFilteringRulesUser":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"URL Filtering Rule ID\n"},"name":{"type":"string","description":"Name of the URL Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getURLFilteringRulesWorkloadGroup:getURLFilteringRulesWorkloadGroup":{"properties":{"description":{"type":"string","description":"(String) Additional information about the rule\n"},"expression":{"type":"string","description":"The description of the workload group\n"},"expressionJsons":{"type":"array","items":{"$ref":"#/types/zia:index/getURLFilteringRulesWorkloadGroupExpressionJson:getURLFilteringRulesWorkloadGroupExpressionJson"}},"id":{"type":"integer","description":"URL Filtering Rule ID\n"},"lastModifiedBies":{"type":"array","items":{"$ref":"#/types/zia:index/getURLFilteringRulesWorkloadGroupLastModifiedBy:getURLFilteringRulesWorkloadGroupLastModifiedBy"}},"lastModifiedTime":{"type":"integer","description":"(Number) When the rule was last modified\n"},"name":{"type":"string","description":"Name of the URL Filtering policy rule\n"}},"type":"object","required":["description","expression","expressionJsons","id","lastModifiedBies","lastModifiedTime","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getURLFilteringRulesWorkloadGroupExpressionJson:getURLFilteringRulesWorkloadGroupExpressionJson":{"properties":{"expressionContainers":{"type":"array","items":{"$ref":"#/types/zia:index/getURLFilteringRulesWorkloadGroupExpressionJsonExpressionContainer:getURLFilteringRulesWorkloadGroupExpressionJsonExpressionContainer"}}},"type":"object","required":["expressionContainers"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getURLFilteringRulesWorkloadGroupExpressionJsonExpressionContainer:getURLFilteringRulesWorkloadGroupExpressionJsonExpressionContainer":{"properties":{"operator":{"type":"string"},"tagContainers":{"type":"array","items":{"$ref":"#/types/zia:index/getURLFilteringRulesWorkloadGroupExpressionJsonExpressionContainerTagContainer:getURLFilteringRulesWorkloadGroupExpressionJsonExpressionContainerTagContainer"}},"tagType":{"type":"string"}},"type":"object","required":["operator","tagContainers","tagType"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getURLFilteringRulesWorkloadGroupExpressionJsonExpressionContainerTagContainer:getURLFilteringRulesWorkloadGroupExpressionJsonExpressionContainerTagContainer":{"properties":{"operator":{"type":"string"},"tags":{"type":"array","items":{"$ref":"#/types/zia:index/getURLFilteringRulesWorkloadGroupExpressionJsonExpressionContainerTagContainerTag:getURLFilteringRulesWorkloadGroupExpressionJsonExpressionContainerTagContainerTag"}}},"type":"object","required":["operator","tags"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getURLFilteringRulesWorkloadGroupExpressionJsonExpressionContainerTagContainerTag:getURLFilteringRulesWorkloadGroupExpressionJsonExpressionContainerTagContainerTag":{"properties":{"key":{"type":"string"},"value":{"type":"string"}},"type":"object","required":["key","value"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getURLFilteringRulesWorkloadGroupLastModifiedBy:getURLFilteringRulesWorkloadGroupLastModifiedBy":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"id":{"type":"integer","description":"URL Filtering Rule ID\n"},"name":{"type":"string","description":"Name of the URL Filtering policy rule\n"}},"type":"object","required":["extensions","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getUserManagementDepartment:getUserManagementDepartment":{"properties":{"comments":{"type":"string","description":"(String) Additional information about the group\n"},"deleted":{"type":"boolean","description":"(Boolean) default: \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e\n"},"id":{"type":"integer","description":"The ID of the time window resource.\n"},"idpId":{"type":"integer","description":"(Number) Unique identfier for the identity provider (IdP)\n"},"name":{"type":"string","description":"User name. This appears when choosing users for policies.\n"}},"type":"object","required":["comments","deleted","id","idpId","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getUserManagementGroup:getUserManagementGroup":{"properties":{"comments":{"type":"string","description":"(String) Additional information about the group\n"},"id":{"type":"integer","description":"The ID of the time window resource.\n"},"idpId":{"type":"integer","description":"(Number) Unique identfier for the identity provider (IdP)\n"},"name":{"type":"string","description":"User name. This appears when choosing users for policies.\n"}},"type":"object","required":["comments","id","idpId","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getVirtualServiceEdgeClusterVirtualZenNode:getVirtualServiceEdgeClusterVirtualZenNode":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"}},"externalId":{"type":"string","description":"The configured name of the entity\n"},"id":{"type":"integer","description":"System-generated Virtual Service Edge cluster ID\n"},"name":{"type":"string","description":"Name of the Virtual Service Edge cluster\n"}},"type":"object","required":["extensions","externalId","id","name"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getWorkloadGroupsExpressionJson:getWorkloadGroupsExpressionJson":{"properties":{"expressionContainers":{"type":"array","items":{"$ref":"#/types/zia:index/getWorkloadGroupsExpressionJsonExpressionContainer:getWorkloadGroupsExpressionJsonExpressionContainer"},"description":"(List) Contains one or more tag types (and associated tags) combined using logical operators within a workload group\n"}},"type":"object","required":["expressionContainers"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getWorkloadGroupsExpressionJsonExpressionContainer:getWorkloadGroupsExpressionJsonExpressionContainer":{"properties":{"operator":{"type":"string","description":"(String) The operator (either AND or OR) used to create logical relationships among tag types. Returned values are: ``AND``, ``OR``, ``OPEN_PARENTHESES``, ``CLOSE_PARENTHESES``\n"},"tagContainers":{"type":"array","items":{"$ref":"#/types/zia:index/getWorkloadGroupsExpressionJsonExpressionContainerTagContainer:getWorkloadGroupsExpressionJsonExpressionContainerTagContainer"},"description":"(String) Contains one or more tags and the logical operator used to combine the tags within a tag type ``CLOSE_PARENTHESES``\n"},"tagType":{"type":"string","description":"(String) The tag type selected from a predefined list. Returned values are: ``ANY``, ``VPC``, ``SUBNET``, ``VM``, ``ENI``, ``ATTR``\n"}},"type":"object","required":["operator","tagContainers","tagType"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getWorkloadGroupsExpressionJsonExpressionContainerTagContainer:getWorkloadGroupsExpressionJsonExpressionContainerTagContainer":{"properties":{"operator":{"type":"string","description":"(String) The operator (either AND or OR) used to create logical relationships among tag types. Returned values are: ``AND``, ``OR``, ``OPEN_PARENTHESES``, ``CLOSE_PARENTHESES``\n"},"tags":{"type":"array","items":{"$ref":"#/types/zia:index/getWorkloadGroupsExpressionJsonExpressionContainerTagContainerTag:getWorkloadGroupsExpressionJsonExpressionContainerTagContainerTag"},"description":"(String) One or more tags, each consisting of a key-value pair, selected within a tag type. If multiple tags are present within a tag type, they are combined using a logical operator. Note: A maximum of 8 tags can be added to a workload group, irrespective of the number of tag types present.\n"}},"type":"object","required":["operator","tags"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getWorkloadGroupsExpressionJsonExpressionContainerTagContainerTag:getWorkloadGroupsExpressionJsonExpressionContainerTagContainerTag":{"properties":{"key":{"type":"string","description":"(String) The key component present in the key-value pair contained in a tag\n"},"value":{"type":"string","description":"(string) The value component present in the key-value pair contained in a tag\n"}},"type":"object","required":["key","value"],"language":{"nodejs":{"requiredInputs":[]}}},"zia:index/getWorkloadGroupsLastModifiedBy:getWorkloadGroupsLastModifiedBy":{"properties":{"extensions":{"type":"object","additionalProperties":{"type":"string"},"description":"(Map of String)\n"},"externalId":{"type":"string"},"id":{"type":"integer","description":"The unique identifer for the workload group.\n"},"name":{"type":"string","description":"The name of the workload group to be exported.\n"}},"type":"object","required":["extensions","externalId","id","name"],"language":{"nodejs":{"requiredInputs":[]}}}},"provider":{"description":"The provider type for the zia package. By default, resources use package-wide configuration\nsettings, however an explicit `Provider` instance may be created and passed during resource\nconstruction to achieve fine-grained programmatic control over provider settings. See the\n[documentation](https://www.pulumi.com/docs/reference/programming-model/#providers) for more information.\n","properties":{"apiKey":{"type":"string","secret":true},"clientId":{"type":"string","description":"zpa client id"},"clientSecret":{"type":"string","description":"zpa client secret","secret":true},"httpProxy":{"type":"string","description":"Alternate HTTP proxy of scheme://hostname or scheme://hostname:port format"},"maxRetries":{"type":"integer","description":"maximum number of retries to attempt before erroring out."},"parallelism":{"type":"integer","description":"Number of concurrent requests to make within a resource where bulk operations are not possible. Take note of https://help.zscaler.com/oneapi/understanding-rate-limiting."},"password":{"type":"string","secret":true},"privateKey":{"type":"string","description":"zpa private key","secret":true},"requestTimeout":{"type":"integer","description":"Timeout for single request (in seconds) which is made to Zscaler, the default is \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e (means no limit is set). The maximum value can be \u003cspan pulumi-lang-nodejs=\"`300`\" pulumi-lang-dotnet=\"`300`\" pulumi-lang-go=\"`300`\" pulumi-lang-python=\"`300`\" pulumi-lang-yaml=\"`300`\" pulumi-lang-java=\"`300`\"\u003e`300`\u003c/span\u003e."},"sandboxCloud":{"type":"string","description":"Zscaler Sandbox Cloud","secret":true},"sandboxToken":{"type":"string","description":"Zscaler Sandbox Token","secret":true},"useLegacyClient":{"type":"boolean"},"username":{"type":"string"},"vanityDomain":{"type":"string","description":"Zscaler Vanity Domain","secret":true},"ziaCloud":{"type":"string"},"zscalerCloud":{"type":"string","description":"Zscaler Cloud Name","secret":true}},"inputProperties":{"apiKey":{"type":"string","defaultInfo":{"environment":["ZIA_API_KEY"]},"secret":true},"clientId":{"type":"string","description":"zpa client id","defaultInfo":{"environment":["ZSCALER_CLIENT_ID"]}},"clientSecret":{"type":"string","description":"zpa client secret","defaultInfo":{"environment":["ZSCALER_CLIENT_SECRET"]},"secret":true},"httpProxy":{"type":"string","description":"Alternate HTTP proxy of scheme://hostname or scheme://hostname:port format"},"maxRetries":{"type":"integer","description":"maximum number of retries to attempt before erroring out."},"parallelism":{"type":"integer","description":"Number of concurrent requests to make within a resource where bulk operations are not possible. Take note of https://help.zscaler.com/oneapi/understanding-rate-limiting."},"password":{"type":"string","defaultInfo":{"environment":["ZIA_PASSWORD"]},"secret":true},"privateKey":{"type":"string","description":"zpa private key","defaultInfo":{"environment":["ZSCALER_PRIVATE_KEY"]},"secret":true},"requestTimeout":{"type":"integer","description":"Timeout for single request (in seconds) which is made to Zscaler, the default is \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e (means no limit is set). The maximum value can be \u003cspan pulumi-lang-nodejs=\"`300`\" pulumi-lang-dotnet=\"`300`\" pulumi-lang-go=\"`300`\" pulumi-lang-python=\"`300`\" pulumi-lang-yaml=\"`300`\" pulumi-lang-java=\"`300`\"\u003e`300`\u003c/span\u003e."},"sandboxCloud":{"type":"string","description":"Zscaler Sandbox Cloud","defaultInfo":{"environment":["ZSCALER_SANDBOX_CLOUD"]},"secret":true},"sandboxToken":{"type":"string","description":"Zscaler Sandbox Token","defaultInfo":{"environment":["ZSCALER_SANDBOX_TOKEN"]},"secret":true},"useLegacyClient":{"type":"boolean","defaultInfo":{"environment":["ZSCALER_USE_LEGACY_CLIENT"]}},"username":{"type":"string","defaultInfo":{"environment":["ZIA_USERNAME"]}},"vanityDomain":{"type":"string","description":"Zscaler Vanity Domain","defaultInfo":{"environment":["ZSCALER_VANITY_DOMAIN"]},"secret":true},"ziaCloud":{"type":"string","defaultInfo":{"environment":["ZIA_CLOUD"]}},"zscalerCloud":{"type":"string","description":"Zscaler Cloud Name","defaultInfo":{"environment":["ZSCALER_CLOUD"]},"secret":true}},"methods":{"terraformConfig":"pulumi:providers:zia/terraformConfig"}},"resources":{"zia:index/aTPMaliciousURLs:ATPMaliciousURLs":{"description":"* [Official documentation](https://help.zscaler.com/zia/configuring-advanced-threat-protection-policy)\n* [API documentation](https://help.zscaler.com/zia/advanced-threat-protection-policy#/)\n\nThe **zia_atp_malicious_urls** resource alows you to Updates the malicious URLs added to the denylist in ATP policy. To learn more see [Advanced Threat Protection](https://help.zscaler.com/unified/configuring-security-exceptions-advanced-threat-protection-policy)\n\n## Example Usage\n\n```hcl\nresource \"zia_atp_malicious_urls\" \"this\" {\n    malicious_urls = [\n        \"test1.malicious.com\",\n        \"test2.malicious.com\",\n        \"test3.malicious.com\",\n    ]\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_atp_malicious_urls** can be imported by using \u003cspan pulumi-lang-nodejs=\"`allUrls`\" pulumi-lang-dotnet=\"`AllUrls`\" pulumi-lang-go=\"`allUrls`\" pulumi-lang-python=\"`all_urls`\" pulumi-lang-yaml=\"`allUrls`\" pulumi-lang-java=\"`allUrls`\"\u003e`all_urls`\u003c/span\u003e as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/aTPMaliciousURLs:ATPMaliciousURLs this all_urls\n```\n\n","properties":{"maliciousUrls":{"type":"array","items":{"type":"string"}}},"required":["maliciousUrls"],"inputProperties":{"maliciousUrls":{"type":"array","items":{"type":"string"}}},"stateInputs":{"description":"Input properties used for looking up and filtering ATPMaliciousURLs resources.\n","properties":{"maliciousUrls":{"type":"array","items":{"type":"string"}}},"type":"object"}},"zia:index/aTPMalwareInspection:ATPMalwareInspection":{"description":"* [Official documentation](https://help.zscaler.com/zia/configuring-malware-protection-policy)\n* [API documentation](https://help.zscaler.com/zia/malware-protection-policy#/cyberThreatProtection/atpMalwareInspection-put)\n\nThe **zia_atp_malware_inspection** resource allows you to update security exceptions for the Malware Protection inspection policy. To learn more see [Configuring Advanced Settings](https://help.zscaler.com/zia/configuring-advanced-settings)\n\n## Example Usage\n\n```hcl\nresource \"zia_atp_malware_inspection\" \"this\" {\n  inspect_inbound                       = true\n  inspect_outbound                      = true\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_atp_malware_inspection** can be imported by using \u003cspan pulumi-lang-nodejs=\"`inspection`\" pulumi-lang-dotnet=\"`Inspection`\" pulumi-lang-go=\"`inspection`\" pulumi-lang-python=\"`inspection`\" pulumi-lang-yaml=\"`inspection`\" pulumi-lang-java=\"`inspection`\"\u003e`inspection`\u003c/span\u003e as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/aTPMalwareInspection:ATPMalwareInspection this \"inspection\"\n```\n\n","properties":{"inspectInbound":{"type":"boolean","description":"A Boolean value that enables or disables scanning of incoming internet traffic for malicious content"},"inspectOutbound":{"type":"boolean","description":"A Boolean value that enables or disables scanning of outgoing internet traffic for malicious content"}},"required":["inspectInbound","inspectOutbound"],"inputProperties":{"inspectInbound":{"type":"boolean","description":"A Boolean value that enables or disables scanning of incoming internet traffic for malicious content"},"inspectOutbound":{"type":"boolean","description":"A Boolean value that enables or disables scanning of outgoing internet traffic for malicious content"}},"stateInputs":{"description":"Input properties used for looking up and filtering ATPMalwareInspection resources.\n","properties":{"inspectInbound":{"type":"boolean","description":"A Boolean value that enables or disables scanning of incoming internet traffic for malicious content"},"inspectOutbound":{"type":"boolean","description":"A Boolean value that enables or disables scanning of outgoing internet traffic for malicious content"}},"type":"object"}},"zia:index/aTPMalwarePolicy:ATPMalwarePolicy":{"description":"* [Official documentation](https://help.zscaler.com/zia/configuring-malware-protection-policy)\n* [API documentation](https://help.zscaler.com/zia/malware-protection-policy#/cyberThreatProtection/atpMalwareInspection-put)\n\nThe **zia_atp_malware_policy** resource allows you to update security exceptions for the Malware Protection policy. To learn more see [Configuring Malware Protection Policy](https://help.zscaler.com/unified/configuring-malware-protection-policy)\n\n## Example Usage\n\n```hcl\nresource \"zia_atp_malware_policy\" \"this\" {\n  block_unscannable_files                                     = true\n  block_password_protected_archive_files                      = true\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_atp_malware_policy** can be imported by using \u003cspan pulumi-lang-nodejs=\"`policy`\" pulumi-lang-dotnet=\"`Policy`\" pulumi-lang-go=\"`policy`\" pulumi-lang-python=\"`policy`\" pulumi-lang-yaml=\"`policy`\" pulumi-lang-java=\"`policy`\"\u003e`policy`\u003c/span\u003e as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/aTPMalwarePolicy:ATPMalwarePolicy this \"policy\"\n```\n\n","properties":{"blockPasswordProtectedArchiveFiles":{"type":"boolean","description":"A Boolean value indicating whether to allow or block users from uploading or downloading password-protected files"},"blockUnscannableFiles":{"type":"boolean","description":"A Boolean value indicating whether to allow or block users from uploading or downloading files that the Zscaler service is unable to scan."}},"required":["blockPasswordProtectedArchiveFiles","blockUnscannableFiles"],"inputProperties":{"blockPasswordProtectedArchiveFiles":{"type":"boolean","description":"A Boolean value indicating whether to allow or block users from uploading or downloading password-protected files"},"blockUnscannableFiles":{"type":"boolean","description":"A Boolean value indicating whether to allow or block users from uploading or downloading files that the Zscaler service is unable to scan."}},"stateInputs":{"description":"Input properties used for looking up and filtering ATPMalwarePolicy resources.\n","properties":{"blockPasswordProtectedArchiveFiles":{"type":"boolean","description":"A Boolean value indicating whether to allow or block users from uploading or downloading password-protected files"},"blockUnscannableFiles":{"type":"boolean","description":"A Boolean value indicating whether to allow or block users from uploading or downloading files that the Zscaler service is unable to scan."}},"type":"object"}},"zia:index/aTPMalwareProtocols:ATPMalwareProtocols":{"description":"* [Official documentation](https://help.zscaler.com/zia/configuring-malware-protection-policy)\n* [API documentation](https://help.zscaler.com/zia/malware-protection-policy#/cyberThreatProtection/atpMalwareInspection-put)\n\nThe **zia_atp_malware_protocols** resource allows you to update protocol inspection configurations of Malware Protection policy. To learn more see [Configuring Malware Protection Policy](https://help.zscaler.com/unified/configuring-malware-protection-policy)\n\n## Example Usage\n\n```hcl\nresource \"zia_atp_malware_protocols\" \"this\" {\n  inspect_http                       = true\n  inspect_ftp_over_http              = true\n  inspect_ftp                        = true\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**atp_malware_protocols** can be imported by using \u003cspan pulumi-lang-nodejs=\"`protocol`\" pulumi-lang-dotnet=\"`Protocol`\" pulumi-lang-go=\"`protocol`\" pulumi-lang-python=\"`protocol`\" pulumi-lang-yaml=\"`protocol`\" pulumi-lang-java=\"`protocol`\"\u003e`protocol`\u003c/span\u003e as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/aTPMalwareProtocols:ATPMalwareProtocols this \"protocol\"\n```\n\n","properties":{"inspectFtp":{"type":"boolean","description":"A Boolean value that enables or disables scanning of FTP traffic for malicious content in real time"},"inspectFtpOverHttp":{"type":"boolean","description":"A Boolean value that enables or disables scanning of FTP over HTTP traffic for malicious content in real time"},"inspectHttp":{"type":"boolean","description":"A Boolean value that enables or disables scanning of HTTP traffic (and HTTPS traffic if SSL Inspection is enabled) for malicious content in real time"}},"required":["inspectFtp","inspectFtpOverHttp","inspectHttp"],"inputProperties":{"inspectFtp":{"type":"boolean","description":"A Boolean value that enables or disables scanning of FTP traffic for malicious content in real time"},"inspectFtpOverHttp":{"type":"boolean","description":"A Boolean value that enables or disables scanning of FTP over HTTP traffic for malicious content in real time"},"inspectHttp":{"type":"boolean","description":"A Boolean value that enables or disables scanning of HTTP traffic (and HTTPS traffic if SSL Inspection is enabled) for malicious content in real time"}},"stateInputs":{"description":"Input properties used for looking up and filtering ATPMalwareProtocols resources.\n","properties":{"inspectFtp":{"type":"boolean","description":"A Boolean value that enables or disables scanning of FTP traffic for malicious content in real time"},"inspectFtpOverHttp":{"type":"boolean","description":"A Boolean value that enables or disables scanning of FTP over HTTP traffic for malicious content in real time"},"inspectHttp":{"type":"boolean","description":"A Boolean value that enables or disables scanning of HTTP traffic (and HTTPS traffic if SSL Inspection is enabled) for malicious content in real time"}},"type":"object"}},"zia:index/aTPMalwareSettings:ATPMalwareSettings":{"description":"* [Official documentation](https://help.zscaler.com/zia/configuring-malware-protection-policy)\n* [API documentation](https://help.zscaler.com/zia/malware-protection-policy#/cyberThreatProtection/atpMalwareInspection-put)\n\nThe **zia_atp_malware_settings** resource allows you to update the malware protection policy configuration details. To learn more see [Configuring Malware Protection Policy](https://help.zscaler.com/unified/configuring-malware-protection-policy)\n\n## Example Usage\n\n```hcl\nresource \"zia_atp_malware_settings\" \"this\" {\n  virus_blocked                       = true\n  virus_capture                       = false\n  unwanted_applications_blocked       = true\n  unwanted_applications_capture       = false\n  trojan_blocked                      = true\n  trojan_capture                      = false\n  worm_blocked                        = true\n  worm_capture                        = false\n  adware_blocked                      = true\n  adware_capture                      = false\n  spyware_blocked                     = true\n  spyware_capture                     = false\n  ransomware_blocked                  = true\n  ransomware_capture                  = false\n  remote_access_tool_blocked          = true\n  remote_access_tool_capture          = false\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_advanced_threat_settings** can be imported by using \u003cspan pulumi-lang-nodejs=\"`advancedThreatSettings`\" pulumi-lang-dotnet=\"`AdvancedThreatSettings`\" pulumi-lang-go=\"`advancedThreatSettings`\" pulumi-lang-python=\"`advanced_threat_settings`\" pulumi-lang-yaml=\"`advancedThreatSettings`\" pulumi-lang-java=\"`advancedThreatSettings`\"\u003e`advanced_threat_settings`\u003c/span\u003e as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/aTPMalwareSettings:ATPMalwareSettings this \"advanced_threat_settings\"\n```\n\n","properties":{"adwareBlocked":{"type":"boolean","description":"A Boolean value indicating whether malicious files that automatically render advertisements and install adware are allowed or blocked"},"adwareCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or disabled for adware"},"ransomwareBlocked":{"type":"boolean","description":"A Boolean value specifying whether to allow or block malicious programs that can encrypt files and prevent users from accessing their devices, files, or data until a ransom payment is made."},"ransomwareCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or disabled for ransomware"},"remoteAccessToolBlocked":{"type":"boolean","description":"A Boolean value specifying whether to allow or block file download from tools that are common from remote access sites"},"remoteAccessToolCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or disabled for remote access tools"},"spywareBlocked":{"type":"boolean","description":"A Boolean value indicating whether malicious files that covertly gather information about a user or an organization are allowed or blocked"},"spywareCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or disabled for spyware"},"trojanBlocked":{"type":"boolean","description":"A Boolean value that allows or blocks malicious programs such as Trojan viruses that are presented as beneficial or useful"},"trojanCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or disabled for Trojan viruses"},"unwantedApplicationsBlocked":{"type":"boolean","description":"A Boolean value that allows or blocks unwanted files that are downloaded alongside intentional programs downloaded by users"},"unwantedApplicationsCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or disabled for unwanted applications"},"virusBlocked":{"type":"boolean","description":"A Boolean value that indicates if malicious programs that cause damage to systems and data are allowed or blocked."},"virusCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or disabled for viruses"},"wormBlocked":{"type":"boolean","description":"A Boolean value indicating whether malicious programs that duplicate themselves to spread malicious code to other devices are allowed or blocked"},"wormCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or disabled for worms"}},"required":["adwareBlocked","adwareCapture","ransomwareBlocked","ransomwareCapture","remoteAccessToolBlocked","remoteAccessToolCapture","spywareBlocked","spywareCapture","trojanBlocked","trojanCapture","unwantedApplicationsBlocked","unwantedApplicationsCapture","virusBlocked","virusCapture","wormBlocked","wormCapture"],"inputProperties":{"adwareBlocked":{"type":"boolean","description":"A Boolean value indicating whether malicious files that automatically render advertisements and install adware are allowed or blocked"},"adwareCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or disabled for adware"},"ransomwareBlocked":{"type":"boolean","description":"A Boolean value specifying whether to allow or block malicious programs that can encrypt files and prevent users from accessing their devices, files, or data until a ransom payment is made."},"ransomwareCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or disabled for ransomware"},"remoteAccessToolBlocked":{"type":"boolean","description":"A Boolean value specifying whether to allow or block file download from tools that are common from remote access sites"},"remoteAccessToolCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or disabled for remote access tools"},"spywareBlocked":{"type":"boolean","description":"A Boolean value indicating whether malicious files that covertly gather information about a user or an organization are allowed or blocked"},"spywareCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or disabled for spyware"},"trojanBlocked":{"type":"boolean","description":"A Boolean value that allows or blocks malicious programs such as Trojan viruses that are presented as beneficial or useful"},"trojanCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or disabled for Trojan viruses"},"unwantedApplicationsBlocked":{"type":"boolean","description":"A Boolean value that allows or blocks unwanted files that are downloaded alongside intentional programs downloaded by users"},"unwantedApplicationsCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or disabled for unwanted applications"},"virusBlocked":{"type":"boolean","description":"A Boolean value that indicates if malicious programs that cause damage to systems and data are allowed or blocked."},"virusCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or disabled for viruses"},"wormBlocked":{"type":"boolean","description":"A Boolean value indicating whether malicious programs that duplicate themselves to spread malicious code to other devices are allowed or blocked"},"wormCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or disabled for worms"}},"stateInputs":{"description":"Input properties used for looking up and filtering ATPMalwareSettings resources.\n","properties":{"adwareBlocked":{"type":"boolean","description":"A Boolean value indicating whether malicious files that automatically render advertisements and install adware are allowed or blocked"},"adwareCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or disabled for adware"},"ransomwareBlocked":{"type":"boolean","description":"A Boolean value specifying whether to allow or block malicious programs that can encrypt files and prevent users from accessing their devices, files, or data until a ransom payment is made."},"ransomwareCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or disabled for ransomware"},"remoteAccessToolBlocked":{"type":"boolean","description":"A Boolean value specifying whether to allow or block file download from tools that are common from remote access sites"},"remoteAccessToolCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or disabled for remote access tools"},"spywareBlocked":{"type":"boolean","description":"A Boolean value indicating whether malicious files that covertly gather information about a user or an organization are allowed or blocked"},"spywareCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or disabled for spyware"},"trojanBlocked":{"type":"boolean","description":"A Boolean value that allows or blocks malicious programs such as Trojan viruses that are presented as beneficial or useful"},"trojanCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or disabled for Trojan viruses"},"unwantedApplicationsBlocked":{"type":"boolean","description":"A Boolean value that allows or blocks unwanted files that are downloaded alongside intentional programs downloaded by users"},"unwantedApplicationsCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or disabled for unwanted applications"},"virusBlocked":{"type":"boolean","description":"A Boolean value that indicates if malicious programs that cause damage to systems and data are allowed or blocked."},"virusCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or disabled for viruses"},"wormBlocked":{"type":"boolean","description":"A Boolean value indicating whether malicious programs that duplicate themselves to spread malicious code to other devices are allowed or blocked"},"wormCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or disabled for worms"}},"type":"object"}},"zia:index/aTPSecurityExceptions:ATPSecurityExceptions":{"description":"* [Official documentation](https://help.zscaler.com/zia/configuring-advanced-threat-protection-policy)\n* [API documentation](https://help.zscaler.com/zia/advanced-threat-protection-policy#/)\n\nThe **zia_atp_security_exceptions** resource alows you to updates security exceptions for the ATP policy. To learn more see [Advanced Threat Protection](https://help.zscaler.com/unified/configuring-security-exceptions-advanced-threat-protection-policy)\n\n## Example Usage\n\n```hcl\nresource \"zia_atp_security_exceptions\" \"this\" {\n    bypass_urls = [\n        \"site1.example.com\",\n        \"site2.example.com\",\n        \"site3.example.com\",\n    ]\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_atp_security_exceptions** can be imported by using \u003cspan pulumi-lang-nodejs=\"`allUrls`\" pulumi-lang-dotnet=\"`AllUrls`\" pulumi-lang-go=\"`allUrls`\" pulumi-lang-python=\"`all_urls`\" pulumi-lang-yaml=\"`allUrls`\" pulumi-lang-java=\"`allUrls`\"\u003e`all_urls`\u003c/span\u003e as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/aTPSecurityExceptions:ATPSecurityExceptions this all_urls\n```\n\n","properties":{"bypassUrls":{"type":"array","items":{"type":"string"}}},"required":["bypassUrls"],"inputProperties":{"bypassUrls":{"type":"array","items":{"type":"string"}}},"stateInputs":{"description":"Input properties used for looking up and filtering ATPSecurityExceptions resources.\n","properties":{"bypassUrls":{"type":"array","items":{"type":"string"}}},"type":"object"}},"zia:index/activationStatus:ActivationStatus":{"description":"* [Official documentation](https://help.zscaler.com/zia/saving-and-activating-changes-zia-admin-portal)\n* [API documentation](https://help.zscaler.com/zia/activation#/status-get)\n\nThe **zia_activation_status** resource triggers activation of ZIA pending configuration changes. Use it when you want activation to run as part of your Terraform run, after specific resources are applied — for example, by listing those resources in a \u003cspan pulumi-lang-nodejs=\"`dependsOn`\" pulumi-lang-dotnet=\"`DependsOn`\" pulumi-lang-go=\"`dependsOn`\" pulumi-lang-python=\"`depends_on`\" pulumi-lang-yaml=\"`dependsOn`\" pulumi-lang-java=\"`dependsOn`\"\u003e`depends_on`\u003c/span\u003e block so that activation runs only after they are created or updated.\n\nActivation timing is controlled by the ZIA platform, not by Terraform. The provider cannot override ZIA’s native behavior (including auto-activation after inactivity or logout). This resource is one of three ways to activate changes with the provider. For the full picture and recommended options, see the Activation Overview guide.\n\n\u003e **NOTE** You can also activate in-flight during apply by setting the `ZIA_ACTIVATION` environment variable, or use the recommended out-of-band method with the **ziaActivator** CLI after `pulumi up`. See the Activation Overview guide.\n\n## Example Usage\n\nTrigger activation after specific resources are applied using \u003cspan pulumi-lang-nodejs=\"`dependsOn`\" pulumi-lang-dotnet=\"`DependsOn`\" pulumi-lang-go=\"`dependsOn`\" pulumi-lang-python=\"`depends_on`\" pulumi-lang-yaml=\"`dependsOn`\" pulumi-lang-java=\"`dependsOn`\"\u003e`depends_on`\u003c/span\u003e:\n\n```hcl\nresource \"zia_url_filtering_rule\" \"example\" {\n  name = \"Example URL Rule\"\n  # ... other arguments\n}\n\nresource \"zia_activation_status\" \"activation\" {\n  status = \"ACTIVE\"\n\n  depends_on = [zia_url_filtering_rule.example]\n}\n```\n\n## Import\n\nActivation is not an importable resource.\n\n","properties":{"status":{"type":"string","description":"Organization Policy Edit/Update Activation status"}},"required":["status"],"inputProperties":{"status":{"type":"string","description":"Organization Policy Edit/Update Activation status","willReplaceOnChanges":true}},"requiredInputs":["status"],"stateInputs":{"description":"Input properties used for looking up and filtering ActivationStatus resources.\n","properties":{"status":{"type":"string","description":"Organization Policy Edit/Update Activation status","willReplaceOnChanges":true}},"type":"object"}},"zia:index/adminRoles:AdminRoles":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-role-management)\n* [API documentation](https://help.zscaler.com/zia/admin-role-management#/adminRoles-get)\n\nThe **zia_admin_roles** resource allows the creation and management of admin roles in the Zscaler Internet Access cloud or via the API.\n\n## Example Usage\n\n### Create Admin Role\n\n```hcl\n# ZIA Admin Roles Resource\nresource \"zia_admin_roles\" \"this\" {\n  name               = \"AdminRoleTerraform\"\n  rank               = 7\n  alerting_access    = \"READ_WRITE\"\n  dashboard_access   = \"READ_WRITE\"\n  report_access      = \"READ_WRITE\"\n  analysis_access    = \"READ_ONLY\"\n  username_access    = \"READ_ONLY\"\n  device_info_access = \"READ_ONLY\"\n  admin_acct_access  = \"READ_WRITE\"\n  policy_access      = \"READ_WRITE\"\n  permissions = [\n \"NSS_CONFIGURATION\", \"LOCATIONS\", \"HOSTED_PAC_FILES\", \"EZ_AGENT_CONFIGURATIONS\",\n \"SECURE_AGENT_NOTIFICATIONS\", \"VPN_CREDENTIALS\", \"AUTHENTICATION_SETTINGS\", \"STATIC_IPS\",\n \"GRE_TUNNELS\", \"CLIENT_CONNECTOR_PORTAL\", \"SECURE\", \"POLICY_RESOURCE_MANAGEMENT\",\n \"CUSTOM_URL_CAT\", \"OVERRIDE_EXISTING_CAT\", \"TENANT_PROFILE_MANAGEMENT\", \"COMPLY\",\n \"SSL_POLICY\", \"ADVANCED_SETTINGS\", \"PROXY_GATEWAY\", \"SUBCLOUDS\", \"IDENTITY_PROXY_SETTINGS\",\n \"USER_MANAGEMENT\", \"APIKEY_MANAGEMENT\", \"FIREWALL_DNS\", \"VZEN_CONFIGURATION\",\n \"PARTNER_INTEGRATION\", \"USER_ACCESS\", \"CUSTOMER_ACCT_INFO\", \"CUSTOMER_SUBSCRIPTION\",\n \"CUSTOMER_ORG_SETTINGS\", \"ZIA_TRAFFIC_CAPTURE\", \"REMOTE_ASSISTANCE_MANAGEMENT\"\n  ]\n}\n```\n\n### Create Admin SDWAN Role\n\n```hcl\nresource \"zia_admin_roles\" \"this\" {\n  name               = \"SDWANAdminRoleTerraform\"\n  rank               = 7\n  policy_access      = \"READ_WRITE\"\n  alerting_access    = \"NONE\"\n  role_type          = \"SDWAN\"\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_rule_labels** can be imported by using `\u003cLABEL_ID\u003e` or `\u003cLABEL_NAME\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/adminRoles:AdminRoles example \u003clabel_id\u003e\n```\n\nor\n\n```sh\n$ pulumi import zia:index/adminRoles:AdminRoles example \u003clabel_name\u003e\n```\n\n","properties":{"adminAcctAccess":{"type":"string","description":"Admin and role management access permission."},"alertingAccess":{"type":"string","description":"Alerting access permission"},"analysisAccess":{"type":"string","description":"Insights logs access permission."},"dashboardAccess":{"type":"string","description":"Dashboard access permission."},"deviceInfoAccess":{"type":"string","description":"Device information access permission. When set to NONE, device information is obfuscated."},"extFeaturePermissions":{"type":"object","additionalProperties":{"type":"string"},"description":"External feature access permission."},"featurePermissions":{"type":"object","additionalProperties":{"type":"string"},"description":"Feature access permission. Indicates which features an admin role can access and if the admin has both read and write access, or read-only access."},"isAuditor":{"type":"boolean","description":"Indicates whether this is an auditor role."},"isNonEditable":{"type":"boolean","description":"Indicates whether or not this admin user is editable/deletable."},"logsLimit":{"type":"string","description":"Log range limit."},"name":{"type":"string","description":"The Name of the admin role\n"},"permissions":{"type":"array","items":{"type":"string"},"description":"Request method for which the rule must be applied. If not set, rule will be applied to all methods"},"policyAccess":{"type":"string","description":"Policy access permission."},"rank":{"type":"integer","description":"Admin rank of this admin role. This is applicable only when admin rank is enabled in the advanced settings. Default value is 7 (the lowest rank). The assigned admin rank determines the roles or admin users this user can manage, and which rule orders this admin can access."},"reportAccess":{"type":"string","description":"Report access permission."},"reportTimeDuration":{"type":"integer","description":"Time duration allocated to the report dashboard."},"roleId":{"type":"integer"},"roleType":{"type":"string","description":"The admin role type. ()This attribute is subject to change.)"},"usernameAccess":{"type":"string","description":"Username access permission. When set to NONE, the username will be obfuscated."}},"required":["adminAcctAccess","alertingAccess","analysisAccess","dashboardAccess","deviceInfoAccess","name","permissions","policyAccess","reportAccess","reportTimeDuration","roleId","usernameAccess"],"inputProperties":{"adminAcctAccess":{"type":"string","description":"Admin and role management access permission."},"alertingAccess":{"type":"string","description":"Alerting access permission"},"analysisAccess":{"type":"string","description":"Insights logs access permission."},"dashboardAccess":{"type":"string","description":"Dashboard access permission."},"deviceInfoAccess":{"type":"string","description":"Device information access permission. When set to NONE, device information is obfuscated."},"extFeaturePermissions":{"type":"object","additionalProperties":{"type":"string"},"description":"External feature access permission."},"featurePermissions":{"type":"object","additionalProperties":{"type":"string"},"description":"Feature access permission. Indicates which features an admin role can access and if the admin has both read and write access, or read-only access."},"isAuditor":{"type":"boolean","description":"Indicates whether this is an auditor role."},"isNonEditable":{"type":"boolean","description":"Indicates whether or not this admin user is editable/deletable."},"logsLimit":{"type":"string","description":"Log range limit."},"name":{"type":"string","description":"The Name of the admin role\n"},"permissions":{"type":"array","items":{"type":"string"},"description":"Request method for which the rule must be applied. If not set, rule will be applied to all methods"},"policyAccess":{"type":"string","description":"Policy access permission."},"rank":{"type":"integer","description":"Admin rank of this admin role. This is applicable only when admin rank is enabled in the advanced settings. Default value is 7 (the lowest rank). The assigned admin rank determines the roles or admin users this user can manage, and which rule orders this admin can access."},"reportAccess":{"type":"string","description":"Report access permission."},"reportTimeDuration":{"type":"integer","description":"Time duration allocated to the report dashboard."},"roleType":{"type":"string","description":"The admin role type. ()This attribute is subject to change.)"},"usernameAccess":{"type":"string","description":"Username access permission. When set to NONE, the username will be obfuscated."}},"stateInputs":{"description":"Input properties used for looking up and filtering AdminRoles resources.\n","properties":{"adminAcctAccess":{"type":"string","description":"Admin and role management access permission."},"alertingAccess":{"type":"string","description":"Alerting access permission"},"analysisAccess":{"type":"string","description":"Insights logs access permission."},"dashboardAccess":{"type":"string","description":"Dashboard access permission."},"deviceInfoAccess":{"type":"string","description":"Device information access permission. When set to NONE, device information is obfuscated."},"extFeaturePermissions":{"type":"object","additionalProperties":{"type":"string"},"description":"External feature access permission."},"featurePermissions":{"type":"object","additionalProperties":{"type":"string"},"description":"Feature access permission. Indicates which features an admin role can access and if the admin has both read and write access, or read-only access."},"isAuditor":{"type":"boolean","description":"Indicates whether this is an auditor role."},"isNonEditable":{"type":"boolean","description":"Indicates whether or not this admin user is editable/deletable."},"logsLimit":{"type":"string","description":"Log range limit."},"name":{"type":"string","description":"The Name of the admin role\n"},"permissions":{"type":"array","items":{"type":"string"},"description":"Request method for which the rule must be applied. If not set, rule will be applied to all methods"},"policyAccess":{"type":"string","description":"Policy access permission."},"rank":{"type":"integer","description":"Admin rank of this admin role. This is applicable only when admin rank is enabled in the advanced settings. Default value is 7 (the lowest rank). The assigned admin rank determines the roles or admin users this user can manage, and which rule orders this admin can access."},"reportAccess":{"type":"string","description":"Report access permission."},"reportTimeDuration":{"type":"integer","description":"Time duration allocated to the report dashboard."},"roleId":{"type":"integer"},"roleType":{"type":"string","description":"The admin role type. ()This attribute is subject to change.)"},"usernameAccess":{"type":"string","description":"Username access permission. When set to NONE, the username will be obfuscated."}},"type":"object"}},"zia:index/adminUsers:AdminUsers":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-administrators)\n* [API documentation](https://help.zscaler.com/zia/admin-role-management#/adminUsers-get)\n\nThe **zia_admin_users** resource allows the creation and management of ZIA admin user account created in the Zscaler Internet Access cloud or via the API.\n\n## Example Usage\n\n### Organization Scope\n\n```hcl\n######### PASSWORDS IN THIS FILE ARE FAKE AND NOT USED IN PRODUCTION SYSTEMS #########\nresource \"zia_admin_users\" \"john_smith\" {\n  login_name                      = \"john.smith@acme.com\"\n  user_name                       = \"John Smith\"\n  email                           = \"john.smith@acme.com\"\n  is_password_login_allowed       = true\n  password                        = \"*********************\"\n  is_security_report_comm_enabled = true\n  is_service_update_comm_enabled  = true\n  is_product_update_comm_enabled  = true\n  comments                        = \"Administrator User\"\n  role {\n    id = data.zia_admin_roles.super_admin.id\n  }\n  admin_scope_type = \"ORGANIZATION\"\n}\n\ndata \"zia_admin_roles\" \"super_admin\" {\n  name = \"Super Admin\"\n}\n```\n\n### Department Scope\n\n```hcl\n######### PASSWORDS IN THIS FILE ARE FAKE AND NOT USED IN PRODUCTION SYSTEMS #########\nresource \"zia_admin_users\" \"john_smith\" {\n  login_name                      = \"john.smith@acme.com\"\n  user_name                       = \"John Smith\"\n  email                           = \"john.smith@acme.com\"\n  is_password_login_allowed       = true\n  password                        = \"*********************\"\n  is_security_report_comm_enabled = true\n  is_service_update_comm_enabled  = true\n  is_product_update_comm_enabled  = true\n  comments                        = \"Administrator User\"\n  role {\n    id = data.zia_admin_roles.super_admin.id\n  }\n  admin_scope_type = \"DEPARTMENT\"\n    admin_scope_entities {\n        id = [ data.zia_department_management.engineering.id, data.zia_department_management.sales.id ]\n    }\n}\n\ndata \"zia_admin_roles\" \"super_admin\" {\n  name = \"Super Admin\"\n}\n\ndata \"zia_department_management\" \"engineering\" {\n  name = \"Engineering\"\n}\n```\n\n### Location Scope\n\n```hcl\n######### PASSWORDS IN THIS FILE ARE FAKE AND NOT USED IN PRODUCTION SYSTEMS #########\nresource \"zia_admin_users\" \"john_smith\" {\n  login_name                      = \"john.smith@acme.com\"\n  user_name                       = \"John Smith\"\n  email                           = \"john.smith@acme.com\"\n  is_password_login_allowed       = true\n  password                        = \"*********************\"\n  is_security_report_comm_enabled = true\n  is_service_update_comm_enabled  = true\n  is_product_update_comm_enabled  = true\n  comments                        = \"Administrator User\"\n  role {\n    id = data.zia_admin_roles.super_admin.id\n  }\n  admin_scope_type = \"LOCATION\"\n    admin_scope_entities {\n        id = [ data.zia_location_management.au_sydney_branch01.id ]\n    }\n}\n\ndata \"zia_admin_roles\" \"super_admin\" {\n  name = \"Super Admin\"\n}\n\ndata \"zia_location_management\" \"au_sydney_branch01\" {\n  name = \"AU - Sydney - Branch01\"\n}\n```\n\n### Location Group Scope\n\n```hcl\n######### PASSWORDS IN THIS FILE ARE FAKE AND NOT USED IN PRODUCTION SYSTEMS #########\nresource \"zia_admin_users\" \"john_smith\" {\n  login_name                      = \"john.smith@acme.com\"\n  user_name                       = \"John Smith\"\n  email                           = \"john.smith@acme.com\"\n  is_password_login_allowed       = true\n password                         = \"*********************\"\n  is_security_report_comm_enabled = true\n  is_service_update_comm_enabled  = true\n  is_product_update_comm_enabled  = true\n  comments                        = \"Administrator User\"\n  role {\n    id = data.zia_admin_roles.super_admin.id\n  }\n  admin_scope_type = \"LOCATION_GROUP\"\n    admin_scope_entities {\n        id = [ data.zia_location_groups.corporate_user_traffic_group.id ]\n    }\n}\n\ndata \"zia_admin_roles\" \"super_admin\" {\n  name = \"Super Admin\"\n}\n\ndata \"zia_location_groups\" \"corporate_user_traffic_group\" {\n  name = \"Corporate User Traffic Group\"\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_admin_users** can be imported by using `\u003cADMIN ID\u003e` or `\u003cLOGIN NAME\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/adminUsers:AdminUsers example \u003cadmin_id\u003e\n```\n\nor\n\n```sh\n$ pulumi import zia:index/adminUsers:AdminUsers example \u003clogin_name\u003e\n```\n\n⚠️ **NOTE :**:  This provider do not import the password attribute value during the importing process.\n\n","properties":{"adminId":{"type":"integer"},"adminScopeEntities":{"$ref":"#/types/zia:index/AdminUsersAdminScopeEntities:AdminUsersAdminScopeEntities","description":"list of destination ip groups"},"adminScopeType":{"type":"string"},"comments":{"type":"string","description":"Additional information about the admin or auditor."},"disabled":{"type":"boolean"},"email":{"type":"string","description":"Admin or auditor's email address."},"isAuditor":{"type":"boolean"},"isExecMobileAppEnabled":{"type":"boolean"},"isNonEditable":{"type":"boolean"},"isPasswordExpired":{"type":"boolean"},"isPasswordLoginAllowed":{"type":"boolean"},"isProductUpdateCommEnabled":{"type":"boolean"},"isSecurityReportCommEnabled":{"type":"boolean"},"isServiceUpdateCommEnabled":{"type":"boolean"},"loginName":{"type":"string"},"password":{"type":"string","description":"The admin's password. If admin single sign-on (SSO) is disabled, then this field is mandatory for POST requests. This information is not provided in a GET response.","secret":true},"roles":{"type":"array","items":{"$ref":"#/types/zia:index/AdminUsersRole:AdminUsersRole"},"description":"Role of the admin. This is not required for an auditor."},"username":{"type":"string","description":"Admin or auditor's username."}},"required":["adminId","adminScopeType","email","loginName","username"],"inputProperties":{"adminScopeEntities":{"$ref":"#/types/zia:index/AdminUsersAdminScopeEntities:AdminUsersAdminScopeEntities","description":"list of destination ip groups"},"adminScopeType":{"type":"string"},"comments":{"type":"string","description":"Additional information about the admin or auditor."},"disabled":{"type":"boolean"},"email":{"type":"string","description":"Admin or auditor's email address."},"isAuditor":{"type":"boolean"},"isExecMobileAppEnabled":{"type":"boolean"},"isNonEditable":{"type":"boolean"},"isPasswordExpired":{"type":"boolean"},"isPasswordLoginAllowed":{"type":"boolean"},"isProductUpdateCommEnabled":{"type":"boolean"},"isSecurityReportCommEnabled":{"type":"boolean"},"isServiceUpdateCommEnabled":{"type":"boolean"},"loginName":{"type":"string"},"password":{"type":"string","description":"The admin's password. If admin single sign-on (SSO) is disabled, then this field is mandatory for POST requests. This information is not provided in a GET response.","secret":true},"roles":{"type":"array","items":{"$ref":"#/types/zia:index/AdminUsersRole:AdminUsersRole"},"description":"Role of the admin. This is not required for an auditor."},"username":{"type":"string","description":"Admin or auditor's username."}},"requiredInputs":["email","loginName","username"],"stateInputs":{"description":"Input properties used for looking up and filtering AdminUsers resources.\n","properties":{"adminId":{"type":"integer"},"adminScopeEntities":{"$ref":"#/types/zia:index/AdminUsersAdminScopeEntities:AdminUsersAdminScopeEntities","description":"list of destination ip groups"},"adminScopeType":{"type":"string"},"comments":{"type":"string","description":"Additional information about the admin or auditor."},"disabled":{"type":"boolean"},"email":{"type":"string","description":"Admin or auditor's email address."},"isAuditor":{"type":"boolean"},"isExecMobileAppEnabled":{"type":"boolean"},"isNonEditable":{"type":"boolean"},"isPasswordExpired":{"type":"boolean"},"isPasswordLoginAllowed":{"type":"boolean"},"isProductUpdateCommEnabled":{"type":"boolean"},"isSecurityReportCommEnabled":{"type":"boolean"},"isServiceUpdateCommEnabled":{"type":"boolean"},"loginName":{"type":"string"},"password":{"type":"string","description":"The admin's password. If admin single sign-on (SSO) is disabled, then this field is mandatory for POST requests. This information is not provided in a GET response.","secret":true},"roles":{"type":"array","items":{"$ref":"#/types/zia:index/AdminUsersRole:AdminUsersRole"},"description":"Role of the admin. This is not required for an auditor."},"username":{"type":"string","description":"Admin or auditor's username."}},"type":"object"}},"zia:index/advancedSettings:AdvancedSettings":{"description":"* [Official documentation](https://help.zscaler.com/zia/configuring-advanced-settings)\n* [API documentation](https://help.zscaler.com/zia/advanced-settings#/advancedSettings-get)\n\nThe **zia_advanced_settings** resource alows you to updates the advanced settings configuration in the ZIA Admin Portal. To learn more see [Configuring Advanced Settings](https://help.zscaler.com/zia/configuring-advanced-settings)\n\n## Example Usage\n\n```hcl\nresource \"zia_advanced_settings\" \"this\" {\n  auth_bypass_urls                                            = [\".newexample1.com\", \".newexample2.com\"]\n  dns_resolution_on_transparent_proxy_apps                    = [\"CHATGPT_AI\"]\n  basic_bypass_url_categories                                 = [\"NONE\"]\n  http_range_header_remove_url_categories                     = [\"NONE\"]\n  kerberos_bypass_urls                                        = [\"test1.com\"]\n  kerberos_bypass_apps                                        = []\n  dns_resolution_on_transparent_proxy_urls                    = [\"test1.com\", \"test2.com\"]\n  enable_dns_resolution_on_transparent_proxy                  = true\n  enable_evaluate_policy_on_global_ssl_bypass                 = true\n  enable_office365                                            = true\n  log_internal_ip                                             = true\n  enforce_surrogate_ip_for_windows_app                        = true\n  track_http_tunnel_on_http_ports                             = true\n  block_http_tunnel_on_non_http_ports                         = false\n  block_domain_fronting_on_host_header                        = false\n  zscaler_client_connector_1_and_pac_road_warrior_in_firewall = true\n  cascade_url_filtering                                       = true\n  enable_policy_for_unauthenticated_traffic                   = true\n  block_non_compliant_http_request_on_http_ports              = true\n  enable_admin_rank_access                                    = true\n  http2_nonbrowser_traffic_enabled                            = true\n  ecs_for_all_enabled                                         = false\n  dynamic_user_risk_enabled                                   = false\n  block_connect_host_sni_mismatch                             = false\n  prefer_sni_over_conn_host                                   = false\n  sipa_xff_header_enabled                                     = false\n  block_non_http_on_http_port_enabled                         = true\n  ui_session_timeout                                          = 300\n}\n\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_advanced_settings** can be imported by using \u003cspan pulumi-lang-nodejs=\"`advancedSettings`\" pulumi-lang-dotnet=\"`AdvancedSettings`\" pulumi-lang-go=\"`advancedSettings`\" pulumi-lang-python=\"`advanced_settings`\" pulumi-lang-yaml=\"`advancedSettings`\" pulumi-lang-java=\"`advancedSettings`\"\u003e`advanced_settings`\u003c/span\u003e as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/advancedSettings:AdvancedSettings this \"advanced_settings\"\n```\n\n","properties":{"authBypassApps":{"type":"array","items":{"type":"string"},"description":"Cloud applications that are exempted from cookie authentication"},"authBypassUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories that are exempted from cookie authentication"},"authBypassUrls":{"type":"array","items":{"type":"string"},"description":"Custom URLs that are exempted from cookie authentication for users"},"basicBypassApps":{"type":"array","items":{"type":"string"},"description":"Cloud applications that are exempted from Basic authentication"},"basicBypassUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories that are exempted from Basic authentication"},"blockConnectHostSniMismatch":{"type":"boolean","description":"Value indicating whether CONNECT host and SNI mismatch (i.e., CONNECT host doesn't match the SSL/TLS client hello SNI) is blocked or not"},"blockDomainFrontingApps":{"type":"array","items":{"type":"string"},"description":"Applications which are subjected to Domain Fronting"},"blockDomainFrontingOnHostHeader":{"type":"boolean","description":"Value indicating whether to block or allow HTTP/S transactions in which the FQDN of the request URL is different than the FQDN of the request's host header"},"blockHttpTunnelOnNonHttpPorts":{"type":"boolean","description":"Value indicating whether HTTP CONNECT method requests to non-standard ports are allowed or not (i.e., requests directed to ports other than the standard HTTP/S ports 80 and 443)"},"blockNonCompliantHttpRequestOnHttpPorts":{"type":"boolean","description":"Value indicating whether to allow or block traffic that is not compliant with RFC HTTP protocol standards"},"blockNonHttpOnHttpPortEnabled":{"type":"boolean","description":"Value indicating whether non-HTTP Traffic on HTTP/S ports are allowed or blocked"},"cascadeUrlFiltering":{"type":"boolean","description":"Value indicating whether to apply the URL Filtering policy even when the Cloud App Control policy already allows a transaction explicitly"},"digestAuthBypassApps":{"type":"array","items":{"type":"string"},"description":"Cloud applications that are exempted from Digest authentication"},"digestAuthBypassUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories that are exempted from Digest authentication"},"digestAuthBypassUrls":{"type":"array","items":{"type":"string"},"description":"Custom URLs that are exempted from Digest authentication. Cloud applications that are exempted from Digest authentication"},"dnsResolutionOnTransparentProxyApps":{"type":"array","items":{"type":"string"},"description":"Cloud applications to which DNS optimization on transparent proxy mode applies"},"dnsResolutionOnTransparentProxyExemptApps":{"type":"array","items":{"type":"string"},"description":"Cloud applications that are excluded from DNS optimization on transparent proxy mode"},"dnsResolutionOnTransparentProxyExemptUrlCategories":{"type":"array","items":{"type":"string"}},"dnsResolutionOnTransparentProxyExemptUrls":{"type":"array","items":{"type":"string"},"description":"URLs that are excluded from DNS optimization on transparent proxy mode"},"dnsResolutionOnTransparentProxyIpv6Apps":{"type":"array","items":{"type":"string"},"description":"Cloud applications to which DNS optimization for IPv6 addresses on transparent proxy mode applies"},"dnsResolutionOnTransparentProxyIpv6ExemptApps":{"type":"array","items":{"type":"string"},"description":"Cloud applications that are excluded from DNS optimization for IPv6 addresses on transparent proxy mode"},"dnsResolutionOnTransparentProxyIpv6ExemptUrlCategories":{"type":"array","items":{"type":"string"}},"dnsResolutionOnTransparentProxyIpv6UrlCategories":{"type":"array","items":{"type":"string"},"description":"IPv6 URL categories to which DNS optimization on transparent proxy mode applies"},"dnsResolutionOnTransparentProxyUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories to which DNS optimization on transparent proxy mode applies"},"dnsResolutionOnTransparentProxyUrls":{"type":"array","items":{"type":"string"},"description":"URLs to which DNS optimization on transparent proxy mode applies"},"domainFrontingBypassUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories that are exempted from domain fronting"},"dynamicUserRiskEnabled":{"type":"boolean","description":"Value indicating whether to dynamically update user risk score by tracking risky user activities in real time"},"ecsForAllEnabled":{"type":"boolean","description":"Value indicating whether or not to include the ECS option in all DNS queries, originating from all locations and remote users."},"enableAdminRankAccess":{"type":"boolean","description":"Value indicating whether ranks are enabled for admins to allow admin ranks in policy configuration and management"},"enableDnsResolutionOnTransparentProxy":{"type":"boolean","description":"Value indicating whether DNS optimization is enabled or disabled for Z-Tunnel 2.0 and transparent proxy mode traffic (e.g., traffic via GRE or IPSec tunnels without a PAC file)."},"enableEvaluatePolicyOnGlobalSslBypass":{"type":"boolean","description":"Enable/Disable DNS optimization for all IPv6 transparent proxy traffic"},"enableIpv6DnsOptimizationOnAllTransparentProxy":{"type":"boolean","description":"Enable/Disable DNS optimization for all IPv6 transparent proxy traffic"},"enableIpv6DnsResolutionOnTransparentProxy":{"type":"boolean","description":"Value indicating whether DNS optimization is enabled or disabled for IPv6 connections to dual-stack or IPv6-only destinations sent via Z-Tunnel 2.0 and transparent proxy proxy mode (e.g., traffic via GRE or IPSec tunnels without a PAC file)."},"enableOffice365":{"type":"boolean","description":"Value indicating whether Microsoft Office 365 One Click Configuration is enabled or not"},"enablePolicyForUnauthenticatedTraffic":{"type":"boolean","description":"Value indicating whether policies that include user and department criteria can be configured and applied for unauthenticated traffic"},"enforceSurrogateIpForWindowsApp":{"type":"boolean","description":"Enforce Surrogate IP authentication for Windows app traffic"},"http2NonbrowserTrafficEnabled":{"type":"boolean","description":"Value indicating whether or not HTTP/2 should be the default web protocol for accessing various applications at your organizational level"},"httpRangeHeaderRemoveUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories for which HTTP range headers must be removed"},"kerberosBypassApps":{"type":"array","items":{"type":"string"},"description":"Cloud applications that are exempted from Kerberos authentication"},"kerberosBypassUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories that are exempted from Kerberos authentication"},"kerberosBypassUrls":{"type":"array","items":{"type":"string"},"description":"Custom URLs that are exempted from Kerberos authentication"},"logInternalIp":{"type":"boolean","description":"Value indicating whether to log internal IP address present in X-Forwarded-For (XFF) proxy header or not"},"preferSniOverConnHost":{"type":"boolean","description":"Value indicating whether or not to use the SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections"},"preferSniOverConnHostApps":{"type":"array","items":{"type":"string"},"description":"Applications that are exempted from the preferSniOverConnHost setting (i.e., prefer SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections)"},"sipaXffHeaderEnabled":{"type":"boolean","description":"Value indicating whether or not to insert XFF header to all traffic forwarded from ZIA to ZPA, including source IP-anchored and ZIA-inspected ZPA application traffic."},"sniDnsOptimizationBypassUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories that are excluded from the preferSniOverConnHost setting (i.e., prefer SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections)"},"trackHttpTunnelOnHttpPorts":{"type":"boolean","description":"Value indicating whether to apply configured policies on tunneled HTTP traffic sent via a CONNECT method request on port 80"},"uiSessionTimeout":{"type":"integer","description":"Specifies the login session timeout for admins accessing the ZIA Admin Portal"},"zscalerClientConnector1AndPacRoadWarriorInFirewall":{"type":"boolean","description":"Value indicating whether to apply the Firewall rules configured without a specified location criteria (or with the Road Warrior location) to remote user traffic forwarded via Z-Tunnel 1.0 or PAC files"}},"required":["authBypassApps","authBypassUrlCategories","authBypassUrls","basicBypassApps","basicBypassUrlCategories","blockConnectHostSniMismatch","blockDomainFrontingApps","blockDomainFrontingOnHostHeader","blockHttpTunnelOnNonHttpPorts","blockNonCompliantHttpRequestOnHttpPorts","blockNonHttpOnHttpPortEnabled","cascadeUrlFiltering","digestAuthBypassApps","digestAuthBypassUrlCategories","digestAuthBypassUrls","dnsResolutionOnTransparentProxyApps","dnsResolutionOnTransparentProxyExemptApps","dnsResolutionOnTransparentProxyExemptUrlCategories","dnsResolutionOnTransparentProxyExemptUrls","dnsResolutionOnTransparentProxyIpv6Apps","dnsResolutionOnTransparentProxyIpv6ExemptApps","dnsResolutionOnTransparentProxyIpv6ExemptUrlCategories","dnsResolutionOnTransparentProxyIpv6UrlCategories","dnsResolutionOnTransparentProxyUrlCategories","dnsResolutionOnTransparentProxyUrls","domainFrontingBypassUrlCategories","dynamicUserRiskEnabled","ecsForAllEnabled","enableAdminRankAccess","enableDnsResolutionOnTransparentProxy","enableEvaluatePolicyOnGlobalSslBypass","enableIpv6DnsOptimizationOnAllTransparentProxy","enableIpv6DnsResolutionOnTransparentProxy","enableOffice365","enablePolicyForUnauthenticatedTraffic","enforceSurrogateIpForWindowsApp","http2NonbrowserTrafficEnabled","httpRangeHeaderRemoveUrlCategories","kerberosBypassApps","kerberosBypassUrlCategories","kerberosBypassUrls","logInternalIp","preferSniOverConnHost","preferSniOverConnHostApps","sipaXffHeaderEnabled","sniDnsOptimizationBypassUrlCategories","trackHttpTunnelOnHttpPorts","uiSessionTimeout","zscalerClientConnector1AndPacRoadWarriorInFirewall"],"inputProperties":{"authBypassApps":{"type":"array","items":{"type":"string"},"description":"Cloud applications that are exempted from cookie authentication"},"authBypassUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories that are exempted from cookie authentication"},"authBypassUrls":{"type":"array","items":{"type":"string"},"description":"Custom URLs that are exempted from cookie authentication for users"},"basicBypassApps":{"type":"array","items":{"type":"string"},"description":"Cloud applications that are exempted from Basic authentication"},"basicBypassUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories that are exempted from Basic authentication"},"blockConnectHostSniMismatch":{"type":"boolean","description":"Value indicating whether CONNECT host and SNI mismatch (i.e., CONNECT host doesn't match the SSL/TLS client hello SNI) is blocked or not"},"blockDomainFrontingApps":{"type":"array","items":{"type":"string"},"description":"Applications which are subjected to Domain Fronting"},"blockDomainFrontingOnHostHeader":{"type":"boolean","description":"Value indicating whether to block or allow HTTP/S transactions in which the FQDN of the request URL is different than the FQDN of the request's host header"},"blockHttpTunnelOnNonHttpPorts":{"type":"boolean","description":"Value indicating whether HTTP CONNECT method requests to non-standard ports are allowed or not (i.e., requests directed to ports other than the standard HTTP/S ports 80 and 443)"},"blockNonCompliantHttpRequestOnHttpPorts":{"type":"boolean","description":"Value indicating whether to allow or block traffic that is not compliant with RFC HTTP protocol standards"},"blockNonHttpOnHttpPortEnabled":{"type":"boolean","description":"Value indicating whether non-HTTP Traffic on HTTP/S ports are allowed or blocked"},"cascadeUrlFiltering":{"type":"boolean","description":"Value indicating whether to apply the URL Filtering policy even when the Cloud App Control policy already allows a transaction explicitly"},"digestAuthBypassApps":{"type":"array","items":{"type":"string"},"description":"Cloud applications that are exempted from Digest authentication"},"digestAuthBypassUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories that are exempted from Digest authentication"},"digestAuthBypassUrls":{"type":"array","items":{"type":"string"},"description":"Custom URLs that are exempted from Digest authentication. Cloud applications that are exempted from Digest authentication"},"dnsResolutionOnTransparentProxyApps":{"type":"array","items":{"type":"string"},"description":"Cloud applications to which DNS optimization on transparent proxy mode applies"},"dnsResolutionOnTransparentProxyExemptApps":{"type":"array","items":{"type":"string"},"description":"Cloud applications that are excluded from DNS optimization on transparent proxy mode"},"dnsResolutionOnTransparentProxyExemptUrlCategories":{"type":"array","items":{"type":"string"}},"dnsResolutionOnTransparentProxyExemptUrls":{"type":"array","items":{"type":"string"},"description":"URLs that are excluded from DNS optimization on transparent proxy mode"},"dnsResolutionOnTransparentProxyIpv6Apps":{"type":"array","items":{"type":"string"},"description":"Cloud applications to which DNS optimization for IPv6 addresses on transparent proxy mode applies"},"dnsResolutionOnTransparentProxyIpv6ExemptApps":{"type":"array","items":{"type":"string"},"description":"Cloud applications that are excluded from DNS optimization for IPv6 addresses on transparent proxy mode"},"dnsResolutionOnTransparentProxyIpv6ExemptUrlCategories":{"type":"array","items":{"type":"string"}},"dnsResolutionOnTransparentProxyIpv6UrlCategories":{"type":"array","items":{"type":"string"},"description":"IPv6 URL categories to which DNS optimization on transparent proxy mode applies"},"dnsResolutionOnTransparentProxyUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories to which DNS optimization on transparent proxy mode applies"},"dnsResolutionOnTransparentProxyUrls":{"type":"array","items":{"type":"string"},"description":"URLs to which DNS optimization on transparent proxy mode applies"},"domainFrontingBypassUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories that are exempted from domain fronting"},"dynamicUserRiskEnabled":{"type":"boolean","description":"Value indicating whether to dynamically update user risk score by tracking risky user activities in real time"},"ecsForAllEnabled":{"type":"boolean","description":"Value indicating whether or not to include the ECS option in all DNS queries, originating from all locations and remote users."},"enableAdminRankAccess":{"type":"boolean","description":"Value indicating whether ranks are enabled for admins to allow admin ranks in policy configuration and management"},"enableDnsResolutionOnTransparentProxy":{"type":"boolean","description":"Value indicating whether DNS optimization is enabled or disabled for Z-Tunnel 2.0 and transparent proxy mode traffic (e.g., traffic via GRE or IPSec tunnels without a PAC file)."},"enableEvaluatePolicyOnGlobalSslBypass":{"type":"boolean","description":"Enable/Disable DNS optimization for all IPv6 transparent proxy traffic"},"enableIpv6DnsOptimizationOnAllTransparentProxy":{"type":"boolean","description":"Enable/Disable DNS optimization for all IPv6 transparent proxy traffic"},"enableIpv6DnsResolutionOnTransparentProxy":{"type":"boolean","description":"Value indicating whether DNS optimization is enabled or disabled for IPv6 connections to dual-stack or IPv6-only destinations sent via Z-Tunnel 2.0 and transparent proxy proxy mode (e.g., traffic via GRE or IPSec tunnels without a PAC file)."},"enableOffice365":{"type":"boolean","description":"Value indicating whether Microsoft Office 365 One Click Configuration is enabled or not"},"enablePolicyForUnauthenticatedTraffic":{"type":"boolean","description":"Value indicating whether policies that include user and department criteria can be configured and applied for unauthenticated traffic"},"enforceSurrogateIpForWindowsApp":{"type":"boolean","description":"Enforce Surrogate IP authentication for Windows app traffic"},"http2NonbrowserTrafficEnabled":{"type":"boolean","description":"Value indicating whether or not HTTP/2 should be the default web protocol for accessing various applications at your organizational level"},"httpRangeHeaderRemoveUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories for which HTTP range headers must be removed"},"kerberosBypassApps":{"type":"array","items":{"type":"string"},"description":"Cloud applications that are exempted from Kerberos authentication"},"kerberosBypassUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories that are exempted from Kerberos authentication"},"kerberosBypassUrls":{"type":"array","items":{"type":"string"},"description":"Custom URLs that are exempted from Kerberos authentication"},"logInternalIp":{"type":"boolean","description":"Value indicating whether to log internal IP address present in X-Forwarded-For (XFF) proxy header or not"},"preferSniOverConnHost":{"type":"boolean","description":"Value indicating whether or not to use the SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections"},"preferSniOverConnHostApps":{"type":"array","items":{"type":"string"},"description":"Applications that are exempted from the preferSniOverConnHost setting (i.e., prefer SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections)"},"sipaXffHeaderEnabled":{"type":"boolean","description":"Value indicating whether or not to insert XFF header to all traffic forwarded from ZIA to ZPA, including source IP-anchored and ZIA-inspected ZPA application traffic."},"sniDnsOptimizationBypassUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories that are excluded from the preferSniOverConnHost setting (i.e., prefer SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections)"},"trackHttpTunnelOnHttpPorts":{"type":"boolean","description":"Value indicating whether to apply configured policies on tunneled HTTP traffic sent via a CONNECT method request on port 80"},"uiSessionTimeout":{"type":"integer","description":"Specifies the login session timeout for admins accessing the ZIA Admin Portal"},"zscalerClientConnector1AndPacRoadWarriorInFirewall":{"type":"boolean","description":"Value indicating whether to apply the Firewall rules configured without a specified location criteria (or with the Road Warrior location) to remote user traffic forwarded via Z-Tunnel 1.0 or PAC files"}},"stateInputs":{"description":"Input properties used for looking up and filtering AdvancedSettings resources.\n","properties":{"authBypassApps":{"type":"array","items":{"type":"string"},"description":"Cloud applications that are exempted from cookie authentication"},"authBypassUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories that are exempted from cookie authentication"},"authBypassUrls":{"type":"array","items":{"type":"string"},"description":"Custom URLs that are exempted from cookie authentication for users"},"basicBypassApps":{"type":"array","items":{"type":"string"},"description":"Cloud applications that are exempted from Basic authentication"},"basicBypassUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories that are exempted from Basic authentication"},"blockConnectHostSniMismatch":{"type":"boolean","description":"Value indicating whether CONNECT host and SNI mismatch (i.e., CONNECT host doesn't match the SSL/TLS client hello SNI) is blocked or not"},"blockDomainFrontingApps":{"type":"array","items":{"type":"string"},"description":"Applications which are subjected to Domain Fronting"},"blockDomainFrontingOnHostHeader":{"type":"boolean","description":"Value indicating whether to block or allow HTTP/S transactions in which the FQDN of the request URL is different than the FQDN of the request's host header"},"blockHttpTunnelOnNonHttpPorts":{"type":"boolean","description":"Value indicating whether HTTP CONNECT method requests to non-standard ports are allowed or not (i.e., requests directed to ports other than the standard HTTP/S ports 80 and 443)"},"blockNonCompliantHttpRequestOnHttpPorts":{"type":"boolean","description":"Value indicating whether to allow or block traffic that is not compliant with RFC HTTP protocol standards"},"blockNonHttpOnHttpPortEnabled":{"type":"boolean","description":"Value indicating whether non-HTTP Traffic on HTTP/S ports are allowed or blocked"},"cascadeUrlFiltering":{"type":"boolean","description":"Value indicating whether to apply the URL Filtering policy even when the Cloud App Control policy already allows a transaction explicitly"},"digestAuthBypassApps":{"type":"array","items":{"type":"string"},"description":"Cloud applications that are exempted from Digest authentication"},"digestAuthBypassUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories that are exempted from Digest authentication"},"digestAuthBypassUrls":{"type":"array","items":{"type":"string"},"description":"Custom URLs that are exempted from Digest authentication. Cloud applications that are exempted from Digest authentication"},"dnsResolutionOnTransparentProxyApps":{"type":"array","items":{"type":"string"},"description":"Cloud applications to which DNS optimization on transparent proxy mode applies"},"dnsResolutionOnTransparentProxyExemptApps":{"type":"array","items":{"type":"string"},"description":"Cloud applications that are excluded from DNS optimization on transparent proxy mode"},"dnsResolutionOnTransparentProxyExemptUrlCategories":{"type":"array","items":{"type":"string"}},"dnsResolutionOnTransparentProxyExemptUrls":{"type":"array","items":{"type":"string"},"description":"URLs that are excluded from DNS optimization on transparent proxy mode"},"dnsResolutionOnTransparentProxyIpv6Apps":{"type":"array","items":{"type":"string"},"description":"Cloud applications to which DNS optimization for IPv6 addresses on transparent proxy mode applies"},"dnsResolutionOnTransparentProxyIpv6ExemptApps":{"type":"array","items":{"type":"string"},"description":"Cloud applications that are excluded from DNS optimization for IPv6 addresses on transparent proxy mode"},"dnsResolutionOnTransparentProxyIpv6ExemptUrlCategories":{"type":"array","items":{"type":"string"}},"dnsResolutionOnTransparentProxyIpv6UrlCategories":{"type":"array","items":{"type":"string"},"description":"IPv6 URL categories to which DNS optimization on transparent proxy mode applies"},"dnsResolutionOnTransparentProxyUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories to which DNS optimization on transparent proxy mode applies"},"dnsResolutionOnTransparentProxyUrls":{"type":"array","items":{"type":"string"},"description":"URLs to which DNS optimization on transparent proxy mode applies"},"domainFrontingBypassUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories that are exempted from domain fronting"},"dynamicUserRiskEnabled":{"type":"boolean","description":"Value indicating whether to dynamically update user risk score by tracking risky user activities in real time"},"ecsForAllEnabled":{"type":"boolean","description":"Value indicating whether or not to include the ECS option in all DNS queries, originating from all locations and remote users."},"enableAdminRankAccess":{"type":"boolean","description":"Value indicating whether ranks are enabled for admins to allow admin ranks in policy configuration and management"},"enableDnsResolutionOnTransparentProxy":{"type":"boolean","description":"Value indicating whether DNS optimization is enabled or disabled for Z-Tunnel 2.0 and transparent proxy mode traffic (e.g., traffic via GRE or IPSec tunnels without a PAC file)."},"enableEvaluatePolicyOnGlobalSslBypass":{"type":"boolean","description":"Enable/Disable DNS optimization for all IPv6 transparent proxy traffic"},"enableIpv6DnsOptimizationOnAllTransparentProxy":{"type":"boolean","description":"Enable/Disable DNS optimization for all IPv6 transparent proxy traffic"},"enableIpv6DnsResolutionOnTransparentProxy":{"type":"boolean","description":"Value indicating whether DNS optimization is enabled or disabled for IPv6 connections to dual-stack or IPv6-only destinations sent via Z-Tunnel 2.0 and transparent proxy proxy mode (e.g., traffic via GRE or IPSec tunnels without a PAC file)."},"enableOffice365":{"type":"boolean","description":"Value indicating whether Microsoft Office 365 One Click Configuration is enabled or not"},"enablePolicyForUnauthenticatedTraffic":{"type":"boolean","description":"Value indicating whether policies that include user and department criteria can be configured and applied for unauthenticated traffic"},"enforceSurrogateIpForWindowsApp":{"type":"boolean","description":"Enforce Surrogate IP authentication for Windows app traffic"},"http2NonbrowserTrafficEnabled":{"type":"boolean","description":"Value indicating whether or not HTTP/2 should be the default web protocol for accessing various applications at your organizational level"},"httpRangeHeaderRemoveUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories for which HTTP range headers must be removed"},"kerberosBypassApps":{"type":"array","items":{"type":"string"},"description":"Cloud applications that are exempted from Kerberos authentication"},"kerberosBypassUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories that are exempted from Kerberos authentication"},"kerberosBypassUrls":{"type":"array","items":{"type":"string"},"description":"Custom URLs that are exempted from Kerberos authentication"},"logInternalIp":{"type":"boolean","description":"Value indicating whether to log internal IP address present in X-Forwarded-For (XFF) proxy header or not"},"preferSniOverConnHost":{"type":"boolean","description":"Value indicating whether or not to use the SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections"},"preferSniOverConnHostApps":{"type":"array","items":{"type":"string"},"description":"Applications that are exempted from the preferSniOverConnHost setting (i.e., prefer SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections)"},"sipaXffHeaderEnabled":{"type":"boolean","description":"Value indicating whether or not to insert XFF header to all traffic forwarded from ZIA to ZPA, including source IP-anchored and ZIA-inspected ZPA application traffic."},"sniDnsOptimizationBypassUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories that are excluded from the preferSniOverConnHost setting (i.e., prefer SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections)"},"trackHttpTunnelOnHttpPorts":{"type":"boolean","description":"Value indicating whether to apply configured policies on tunneled HTTP traffic sent via a CONNECT method request on port 80"},"uiSessionTimeout":{"type":"integer","description":"Specifies the login session timeout for admins accessing the ZIA Admin Portal"},"zscalerClientConnector1AndPacRoadWarriorInFirewall":{"type":"boolean","description":"Value indicating whether to apply the Firewall rules configured without a specified location criteria (or with the Road Warrior location) to remote user traffic forwarded via Z-Tunnel 1.0 or PAC files"}},"type":"object"}},"zia:index/advancedThreatSettings:AdvancedThreatSettings":{"description":"* [Official documentation](https://help.zscaler.com/zia/configuring-advanced-threat-protection-policy)\n* [API documentation](https://help.zscaler.com/legacy-apis/advanced-threat-protection-policy#/cyberThreatProtection/advancedThreatSettings-put)\n\nThe **zia_advanced_threat_settings** resource allows you to update the advanced threat configuration settings. To learn more see [Configuring Advanced Threat Protection Settings](https://help.zscaler.com/zia/configuring-advanced-threat-protection-policy)\n\n## Example Usage\n\n```hcl\nresource \"zia_advanced_threat_settings\" \"this\" {\n  risk_tolerance                           = 80\n  risk_tolerance_capture                   = false\n  cmd_ctl_server_blocked                   = true\n  cmd_ctl_server_capture                   = false\n  cmd_ctl_traffic_blocked                  = true\n  cmd_ctl_traffic_capture                  = false\n  malware_sites_blocked                    = true\n  malware_sites_capture                    = false\n  activex_blocked                          = true\n  activex_capture                          = false\n  browser_exploits_blocked                 = true\n  browser_exploits_capture                 = false\n  file_format_vunerabilites_blocked        = true\n  file_format_vunerabilites_capture        = false\n  known_phishing_sites_blocked             = true\n  known_phishing_sites_capture             = false\n  suspected_phishing_sites_blocked         = true\n  suspected_phishing_sites_capture         = false\n  suspect_adware_spyware_sites_blocked     = true\n  suspect_adware_spyware_sites_capture     = false\n  web_spam_blocked                         = true\n  web_spam_capture                         = false\n  irc_tunnelling_blocked                   = true\n  irc_tunnelling_capture                   = false\n  anonymizer_blocked                       = true\n  anonymizer_capture                       = false\n  cookie_stealing_blocked                  = true\n  cookie_stealing_pcap_enabled             = false\n  potential_malicious_requests_blocked     = true\n  potential_malicious_requests_capture     = false\n  blocked_countries                        = [\"BR\",\"US\", \"CN\", \"RU\"]\n  block_countries_capture                  = false\n  bit_torrent_blocked                      = true\n  bit_torrent_capture                      = false\n  tor_blocked                              = true\n  tor_capture                              = false\n  google_talk_blocked                      = true\n  google_talk_capture                      = false\n  ssh_tunnelling_blocked                   = true\n  ssh_tunnelling_capture                   = false\n  crypto_mining_blocked                    = true\n  crypto_mining_capture                    = false\n  ad_spyware_sites_blocked                 = true\n  ad_spyware_sites_capture                 = false\n  dga_domains_blocked                      = true\n  dga_domains_capture                      = false\n  alert_for_unknown_suspicious_c2_traffic  = false\n  malicious_urls_capture                   = false\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_advanced_threat_settings** can be imported by using \u003cspan pulumi-lang-nodejs=\"`advancedThreatSettings`\" pulumi-lang-dotnet=\"`AdvancedThreatSettings`\" pulumi-lang-go=\"`advancedThreatSettings`\" pulumi-lang-python=\"`advanced_threat_settings`\" pulumi-lang-yaml=\"`advancedThreatSettings`\" pulumi-lang-java=\"`advancedThreatSettings`\"\u003e`advanced_threat_settings`\u003c/span\u003e as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/advancedThreatSettings:AdvancedThreatSettings this \"advanced_threat_settings\"\n```\n\n","properties":{"activexBlocked":{"type":"boolean","description":"A Boolean value specifying whether sites are allowed or blocked from accessing vulnerable ActiveX controls that are known to have been exploited."},"activexCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for ActiveX controls"},"adSpywareSitesBlocked":{"type":"boolean","description":"A Boolean value specifying whether to allow or block websites known to contain adware or spyware that displays malicious advertisements that can collect users' information without their knowledge"},"adSpywareSitesCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for adware and spyware sites"},"alertForUnknownSuspiciousC2Traffic":{"type":"boolean","description":"A Boolean value specifying whether to send alerts upon detecting unknown or suspicious C2 traffic"},"anonymizerBlocked":{"type":"boolean","description":"A Boolean value specifying whether to allow or block applications and methods used to obscure the destination and the content accessed by the user, therefore blocking traffic to anonymizing web proxies"},"anonymizerCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for anonymizers"},"bitTorrentBlocked":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for blocked countries"},"bitTorrentCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for BitTorrent"},"blockCountriesCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for blocked countries"},"blockedCountries":{"type":"array","items":{"type":"string"},"description":"Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries."},"browserExploitsBlocked":{"type":"boolean","description":"A Boolean value specifying whether known web browser vulnerabilities prone to exploitation are allowed or blocked."},"browserExploitsCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for browser exploits"},"cmdCtlServerBlocked":{"type":"boolean","description":"A Boolean value specifying whether connections to known Command \u0026 Control (C2) Servers are allowed or blocked"},"cmdCtlServerCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for connections to known C2 servers"},"cmdCtlTrafficBlocked":{"type":"boolean","description":"A Boolean value specifying whether botnets are allowed or blocked from sending or receiving commands to unknown servers"},"cmdCtlTrafficCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for botnets"},"cookieStealingBlocked":{"type":"boolean","description":"A Boolean value specifying whether to allow or block third-party websites that gather cookie information"},"cookieStealingPcapEnabled":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for cookie stealing"},"cryptoMiningBlocked":{"type":"boolean","description":"A Boolean value specifying whether to allow or block cryptocurrency mining network traffic and script"},"cryptoMiningCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for cryptomining"},"dgaDomainsBlocked":{"type":"boolean","description":"A Boolean value specifying whether to allow or block domains that are suspected to be generated using domain generation algorithms (DGA)"},"dgaDomainsCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for DGA domains"},"fileFormatVunerabilitesBlocked":{"type":"boolean","description":"A Boolean value specifying whether known file format vulnerabilities and suspicious or malicious content in Microsoft Office or PDF documents are allowed or blocked"},"fileFormatVunerabilitesCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for file format vulnerabilities"},"googleTalkBlocked":{"type":"boolean","description":"A Boolean value specifying whether to allow or block access to Google Hangouts, a popular P2P VoIP application."},"googleTalkCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for Google Hangouts"},"ircTunnellingBlocked":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for web spam"},"ircTunnellingCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for IRC tunnels"},"knownPhishingSitesBlocked":{"type":"boolean","description":"A Boolean value specifying whether known phishing sites are allowed or blocked"},"knownPhishingSitesCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for known phishing sites"},"maliciousUrlsCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for malicious URLs"},"malwareSitesBlocked":{"type":"boolean","description":"A Boolean value specifying whether known malicious sites and content are allowed or blocked"},"malwareSitesCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for malicious sites"},"potentialMaliciousRequestsBlocked":{"type":"boolean","description":"A Boolean value specifying whether to allow or block this type of cross-site scripting (XSS)"},"potentialMaliciousRequestsCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for (XSS) attacks"},"riskTolerance":{"type":"integer","description":"The Page Risk tolerance index set between 0 and 100 (100 being the highest risk)."},"riskToleranceCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for suspicious web pages"},"sshTunnellingBlocked":{"type":"boolean","description":"A Boolean value specifying whether to allow or block SSH traffic being tunneled over HTTP/Ss"},"sshTunnellingCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for SSH tunnels"},"suspectAdwareSpywareSitesBlocked":{"type":"boolean","description":"A Boolean value specifying whether to allow or block any detections of communication and callback traffic associated with spyware agents and data transmission"},"suspectAdwareSpywareSitesCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for suspected adware and spyware sites"},"suspectedPhishingSitesBlocked":{"type":"boolean","description":"A Boolean value specifying whether to allow or block suspected phishing sites identified through heuristic detection."},"suspectedPhishingSitesCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for suspected phishing sites"},"torBlocked":{"type":"boolean","description":"A Boolean value specifying whether to allow or block the usage of Tor, a popular P2P anonymizer protocol with support for encryption."},"torCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for Tor"},"webSpamBlocked":{"type":"boolean","description":"A Boolean value specifying whether to allow or block web pages that pretend to contain useful information, to get higher ranking in search engine results or drive traffic to phishing, adware, or spyware distribution sites."},"webSpamCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for web spam"}},"required":["blockedCountries"],"inputProperties":{"activexBlocked":{"type":"boolean","description":"A Boolean value specifying whether sites are allowed or blocked from accessing vulnerable ActiveX controls that are known to have been exploited."},"activexCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for ActiveX controls"},"adSpywareSitesBlocked":{"type":"boolean","description":"A Boolean value specifying whether to allow or block websites known to contain adware or spyware that displays malicious advertisements that can collect users' information without their knowledge"},"adSpywareSitesCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for adware and spyware sites"},"alertForUnknownSuspiciousC2Traffic":{"type":"boolean","description":"A Boolean value specifying whether to send alerts upon detecting unknown or suspicious C2 traffic"},"anonymizerBlocked":{"type":"boolean","description":"A Boolean value specifying whether to allow or block applications and methods used to obscure the destination and the content accessed by the user, therefore blocking traffic to anonymizing web proxies"},"anonymizerCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for anonymizers"},"bitTorrentBlocked":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for blocked countries"},"bitTorrentCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for BitTorrent"},"blockCountriesCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for blocked countries"},"blockedCountries":{"type":"array","items":{"type":"string"},"description":"Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries."},"browserExploitsBlocked":{"type":"boolean","description":"A Boolean value specifying whether known web browser vulnerabilities prone to exploitation are allowed or blocked."},"browserExploitsCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for browser exploits"},"cmdCtlServerBlocked":{"type":"boolean","description":"A Boolean value specifying whether connections to known Command \u0026 Control (C2) Servers are allowed or blocked"},"cmdCtlServerCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for connections to known C2 servers"},"cmdCtlTrafficBlocked":{"type":"boolean","description":"A Boolean value specifying whether botnets are allowed or blocked from sending or receiving commands to unknown servers"},"cmdCtlTrafficCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for botnets"},"cookieStealingBlocked":{"type":"boolean","description":"A Boolean value specifying whether to allow or block third-party websites that gather cookie information"},"cookieStealingPcapEnabled":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for cookie stealing"},"cryptoMiningBlocked":{"type":"boolean","description":"A Boolean value specifying whether to allow or block cryptocurrency mining network traffic and script"},"cryptoMiningCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for cryptomining"},"dgaDomainsBlocked":{"type":"boolean","description":"A Boolean value specifying whether to allow or block domains that are suspected to be generated using domain generation algorithms (DGA)"},"dgaDomainsCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for DGA domains"},"fileFormatVunerabilitesBlocked":{"type":"boolean","description":"A Boolean value specifying whether known file format vulnerabilities and suspicious or malicious content in Microsoft Office or PDF documents are allowed or blocked"},"fileFormatVunerabilitesCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for file format vulnerabilities"},"googleTalkBlocked":{"type":"boolean","description":"A Boolean value specifying whether to allow or block access to Google Hangouts, a popular P2P VoIP application."},"googleTalkCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for Google Hangouts"},"ircTunnellingBlocked":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for web spam"},"ircTunnellingCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for IRC tunnels"},"knownPhishingSitesBlocked":{"type":"boolean","description":"A Boolean value specifying whether known phishing sites are allowed or blocked"},"knownPhishingSitesCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for known phishing sites"},"maliciousUrlsCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for malicious URLs"},"malwareSitesBlocked":{"type":"boolean","description":"A Boolean value specifying whether known malicious sites and content are allowed or blocked"},"malwareSitesCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for malicious sites"},"potentialMaliciousRequestsBlocked":{"type":"boolean","description":"A Boolean value specifying whether to allow or block this type of cross-site scripting (XSS)"},"potentialMaliciousRequestsCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for (XSS) attacks"},"riskTolerance":{"type":"integer","description":"The Page Risk tolerance index set between 0 and 100 (100 being the highest risk)."},"riskToleranceCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for suspicious web pages"},"sshTunnellingBlocked":{"type":"boolean","description":"A Boolean value specifying whether to allow or block SSH traffic being tunneled over HTTP/Ss"},"sshTunnellingCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for SSH tunnels"},"suspectAdwareSpywareSitesBlocked":{"type":"boolean","description":"A Boolean value specifying whether to allow or block any detections of communication and callback traffic associated with spyware agents and data transmission"},"suspectAdwareSpywareSitesCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for suspected adware and spyware sites"},"suspectedPhishingSitesBlocked":{"type":"boolean","description":"A Boolean value specifying whether to allow or block suspected phishing sites identified through heuristic detection."},"suspectedPhishingSitesCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for suspected phishing sites"},"torBlocked":{"type":"boolean","description":"A Boolean value specifying whether to allow or block the usage of Tor, a popular P2P anonymizer protocol with support for encryption."},"torCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for Tor"},"webSpamBlocked":{"type":"boolean","description":"A Boolean value specifying whether to allow or block web pages that pretend to contain useful information, to get higher ranking in search engine results or drive traffic to phishing, adware, or spyware distribution sites."},"webSpamCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for web spam"}},"stateInputs":{"description":"Input properties used for looking up and filtering AdvancedThreatSettings resources.\n","properties":{"activexBlocked":{"type":"boolean","description":"A Boolean value specifying whether sites are allowed or blocked from accessing vulnerable ActiveX controls that are known to have been exploited."},"activexCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for ActiveX controls"},"adSpywareSitesBlocked":{"type":"boolean","description":"A Boolean value specifying whether to allow or block websites known to contain adware or spyware that displays malicious advertisements that can collect users' information without their knowledge"},"adSpywareSitesCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for adware and spyware sites"},"alertForUnknownSuspiciousC2Traffic":{"type":"boolean","description":"A Boolean value specifying whether to send alerts upon detecting unknown or suspicious C2 traffic"},"anonymizerBlocked":{"type":"boolean","description":"A Boolean value specifying whether to allow or block applications and methods used to obscure the destination and the content accessed by the user, therefore blocking traffic to anonymizing web proxies"},"anonymizerCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for anonymizers"},"bitTorrentBlocked":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for blocked countries"},"bitTorrentCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for BitTorrent"},"blockCountriesCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for blocked countries"},"blockedCountries":{"type":"array","items":{"type":"string"},"description":"Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries."},"browserExploitsBlocked":{"type":"boolean","description":"A Boolean value specifying whether known web browser vulnerabilities prone to exploitation are allowed or blocked."},"browserExploitsCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for browser exploits"},"cmdCtlServerBlocked":{"type":"boolean","description":"A Boolean value specifying whether connections to known Command \u0026 Control (C2) Servers are allowed or blocked"},"cmdCtlServerCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for connections to known C2 servers"},"cmdCtlTrafficBlocked":{"type":"boolean","description":"A Boolean value specifying whether botnets are allowed or blocked from sending or receiving commands to unknown servers"},"cmdCtlTrafficCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for botnets"},"cookieStealingBlocked":{"type":"boolean","description":"A Boolean value specifying whether to allow or block third-party websites that gather cookie information"},"cookieStealingPcapEnabled":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for cookie stealing"},"cryptoMiningBlocked":{"type":"boolean","description":"A Boolean value specifying whether to allow or block cryptocurrency mining network traffic and script"},"cryptoMiningCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for cryptomining"},"dgaDomainsBlocked":{"type":"boolean","description":"A Boolean value specifying whether to allow or block domains that are suspected to be generated using domain generation algorithms (DGA)"},"dgaDomainsCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for DGA domains"},"fileFormatVunerabilitesBlocked":{"type":"boolean","description":"A Boolean value specifying whether known file format vulnerabilities and suspicious or malicious content in Microsoft Office or PDF documents are allowed or blocked"},"fileFormatVunerabilitesCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for file format vulnerabilities"},"googleTalkBlocked":{"type":"boolean","description":"A Boolean value specifying whether to allow or block access to Google Hangouts, a popular P2P VoIP application."},"googleTalkCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for Google Hangouts"},"ircTunnellingBlocked":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for web spam"},"ircTunnellingCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for IRC tunnels"},"knownPhishingSitesBlocked":{"type":"boolean","description":"A Boolean value specifying whether known phishing sites are allowed or blocked"},"knownPhishingSitesCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for known phishing sites"},"maliciousUrlsCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for malicious URLs"},"malwareSitesBlocked":{"type":"boolean","description":"A Boolean value specifying whether known malicious sites and content are allowed or blocked"},"malwareSitesCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for malicious sites"},"potentialMaliciousRequestsBlocked":{"type":"boolean","description":"A Boolean value specifying whether to allow or block this type of cross-site scripting (XSS)"},"potentialMaliciousRequestsCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for (XSS) attacks"},"riskTolerance":{"type":"integer","description":"The Page Risk tolerance index set between 0 and 100 (100 being the highest risk)."},"riskToleranceCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for suspicious web pages"},"sshTunnellingBlocked":{"type":"boolean","description":"A Boolean value specifying whether to allow or block SSH traffic being tunneled over HTTP/Ss"},"sshTunnellingCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for SSH tunnels"},"suspectAdwareSpywareSitesBlocked":{"type":"boolean","description":"A Boolean value specifying whether to allow or block any detections of communication and callback traffic associated with spyware agents and data transmission"},"suspectAdwareSpywareSitesCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for suspected adware and spyware sites"},"suspectedPhishingSitesBlocked":{"type":"boolean","description":"A Boolean value specifying whether to allow or block suspected phishing sites identified through heuristic detection."},"suspectedPhishingSitesCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for suspected phishing sites"},"torBlocked":{"type":"boolean","description":"A Boolean value specifying whether to allow or block the usage of Tor, a popular P2P anonymizer protocol with support for encryption."},"torCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for Tor"},"webSpamBlocked":{"type":"boolean","description":"A Boolean value specifying whether to allow or block web pages that pretend to contain useful information, to get higher ranking in search engine results or drive traffic to phishing, adware, or spyware distribution sites."},"webSpamCapture":{"type":"boolean","description":"A Boolean value specifying whether packet capture (PCAP) is enabled or not for web spam"}},"type":"object"}},"zia:index/authSettingsURLs:AuthSettingsURLs":{"description":"* [Official documentation](https://help.zscaler.com/zia/url-format-guidelines)\n* [API documentation](https://help.zscaler.com/zia/user-authentication-settings#/authSettings/exemptedUrls-get)\n\nThe **zia_auth_settings_urls** resource alows you to add or remove a URL from the cookie authentication exempt list in the Zscaler Internet Access cloud or via the API. To learn more see [URL Format Guidelines](https://help.zscaler.com/zia/url-format-guidelines)\n\n## Example Usage\n\n```hcl\n# ZIA User Auth Settings Data Source\nresource \"zia_auth_settings_urls\" \"example\" {\n  urls = [\n    \".okta.com\",\n    \".oktacdn.com\",\n    \".mtls.oktapreview.com\",\n    \".mtls.okta.com\",\n    \"d3l44rcogcb7iv.cloudfront.net\",\n    \"pac.zdxcloud.net\",\n    \".windowsazure.com\",\n    \".fedoraproject.org\",\n    \"login.windows.net\",\n    \"d32a6ru7mhaq0c.cloudfront.net\",\n    \".kerberos.oktapreview.com\",\n    \".oktapreview.com\",\n    \"login.zdxcloud.net\",\n    \"login.microsoftonline.com\",\n    \"smres.zdxcloud.net\",\n    \".kerberos.okta.com\"\n  ]\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_auth_settings_urls** can be imported by using \u003cspan pulumi-lang-nodejs=\"`allUrls`\" pulumi-lang-dotnet=\"`AllUrls`\" pulumi-lang-go=\"`allUrls`\" pulumi-lang-python=\"`all_urls`\" pulumi-lang-yaml=\"`allUrls`\" pulumi-lang-java=\"`allUrls`\"\u003e`all_urls`\u003c/span\u003e as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/authSettingsURLs:AuthSettingsURLs example all_urls\n```\n\n","properties":{"urls":{"type":"array","items":{"type":"string"}}},"required":["urls"],"inputProperties":{"urls":{"type":"array","items":{"type":"string"}}},"stateInputs":{"description":"Input properties used for looking up and filtering AuthSettingsURLs resources.\n","properties":{"urls":{"type":"array","items":{"type":"string"}}},"type":"object"}},"zia:index/bandwidthControlClasses:BandwidthControlClasses":{"description":"* [Official documentation](https://help.zscaler.com/zia/adding-bandwidth-classes)\n* [API documentation](https://help.zscaler.com/zia/bandwidth-control-classes#/bandwidthClasses-post)\n\nUse the **zia_bandwidth_classes** resource allows the creation and management of ZIA Bandwidth Control classes in the Zscaler Internet Access cloud or via the API.\n\n## Example Usage\n\n### By Name\n\n```hcl\n\nresource \"zia_bandwidth_classes\" \"this\" {\n    name = \"Gen_AI_Classes\"\n    web_applications = [\n        \"ACADEMICGPT\",\n        \"AD_CREATIVES\",\n        \"AGENTGPT\",\n        \"AI_ART_GENERATOR\",\n        \"AI_CHAT_ROBOT\",\n        \"AI_COPYWRITING_TREASURE\",\n        \"AI_FOR_SEO\",\n        \"ONE_MIN_AI\"\n    ]\n    urls = [\"chatgpt.com\", \"chatgpt1.com\"]\n    url_categories = [\n        \"AI_ML_APPS\",\n        \"GENERAL_AI_ML\"\n    ]\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_bandwidth_classes** can be imported by using `\u003cCLASS_ID\u003e` or `\u003cCLASS_NAME\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/bandwidthControlClasses:BandwidthControlClasses this \u003cclass_id\u003e\n```\n\n```sh\n$ pulumi import zia:index/bandwidthControlClasses:BandwidthControlClasses this \u003c\"class_name\"\u003e\n```\n\n","properties":{"classId":{"type":"integer"},"name":{"type":"string","description":"Name of the bandwidth class"},"urlCategories":{"type":"array","items":{"type":"string"},"description":"(List of strings) The URL categories to add to the bandwidth class. Use the data source \u003cspan pulumi-lang-nodejs=\"`zia.URLCategories`\" pulumi-lang-dotnet=\"`zia.URLCategories`\" pulumi-lang-go=\"`URLCategories`\" pulumi-lang-python=\"`URLCategories`\" pulumi-lang-yaml=\"`zia.URLCategories`\" pulumi-lang-java=\"`zia.URLCategories`\"\u003e`zia.URLCategories`\u003c/span\u003e to retrieve the available categories or visit the [Help Portal](https://help.zscaler.com/zia/url-categories#/urlCategories-get)\n"},"urls":{"type":"array","items":{"type":"string"},"description":"(List of strings) The URLs included in the bandwidth class. You can include multiple entries.\n"},"webApplications":{"type":"array","items":{"type":"string"},"description":"(List of strings) The web conferencing applications included in the bandwidth class. Use the data source \u003cspan pulumi-lang-nodejs=\"`zia.getCloudApplications`\" pulumi-lang-dotnet=\"`zia.getCloudApplications`\" pulumi-lang-go=\"`getCloudApplications`\" pulumi-lang-python=\"`get_cloud_applications`\" pulumi-lang-yaml=\"`zia.getCloudApplications`\" pulumi-lang-java=\"`zia.getCloudApplications`\"\u003e`zia.getCloudApplications`\u003c/span\u003e to retrieve the available applications or visit the [Help Portal](https://help.zscaler.com/zia/cloud-applications#/cloudApplications/policy-get)\n"}},"required":["classId","name"],"inputProperties":{"name":{"type":"string","description":"Name of the bandwidth class"},"urlCategories":{"type":"array","items":{"type":"string"},"description":"(List of strings) The URL categories to add to the bandwidth class. Use the data source \u003cspan pulumi-lang-nodejs=\"`zia.URLCategories`\" pulumi-lang-dotnet=\"`zia.URLCategories`\" pulumi-lang-go=\"`URLCategories`\" pulumi-lang-python=\"`URLCategories`\" pulumi-lang-yaml=\"`zia.URLCategories`\" pulumi-lang-java=\"`zia.URLCategories`\"\u003e`zia.URLCategories`\u003c/span\u003e to retrieve the available categories or visit the [Help Portal](https://help.zscaler.com/zia/url-categories#/urlCategories-get)\n"},"urls":{"type":"array","items":{"type":"string"},"description":"(List of strings) The URLs included in the bandwidth class. You can include multiple entries.\n"},"webApplications":{"type":"array","items":{"type":"string"},"description":"(List of strings) The web conferencing applications included in the bandwidth class. Use the data source \u003cspan pulumi-lang-nodejs=\"`zia.getCloudApplications`\" pulumi-lang-dotnet=\"`zia.getCloudApplications`\" pulumi-lang-go=\"`getCloudApplications`\" pulumi-lang-python=\"`get_cloud_applications`\" pulumi-lang-yaml=\"`zia.getCloudApplications`\" pulumi-lang-java=\"`zia.getCloudApplications`\"\u003e`zia.getCloudApplications`\u003c/span\u003e to retrieve the available applications or visit the [Help Portal](https://help.zscaler.com/zia/cloud-applications#/cloudApplications/policy-get)\n"}},"stateInputs":{"description":"Input properties used for looking up and filtering BandwidthControlClasses resources.\n","properties":{"classId":{"type":"integer"},"name":{"type":"string","description":"Name of the bandwidth class"},"urlCategories":{"type":"array","items":{"type":"string"},"description":"(List of strings) The URL categories to add to the bandwidth class. Use the data source \u003cspan pulumi-lang-nodejs=\"`zia.URLCategories`\" pulumi-lang-dotnet=\"`zia.URLCategories`\" pulumi-lang-go=\"`URLCategories`\" pulumi-lang-python=\"`URLCategories`\" pulumi-lang-yaml=\"`zia.URLCategories`\" pulumi-lang-java=\"`zia.URLCategories`\"\u003e`zia.URLCategories`\u003c/span\u003e to retrieve the available categories or visit the [Help Portal](https://help.zscaler.com/zia/url-categories#/urlCategories-get)\n"},"urls":{"type":"array","items":{"type":"string"},"description":"(List of strings) The URLs included in the bandwidth class. You can include multiple entries.\n"},"webApplications":{"type":"array","items":{"type":"string"},"description":"(List of strings) The web conferencing applications included in the bandwidth class. Use the data source \u003cspan pulumi-lang-nodejs=\"`zia.getCloudApplications`\" pulumi-lang-dotnet=\"`zia.getCloudApplications`\" pulumi-lang-go=\"`getCloudApplications`\" pulumi-lang-python=\"`get_cloud_applications`\" pulumi-lang-yaml=\"`zia.getCloudApplications`\" pulumi-lang-java=\"`zia.getCloudApplications`\"\u003e`zia.getCloudApplications`\u003c/span\u003e to retrieve the available applications or visit the [Help Portal](https://help.zscaler.com/zia/cloud-applications#/cloudApplications/policy-get)\n"}},"type":"object"}},"zia:index/bandwidthControlClassesFileSize:BandwidthControlClassesFileSize":{"description":"* [Official documentation](https://help.zscaler.com/zia/adding-bandwidth-classes)\n* [API documentation](https://help.zscaler.com/zia/bandwidth-control-classes#/bandwidthClasses-post)\n\nUse the **zia_bandwidth_classes_file_size** resource allows the creation and management of ZIA file size bandwidth class in the Zscaler Internet Access cloud or via the API.\n\n## Example Usage\n\n### BANDWIDTH_CAT_LARGE_FILE\n\n```hcl\n\nresource \"zia_bandwidth_classes_file_size\" \"this1\" {\n    file_size = \"FILE_5MB\"\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_bandwidth_classes_file_size** can be imported by using `\u003cCLASS_ID\u003e` or `\u003cCLASS_NAME\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/bandwidthControlClassesFileSize:BandwidthControlClassesFileSize this \u003cclass_id\u003e\n```\n\n```sh\n$ pulumi import zia:index/bandwidthControlClassesFileSize:BandwidthControlClassesFileSize this \u003c\"class_name\"\u003e\n```\n\n","properties":{"classId":{"type":"integer","description":"System-generated identifier for the bandwidth class"},"fileSize":{"type":"string","description":"The file size for a bandwidth class"},"name":{"type":"string","description":"Name of the bandwidth class"},"type":{"type":"string","description":"The application type for which the bandwidth class is configured"}},"required":["classId","name"],"inputProperties":{"fileSize":{"type":"string","description":"The file size for a bandwidth class"},"name":{"type":"string","description":"Name of the bandwidth class"},"type":{"type":"string","description":"The application type for which the bandwidth class is configured"}},"stateInputs":{"description":"Input properties used for looking up and filtering BandwidthControlClassesFileSize resources.\n","properties":{"classId":{"type":"integer","description":"System-generated identifier for the bandwidth class"},"fileSize":{"type":"string","description":"The file size for a bandwidth class"},"name":{"type":"string","description":"Name of the bandwidth class"},"type":{"type":"string","description":"The application type for which the bandwidth class is configured"}},"type":"object"}},"zia:index/bandwidthControlClassesWebConferencing:BandwidthControlClassesWebConferencing":{"description":"* [Official documentation](https://help.zscaler.com/zia/adding-bandwidth-classes)\n* [API documentation](https://help.zscaler.com/zia/bandwidth-control-classes#/bandwidthClasses-post)\n\nUse the **zia_bandwidth_classes_web_conferencing** resource allows the creation and management of ZIA web conferencing bandwidth classes in the Zscaler Internet Access cloud or via the API.\n\n## Example Usage\n\n### BANDWIDTH_CAT_WEBCONF\n\n```hcl\n\nresource \"zia_bandwidth_classes_web_conferencing\" \"this\" {\n    name = \"BANDWIDTH_CAT_WEBCONF\"\n    type = \"BANDWIDTH_CAT_WEBCONF\"\n    applications = [\"WEBEX\", \"GOTOMEETING\", \"LIVEMEETING\", \"INTERCALL\", \"CONNECT\"]\n}\n```\n\n### BANDWIDTH_CAT_VOIP\n\n```hcl\n\nresource \"zia_bandwidth_classes_web_conferencing\" \"this\" {\n    name = \"BANDWIDTH_CAT_VOIP\"\n    type = \"BANDWIDTH_CAT_VOIP\"\n    applications = [\"SKYPE\"]\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_bandwidth_classes_web_conferencing** can be imported by using `\u003cCLASS_ID\u003e` or `\u003cCLASS_NAME\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/bandwidthControlClassesWebConferencing:BandwidthControlClassesWebConferencing this \u003cclass_id\u003e\n```\n\n```sh\n$ pulumi import zia:index/bandwidthControlClassesWebConferencing:BandwidthControlClassesWebConferencing this \u003c\"class_name\"\u003e\n```\n\n","properties":{"applications":{"type":"array","items":{"type":"string"},"description":"(List of strings) The applications included in the bandwidth class\n"},"classId":{"type":"integer"},"name":{"type":"string","description":"The bandwidth class name."},"type":{"type":"string","description":"(String) The application type for which the bandwidth class is configured. Supported values: `BANDWIDTH_CAT_WEBCONF` or `BANDWIDTH_CAT_VOIP`\n"}},"required":["classId","name"],"inputProperties":{"applications":{"type":"array","items":{"type":"string"},"description":"(List of strings) The applications included in the bandwidth class\n"},"name":{"type":"string","description":"The bandwidth class name."},"type":{"type":"string","description":"(String) The application type for which the bandwidth class is configured. Supported values: `BANDWIDTH_CAT_WEBCONF` or `BANDWIDTH_CAT_VOIP`\n"}},"stateInputs":{"description":"Input properties used for looking up and filtering BandwidthControlClassesWebConferencing resources.\n","properties":{"applications":{"type":"array","items":{"type":"string"},"description":"(List of strings) The applications included in the bandwidth class\n"},"classId":{"type":"integer"},"name":{"type":"string","description":"The bandwidth class name."},"type":{"type":"string","description":"(String) The application type for which the bandwidth class is configured. Supported values: `BANDWIDTH_CAT_WEBCONF` or `BANDWIDTH_CAT_VOIP`\n"}},"type":"object"}},"zia:index/bandwidthControlRule:BandwidthControlRule":{"description":"* [Official documentation](https://help.zscaler.com/zia/adding-rules-bandwidth-control-policy)\n* [API documentation](https://help.zscaler.com/zia/bandwidth-control-classes#/)\n\nUse the **zia_bandwidth_control_rule** resource allows the creation and management of ZIA Bandwidth Control Rules in the Zscaler Internet Access cloud or via the API.\n\n**NOTE**: Bandwidth control rule resource is only supported via Zscaler OneAPI.\n\n## Example Usage\n\n### By Name\n\n```hcl\ndata \"zia_bandwidth_classes_web_conferencing\" \"this\" {\n    name = \"BANDWIDTH_CAT_WEBCONF\"\n}\n\nresource \"zia_bandwidth_control_rule\" \"this\" {\n    name = \"Streaming Media Bandwidth\"\n    description = \"Streaming Media Bandwidth\"\n    state = \"ENABLED\"\n    order = 1\n    rank = 7\n    min_bandwidth = 5\n    max_bandwidth = 100\n    protocols = [\"ANY_RULE\"]\n    bandwidth_classes  {\n        id = [data.zia_bandwidth_classes_web_conferencing.this.id]\n    }\n    labels  {\n        id = [1503197]\n    }\n    location_groups {\n        id = [8061255]\n    }\n    time_windows {\n        id = [483]\n    }\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_bandwidth_control_rule** can be imported by using `\u003cRULE_ID\u003e` or `\u003cRULE_NAME\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/bandwidthControlRule:BandwidthControlRule this \u003crule_id\u003e\n```\n\n```sh\n$ pulumi import zia:index/bandwidthControlRule:BandwidthControlRule this \u003c\"rule_name\"\u003e\n```\n\n","properties":{"bandwidthClasses":{"$ref":"#/types/zia:index/BandwidthControlRuleBandwidthClasses:BandwidthControlRuleBandwidthClasses","description":"The bandwidth control rulees to which you want to apply this rule"},"description":{"type":"string","description":"(Optional) Additional information about the rule\n"},"labels":{"$ref":"#/types/zia:index/BandwidthControlRuleLabels:BandwidthControlRuleLabels","description":"Labels that are applicable to the rule"},"locationGroups":{"$ref":"#/types/zia:index/BandwidthControlRuleLocationGroups:BandwidthControlRuleLocationGroups","description":"Name-ID pairs of the location groups to which the rule must be applied."},"locations":{"$ref":"#/types/zia:index/BandwidthControlRuleLocations:BandwidthControlRuleLocations","description":"Name-ID pairs of locations for which rule must be applied"},"maxBandwidth":{"type":"integer","description":"(Optional) The maximum percentage of a location's bandwidth to be guaranteed for each selected bandwidth class. This percentage includes bandwidth for uploads and downloads.\n"},"minBandwidth":{"type":"integer","description":"(Optional) The minimum percentage of a location's bandwidth you want to be guaranteed for each selected bandwidth class. This percentage includes bandwidth for uploads and downloads.\n"},"name":{"type":"string","description":"The bandwidth control rule name"},"order":{"type":"integer","description":"The order of the bandwidth control rule"},"protocols":{"type":"array","items":{"type":"string"},"description":"(List of Object) Protocol criteria. Supported values: `WEBSOCKETSSL_RULE`, `WEBSOCKET_RULE`, `DOHTTPS_RULE`, `TUNNELSSL_RULE`, `HTTP_PROXY`, `FOHTTP_RULE`, `FTP_RULE`, `HTTPS_RULE`, `HTTP_RULE`, `SSL_RULE`, `SSL_RULE`, `TUNNEL_RULE`\n"},"rank":{"type":"integer","description":"(Optional) Admin rank of the Bandwidth Control policy rule\n"},"ruleId":{"type":"integer"},"state":{"type":"string","description":"(Optional) Administrative state of the rule.\n"},"timeWindows":{"$ref":"#/types/zia:index/BandwidthControlRuleTimeWindows:BandwidthControlRuleTimeWindows","description":"The Name-ID pairs of time windows to which the bandwidth control rule must be applied"}},"required":["name","order","protocols","ruleId"],"inputProperties":{"bandwidthClasses":{"$ref":"#/types/zia:index/BandwidthControlRuleBandwidthClasses:BandwidthControlRuleBandwidthClasses","description":"The bandwidth control rulees to which you want to apply this rule"},"description":{"type":"string","description":"(Optional) Additional information about the rule\n"},"labels":{"$ref":"#/types/zia:index/BandwidthControlRuleLabels:BandwidthControlRuleLabels","description":"Labels that are applicable to the rule"},"locationGroups":{"$ref":"#/types/zia:index/BandwidthControlRuleLocationGroups:BandwidthControlRuleLocationGroups","description":"Name-ID pairs of the location groups to which the rule must be applied."},"locations":{"$ref":"#/types/zia:index/BandwidthControlRuleLocations:BandwidthControlRuleLocations","description":"Name-ID pairs of locations for which rule must be applied"},"maxBandwidth":{"type":"integer","description":"(Optional) The maximum percentage of a location's bandwidth to be guaranteed for each selected bandwidth class. This percentage includes bandwidth for uploads and downloads.\n"},"minBandwidth":{"type":"integer","description":"(Optional) The minimum percentage of a location's bandwidth you want to be guaranteed for each selected bandwidth class. This percentage includes bandwidth for uploads and downloads.\n"},"name":{"type":"string","description":"The bandwidth control rule name"},"order":{"type":"integer","description":"The order of the bandwidth control rule"},"protocols":{"type":"array","items":{"type":"string"},"description":"(List of Object) Protocol criteria. Supported values: `WEBSOCKETSSL_RULE`, `WEBSOCKET_RULE`, `DOHTTPS_RULE`, `TUNNELSSL_RULE`, `HTTP_PROXY`, `FOHTTP_RULE`, `FTP_RULE`, `HTTPS_RULE`, `HTTP_RULE`, `SSL_RULE`, `SSL_RULE`, `TUNNEL_RULE`\n"},"rank":{"type":"integer","description":"(Optional) Admin rank of the Bandwidth Control policy rule\n"},"state":{"type":"string","description":"(Optional) Administrative state of the rule.\n"},"timeWindows":{"$ref":"#/types/zia:index/BandwidthControlRuleTimeWindows:BandwidthControlRuleTimeWindows","description":"The Name-ID pairs of time windows to which the bandwidth control rule must be applied"}},"requiredInputs":["order","protocols"],"stateInputs":{"description":"Input properties used for looking up and filtering BandwidthControlRule resources.\n","properties":{"bandwidthClasses":{"$ref":"#/types/zia:index/BandwidthControlRuleBandwidthClasses:BandwidthControlRuleBandwidthClasses","description":"The bandwidth control rulees to which you want to apply this rule"},"description":{"type":"string","description":"(Optional) Additional information about the rule\n"},"labels":{"$ref":"#/types/zia:index/BandwidthControlRuleLabels:BandwidthControlRuleLabels","description":"Labels that are applicable to the rule"},"locationGroups":{"$ref":"#/types/zia:index/BandwidthControlRuleLocationGroups:BandwidthControlRuleLocationGroups","description":"Name-ID pairs of the location groups to which the rule must be applied."},"locations":{"$ref":"#/types/zia:index/BandwidthControlRuleLocations:BandwidthControlRuleLocations","description":"Name-ID pairs of locations for which rule must be applied"},"maxBandwidth":{"type":"integer","description":"(Optional) The maximum percentage of a location's bandwidth to be guaranteed for each selected bandwidth class. This percentage includes bandwidth for uploads and downloads.\n"},"minBandwidth":{"type":"integer","description":"(Optional) The minimum percentage of a location's bandwidth you want to be guaranteed for each selected bandwidth class. This percentage includes bandwidth for uploads and downloads.\n"},"name":{"type":"string","description":"The bandwidth control rule name"},"order":{"type":"integer","description":"The order of the bandwidth control rule"},"protocols":{"type":"array","items":{"type":"string"},"description":"(List of Object) Protocol criteria. Supported values: `WEBSOCKETSSL_RULE`, `WEBSOCKET_RULE`, `DOHTTPS_RULE`, `TUNNELSSL_RULE`, `HTTP_PROXY`, `FOHTTP_RULE`, `FTP_RULE`, `HTTPS_RULE`, `HTTP_RULE`, `SSL_RULE`, `SSL_RULE`, `TUNNEL_RULE`\n"},"rank":{"type":"integer","description":"(Optional) Admin rank of the Bandwidth Control policy rule\n"},"ruleId":{"type":"integer"},"state":{"type":"string","description":"(Optional) Administrative state of the rule.\n"},"timeWindows":{"$ref":"#/types/zia:index/BandwidthControlRuleTimeWindows:BandwidthControlRuleTimeWindows","description":"The Name-ID pairs of time windows to which the bandwidth control rule must be applied"}},"type":"object"}},"zia:index/browserControlPolicy:BrowserControlPolicy":{"description":"* [Official documentation](https://help.zscaler.com/zia/configuring-browser-control-policy)\n* [API documentation](https://help.zscaler.com/zia/browser-control-policy#/browserControlSettings-get)\n\nThe **zia_browser_control_policy** resource allows you to update the malware protection policy configuration details. To learn more see [Configuring the Browser Control Policy](https://help.zscaler.com/zia/configuring-browser-control-policy)\n\n## Example Usage\n\n```hcl\nresource \"zia_browser_control_policy\" \"this\" {\n    plugin_check_frequency = \"DAILY\"\n    bypass_plugins = [\"ACROBAT\", \"FLASH\", \"SHOCKWAVE\"]\n    bypass_applications = [\"OUTLOOKEXP\", \"MSOFFICE\"]\n    blocked_internet_explorer_versions = [\"IE10\", \"MSE81\", \"MSE92\"]\n    blocked_chrome_versions = [\"CH143\", \"CH142\"]\n    blocked_firefox_versions = [\"MF145\", \"MF144\"]\n    blocked_safari_versions = [\"AS19\", \"AS18\"]\n    blocked_opera_versions = [\"O129X\", \"O130X\"]\n    bypass_all_browsers = true\n    allow_all_browsers = true\n    enable_warnings = true\n}\n```\n\n\n### Enable Smart Isolation\n\n```hcl\ndata \"zia_cloud_browser_isolation_profile\" \"this\" {\n    name = \"ZS_CBI_Profile1\"\n}\n\nresource \"zia_browser_control_policy\" \"this\" {\n    plugin_check_frequency = \"DAILY\"\n    bypass_plugins = [\"ACROBAT\", \"FLASH\", \"SHOCKWAVE\"]\n    bypass_applications = [\"OUTLOOKEXP\", \"MSOFFICE\"]\n    blocked_internet_explorer_versions = [\"IE10\", \"MSE81\", \"MSE92\"]\n    blocked_chrome_versions = [\"CH143\", \"CH142\"]\n    blocked_firefox_versions = [\"MF145\", \"MF144\"]\n    blocked_safari_versions = [\"AS19\", \"AS18\"]\n    blocked_opera_versions = [\"O129X\", \"O130X\"]\n    bypass_all_browsers = true\n    allow_all_browsers = true\n    enable_warnings = true\n    enable_smart_browser_isolation = true\n    smart_isolation_profile {\n      id = data.zia_cloud_browser_isolation_profile.this.id\n    }\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_browser_control_policy** can be imported by using \u003cspan pulumi-lang-nodejs=\"`browserSettings`\" pulumi-lang-dotnet=\"`BrowserSettings`\" pulumi-lang-go=\"`browserSettings`\" pulumi-lang-python=\"`browser_settings`\" pulumi-lang-yaml=\"`browserSettings`\" pulumi-lang-java=\"`browserSettings`\"\u003e`browser_settings`\u003c/span\u003e as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/browserControlPolicy:BrowserControlPolicy this \"browser_settings\"\n```\n\n","properties":{"allowAllBrowsers":{"type":"boolean","description":"A Boolean value that specifies whether or not to allow all the browsers and their respective versions access to the internet"},"blockedChromeVersions":{"type":"array","items":{"type":"string"},"description":"Versions of Google Chrome browser that need to be blocked. If not set, all Google Chrome versions are allowed."},"blockedFirefoxVersions":{"type":"array","items":{"type":"string"},"description":"Versions of Mozilla Firefox browser that need to be blocked. If not set, all Mozilla Firefox versions are allowed."},"blockedInternetExplorerVersions":{"type":"array","items":{"type":"string"},"description":"Versions of Microsoft browser that need to be blocked. If not set, all Microsoft browser versions are allowed."},"blockedOperaVersions":{"type":"array","items":{"type":"string"},"description":"Versions of Opera browser that need to be blocked. If not set, all Opera versions are allowed"},"blockedSafariVersions":{"type":"array","items":{"type":"string"},"description":"Versions of Apple Safari browser that need to be blocked. If not set, all Apple Safari versions are allowed"},"bypassAllBrowsers":{"type":"boolean","description":"If set to true, all the browsers are bypassed for warnings"},"bypassApplications":{"type":"array","items":{"type":"string"},"description":"List of applications that need to be bypassed for warnings. This attribute has effect only if the 'enableWarnings' attribute is set to true. If not set, all vulnerable applications are warned"},"bypassPlugins":{"type":"array","items":{"type":"string"},"description":"List of plugins that need to be bypassed for warnings. This attribute has effect only if the 'enableWarnings' attribute is set to true. If not set, all vulnerable plugins are warned"},"enableSmartBrowserIsolation":{"type":"boolean","description":"A Boolean value that specifies if Smart Browser Isolation is enabled"},"enableWarnings":{"type":"boolean","description":"A Boolean value that specifies if the warnings are enabled"},"pluginCheckFrequency":{"type":"string","description":"Specifies how frequently the service checks browsers and relevant applications to warn users regarding outdated or vulnerable browsers, plugins, and applications. If not set, the warnings are disabled"},"smartIsolationGroups":{"$ref":"#/types/zia:index/BrowserControlPolicySmartIsolationGroups:BrowserControlPolicySmartIsolationGroups","description":"Name-ID pairs of groups for which the rule is applied"},"smartIsolationProfiles":{"type":"array","items":{"$ref":"#/types/zia:index/BrowserControlPolicySmartIsolationProfile:BrowserControlPolicySmartIsolationProfile"},"description":"The isolation profile"},"smartIsolationUsers":{"$ref":"#/types/zia:index/BrowserControlPolicySmartIsolationUsers:BrowserControlPolicySmartIsolationUsers","description":"Name-ID pairs of users for which the rule is applied"}},"required":["allowAllBrowsers","blockedChromeVersions","blockedFirefoxVersions","blockedInternetExplorerVersions","blockedOperaVersions","blockedSafariVersions","bypassAllBrowsers","bypassApplications","bypassPlugins","enableSmartBrowserIsolation","enableWarnings","smartIsolationProfiles"],"inputProperties":{"allowAllBrowsers":{"type":"boolean","description":"A Boolean value that specifies whether or not to allow all the browsers and their respective versions access to the internet"},"blockedChromeVersions":{"type":"array","items":{"type":"string"},"description":"Versions of Google Chrome browser that need to be blocked. If not set, all Google Chrome versions are allowed."},"blockedFirefoxVersions":{"type":"array","items":{"type":"string"},"description":"Versions of Mozilla Firefox browser that need to be blocked. If not set, all Mozilla Firefox versions are allowed."},"blockedInternetExplorerVersions":{"type":"array","items":{"type":"string"},"description":"Versions of Microsoft browser that need to be blocked. If not set, all Microsoft browser versions are allowed."},"blockedOperaVersions":{"type":"array","items":{"type":"string"},"description":"Versions of Opera browser that need to be blocked. If not set, all Opera versions are allowed"},"blockedSafariVersions":{"type":"array","items":{"type":"string"},"description":"Versions of Apple Safari browser that need to be blocked. If not set, all Apple Safari versions are allowed"},"bypassAllBrowsers":{"type":"boolean","description":"If set to true, all the browsers are bypassed for warnings"},"bypassApplications":{"type":"array","items":{"type":"string"},"description":"List of applications that need to be bypassed for warnings. This attribute has effect only if the 'enableWarnings' attribute is set to true. If not set, all vulnerable applications are warned"},"bypassPlugins":{"type":"array","items":{"type":"string"},"description":"List of plugins that need to be bypassed for warnings. This attribute has effect only if the 'enableWarnings' attribute is set to true. If not set, all vulnerable plugins are warned"},"enableSmartBrowserIsolation":{"type":"boolean","description":"A Boolean value that specifies if Smart Browser Isolation is enabled"},"enableWarnings":{"type":"boolean","description":"A Boolean value that specifies if the warnings are enabled"},"pluginCheckFrequency":{"type":"string","description":"Specifies how frequently the service checks browsers and relevant applications to warn users regarding outdated or vulnerable browsers, plugins, and applications. If not set, the warnings are disabled"},"smartIsolationGroups":{"$ref":"#/types/zia:index/BrowserControlPolicySmartIsolationGroups:BrowserControlPolicySmartIsolationGroups","description":"Name-ID pairs of groups for which the rule is applied"},"smartIsolationProfiles":{"type":"array","items":{"$ref":"#/types/zia:index/BrowserControlPolicySmartIsolationProfile:BrowserControlPolicySmartIsolationProfile"},"description":"The isolation profile"},"smartIsolationUsers":{"$ref":"#/types/zia:index/BrowserControlPolicySmartIsolationUsers:BrowserControlPolicySmartIsolationUsers","description":"Name-ID pairs of users for which the rule is applied"}},"stateInputs":{"description":"Input properties used for looking up and filtering BrowserControlPolicy resources.\n","properties":{"allowAllBrowsers":{"type":"boolean","description":"A Boolean value that specifies whether or not to allow all the browsers and their respective versions access to the internet"},"blockedChromeVersions":{"type":"array","items":{"type":"string"},"description":"Versions of Google Chrome browser that need to be blocked. If not set, all Google Chrome versions are allowed."},"blockedFirefoxVersions":{"type":"array","items":{"type":"string"},"description":"Versions of Mozilla Firefox browser that need to be blocked. If not set, all Mozilla Firefox versions are allowed."},"blockedInternetExplorerVersions":{"type":"array","items":{"type":"string"},"description":"Versions of Microsoft browser that need to be blocked. If not set, all Microsoft browser versions are allowed."},"blockedOperaVersions":{"type":"array","items":{"type":"string"},"description":"Versions of Opera browser that need to be blocked. If not set, all Opera versions are allowed"},"blockedSafariVersions":{"type":"array","items":{"type":"string"},"description":"Versions of Apple Safari browser that need to be blocked. If not set, all Apple Safari versions are allowed"},"bypassAllBrowsers":{"type":"boolean","description":"If set to true, all the browsers are bypassed for warnings"},"bypassApplications":{"type":"array","items":{"type":"string"},"description":"List of applications that need to be bypassed for warnings. This attribute has effect only if the 'enableWarnings' attribute is set to true. If not set, all vulnerable applications are warned"},"bypassPlugins":{"type":"array","items":{"type":"string"},"description":"List of plugins that need to be bypassed for warnings. This attribute has effect only if the 'enableWarnings' attribute is set to true. If not set, all vulnerable plugins are warned"},"enableSmartBrowserIsolation":{"type":"boolean","description":"A Boolean value that specifies if Smart Browser Isolation is enabled"},"enableWarnings":{"type":"boolean","description":"A Boolean value that specifies if the warnings are enabled"},"pluginCheckFrequency":{"type":"string","description":"Specifies how frequently the service checks browsers and relevant applications to warn users regarding outdated or vulnerable browsers, plugins, and applications. If not set, the warnings are disabled"},"smartIsolationGroups":{"$ref":"#/types/zia:index/BrowserControlPolicySmartIsolationGroups:BrowserControlPolicySmartIsolationGroups","description":"Name-ID pairs of groups for which the rule is applied"},"smartIsolationProfiles":{"type":"array","items":{"$ref":"#/types/zia:index/BrowserControlPolicySmartIsolationProfile:BrowserControlPolicySmartIsolationProfile"},"description":"The isolation profile"},"smartIsolationUsers":{"$ref":"#/types/zia:index/BrowserControlPolicySmartIsolationUsers:BrowserControlPolicySmartIsolationUsers","description":"Name-ID pairs of users for which the rule is applied"}},"type":"object"},"deprecationMessage":"zia.index/browsercontrolpolicy.BrowserControlPolicy has been deprecated in favor of zia.index/browsercontrolsettings.BrowserControlSettings"},"zia:index/browserControlSettings:BrowserControlSettings":{"description":"* [Official documentation](https://help.zscaler.com/zia/configuring-browser-control-policy)\n* [API documentation](https://help.zscaler.com/zia/browser-control-policy#/browserControlSettings-get)\n\nThe **zia_browser_control_policy** resource allows you to update the malware protection policy configuration details. To learn more see [Configuring the Browser Control Policy](https://help.zscaler.com/zia/configuring-browser-control-policy)\n\n## Example Usage\n\n```hcl\nresource \"zia_browser_control_policy\" \"this\" {\n    plugin_check_frequency = \"DAILY\"\n    bypass_plugins = [\"ACROBAT\", \"FLASH\", \"SHOCKWAVE\"]\n    bypass_applications = [\"OUTLOOKEXP\", \"MSOFFICE\"]\n    blocked_internet_explorer_versions = [\"IE10\", \"MSE81\", \"MSE92\"]\n    blocked_chrome_versions = [\"CH143\", \"CH142\"]\n    blocked_firefox_versions = [\"MF145\", \"MF144\"]\n    blocked_safari_versions = [\"AS19\", \"AS18\"]\n    blocked_opera_versions = [\"O129X\", \"O130X\"]\n    bypass_all_browsers = true\n    allow_all_browsers = true\n    enable_warnings = true\n}\n```\n\n\n### Enable Smart Isolation\n\n```hcl\ndata \"zia_cloud_browser_isolation_profile\" \"this\" {\n    name = \"ZS_CBI_Profile1\"\n}\n\nresource \"zia_browser_control_policy\" \"this\" {\n    plugin_check_frequency = \"DAILY\"\n    bypass_plugins = [\"ACROBAT\", \"FLASH\", \"SHOCKWAVE\"]\n    bypass_applications = [\"OUTLOOKEXP\", \"MSOFFICE\"]\n    blocked_internet_explorer_versions = [\"IE10\", \"MSE81\", \"MSE92\"]\n    blocked_chrome_versions = [\"CH143\", \"CH142\"]\n    blocked_firefox_versions = [\"MF145\", \"MF144\"]\n    blocked_safari_versions = [\"AS19\", \"AS18\"]\n    blocked_opera_versions = [\"O129X\", \"O130X\"]\n    bypass_all_browsers = true\n    allow_all_browsers = true\n    enable_warnings = true\n    enable_smart_browser_isolation = true\n    smart_isolation_profile {\n      id = data.zia_cloud_browser_isolation_profile.this.id\n    }\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_browser_control_policy** can be imported by using \u003cspan pulumi-lang-nodejs=\"`browserSettings`\" pulumi-lang-dotnet=\"`BrowserSettings`\" pulumi-lang-go=\"`browserSettings`\" pulumi-lang-python=\"`browser_settings`\" pulumi-lang-yaml=\"`browserSettings`\" pulumi-lang-java=\"`browserSettings`\"\u003e`browser_settings`\u003c/span\u003e as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/browserControlSettings:BrowserControlSettings this \"browser_settings\"\n```\n\n","properties":{"allowAllBrowsers":{"type":"boolean","description":"A Boolean value that specifies whether or not to allow all the browsers and their respective versions access to the internet"},"blockedChromeVersions":{"type":"array","items":{"type":"string"},"description":"Versions of Google Chrome browser that need to be blocked. If not set, all Google Chrome versions are allowed."},"blockedFirefoxVersions":{"type":"array","items":{"type":"string"},"description":"Versions of Mozilla Firefox browser that need to be blocked. If not set, all Mozilla Firefox versions are allowed."},"blockedInternetExplorerVersions":{"type":"array","items":{"type":"string"},"description":"Versions of Microsoft browser that need to be blocked. If not set, all Microsoft browser versions are allowed."},"blockedOperaVersions":{"type":"array","items":{"type":"string"},"description":"Versions of Opera browser that need to be blocked. If not set, all Opera versions are allowed"},"blockedSafariVersions":{"type":"array","items":{"type":"string"},"description":"Versions of Apple Safari browser that need to be blocked. If not set, all Apple Safari versions are allowed"},"bypassAllBrowsers":{"type":"boolean","description":"If set to true, all the browsers are bypassed for warnings"},"bypassApplications":{"type":"array","items":{"type":"string"},"description":"List of applications that need to be bypassed for warnings. This attribute has effect only if the 'enableWarnings' attribute is set to true. If not set, all vulnerable applications are warned"},"bypassPlugins":{"type":"array","items":{"type":"string"},"description":"List of plugins that need to be bypassed for warnings. This attribute has effect only if the 'enableWarnings' attribute is set to true. If not set, all vulnerable plugins are warned"},"enableSmartBrowserIsolation":{"type":"boolean","description":"A Boolean value that specifies if Smart Browser Isolation is enabled"},"enableWarnings":{"type":"boolean","description":"A Boolean value that specifies if the warnings are enabled"},"pluginCheckFrequency":{"type":"string","description":"Specifies how frequently the service checks browsers and relevant applications to warn users regarding outdated or vulnerable browsers, plugins, and applications. If not set, the warnings are disabled"},"smartIsolationGroups":{"$ref":"#/types/zia:index/BrowserControlSettingsSmartIsolationGroups:BrowserControlSettingsSmartIsolationGroups","description":"Name-ID pairs of groups for which the rule is applied"},"smartIsolationProfiles":{"type":"array","items":{"$ref":"#/types/zia:index/BrowserControlSettingsSmartIsolationProfile:BrowserControlSettingsSmartIsolationProfile"},"description":"The isolation profile"},"smartIsolationUsers":{"$ref":"#/types/zia:index/BrowserControlSettingsSmartIsolationUsers:BrowserControlSettingsSmartIsolationUsers","description":"Name-ID pairs of users for which the rule is applied"}},"required":["allowAllBrowsers","blockedChromeVersions","blockedFirefoxVersions","blockedInternetExplorerVersions","blockedOperaVersions","blockedSafariVersions","bypassAllBrowsers","bypassApplications","bypassPlugins","enableSmartBrowserIsolation","enableWarnings","smartIsolationProfiles"],"inputProperties":{"allowAllBrowsers":{"type":"boolean","description":"A Boolean value that specifies whether or not to allow all the browsers and their respective versions access to the internet"},"blockedChromeVersions":{"type":"array","items":{"type":"string"},"description":"Versions of Google Chrome browser that need to be blocked. If not set, all Google Chrome versions are allowed."},"blockedFirefoxVersions":{"type":"array","items":{"type":"string"},"description":"Versions of Mozilla Firefox browser that need to be blocked. If not set, all Mozilla Firefox versions are allowed."},"blockedInternetExplorerVersions":{"type":"array","items":{"type":"string"},"description":"Versions of Microsoft browser that need to be blocked. If not set, all Microsoft browser versions are allowed."},"blockedOperaVersions":{"type":"array","items":{"type":"string"},"description":"Versions of Opera browser that need to be blocked. If not set, all Opera versions are allowed"},"blockedSafariVersions":{"type":"array","items":{"type":"string"},"description":"Versions of Apple Safari browser that need to be blocked. If not set, all Apple Safari versions are allowed"},"bypassAllBrowsers":{"type":"boolean","description":"If set to true, all the browsers are bypassed for warnings"},"bypassApplications":{"type":"array","items":{"type":"string"},"description":"List of applications that need to be bypassed for warnings. This attribute has effect only if the 'enableWarnings' attribute is set to true. If not set, all vulnerable applications are warned"},"bypassPlugins":{"type":"array","items":{"type":"string"},"description":"List of plugins that need to be bypassed for warnings. This attribute has effect only if the 'enableWarnings' attribute is set to true. If not set, all vulnerable plugins are warned"},"enableSmartBrowserIsolation":{"type":"boolean","description":"A Boolean value that specifies if Smart Browser Isolation is enabled"},"enableWarnings":{"type":"boolean","description":"A Boolean value that specifies if the warnings are enabled"},"pluginCheckFrequency":{"type":"string","description":"Specifies how frequently the service checks browsers and relevant applications to warn users regarding outdated or vulnerable browsers, plugins, and applications. If not set, the warnings are disabled"},"smartIsolationGroups":{"$ref":"#/types/zia:index/BrowserControlSettingsSmartIsolationGroups:BrowserControlSettingsSmartIsolationGroups","description":"Name-ID pairs of groups for which the rule is applied"},"smartIsolationProfiles":{"type":"array","items":{"$ref":"#/types/zia:index/BrowserControlSettingsSmartIsolationProfile:BrowserControlSettingsSmartIsolationProfile"},"description":"The isolation profile"},"smartIsolationUsers":{"$ref":"#/types/zia:index/BrowserControlSettingsSmartIsolationUsers:BrowserControlSettingsSmartIsolationUsers","description":"Name-ID pairs of users for which the rule is applied"}},"stateInputs":{"description":"Input properties used for looking up and filtering BrowserControlSettings resources.\n","properties":{"allowAllBrowsers":{"type":"boolean","description":"A Boolean value that specifies whether or not to allow all the browsers and their respective versions access to the internet"},"blockedChromeVersions":{"type":"array","items":{"type":"string"},"description":"Versions of Google Chrome browser that need to be blocked. If not set, all Google Chrome versions are allowed."},"blockedFirefoxVersions":{"type":"array","items":{"type":"string"},"description":"Versions of Mozilla Firefox browser that need to be blocked. If not set, all Mozilla Firefox versions are allowed."},"blockedInternetExplorerVersions":{"type":"array","items":{"type":"string"},"description":"Versions of Microsoft browser that need to be blocked. If not set, all Microsoft browser versions are allowed."},"blockedOperaVersions":{"type":"array","items":{"type":"string"},"description":"Versions of Opera browser that need to be blocked. If not set, all Opera versions are allowed"},"blockedSafariVersions":{"type":"array","items":{"type":"string"},"description":"Versions of Apple Safari browser that need to be blocked. If not set, all Apple Safari versions are allowed"},"bypassAllBrowsers":{"type":"boolean","description":"If set to true, all the browsers are bypassed for warnings"},"bypassApplications":{"type":"array","items":{"type":"string"},"description":"List of applications that need to be bypassed for warnings. This attribute has effect only if the 'enableWarnings' attribute is set to true. If not set, all vulnerable applications are warned"},"bypassPlugins":{"type":"array","items":{"type":"string"},"description":"List of plugins that need to be bypassed for warnings. This attribute has effect only if the 'enableWarnings' attribute is set to true. If not set, all vulnerable plugins are warned"},"enableSmartBrowserIsolation":{"type":"boolean","description":"A Boolean value that specifies if Smart Browser Isolation is enabled"},"enableWarnings":{"type":"boolean","description":"A Boolean value that specifies if the warnings are enabled"},"pluginCheckFrequency":{"type":"string","description":"Specifies how frequently the service checks browsers and relevant applications to warn users regarding outdated or vulnerable browsers, plugins, and applications. If not set, the warnings are disabled"},"smartIsolationGroups":{"$ref":"#/types/zia:index/BrowserControlSettingsSmartIsolationGroups:BrowserControlSettingsSmartIsolationGroups","description":"Name-ID pairs of groups for which the rule is applied"},"smartIsolationProfiles":{"type":"array","items":{"$ref":"#/types/zia:index/BrowserControlSettingsSmartIsolationProfile:BrowserControlSettingsSmartIsolationProfile"},"description":"The isolation profile"},"smartIsolationUsers":{"$ref":"#/types/zia:index/BrowserControlSettingsSmartIsolationUsers:BrowserControlSettingsSmartIsolationUsers","description":"Name-ID pairs of users for which the rule is applied"}},"type":"object"},"aliases":[{"type":"zia:index/browserControlPolicy:BrowserControlPolicy"}]},"zia:index/casbDlpRule:CasbDlpRule":{"description":"* [Official documentation](https://help.zscaler.com/zia/configuring-data-rest-scanning-dlp-policy)\n* [API documentation](https://help.zscaler.com/zia/saas-security-api#/casbDlpRules-post)\n\nThe **zia_casb_dlp_rules** resource Adds a new SaaS Security Data at Rest Scanning DLP rule in the Zscaler Internet Access.\n\n## Example Usage\n\n```hcl\ndata \"zia_casb_tenant\" \"this\" {\n  tenant_name = \"Jira_Tenant01\"\n}\n\ndata \"zia_dlp_incident_receiver_servers\" \"this\" {\n  name = \"ZS_Incident_Receiver\"\n}\n\ndata \"zia_rule_labels\" \"this\" {\n    name = \"RuleLabel01\n}\n\ndata \"zia_dlp_engines\" \"this\" {\n    name = \"PCI\"\n}\n\ndata \"zia_admin_users\" \"this\" {\n    username = auditor01\n}\n\nresource \"zia_casb_dlp_rules\" \"this\" {\n  name = \"SaaS_ITSM_App_Rule\"\n  description = \"SaaS_ITSM_App_Rule\"\n  order = 1\n  rank = 7\n  type = \"OFLCASB_DLP_ITSM\"\n  action = \"OFLCASB_DLP_REPORT_INCIDENT\"\n  severity = \"RULE_SEVERITY_HIGH\"\n  without_content_inspection = false\n  external_auditor_email = \"jdoe@acme.com\"\n  file_types = [\n        \"FTCATEGORY_APPX\",\n        \"FTCATEGORY_SQL\",\n  ]\n  collaboration_scope = [\n        \"ANY\",\n  ]\n  components = [\n        \"COMPONENT_ITSM_OBJECTS\",\n        \"COMPONENT_ITSM_ATTACHMENTS\",\n  ]\n cloud_app_tenants {\n    id = [data.zia_casb_tenant.this.tenant_id]\n  }\n dlp_engines {\n    id = [data.zia_dlp_engines.this.id]\n  }\n  object_types {\n    id = [32, 33, 34]\n  }\n labels {\n    id = [data.zia_rule_labels.this.id]\n  }\n  zscaler_incident_receiver {\n    id = data.zia_dlp_incident_receiver_servers.this.id\n  }\n  auditor_notification {\n    id = data.zia_admin_users.this.id\n  }\n}\n```\n\n### Configure Cloud To Cloud Forwarding\n\n```hcl\ndata \"zia_casb_tenant\" \"this\" {\n  tenant_name = \"Jira_Tenant01\"\n}\n\ndata \"zia_dlp_incident_receiver_servers\" \"this\" {\n  name = \"ZS_Incident_Receiver\"\n}\n\ndata \"zia_rule_labels\" \"this\" {\n    name = \"RuleLabel01\n}\n\ndata \"zia_dlp_engines\" \"this\" {\n    name = \"PCI\"\n}\n\ndata \"zia_admin_users\" \"this\" {\n    username = auditor01\n}\n\n# Retrieve Cloud-to-Cloud Incident Receiver (C2CIR) information\ndata \"zia_dlp_cloud_to_cloud_ir\" \"this\" {\n  name = \"AzureTenant01\"\n}\n\n# Output the retrieved C2CIR information for reference\noutput \"zia_dlp_cloud_to_cloud_ir\" {\n  value = data.zia_dlp_cloud_to_cloud_ir.this\n}\n\nresource \"zia_casb_dlp_rules\" \"this\" {\n  name = \"SaaS_ITSM_App_Rule\"\n  description = \"SaaS_ITSM_App_Rule\"\n  order = 1\n  rank = 7\n  type = \"OFLCASB_DLP_ITSM\"\n  action = \"OFLCASB_DLP_REPORT_INCIDENT\"\n  severity = \"RULE_SEVERITY_HIGH\"\n  without_content_inspection = false\n  external_auditor_email = \"jdoe@acme.com\"\n  file_types = [\n        \"FTCATEGORY_APPX\",\n        \"FTCATEGORY_SQL\",\n  ]\n  collaboration_scope = [\n        \"ANY\",\n  ]\n  components = [\n        \"COMPONENT_ITSM_OBJECTS\",\n        \"COMPONENT_ITSM_ATTACHMENTS\",\n  ]\n cloud_app_tenants {\n    id = [data.zia_casb_tenant.this.tenant_id]\n  }\n dlp_engines {\n    id = [data.zia_dlp_engines.this.id]\n  }\n  object_types {\n    id = [32, 33, 34]\n  }\n labels {\n    id = [data.zia_rule_labels.this.id]\n  }\n  zscaler_incident_receiver {\n    id = data.zia_dlp_incident_receiver_servers.this.id\n  }\n  auditor_notification {\n    id = data.zia_admin_users.this.id\n  }\n\n  # Configure receiver using values from the C2CIR data source\n  receiver {\n    id   = tostring(data.zia_dlp_cloud_to_cloud_ir.this.onboardable_entity[0].tenant_authorization_info[0].smir_bucket_config[0].id)\n    name = data.zia_dlp_cloud_to_cloud_ir.this.onboardable_entity[0].tenant_authorization_info[0].smir_bucket_config[0].config_name\n    type = data.zia_dlp_cloud_to_cloud_ir.this.onboardable_entity[0].type\n    tenant {\n      id   = tostring(data.zia_dlp_cloud_to_cloud_ir.this.id)\n      name = data.zia_dlp_cloud_to_cloud_ir.this.name\n    }\n  }\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_casb_dlp_rules** can be imported by using `\u003cRULE_TYPE:RULE_ID\u003e` or `\u003cRULE_TYPE:RULE_NAME\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/casbDlpRule:CasbDlpRule this \u003crule_type:rule_id\u003e\n```\n\n```sh\n$ pulumi import zia:index/casbDlpRule:CasbDlpRule this \u003c\"rule_type:rule_name\"\u003e\n```\n\n","properties":{"action":{"type":"string","description":"The configured action for the policy rule"},"auditorNotifications":{"type":"array","items":{"$ref":"#/types/zia:index/CasbDlpRuleAuditorNotification:CasbDlpRuleAuditorNotification"},"description":"Notification template used for DLP email alerts sent to the auditor"},"bucketOwner":{"type":"string","description":"A user who inspect their buckets for sensitive data. When you choose a user, their buckets are available in the Buckets field"},"buckets":{"$ref":"#/types/zia:index/CasbDlpRuleBuckets:CasbDlpRuleBuckets","description":"The buckets for the Zscaler service to inspect for sensitive data"},"casbEmailLabels":{"type":"array","items":{"$ref":"#/types/zia:index/CasbDlpRuleCasbEmailLabel:CasbDlpRuleCasbEmailLabel"},"description":"Name-ID of the email label associated with the rule"},"casbTombstoneTemplates":{"type":"array","items":{"$ref":"#/types/zia:index/CasbDlpRuleCasbTombstoneTemplate:CasbDlpRuleCasbTombstoneTemplate"},"description":"Name-ID of the quarantine tombstone template associated with the rule"},"cloudAppTenants":{"$ref":"#/types/zia:index/CasbDlpRuleCloudAppTenants:CasbDlpRuleCloudAppTenants","description":"Name-ID pairs of the cloud application tenants for which the rule is applied"},"collaborationScopes":{"type":"array","items":{"type":"string"},"description":"Collaboration scope for the rule"},"components":{"type":"array","items":{"type":"string"},"description":"List of components for which the rule is applied. Zscaler service inspects these components for sensitive data."},"contentLocation":{"type":"string","description":"The location for the content that the Zscaler service inspects for sensitive data"},"criteriaDomainProfiles":{"$ref":"#/types/zia:index/CasbDlpRuleCriteriaDomainProfiles:CasbDlpRuleCriteriaDomainProfiles","description":"Name-ID pairs of domain profiles that are mandatory in the criteria for the rule"},"departments":{"$ref":"#/types/zia:index/CasbDlpRuleDepartments:CasbDlpRuleDepartments","description":"Name-ID pairs of departments for which rule must be applied"},"description":{"type":"string","description":"An admin editable text-based description of the rule"},"dlpEngines":{"$ref":"#/types/zia:index/CasbDlpRuleDlpEngines:CasbDlpRuleDlpEngines","description":"The list of DLP engines to which the DLP policy rule must be applied"},"domains":{"type":"array","items":{"type":"string"},"description":"The domain for the external organization sharing the channel"},"emailRecipientProfiles":{"$ref":"#/types/zia:index/CasbDlpRuleEmailRecipientProfiles:CasbDlpRuleEmailRecipientProfiles","description":"Name-ID pairs of recipient profiles for which the rule is applied"},"entityGroups":{"$ref":"#/types/zia:index/CasbDlpRuleEntityGroups:CasbDlpRuleEntityGroups","description":"Name-ID pairs of entity groups that are part of the rule criteria"},"excludedDomainProfiles":{"$ref":"#/types/zia:index/CasbDlpRuleExcludedDomainProfiles:CasbDlpRuleExcludedDomainProfiles","description":"Name-ID pairs of domain profiles excluded in the criteria for the rule"},"externalAuditorEmail":{"type":"string","description":"Email address of the external auditor to whom the DLP email alerts are sent"},"fileTypes":{"type":"array","items":{"type":"string"},"description":"File type categories for which the policy is applied. If not set, the rule is applied across all file types."},"groups":{"$ref":"#/types/zia:index/CasbDlpRuleGroups:CasbDlpRuleGroups","description":"Name-ID pairs of groups for which the rule is applied"},"includeCriteriaDomainProfile":{"type":"boolean","description":"If true, criteriaDomainProfiles is included as part of the criteria, else they are excluded from the criteria."},"includeEmailRecipientProfile":{"type":"boolean","description":"If true, emailRecipientProfiles is included as part of the criteria, else they are excluded from the criteria."},"includeEntityGroups":{"type":"boolean","description":"If true, entityGroups is included as part of the criteria, else are excluded from the criteria"},"includedDomainProfiles":{"$ref":"#/types/zia:index/CasbDlpRuleIncludedDomainProfiles:CasbDlpRuleIncludedDomainProfiles","description":"Name-ID pairs of domain profiles included in the criteria for the rule"},"labels":{"$ref":"#/types/zia:index/CasbDlpRuleLabels:CasbDlpRuleLabels","description":"Name-ID pairs of rule labels associated with the rule"},"name":{"type":"string","description":"Rule name"},"objectTypes":{"$ref":"#/types/zia:index/CasbDlpRuleObjectTypes:CasbDlpRuleObjectTypes","description":"List of object types for which the rule is applied"},"order":{"type":"integer","description":"Order of rule execution with respect to other SaaS Security Data at Rest Scanning DLP rules"},"quarantineLocation":{"type":"string","description":"Location where all the quarantined files are moved and necessary actions are taken by either deleting or restoring the data"},"rank":{"type":"integer","description":"Admin rank that is assigned to this rule. Mandatory when admin rank-based access restriction is enabled"},"receiver":{"$ref":"#/types/zia:index/CasbDlpRuleReceiver:CasbDlpRuleReceiver","description":"The receiver information for the DLP policy rule"},"recipient":{"type":"string","description":"Specifies if the email recipient is internal or external"},"redactionProfiles":{"type":"array","items":{"$ref":"#/types/zia:index/CasbDlpRuleRedactionProfile:CasbDlpRuleRedactionProfile"},"description":"Name-ID of the redaction profile in the criteria"},"ruleId":{"type":"integer","description":"System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule"},"severity":{"type":"string","description":"The severity level of the incidents that match the policy rule"},"state":{"type":"string","description":"Administrative state of the rule"},"tags":{"type":"array","items":{"$ref":"#/types/zia:index/CasbDlpRuleTag:CasbDlpRuleTag"},"description":"Tag applied to the rule"},"type":{"type":"string","description":"The type of SaaS Security Data at Rest Scanning DLP rule"},"users":{"$ref":"#/types/zia:index/CasbDlpRuleUsers:CasbDlpRuleUsers","description":"Name-ID pairs of users for which rule must be applied"},"watermarkDeleteOldVersion":{"type":"boolean","description":"Specifies whether to delete an old version of the watermarked file"},"watermarkProfiles":{"type":"array","items":{"$ref":"#/types/zia:index/CasbDlpRuleWatermarkProfile:CasbDlpRuleWatermarkProfile"},"description":"Watermark profile applied to the rule"},"withoutContentInspection":{"type":"boolean","description":"If true, Content Matching is set to None"},"zscalerIncidentReceivers":{"type":"array","items":{"$ref":"#/types/zia:index/CasbDlpRuleZscalerIncidentReceiver:CasbDlpRuleZscalerIncidentReceiver"},"description":"The Zscaler Incident Receiver details"}},"required":["includeEntityGroups","name","order","ruleId"],"inputProperties":{"action":{"type":"string","description":"The configured action for the policy rule"},"auditorNotifications":{"type":"array","items":{"$ref":"#/types/zia:index/CasbDlpRuleAuditorNotification:CasbDlpRuleAuditorNotification"},"description":"Notification template used for DLP email alerts sent to the auditor"},"bucketOwner":{"type":"string","description":"A user who inspect their buckets for sensitive data. When you choose a user, their buckets are available in the Buckets field"},"buckets":{"$ref":"#/types/zia:index/CasbDlpRuleBuckets:CasbDlpRuleBuckets","description":"The buckets for the Zscaler service to inspect for sensitive data"},"casbEmailLabels":{"type":"array","items":{"$ref":"#/types/zia:index/CasbDlpRuleCasbEmailLabel:CasbDlpRuleCasbEmailLabel"},"description":"Name-ID of the email label associated with the rule"},"casbTombstoneTemplates":{"type":"array","items":{"$ref":"#/types/zia:index/CasbDlpRuleCasbTombstoneTemplate:CasbDlpRuleCasbTombstoneTemplate"},"description":"Name-ID of the quarantine tombstone template associated with the rule"},"cloudAppTenants":{"$ref":"#/types/zia:index/CasbDlpRuleCloudAppTenants:CasbDlpRuleCloudAppTenants","description":"Name-ID pairs of the cloud application tenants for which the rule is applied"},"collaborationScopes":{"type":"array","items":{"type":"string"},"description":"Collaboration scope for the rule"},"components":{"type":"array","items":{"type":"string"},"description":"List of components for which the rule is applied. Zscaler service inspects these components for sensitive data."},"contentLocation":{"type":"string","description":"The location for the content that the Zscaler service inspects for sensitive data"},"criteriaDomainProfiles":{"$ref":"#/types/zia:index/CasbDlpRuleCriteriaDomainProfiles:CasbDlpRuleCriteriaDomainProfiles","description":"Name-ID pairs of domain profiles that are mandatory in the criteria for the rule"},"departments":{"$ref":"#/types/zia:index/CasbDlpRuleDepartments:CasbDlpRuleDepartments","description":"Name-ID pairs of departments for which rule must be applied"},"description":{"type":"string","description":"An admin editable text-based description of the rule"},"dlpEngines":{"$ref":"#/types/zia:index/CasbDlpRuleDlpEngines:CasbDlpRuleDlpEngines","description":"The list of DLP engines to which the DLP policy rule must be applied"},"domains":{"type":"array","items":{"type":"string"},"description":"The domain for the external organization sharing the channel"},"emailRecipientProfiles":{"$ref":"#/types/zia:index/CasbDlpRuleEmailRecipientProfiles:CasbDlpRuleEmailRecipientProfiles","description":"Name-ID pairs of recipient profiles for which the rule is applied"},"entityGroups":{"$ref":"#/types/zia:index/CasbDlpRuleEntityGroups:CasbDlpRuleEntityGroups","description":"Name-ID pairs of entity groups that are part of the rule criteria"},"excludedDomainProfiles":{"$ref":"#/types/zia:index/CasbDlpRuleExcludedDomainProfiles:CasbDlpRuleExcludedDomainProfiles","description":"Name-ID pairs of domain profiles excluded in the criteria for the rule"},"externalAuditorEmail":{"type":"string","description":"Email address of the external auditor to whom the DLP email alerts are sent"},"fileTypes":{"type":"array","items":{"type":"string"},"description":"File type categories for which the policy is applied. If not set, the rule is applied across all file types."},"groups":{"$ref":"#/types/zia:index/CasbDlpRuleGroups:CasbDlpRuleGroups","description":"Name-ID pairs of groups for which the rule is applied"},"includeCriteriaDomainProfile":{"type":"boolean","description":"If true, criteriaDomainProfiles is included as part of the criteria, else they are excluded from the criteria."},"includeEmailRecipientProfile":{"type":"boolean","description":"If true, emailRecipientProfiles is included as part of the criteria, else they are excluded from the criteria."},"includeEntityGroups":{"type":"boolean","description":"If true, entityGroups is included as part of the criteria, else are excluded from the criteria"},"includedDomainProfiles":{"$ref":"#/types/zia:index/CasbDlpRuleIncludedDomainProfiles:CasbDlpRuleIncludedDomainProfiles","description":"Name-ID pairs of domain profiles included in the criteria for the rule"},"labels":{"$ref":"#/types/zia:index/CasbDlpRuleLabels:CasbDlpRuleLabels","description":"Name-ID pairs of rule labels associated with the rule"},"name":{"type":"string","description":"Rule name"},"objectTypes":{"$ref":"#/types/zia:index/CasbDlpRuleObjectTypes:CasbDlpRuleObjectTypes","description":"List of object types for which the rule is applied"},"order":{"type":"integer","description":"Order of rule execution with respect to other SaaS Security Data at Rest Scanning DLP rules"},"quarantineLocation":{"type":"string","description":"Location where all the quarantined files are moved and necessary actions are taken by either deleting or restoring the data"},"rank":{"type":"integer","description":"Admin rank that is assigned to this rule. Mandatory when admin rank-based access restriction is enabled"},"receiver":{"$ref":"#/types/zia:index/CasbDlpRuleReceiver:CasbDlpRuleReceiver","description":"The receiver information for the DLP policy rule"},"recipient":{"type":"string","description":"Specifies if the email recipient is internal or external"},"redactionProfiles":{"type":"array","items":{"$ref":"#/types/zia:index/CasbDlpRuleRedactionProfile:CasbDlpRuleRedactionProfile"},"description":"Name-ID of the redaction profile in the criteria"},"severity":{"type":"string","description":"The severity level of the incidents that match the policy rule"},"state":{"type":"string","description":"Administrative state of the rule"},"tags":{"type":"array","items":{"$ref":"#/types/zia:index/CasbDlpRuleTag:CasbDlpRuleTag"},"description":"Tag applied to the rule"},"type":{"type":"string","description":"The type of SaaS Security Data at Rest Scanning DLP rule"},"users":{"$ref":"#/types/zia:index/CasbDlpRuleUsers:CasbDlpRuleUsers","description":"Name-ID pairs of users for which rule must be applied"},"watermarkDeleteOldVersion":{"type":"boolean","description":"Specifies whether to delete an old version of the watermarked file"},"watermarkProfiles":{"type":"array","items":{"$ref":"#/types/zia:index/CasbDlpRuleWatermarkProfile:CasbDlpRuleWatermarkProfile"},"description":"Watermark profile applied to the rule"},"withoutContentInspection":{"type":"boolean","description":"If true, Content Matching is set to None"},"zscalerIncidentReceivers":{"type":"array","items":{"$ref":"#/types/zia:index/CasbDlpRuleZscalerIncidentReceiver:CasbDlpRuleZscalerIncidentReceiver"},"description":"The Zscaler Incident Receiver details"}},"requiredInputs":["order"],"stateInputs":{"description":"Input properties used for looking up and filtering CasbDlpRule resources.\n","properties":{"action":{"type":"string","description":"The configured action for the policy rule"},"auditorNotifications":{"type":"array","items":{"$ref":"#/types/zia:index/CasbDlpRuleAuditorNotification:CasbDlpRuleAuditorNotification"},"description":"Notification template used for DLP email alerts sent to the auditor"},"bucketOwner":{"type":"string","description":"A user who inspect their buckets for sensitive data. When you choose a user, their buckets are available in the Buckets field"},"buckets":{"$ref":"#/types/zia:index/CasbDlpRuleBuckets:CasbDlpRuleBuckets","description":"The buckets for the Zscaler service to inspect for sensitive data"},"casbEmailLabels":{"type":"array","items":{"$ref":"#/types/zia:index/CasbDlpRuleCasbEmailLabel:CasbDlpRuleCasbEmailLabel"},"description":"Name-ID of the email label associated with the rule"},"casbTombstoneTemplates":{"type":"array","items":{"$ref":"#/types/zia:index/CasbDlpRuleCasbTombstoneTemplate:CasbDlpRuleCasbTombstoneTemplate"},"description":"Name-ID of the quarantine tombstone template associated with the rule"},"cloudAppTenants":{"$ref":"#/types/zia:index/CasbDlpRuleCloudAppTenants:CasbDlpRuleCloudAppTenants","description":"Name-ID pairs of the cloud application tenants for which the rule is applied"},"collaborationScopes":{"type":"array","items":{"type":"string"},"description":"Collaboration scope for the rule"},"components":{"type":"array","items":{"type":"string"},"description":"List of components for which the rule is applied. Zscaler service inspects these components for sensitive data."},"contentLocation":{"type":"string","description":"The location for the content that the Zscaler service inspects for sensitive data"},"criteriaDomainProfiles":{"$ref":"#/types/zia:index/CasbDlpRuleCriteriaDomainProfiles:CasbDlpRuleCriteriaDomainProfiles","description":"Name-ID pairs of domain profiles that are mandatory in the criteria for the rule"},"departments":{"$ref":"#/types/zia:index/CasbDlpRuleDepartments:CasbDlpRuleDepartments","description":"Name-ID pairs of departments for which rule must be applied"},"description":{"type":"string","description":"An admin editable text-based description of the rule"},"dlpEngines":{"$ref":"#/types/zia:index/CasbDlpRuleDlpEngines:CasbDlpRuleDlpEngines","description":"The list of DLP engines to which the DLP policy rule must be applied"},"domains":{"type":"array","items":{"type":"string"},"description":"The domain for the external organization sharing the channel"},"emailRecipientProfiles":{"$ref":"#/types/zia:index/CasbDlpRuleEmailRecipientProfiles:CasbDlpRuleEmailRecipientProfiles","description":"Name-ID pairs of recipient profiles for which the rule is applied"},"entityGroups":{"$ref":"#/types/zia:index/CasbDlpRuleEntityGroups:CasbDlpRuleEntityGroups","description":"Name-ID pairs of entity groups that are part of the rule criteria"},"excludedDomainProfiles":{"$ref":"#/types/zia:index/CasbDlpRuleExcludedDomainProfiles:CasbDlpRuleExcludedDomainProfiles","description":"Name-ID pairs of domain profiles excluded in the criteria for the rule"},"externalAuditorEmail":{"type":"string","description":"Email address of the external auditor to whom the DLP email alerts are sent"},"fileTypes":{"type":"array","items":{"type":"string"},"description":"File type categories for which the policy is applied. If not set, the rule is applied across all file types."},"groups":{"$ref":"#/types/zia:index/CasbDlpRuleGroups:CasbDlpRuleGroups","description":"Name-ID pairs of groups for which the rule is applied"},"includeCriteriaDomainProfile":{"type":"boolean","description":"If true, criteriaDomainProfiles is included as part of the criteria, else they are excluded from the criteria."},"includeEmailRecipientProfile":{"type":"boolean","description":"If true, emailRecipientProfiles is included as part of the criteria, else they are excluded from the criteria."},"includeEntityGroups":{"type":"boolean","description":"If true, entityGroups is included as part of the criteria, else are excluded from the criteria"},"includedDomainProfiles":{"$ref":"#/types/zia:index/CasbDlpRuleIncludedDomainProfiles:CasbDlpRuleIncludedDomainProfiles","description":"Name-ID pairs of domain profiles included in the criteria for the rule"},"labels":{"$ref":"#/types/zia:index/CasbDlpRuleLabels:CasbDlpRuleLabels","description":"Name-ID pairs of rule labels associated with the rule"},"name":{"type":"string","description":"Rule name"},"objectTypes":{"$ref":"#/types/zia:index/CasbDlpRuleObjectTypes:CasbDlpRuleObjectTypes","description":"List of object types for which the rule is applied"},"order":{"type":"integer","description":"Order of rule execution with respect to other SaaS Security Data at Rest Scanning DLP rules"},"quarantineLocation":{"type":"string","description":"Location where all the quarantined files are moved and necessary actions are taken by either deleting or restoring the data"},"rank":{"type":"integer","description":"Admin rank that is assigned to this rule. Mandatory when admin rank-based access restriction is enabled"},"receiver":{"$ref":"#/types/zia:index/CasbDlpRuleReceiver:CasbDlpRuleReceiver","description":"The receiver information for the DLP policy rule"},"recipient":{"type":"string","description":"Specifies if the email recipient is internal or external"},"redactionProfiles":{"type":"array","items":{"$ref":"#/types/zia:index/CasbDlpRuleRedactionProfile:CasbDlpRuleRedactionProfile"},"description":"Name-ID of the redaction profile in the criteria"},"ruleId":{"type":"integer","description":"System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule"},"severity":{"type":"string","description":"The severity level of the incidents that match the policy rule"},"state":{"type":"string","description":"Administrative state of the rule"},"tags":{"type":"array","items":{"$ref":"#/types/zia:index/CasbDlpRuleTag:CasbDlpRuleTag"},"description":"Tag applied to the rule"},"type":{"type":"string","description":"The type of SaaS Security Data at Rest Scanning DLP rule"},"users":{"$ref":"#/types/zia:index/CasbDlpRuleUsers:CasbDlpRuleUsers","description":"Name-ID pairs of users for which rule must be applied"},"watermarkDeleteOldVersion":{"type":"boolean","description":"Specifies whether to delete an old version of the watermarked file"},"watermarkProfiles":{"type":"array","items":{"$ref":"#/types/zia:index/CasbDlpRuleWatermarkProfile:CasbDlpRuleWatermarkProfile"},"description":"Watermark profile applied to the rule"},"withoutContentInspection":{"type":"boolean","description":"If true, Content Matching is set to None"},"zscalerIncidentReceivers":{"type":"array","items":{"$ref":"#/types/zia:index/CasbDlpRuleZscalerIncidentReceiver:CasbDlpRuleZscalerIncidentReceiver"},"description":"The Zscaler Incident Receiver details"}},"type":"object"},"aliases":[{"type":"zia:index/casbDlpRules:CasbDlpRules"}]},"zia:index/casbDlpRules:CasbDlpRules":{"description":"* [Official documentation](https://help.zscaler.com/zia/configuring-data-rest-scanning-dlp-policy)\n* [API documentation](https://help.zscaler.com/zia/saas-security-api#/casbDlpRules-post)\n\nThe **zia_casb_dlp_rules** resource Adds a new SaaS Security Data at Rest Scanning DLP rule in the Zscaler Internet Access.\n\n## Example Usage\n\n```hcl\ndata \"zia_casb_tenant\" \"this\" {\n  tenant_name = \"Jira_Tenant01\"\n}\n\ndata \"zia_dlp_incident_receiver_servers\" \"this\" {\n  name = \"ZS_Incident_Receiver\"\n}\n\ndata \"zia_rule_labels\" \"this\" {\n    name = \"RuleLabel01\n}\n\ndata \"zia_dlp_engines\" \"this\" {\n    name = \"PCI\"\n}\n\ndata \"zia_admin_users\" \"this\" {\n    username = auditor01\n}\n\nresource \"zia_casb_dlp_rules\" \"this\" {\n  name = \"SaaS_ITSM_App_Rule\"\n  description = \"SaaS_ITSM_App_Rule\"\n  order = 1\n  rank = 7\n  type = \"OFLCASB_DLP_ITSM\"\n  action = \"OFLCASB_DLP_REPORT_INCIDENT\"\n  severity = \"RULE_SEVERITY_HIGH\"\n  without_content_inspection = false\n  external_auditor_email = \"jdoe@acme.com\"\n  file_types = [\n        \"FTCATEGORY_APPX\",\n        \"FTCATEGORY_SQL\",\n  ]\n  collaboration_scope = [\n        \"ANY\",\n  ]\n  components = [\n        \"COMPONENT_ITSM_OBJECTS\",\n        \"COMPONENT_ITSM_ATTACHMENTS\",\n  ]\n cloud_app_tenants {\n    id = [data.zia_casb_tenant.this.tenant_id]\n  }\n dlp_engines {\n    id = [data.zia_dlp_engines.this.id]\n  }\n  object_types {\n    id = [32, 33, 34]\n  }\n labels {\n    id = [data.zia_rule_labels.this.id]\n  }\n  zscaler_incident_receiver {\n    id = data.zia_dlp_incident_receiver_servers.this.id\n  }\n  auditor_notification {\n    id = data.zia_admin_users.this.id\n  }\n}\n```\n\n### Configure Cloud To Cloud Forwarding\n\n```hcl\ndata \"zia_casb_tenant\" \"this\" {\n  tenant_name = \"Jira_Tenant01\"\n}\n\ndata \"zia_dlp_incident_receiver_servers\" \"this\" {\n  name = \"ZS_Incident_Receiver\"\n}\n\ndata \"zia_rule_labels\" \"this\" {\n    name = \"RuleLabel01\n}\n\ndata \"zia_dlp_engines\" \"this\" {\n    name = \"PCI\"\n}\n\ndata \"zia_admin_users\" \"this\" {\n    username = auditor01\n}\n\n# Retrieve Cloud-to-Cloud Incident Receiver (C2CIR) information\ndata \"zia_dlp_cloud_to_cloud_ir\" \"this\" {\n  name = \"AzureTenant01\"\n}\n\n# Output the retrieved C2CIR information for reference\noutput \"zia_dlp_cloud_to_cloud_ir\" {\n  value = data.zia_dlp_cloud_to_cloud_ir.this\n}\n\nresource \"zia_casb_dlp_rules\" \"this\" {\n  name = \"SaaS_ITSM_App_Rule\"\n  description = \"SaaS_ITSM_App_Rule\"\n  order = 1\n  rank = 7\n  type = \"OFLCASB_DLP_ITSM\"\n  action = \"OFLCASB_DLP_REPORT_INCIDENT\"\n  severity = \"RULE_SEVERITY_HIGH\"\n  without_content_inspection = false\n  external_auditor_email = \"jdoe@acme.com\"\n  file_types = [\n        \"FTCATEGORY_APPX\",\n        \"FTCATEGORY_SQL\",\n  ]\n  collaboration_scope = [\n        \"ANY\",\n  ]\n  components = [\n        \"COMPONENT_ITSM_OBJECTS\",\n        \"COMPONENT_ITSM_ATTACHMENTS\",\n  ]\n cloud_app_tenants {\n    id = [data.zia_casb_tenant.this.tenant_id]\n  }\n dlp_engines {\n    id = [data.zia_dlp_engines.this.id]\n  }\n  object_types {\n    id = [32, 33, 34]\n  }\n labels {\n    id = [data.zia_rule_labels.this.id]\n  }\n  zscaler_incident_receiver {\n    id = data.zia_dlp_incident_receiver_servers.this.id\n  }\n  auditor_notification {\n    id = data.zia_admin_users.this.id\n  }\n\n  # Configure receiver using values from the C2CIR data source\n  receiver {\n    id   = tostring(data.zia_dlp_cloud_to_cloud_ir.this.onboardable_entity[0].tenant_authorization_info[0].smir_bucket_config[0].id)\n    name = data.zia_dlp_cloud_to_cloud_ir.this.onboardable_entity[0].tenant_authorization_info[0].smir_bucket_config[0].config_name\n    type = data.zia_dlp_cloud_to_cloud_ir.this.onboardable_entity[0].type\n    tenant {\n      id   = tostring(data.zia_dlp_cloud_to_cloud_ir.this.id)\n      name = data.zia_dlp_cloud_to_cloud_ir.this.name\n    }\n  }\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_casb_dlp_rules** can be imported by using `\u003cRULE_TYPE:RULE_ID\u003e` or `\u003cRULE_TYPE:RULE_NAME\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/casbDlpRules:CasbDlpRules this \u003crule_type:rule_id\u003e\n```\n\n```sh\n$ pulumi import zia:index/casbDlpRules:CasbDlpRules this \u003c\"rule_type:rule_name\"\u003e\n```\n\n","properties":{"action":{"type":"string","description":"The configured action for the policy rule"},"auditorNotifications":{"type":"array","items":{"$ref":"#/types/zia:index/CasbDlpRulesAuditorNotification:CasbDlpRulesAuditorNotification"},"description":"Notification template used for DLP email alerts sent to the auditor"},"bucketOwner":{"type":"string","description":"A user who inspect their buckets for sensitive data. When you choose a user, their buckets are available in the Buckets field"},"buckets":{"$ref":"#/types/zia:index/CasbDlpRulesBuckets:CasbDlpRulesBuckets","description":"The buckets for the Zscaler service to inspect for sensitive data"},"casbEmailLabels":{"type":"array","items":{"$ref":"#/types/zia:index/CasbDlpRulesCasbEmailLabel:CasbDlpRulesCasbEmailLabel"},"description":"Name-ID of the email label associated with the rule"},"casbTombstoneTemplates":{"type":"array","items":{"$ref":"#/types/zia:index/CasbDlpRulesCasbTombstoneTemplate:CasbDlpRulesCasbTombstoneTemplate"},"description":"Name-ID of the quarantine tombstone template associated with the rule"},"cloudAppTenants":{"$ref":"#/types/zia:index/CasbDlpRulesCloudAppTenants:CasbDlpRulesCloudAppTenants","description":"Name-ID pairs of the cloud application tenants for which the rule is applied"},"collaborationScopes":{"type":"array","items":{"type":"string"},"description":"Collaboration scope for the rule"},"components":{"type":"array","items":{"type":"string"},"description":"List of components for which the rule is applied. Zscaler service inspects these components for sensitive data."},"contentLocation":{"type":"string","description":"The location for the content that the Zscaler service inspects for sensitive data"},"criteriaDomainProfiles":{"$ref":"#/types/zia:index/CasbDlpRulesCriteriaDomainProfiles:CasbDlpRulesCriteriaDomainProfiles","description":"Name-ID pairs of domain profiles that are mandatory in the criteria for the rule"},"departments":{"$ref":"#/types/zia:index/CasbDlpRulesDepartments:CasbDlpRulesDepartments","description":"Name-ID pairs of departments for which rule must be applied"},"description":{"type":"string","description":"An admin editable text-based description of the rule"},"dlpEngines":{"$ref":"#/types/zia:index/CasbDlpRulesDlpEngines:CasbDlpRulesDlpEngines","description":"The list of DLP engines to which the DLP policy rule must be applied"},"domains":{"type":"array","items":{"type":"string"},"description":"The domain for the external organization sharing the channel"},"emailRecipientProfiles":{"$ref":"#/types/zia:index/CasbDlpRulesEmailRecipientProfiles:CasbDlpRulesEmailRecipientProfiles","description":"Name-ID pairs of recipient profiles for which the rule is applied"},"entityGroups":{"$ref":"#/types/zia:index/CasbDlpRulesEntityGroups:CasbDlpRulesEntityGroups","description":"Name-ID pairs of entity groups that are part of the rule criteria"},"excludedDomainProfiles":{"$ref":"#/types/zia:index/CasbDlpRulesExcludedDomainProfiles:CasbDlpRulesExcludedDomainProfiles","description":"Name-ID pairs of domain profiles excluded in the criteria for the rule"},"externalAuditorEmail":{"type":"string","description":"Email address of the external auditor to whom the DLP email alerts are sent"},"fileTypes":{"type":"array","items":{"type":"string"},"description":"File type categories for which the policy is applied. If not set, the rule is applied across all file types."},"groups":{"$ref":"#/types/zia:index/CasbDlpRulesGroups:CasbDlpRulesGroups","description":"Name-ID pairs of groups for which the rule is applied"},"includeCriteriaDomainProfile":{"type":"boolean","description":"If true, criteriaDomainProfiles is included as part of the criteria, else they are excluded from the criteria."},"includeEmailRecipientProfile":{"type":"boolean","description":"If true, emailRecipientProfiles is included as part of the criteria, else they are excluded from the criteria."},"includeEntityGroups":{"type":"boolean","description":"If true, entityGroups is included as part of the criteria, else are excluded from the criteria"},"includedDomainProfiles":{"$ref":"#/types/zia:index/CasbDlpRulesIncludedDomainProfiles:CasbDlpRulesIncludedDomainProfiles","description":"Name-ID pairs of domain profiles included in the criteria for the rule"},"labels":{"$ref":"#/types/zia:index/CasbDlpRulesLabels:CasbDlpRulesLabels","description":"Name-ID pairs of rule labels associated with the rule"},"name":{"type":"string","description":"Rule name"},"objectTypes":{"$ref":"#/types/zia:index/CasbDlpRulesObjectTypes:CasbDlpRulesObjectTypes","description":"List of object types for which the rule is applied"},"order":{"type":"integer","description":"Order of rule execution with respect to other SaaS Security Data at Rest Scanning DLP rules"},"quarantineLocation":{"type":"string","description":"Location where all the quarantined files are moved and necessary actions are taken by either deleting or restoring the data"},"rank":{"type":"integer","description":"Admin rank that is assigned to this rule. Mandatory when admin rank-based access restriction is enabled"},"receiver":{"$ref":"#/types/zia:index/CasbDlpRulesReceiver:CasbDlpRulesReceiver","description":"The receiver information for the DLP policy rule"},"recipient":{"type":"string","description":"Specifies if the email recipient is internal or external"},"redactionProfiles":{"type":"array","items":{"$ref":"#/types/zia:index/CasbDlpRulesRedactionProfile:CasbDlpRulesRedactionProfile"},"description":"Name-ID of the redaction profile in the criteria"},"ruleId":{"type":"integer","description":"System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule"},"severity":{"type":"string","description":"The severity level of the incidents that match the policy rule"},"state":{"type":"string","description":"Administrative state of the rule"},"tags":{"type":"array","items":{"$ref":"#/types/zia:index/CasbDlpRulesTag:CasbDlpRulesTag"},"description":"Tag applied to the rule"},"type":{"type":"string","description":"The type of SaaS Security Data at Rest Scanning DLP rule"},"users":{"$ref":"#/types/zia:index/CasbDlpRulesUsers:CasbDlpRulesUsers","description":"Name-ID pairs of users for which rule must be applied"},"watermarkDeleteOldVersion":{"type":"boolean","description":"Specifies whether to delete an old version of the watermarked file"},"watermarkProfiles":{"type":"array","items":{"$ref":"#/types/zia:index/CasbDlpRulesWatermarkProfile:CasbDlpRulesWatermarkProfile"},"description":"Watermark profile applied to the rule"},"withoutContentInspection":{"type":"boolean","description":"If true, Content Matching is set to None"},"zscalerIncidentReceivers":{"type":"array","items":{"$ref":"#/types/zia:index/CasbDlpRulesZscalerIncidentReceiver:CasbDlpRulesZscalerIncidentReceiver"},"description":"The Zscaler Incident Receiver details"}},"required":["includeEntityGroups","name","order","ruleId"],"inputProperties":{"action":{"type":"string","description":"The configured action for the policy rule"},"auditorNotifications":{"type":"array","items":{"$ref":"#/types/zia:index/CasbDlpRulesAuditorNotification:CasbDlpRulesAuditorNotification"},"description":"Notification template used for DLP email alerts sent to the auditor"},"bucketOwner":{"type":"string","description":"A user who inspect their buckets for sensitive data. When you choose a user, their buckets are available in the Buckets field"},"buckets":{"$ref":"#/types/zia:index/CasbDlpRulesBuckets:CasbDlpRulesBuckets","description":"The buckets for the Zscaler service to inspect for sensitive data"},"casbEmailLabels":{"type":"array","items":{"$ref":"#/types/zia:index/CasbDlpRulesCasbEmailLabel:CasbDlpRulesCasbEmailLabel"},"description":"Name-ID of the email label associated with the rule"},"casbTombstoneTemplates":{"type":"array","items":{"$ref":"#/types/zia:index/CasbDlpRulesCasbTombstoneTemplate:CasbDlpRulesCasbTombstoneTemplate"},"description":"Name-ID of the quarantine tombstone template associated with the rule"},"cloudAppTenants":{"$ref":"#/types/zia:index/CasbDlpRulesCloudAppTenants:CasbDlpRulesCloudAppTenants","description":"Name-ID pairs of the cloud application tenants for which the rule is applied"},"collaborationScopes":{"type":"array","items":{"type":"string"},"description":"Collaboration scope for the rule"},"components":{"type":"array","items":{"type":"string"},"description":"List of components for which the rule is applied. Zscaler service inspects these components for sensitive data."},"contentLocation":{"type":"string","description":"The location for the content that the Zscaler service inspects for sensitive data"},"criteriaDomainProfiles":{"$ref":"#/types/zia:index/CasbDlpRulesCriteriaDomainProfiles:CasbDlpRulesCriteriaDomainProfiles","description":"Name-ID pairs of domain profiles that are mandatory in the criteria for the rule"},"departments":{"$ref":"#/types/zia:index/CasbDlpRulesDepartments:CasbDlpRulesDepartments","description":"Name-ID pairs of departments for which rule must be applied"},"description":{"type":"string","description":"An admin editable text-based description of the rule"},"dlpEngines":{"$ref":"#/types/zia:index/CasbDlpRulesDlpEngines:CasbDlpRulesDlpEngines","description":"The list of DLP engines to which the DLP policy rule must be applied"},"domains":{"type":"array","items":{"type":"string"},"description":"The domain for the external organization sharing the channel"},"emailRecipientProfiles":{"$ref":"#/types/zia:index/CasbDlpRulesEmailRecipientProfiles:CasbDlpRulesEmailRecipientProfiles","description":"Name-ID pairs of recipient profiles for which the rule is applied"},"entityGroups":{"$ref":"#/types/zia:index/CasbDlpRulesEntityGroups:CasbDlpRulesEntityGroups","description":"Name-ID pairs of entity groups that are part of the rule criteria"},"excludedDomainProfiles":{"$ref":"#/types/zia:index/CasbDlpRulesExcludedDomainProfiles:CasbDlpRulesExcludedDomainProfiles","description":"Name-ID pairs of domain profiles excluded in the criteria for the rule"},"externalAuditorEmail":{"type":"string","description":"Email address of the external auditor to whom the DLP email alerts are sent"},"fileTypes":{"type":"array","items":{"type":"string"},"description":"File type categories for which the policy is applied. If not set, the rule is applied across all file types."},"groups":{"$ref":"#/types/zia:index/CasbDlpRulesGroups:CasbDlpRulesGroups","description":"Name-ID pairs of groups for which the rule is applied"},"includeCriteriaDomainProfile":{"type":"boolean","description":"If true, criteriaDomainProfiles is included as part of the criteria, else they are excluded from the criteria."},"includeEmailRecipientProfile":{"type":"boolean","description":"If true, emailRecipientProfiles is included as part of the criteria, else they are excluded from the criteria."},"includeEntityGroups":{"type":"boolean","description":"If true, entityGroups is included as part of the criteria, else are excluded from the criteria"},"includedDomainProfiles":{"$ref":"#/types/zia:index/CasbDlpRulesIncludedDomainProfiles:CasbDlpRulesIncludedDomainProfiles","description":"Name-ID pairs of domain profiles included in the criteria for the rule"},"labels":{"$ref":"#/types/zia:index/CasbDlpRulesLabels:CasbDlpRulesLabels","description":"Name-ID pairs of rule labels associated with the rule"},"name":{"type":"string","description":"Rule name"},"objectTypes":{"$ref":"#/types/zia:index/CasbDlpRulesObjectTypes:CasbDlpRulesObjectTypes","description":"List of object types for which the rule is applied"},"order":{"type":"integer","description":"Order of rule execution with respect to other SaaS Security Data at Rest Scanning DLP rules"},"quarantineLocation":{"type":"string","description":"Location where all the quarantined files are moved and necessary actions are taken by either deleting or restoring the data"},"rank":{"type":"integer","description":"Admin rank that is assigned to this rule. Mandatory when admin rank-based access restriction is enabled"},"receiver":{"$ref":"#/types/zia:index/CasbDlpRulesReceiver:CasbDlpRulesReceiver","description":"The receiver information for the DLP policy rule"},"recipient":{"type":"string","description":"Specifies if the email recipient is internal or external"},"redactionProfiles":{"type":"array","items":{"$ref":"#/types/zia:index/CasbDlpRulesRedactionProfile:CasbDlpRulesRedactionProfile"},"description":"Name-ID of the redaction profile in the criteria"},"severity":{"type":"string","description":"The severity level of the incidents that match the policy rule"},"state":{"type":"string","description":"Administrative state of the rule"},"tags":{"type":"array","items":{"$ref":"#/types/zia:index/CasbDlpRulesTag:CasbDlpRulesTag"},"description":"Tag applied to the rule"},"type":{"type":"string","description":"The type of SaaS Security Data at Rest Scanning DLP rule"},"users":{"$ref":"#/types/zia:index/CasbDlpRulesUsers:CasbDlpRulesUsers","description":"Name-ID pairs of users for which rule must be applied"},"watermarkDeleteOldVersion":{"type":"boolean","description":"Specifies whether to delete an old version of the watermarked file"},"watermarkProfiles":{"type":"array","items":{"$ref":"#/types/zia:index/CasbDlpRulesWatermarkProfile:CasbDlpRulesWatermarkProfile"},"description":"Watermark profile applied to the rule"},"withoutContentInspection":{"type":"boolean","description":"If true, Content Matching is set to None"},"zscalerIncidentReceivers":{"type":"array","items":{"$ref":"#/types/zia:index/CasbDlpRulesZscalerIncidentReceiver:CasbDlpRulesZscalerIncidentReceiver"},"description":"The Zscaler Incident Receiver details"}},"requiredInputs":["order"],"stateInputs":{"description":"Input properties used for looking up and filtering CasbDlpRules resources.\n","properties":{"action":{"type":"string","description":"The configured action for the policy rule"},"auditorNotifications":{"type":"array","items":{"$ref":"#/types/zia:index/CasbDlpRulesAuditorNotification:CasbDlpRulesAuditorNotification"},"description":"Notification template used for DLP email alerts sent to the auditor"},"bucketOwner":{"type":"string","description":"A user who inspect their buckets for sensitive data. When you choose a user, their buckets are available in the Buckets field"},"buckets":{"$ref":"#/types/zia:index/CasbDlpRulesBuckets:CasbDlpRulesBuckets","description":"The buckets for the Zscaler service to inspect for sensitive data"},"casbEmailLabels":{"type":"array","items":{"$ref":"#/types/zia:index/CasbDlpRulesCasbEmailLabel:CasbDlpRulesCasbEmailLabel"},"description":"Name-ID of the email label associated with the rule"},"casbTombstoneTemplates":{"type":"array","items":{"$ref":"#/types/zia:index/CasbDlpRulesCasbTombstoneTemplate:CasbDlpRulesCasbTombstoneTemplate"},"description":"Name-ID of the quarantine tombstone template associated with the rule"},"cloudAppTenants":{"$ref":"#/types/zia:index/CasbDlpRulesCloudAppTenants:CasbDlpRulesCloudAppTenants","description":"Name-ID pairs of the cloud application tenants for which the rule is applied"},"collaborationScopes":{"type":"array","items":{"type":"string"},"description":"Collaboration scope for the rule"},"components":{"type":"array","items":{"type":"string"},"description":"List of components for which the rule is applied. Zscaler service inspects these components for sensitive data."},"contentLocation":{"type":"string","description":"The location for the content that the Zscaler service inspects for sensitive data"},"criteriaDomainProfiles":{"$ref":"#/types/zia:index/CasbDlpRulesCriteriaDomainProfiles:CasbDlpRulesCriteriaDomainProfiles","description":"Name-ID pairs of domain profiles that are mandatory in the criteria for the rule"},"departments":{"$ref":"#/types/zia:index/CasbDlpRulesDepartments:CasbDlpRulesDepartments","description":"Name-ID pairs of departments for which rule must be applied"},"description":{"type":"string","description":"An admin editable text-based description of the rule"},"dlpEngines":{"$ref":"#/types/zia:index/CasbDlpRulesDlpEngines:CasbDlpRulesDlpEngines","description":"The list of DLP engines to which the DLP policy rule must be applied"},"domains":{"type":"array","items":{"type":"string"},"description":"The domain for the external organization sharing the channel"},"emailRecipientProfiles":{"$ref":"#/types/zia:index/CasbDlpRulesEmailRecipientProfiles:CasbDlpRulesEmailRecipientProfiles","description":"Name-ID pairs of recipient profiles for which the rule is applied"},"entityGroups":{"$ref":"#/types/zia:index/CasbDlpRulesEntityGroups:CasbDlpRulesEntityGroups","description":"Name-ID pairs of entity groups that are part of the rule criteria"},"excludedDomainProfiles":{"$ref":"#/types/zia:index/CasbDlpRulesExcludedDomainProfiles:CasbDlpRulesExcludedDomainProfiles","description":"Name-ID pairs of domain profiles excluded in the criteria for the rule"},"externalAuditorEmail":{"type":"string","description":"Email address of the external auditor to whom the DLP email alerts are sent"},"fileTypes":{"type":"array","items":{"type":"string"},"description":"File type categories for which the policy is applied. If not set, the rule is applied across all file types."},"groups":{"$ref":"#/types/zia:index/CasbDlpRulesGroups:CasbDlpRulesGroups","description":"Name-ID pairs of groups for which the rule is applied"},"includeCriteriaDomainProfile":{"type":"boolean","description":"If true, criteriaDomainProfiles is included as part of the criteria, else they are excluded from the criteria."},"includeEmailRecipientProfile":{"type":"boolean","description":"If true, emailRecipientProfiles is included as part of the criteria, else they are excluded from the criteria."},"includeEntityGroups":{"type":"boolean","description":"If true, entityGroups is included as part of the criteria, else are excluded from the criteria"},"includedDomainProfiles":{"$ref":"#/types/zia:index/CasbDlpRulesIncludedDomainProfiles:CasbDlpRulesIncludedDomainProfiles","description":"Name-ID pairs of domain profiles included in the criteria for the rule"},"labels":{"$ref":"#/types/zia:index/CasbDlpRulesLabels:CasbDlpRulesLabels","description":"Name-ID pairs of rule labels associated with the rule"},"name":{"type":"string","description":"Rule name"},"objectTypes":{"$ref":"#/types/zia:index/CasbDlpRulesObjectTypes:CasbDlpRulesObjectTypes","description":"List of object types for which the rule is applied"},"order":{"type":"integer","description":"Order of rule execution with respect to other SaaS Security Data at Rest Scanning DLP rules"},"quarantineLocation":{"type":"string","description":"Location where all the quarantined files are moved and necessary actions are taken by either deleting or restoring the data"},"rank":{"type":"integer","description":"Admin rank that is assigned to this rule. Mandatory when admin rank-based access restriction is enabled"},"receiver":{"$ref":"#/types/zia:index/CasbDlpRulesReceiver:CasbDlpRulesReceiver","description":"The receiver information for the DLP policy rule"},"recipient":{"type":"string","description":"Specifies if the email recipient is internal or external"},"redactionProfiles":{"type":"array","items":{"$ref":"#/types/zia:index/CasbDlpRulesRedactionProfile:CasbDlpRulesRedactionProfile"},"description":"Name-ID of the redaction profile in the criteria"},"ruleId":{"type":"integer","description":"System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule"},"severity":{"type":"string","description":"The severity level of the incidents that match the policy rule"},"state":{"type":"string","description":"Administrative state of the rule"},"tags":{"type":"array","items":{"$ref":"#/types/zia:index/CasbDlpRulesTag:CasbDlpRulesTag"},"description":"Tag applied to the rule"},"type":{"type":"string","description":"The type of SaaS Security Data at Rest Scanning DLP rule"},"users":{"$ref":"#/types/zia:index/CasbDlpRulesUsers:CasbDlpRulesUsers","description":"Name-ID pairs of users for which rule must be applied"},"watermarkDeleteOldVersion":{"type":"boolean","description":"Specifies whether to delete an old version of the watermarked file"},"watermarkProfiles":{"type":"array","items":{"$ref":"#/types/zia:index/CasbDlpRulesWatermarkProfile:CasbDlpRulesWatermarkProfile"},"description":"Watermark profile applied to the rule"},"withoutContentInspection":{"type":"boolean","description":"If true, Content Matching is set to None"},"zscalerIncidentReceivers":{"type":"array","items":{"$ref":"#/types/zia:index/CasbDlpRulesZscalerIncidentReceiver:CasbDlpRulesZscalerIncidentReceiver"},"description":"The Zscaler Incident Receiver details"}},"type":"object"},"deprecationMessage":"zia.index/casbdlprules.CasbDlpRules has been deprecated in favor of zia.index/casbdlprule.CasbDlpRule"},"zia:index/casbMalwareRule:CasbMalwareRule":{"description":"* [Official documentation](https://help.zscaler.com/zia/configuring-data-rest-scanning-malware-detection-policy)\n* [API documentation](https://help.zscaler.com/zia/saas-security-api#/casbMalwareRules-post)\n\nThe **zia_casb_malware_rules** resource Adds a new SaaS Security Data at Rest Scanning Malware Detection rule.\n\n## Example Usage\n\n```hcl\ndata \"zia_casb_tenant\" \"this\" {\n  tenant_name = \"GitLab_Tenant01\"\n}\n\ndata \"zia_rule_labels\" \"this\" {\n    name = \"RuleLabel01\n}\n\nresource \"zia_casb_malware_rules\" \"this\" {\n  name = \"GitLab_Tenant01\"\n  action = \"OFLCASB_AVP_REPORT_MALWARE\"\n  type = \"OFLCASB_AVP_REPO\"\n  order = 1\n  cloud_app_tenants {\n    id = [data.zia_casb_tenant.this.id]\n  }\n  labels {\n    id = [data.zia_rule_labels.this.id]\n  }\n  buckets {\n    id = [1442271, 1442270, 1442268, 1442269, 1442272]\n  }\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_casb_malware_rules** can be imported by using `\u003cRULE_TYPE:RULE_ID\u003e` or `\u003cRULE_TYPE:RULE_NAME\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/casbMalwareRule:CasbMalwareRule this \u003crule_type:rule_id\u003e\n```\n\n```sh\n$ pulumi import zia:index/casbMalwareRule:CasbMalwareRule this \u003c\"rule_type:rule_name\"\u003e\n```\n\n","properties":{"action":{"type":"string"},"buckets":{"$ref":"#/types/zia:index/CasbMalwareRuleBuckets:CasbMalwareRuleBuckets","description":"Name-ID pairs of locations for which rule must be applied"},"casbEmailLabels":{"type":"array","items":{"$ref":"#/types/zia:index/CasbMalwareRuleCasbEmailLabel:CasbMalwareRuleCasbEmailLabel"},"description":"The ZPA Server Group for which this rule is applicable. Only the Server Groups that are associated with the selected Application Segments are allowed. This field is applicable only for the ZPA forwarding method."},"casbTombstoneTemplates":{"type":"array","items":{"$ref":"#/types/zia:index/CasbMalwareRuleCasbTombstoneTemplate:CasbMalwareRuleCasbTombstoneTemplate"},"description":"The ZPA Server Group for which this rule is applicable. Only the Server Groups that are associated with the selected Application Segments are allowed. This field is applicable only for the ZPA forwarding method."},"cloudAppTenantIds":{"$ref":"#/types/zia:index/CasbMalwareRuleCloudAppTenantIds:CasbMalwareRuleCloudAppTenantIds","description":"This field is applicable for devices that are managed using Zscaler Client Connector."},"cloudAppTenants":{"$ref":"#/types/zia:index/CasbMalwareRuleCloudAppTenants:CasbMalwareRuleCloudAppTenants","description":"Name-ID pairs of the cloud application tenants for which the rule is applied. If the name-ID pairs of the cloud application tenants are not specified, the rule is applied to all tenants."},"labels":{"$ref":"#/types/zia:index/CasbMalwareRuleLabels:CasbMalwareRuleLabels","description":"list of Labels that are applicable to the rule."},"name":{"type":"string"},"order":{"type":"integer"},"quarantineLocation":{"type":"string","description":"Location where all the quarantined files are moved and necessary actions are taken by either deleting or restoring the data"},"ruleId":{"type":"integer","description":"A unique identifier assigned to the forwarding rule"},"scanInboundEmailLink":{"type":"string","description":"Enables or disables the scan inbound email link"},"state":{"type":"string"},"type":{"type":"string"}},"required":["name","order","ruleId"],"inputProperties":{"action":{"type":"string"},"buckets":{"$ref":"#/types/zia:index/CasbMalwareRuleBuckets:CasbMalwareRuleBuckets","description":"Name-ID pairs of locations for which rule must be applied"},"casbEmailLabels":{"type":"array","items":{"$ref":"#/types/zia:index/CasbMalwareRuleCasbEmailLabel:CasbMalwareRuleCasbEmailLabel"},"description":"The ZPA Server Group for which this rule is applicable. Only the Server Groups that are associated with the selected Application Segments are allowed. This field is applicable only for the ZPA forwarding method."},"casbTombstoneTemplates":{"type":"array","items":{"$ref":"#/types/zia:index/CasbMalwareRuleCasbTombstoneTemplate:CasbMalwareRuleCasbTombstoneTemplate"},"description":"The ZPA Server Group for which this rule is applicable. Only the Server Groups that are associated with the selected Application Segments are allowed. This field is applicable only for the ZPA forwarding method."},"cloudAppTenantIds":{"$ref":"#/types/zia:index/CasbMalwareRuleCloudAppTenantIds:CasbMalwareRuleCloudAppTenantIds","description":"This field is applicable for devices that are managed using Zscaler Client Connector."},"cloudAppTenants":{"$ref":"#/types/zia:index/CasbMalwareRuleCloudAppTenants:CasbMalwareRuleCloudAppTenants","description":"Name-ID pairs of the cloud application tenants for which the rule is applied. If the name-ID pairs of the cloud application tenants are not specified, the rule is applied to all tenants."},"labels":{"$ref":"#/types/zia:index/CasbMalwareRuleLabels:CasbMalwareRuleLabels","description":"list of Labels that are applicable to the rule."},"name":{"type":"string"},"order":{"type":"integer"},"quarantineLocation":{"type":"string","description":"Location where all the quarantined files are moved and necessary actions are taken by either deleting or restoring the data"},"scanInboundEmailLink":{"type":"string","description":"Enables or disables the scan inbound email link"},"state":{"type":"string"},"type":{"type":"string"}},"requiredInputs":["order"],"stateInputs":{"description":"Input properties used for looking up and filtering CasbMalwareRule resources.\n","properties":{"action":{"type":"string"},"buckets":{"$ref":"#/types/zia:index/CasbMalwareRuleBuckets:CasbMalwareRuleBuckets","description":"Name-ID pairs of locations for which rule must be applied"},"casbEmailLabels":{"type":"array","items":{"$ref":"#/types/zia:index/CasbMalwareRuleCasbEmailLabel:CasbMalwareRuleCasbEmailLabel"},"description":"The ZPA Server Group for which this rule is applicable. Only the Server Groups that are associated with the selected Application Segments are allowed. This field is applicable only for the ZPA forwarding method."},"casbTombstoneTemplates":{"type":"array","items":{"$ref":"#/types/zia:index/CasbMalwareRuleCasbTombstoneTemplate:CasbMalwareRuleCasbTombstoneTemplate"},"description":"The ZPA Server Group for which this rule is applicable. Only the Server Groups that are associated with the selected Application Segments are allowed. This field is applicable only for the ZPA forwarding method."},"cloudAppTenantIds":{"$ref":"#/types/zia:index/CasbMalwareRuleCloudAppTenantIds:CasbMalwareRuleCloudAppTenantIds","description":"This field is applicable for devices that are managed using Zscaler Client Connector."},"cloudAppTenants":{"$ref":"#/types/zia:index/CasbMalwareRuleCloudAppTenants:CasbMalwareRuleCloudAppTenants","description":"Name-ID pairs of the cloud application tenants for which the rule is applied. If the name-ID pairs of the cloud application tenants are not specified, the rule is applied to all tenants."},"labels":{"$ref":"#/types/zia:index/CasbMalwareRuleLabels:CasbMalwareRuleLabels","description":"list of Labels that are applicable to the rule."},"name":{"type":"string"},"order":{"type":"integer"},"quarantineLocation":{"type":"string","description":"Location where all the quarantined files are moved and necessary actions are taken by either deleting or restoring the data"},"ruleId":{"type":"integer","description":"A unique identifier assigned to the forwarding rule"},"scanInboundEmailLink":{"type":"string","description":"Enables or disables the scan inbound email link"},"state":{"type":"string"},"type":{"type":"string"}},"type":"object"},"aliases":[{"type":"zia:index/casbMalwareRules:CasbMalwareRules"}]},"zia:index/casbMalwareRules:CasbMalwareRules":{"description":"* [Official documentation](https://help.zscaler.com/zia/configuring-data-rest-scanning-malware-detection-policy)\n* [API documentation](https://help.zscaler.com/zia/saas-security-api#/casbMalwareRules-post)\n\nThe **zia_casb_malware_rules** resource Adds a new SaaS Security Data at Rest Scanning Malware Detection rule.\n\n## Example Usage\n\n```hcl\ndata \"zia_casb_tenant\" \"this\" {\n  tenant_name = \"GitLab_Tenant01\"\n}\n\ndata \"zia_rule_labels\" \"this\" {\n    name = \"RuleLabel01\n}\n\nresource \"zia_casb_malware_rules\" \"this\" {\n  name = \"GitLab_Tenant01\"\n  action = \"OFLCASB_AVP_REPORT_MALWARE\"\n  type = \"OFLCASB_AVP_REPO\"\n  order = 1\n  cloud_app_tenants {\n    id = [data.zia_casb_tenant.this.id]\n  }\n  labels {\n    id = [data.zia_rule_labels.this.id]\n  }\n  buckets {\n    id = [1442271, 1442270, 1442268, 1442269, 1442272]\n  }\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_casb_malware_rules** can be imported by using `\u003cRULE_TYPE:RULE_ID\u003e` or `\u003cRULE_TYPE:RULE_NAME\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/casbMalwareRules:CasbMalwareRules this \u003crule_type:rule_id\u003e\n```\n\n```sh\n$ pulumi import zia:index/casbMalwareRules:CasbMalwareRules this \u003c\"rule_type:rule_name\"\u003e\n```\n\n","properties":{"action":{"type":"string"},"buckets":{"$ref":"#/types/zia:index/CasbMalwareRulesBuckets:CasbMalwareRulesBuckets","description":"Name-ID pairs of locations for which rule must be applied"},"casbEmailLabels":{"type":"array","items":{"$ref":"#/types/zia:index/CasbMalwareRulesCasbEmailLabel:CasbMalwareRulesCasbEmailLabel"},"description":"The ZPA Server Group for which this rule is applicable. Only the Server Groups that are associated with the selected Application Segments are allowed. This field is applicable only for the ZPA forwarding method."},"casbTombstoneTemplates":{"type":"array","items":{"$ref":"#/types/zia:index/CasbMalwareRulesCasbTombstoneTemplate:CasbMalwareRulesCasbTombstoneTemplate"},"description":"The ZPA Server Group for which this rule is applicable. Only the Server Groups that are associated with the selected Application Segments are allowed. This field is applicable only for the ZPA forwarding method."},"cloudAppTenantIds":{"$ref":"#/types/zia:index/CasbMalwareRulesCloudAppTenantIds:CasbMalwareRulesCloudAppTenantIds","description":"This field is applicable for devices that are managed using Zscaler Client Connector."},"cloudAppTenants":{"$ref":"#/types/zia:index/CasbMalwareRulesCloudAppTenants:CasbMalwareRulesCloudAppTenants","description":"Name-ID pairs of the cloud application tenants for which the rule is applied. If the name-ID pairs of the cloud application tenants are not specified, the rule is applied to all tenants."},"labels":{"$ref":"#/types/zia:index/CasbMalwareRulesLabels:CasbMalwareRulesLabels","description":"list of Labels that are applicable to the rule."},"name":{"type":"string"},"order":{"type":"integer"},"quarantineLocation":{"type":"string","description":"Location where all the quarantined files are moved and necessary actions are taken by either deleting or restoring the data"},"ruleId":{"type":"integer","description":"A unique identifier assigned to the forwarding rule"},"scanInboundEmailLink":{"type":"string","description":"Enables or disables the scan inbound email link"},"state":{"type":"string"},"type":{"type":"string"}},"required":["name","order","ruleId"],"inputProperties":{"action":{"type":"string"},"buckets":{"$ref":"#/types/zia:index/CasbMalwareRulesBuckets:CasbMalwareRulesBuckets","description":"Name-ID pairs of locations for which rule must be applied"},"casbEmailLabels":{"type":"array","items":{"$ref":"#/types/zia:index/CasbMalwareRulesCasbEmailLabel:CasbMalwareRulesCasbEmailLabel"},"description":"The ZPA Server Group for which this rule is applicable. Only the Server Groups that are associated with the selected Application Segments are allowed. This field is applicable only for the ZPA forwarding method."},"casbTombstoneTemplates":{"type":"array","items":{"$ref":"#/types/zia:index/CasbMalwareRulesCasbTombstoneTemplate:CasbMalwareRulesCasbTombstoneTemplate"},"description":"The ZPA Server Group for which this rule is applicable. Only the Server Groups that are associated with the selected Application Segments are allowed. This field is applicable only for the ZPA forwarding method."},"cloudAppTenantIds":{"$ref":"#/types/zia:index/CasbMalwareRulesCloudAppTenantIds:CasbMalwareRulesCloudAppTenantIds","description":"This field is applicable for devices that are managed using Zscaler Client Connector."},"cloudAppTenants":{"$ref":"#/types/zia:index/CasbMalwareRulesCloudAppTenants:CasbMalwareRulesCloudAppTenants","description":"Name-ID pairs of the cloud application tenants for which the rule is applied. If the name-ID pairs of the cloud application tenants are not specified, the rule is applied to all tenants."},"labels":{"$ref":"#/types/zia:index/CasbMalwareRulesLabels:CasbMalwareRulesLabels","description":"list of Labels that are applicable to the rule."},"name":{"type":"string"},"order":{"type":"integer"},"quarantineLocation":{"type":"string","description":"Location where all the quarantined files are moved and necessary actions are taken by either deleting or restoring the data"},"scanInboundEmailLink":{"type":"string","description":"Enables or disables the scan inbound email link"},"state":{"type":"string"},"type":{"type":"string"}},"requiredInputs":["order"],"stateInputs":{"description":"Input properties used for looking up and filtering CasbMalwareRules resources.\n","properties":{"action":{"type":"string"},"buckets":{"$ref":"#/types/zia:index/CasbMalwareRulesBuckets:CasbMalwareRulesBuckets","description":"Name-ID pairs of locations for which rule must be applied"},"casbEmailLabels":{"type":"array","items":{"$ref":"#/types/zia:index/CasbMalwareRulesCasbEmailLabel:CasbMalwareRulesCasbEmailLabel"},"description":"The ZPA Server Group for which this rule is applicable. Only the Server Groups that are associated with the selected Application Segments are allowed. This field is applicable only for the ZPA forwarding method."},"casbTombstoneTemplates":{"type":"array","items":{"$ref":"#/types/zia:index/CasbMalwareRulesCasbTombstoneTemplate:CasbMalwareRulesCasbTombstoneTemplate"},"description":"The ZPA Server Group for which this rule is applicable. Only the Server Groups that are associated with the selected Application Segments are allowed. This field is applicable only for the ZPA forwarding method."},"cloudAppTenantIds":{"$ref":"#/types/zia:index/CasbMalwareRulesCloudAppTenantIds:CasbMalwareRulesCloudAppTenantIds","description":"This field is applicable for devices that are managed using Zscaler Client Connector."},"cloudAppTenants":{"$ref":"#/types/zia:index/CasbMalwareRulesCloudAppTenants:CasbMalwareRulesCloudAppTenants","description":"Name-ID pairs of the cloud application tenants for which the rule is applied. If the name-ID pairs of the cloud application tenants are not specified, the rule is applied to all tenants."},"labels":{"$ref":"#/types/zia:index/CasbMalwareRulesLabels:CasbMalwareRulesLabels","description":"list of Labels that are applicable to the rule."},"name":{"type":"string"},"order":{"type":"integer"},"quarantineLocation":{"type":"string","description":"Location where all the quarantined files are moved and necessary actions are taken by either deleting or restoring the data"},"ruleId":{"type":"integer","description":"A unique identifier assigned to the forwarding rule"},"scanInboundEmailLink":{"type":"string","description":"Enables or disables the scan inbound email link"},"state":{"type":"string"},"type":{"type":"string"}},"type":"object"},"deprecationMessage":"zia.index/casbmalwarerules.CasbMalwareRules has been deprecated in favor of zia.index/casbmalwarerule.CasbMalwareRule"},"zia:index/cloudAppControlRule:CloudAppControlRule":{"description":"* [Official documentation](https://help.zscaler.com/zia/adding-rules-cloud-app-control-policy)\n* [API documentation](https://help.zscaler.com/zia/cloud-app-control-policy#/webApplicationRules/{rule_type}-get)\n\nThe **zia_cloud_app_control_rule** resource allows the creation and management of ZIA Cloud Application Control rules in the Zscaler Internet Access.\n\n**NOTE** Resources or DataSources to retrieve Tenant Profile or Cloud Application Risk Profile ID information are not currently available.\n\n## Example Usage\n\n### Using Data Source For Actions (Recommended)\n\n```hcl\n# Get valid actions for the applications\ndata \"zia_cloud_app_control_rule_actions\" \"webmail_actions\" {\n  type       = \"WEBMAIL\"\n  cloud_apps = [\"GOOGLE_WEBMAIL\", \"YAHOO_WEBMAIL\"]\n}\n\nresource \"zia_cloud_app_control_rule\" \"webmail_rule\" {\n  name                = \"WebMail Control Rule\"\n  description         = \"Control webmail access\"\n  order               = 1\n  rank                = 7\n  state               = \"ENABLED\"\n  type                = \"WEBMAIL\"\n\n  # Use data source to get valid actions\n  actions             = data.zia_cloud_app_control_rule_actions.webmail_actions.available_actions_without_isolate\n\n  applications        = [\"GOOGLE_WEBMAIL\", \"YAHOO_WEBMAIL\"]\n  device_trust_levels = [\"UNKNOWN_DEVICETRUSTLEVEL\", \"LOW_TRUST\", \"MEDIUM_TRUST\", \"HIGH_TRUST\"]\n  user_agent_types    = [\"OPERA\", \"FIREFOX\", \"MSIE\", \"MSEDGE\", \"CHROME\", \"SAFARI\", \"MSCHREDGE\"]\n}\n```\n\n### AI/ML Application Control\n\n```hcl\ndata \"zia_cloud_app_control_rule_actions\" \"ai_actions\" {\n  type       = \"AI_ML\"\n  cloud_apps = [\"CHATGPT_AI\"]\n}\n\nresource \"zia_cloud_app_control_rule\" \"ai_control\" {\n  name         = \"ChatGPT Controls\"\n  description  = \"Control ChatGPT usage\"\n  order        = 1\n  rank         = 7\n  state        = \"ENABLED\"\n  type         = \"AI_ML\"\n\n  # Automatically gets all valid actions except ISOLATE\n  actions      = data.zia_cloud_app_control_rule_actions.ai_actions.available_actions_without_isolate\n\n  applications = [\"CHATGPT_AI\"]\n}\n```\n\n### File Sharing Controls\n\n```hcl\ndata \"zia_cloud_app_control_rule_actions\" \"file_share_actions\" {\n  type       = \"FILE_SHARE\"\n  cloud_apps = [\"DROPBOX\", \"ONEDRIVE\"]\n}\n\nresource \"zia_cloud_app_control_rule\" \"file_sharing\" {\n  name         = \"File Sharing Controls\"\n  description  = \"Control file sharing operations\"\n  order        = 1\n  rank         = 7\n  state        = \"ENABLED\"\n  type         = \"FILE_SHARE\"\n\n  # Returns only actions supported by both Dropbox and OneDrive\n  actions      = data.zia_cloud_app_control_rule_actions.file_share_actions.available_actions_without_isolate\n\n  applications = [\"DROPBOX\", \"ONEDRIVE\"]\n}\n```\n\n### Cloud Browser Isolation (ISOLATE Actions)\n\nISOLATE actions require Cloud Browser Isolation subscription and must be used alone (cannot mix with other actions):\n\n```hcl\ndata \"zia_cloud_app_control_rule_actions\" \"chatgpt_isolate\" {\n  type       = \"AI_ML\"\n  cloud_apps = [\"CHATGPT_AI\"]\n}\n\ndata \"zia_cloud_browser_isolation_profile\" \"cbi_profile\" {\n  name = \"My-CBI-Profile\"\n}\n\nresource \"zia_cloud_app_control_rule\" \"isolate_chatgpt\" {\n  name         = \"ChatGPT Isolation\"\n  description  = \"Isolate ChatGPT using Cloud Browser Isolation\"\n  order        = 1\n  rank         = 7\n  state        = \"ENABLED\"\n  type         = \"AI_ML\"\n\n  # Use isolate_actions for CBI rules\n  actions      = data.zia_cloud_app_control_rule_actions.chatgpt_isolate.isolate_actions\n\n  applications = [\"CHATGPT_AI\"]\n\n  # Required for ISOLATE actions\n  cbi_profile {\n    id   = data.zia_cloud_browser_isolation_profile.cbi_profile.id\n    name = data.zia_cloud_browser_isolation_profile.cbi_profile.name\n    url  = data.zia_cloud_browser_isolation_profile.cbi_profile.url\n  }\n}\n```\n\n### Filtered Actions (ALLOW Only)\n\n```hcl\ndata \"zia_cloud_app_control_rule_actions\" \"slack_allow\" {\n  type            = \"ENTERPRISE_COLLABORATION\"\n  cloud_apps      = [\"SLACK\"]\n  action_prefixes = [\"ALLOW\"]  # Only permissive actions\n}\n\nresource \"zia_cloud_app_control_rule\" \"slack_allow_only\" {\n  name         = \"Slack Allow Only\"\n  description  = \"Allow specific Slack operations\"\n  order        = 1\n  rank         = 7\n  state        = \"ENABLED\"\n  type         = \"ENTERPRISE_COLLABORATION\"\n\n  # Only ALLOW_ actions\n  actions      = data.zia_cloud_app_control_rule_actions.slack_allow.filtered_actions\n\n  applications = [\"SLACK\"]\n}\n```\n\n### With Time Validity\n\n```hcl\ndata \"zia_cloud_app_control_rule_actions\" \"social_media_actions\" {\n  type       = \"SOCIAL_NETWORKING\"\n  cloud_apps = [\"FACEBOOK\"]\n}\n\nresource \"zia_cloud_app_control_rule\" \"social_media_time_restricted\" {\n  name                  = \"Social Media Time Restricted\"\n  description           = \"Allow social media only during specified hours\"\n  order                 = 1\n  rank                  = 7\n  state                 = \"ENABLED\"\n  type                  = \"SOCIAL_NETWORKING\"\n  actions               = data.zia_cloud_app_control_rule_actions.social_media_actions.available_actions_without_isolate\n  applications          = [\"FACEBOOK\"]\n\n  enforce_time_validity = true\n  validity_start_time   = \"Mon, 17 Jun 2024 23:30:00 UTC\"\n  validity_end_time     = \"Tue, 17 Jun 2025 23:00:00 UTC\"\n  validity_time_zone_id = \"US/Pacific\"\n\n  time_quota            = 15\n  size_quota            = 10\n  device_trust_levels   = [\"UNKNOWN_DEVICETRUSTLEVEL\", \"LOW_TRUST\", \"MEDIUM_TRUST\", \"HIGH_TRUST\"]\n}\n```\n\n## Important Notes\n\n### Using the Data Source for Actions\n\n**Best Practice**: Always use the \u003cspan pulumi-lang-nodejs=\"`zia.getCloudAppControlRuleActions`\" pulumi-lang-dotnet=\"`zia.getCloudAppControlRuleActions`\" pulumi-lang-go=\"`getCloudAppControlRuleActions`\" pulumi-lang-python=\"`get_cloud_app_control_rule_actions`\" pulumi-lang-yaml=\"`zia.getCloudAppControlRuleActions`\" pulumi-lang-java=\"`zia.getCloudAppControlRuleActions`\"\u003e`zia.getCloudAppControlRuleActions`\u003c/span\u003e data source to retrieve valid actions for your applications. The data source automatically handles:\n\n* Application-specific action support\n* Action intersections when multiple applications are configured\n* Separation of ISOLATE actions from standard actions\n\n```hcl\ndata \"zia_cloud_app_control_rule_actions\" \"my_actions\" {\n  type       = \"AI_ML\"\n  cloud_apps = [\"CHATGPT_AI\"]\n}\n\nresource \"zia_cloud_app_control_rule\" \"example\" {\n  actions = data.zia_cloud_app_control_rule_actions.my_actions.available_actions_without_isolate\n}\n```\n\n### ISOLATE Actions Requirements\n\nWhen using ISOLATE actions:\n\n* ISOLATE actions **cannot be mixed** with other action types (ALLOW, DENY, BLOCK, CAUTION)\n* ISOLATE actions **require** \u003cspan pulumi-lang-nodejs=\"`cbiProfile`\" pulumi-lang-dotnet=\"`CbiProfile`\" pulumi-lang-go=\"`cbiProfile`\" pulumi-lang-python=\"`cbi_profile`\" pulumi-lang-yaml=\"`cbiProfile`\" pulumi-lang-java=\"`cbiProfile`\"\u003e`cbi_profile`\u003c/span\u003e block with a valid Cloud Browser Isolation profile\n* ISOLATE actions **cannot** have \u003cspan pulumi-lang-nodejs=\"`browserEunTemplateId`\" pulumi-lang-dotnet=\"`BrowserEunTemplateId`\" pulumi-lang-go=\"`browserEunTemplateId`\" pulumi-lang-python=\"`browser_eun_template_id`\" pulumi-lang-yaml=\"`browserEunTemplateId`\" pulumi-lang-java=\"`browserEunTemplateId`\"\u003e`browser_eun_template_id`\u003c/span\u003e set\n* Create separate rules for ISOLATE vs non-ISOLATE actions\n\n### Multiple Applications\n\nWhen configuring multiple applications in a single rule, only actions supported by ALL applications are valid. The data source automatically computes this intersection when you specify multiple cloud_apps.\n\n### Action Validation\n\nThe resource validates actions during `pulumi preview`. If invalid actions are detected, an error message will show:\n\n* Which actions are invalid\n\n* List of valid actions for your configuration\n* Suggestion to use the data source\n\nFor more information, see the\u003cspan pulumi-lang-nodejs=\" zia.getCloudAppControlRuleActions \" pulumi-lang-dotnet=\" zia.getCloudAppControlRuleActions \" pulumi-lang-go=\" getCloudAppControlRuleActions \" pulumi-lang-python=\" get_cloud_app_control_rule_actions \" pulumi-lang-yaml=\" zia.getCloudAppControlRuleActions \" pulumi-lang-java=\" zia.getCloudAppControlRuleActions \"\u003e zia.getCloudAppControlRuleActions \u003c/span\u003edata source documentation.\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZPA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\nPolicy access rule can be imported by using `\u003cRULE_TYPE:RULE_ID\u003e` or `\u003cRULE_TYPE:RULE_NAME\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/cloudAppControlRule:CloudAppControlRule this \u003crule_type:rule_id\u003e\n```\n\n```sh\n$ pulumi import zia:index/cloudAppControlRule:CloudAppControlRule this \u003c\"rule_type:rule_name\"\u003e\n```\n\n","properties":{"actions":{"type":"array","items":{"type":"string"},"description":"Actions allowed for the specified type."},"applications":{"type":"array","items":{"type":"string"},"description":"The list of cloud applications to which the cloud app control rule must be applied\n\t\t\t\tUse the data source\u003cspan pulumi-lang-nodejs=\" zia.getCloudApplications \" pulumi-lang-dotnet=\" zia.getCloudApplications \" pulumi-lang-go=\" getCloudApplications \" pulumi-lang-python=\" get_cloud_applications \" pulumi-lang-yaml=\" zia.getCloudApplications \" pulumi-lang-java=\" zia.getCloudApplications \"\u003e zia.getCloudApplications \u003c/span\u003eto get the list of available cloud applications:\n\t\t\t\thttps://registry.terraform.io/providers/zscaler/zia/latest/docs/data-sources/zia_cloud_applications"},"browserEunTemplateId":{"type":"integer"},"cascadingEnabled":{"type":"boolean","description":"Enforce the URL Filtering policy on a transaction, even after it is explicitly allowed by the Cloud App Control policy."},"cbiProfiles":{"type":"array","items":{"$ref":"#/types/zia:index/CloudAppControlRuleCbiProfile:CloudAppControlRuleCbiProfile"}},"cloudAppInstances":{"$ref":"#/types/zia:index/CloudAppControlRuleCloudAppInstances:CloudAppControlRuleCloudAppInstances","description":"The cloud application instance ID."},"cloudAppRiskProfiles":{"type":"array","items":{"$ref":"#/types/zia:index/CloudAppControlRuleCloudAppRiskProfile:CloudAppControlRuleCloudAppRiskProfile"},"description":"The DLP server, using ICAP, to which the transaction content is forwarded."},"departments":{"$ref":"#/types/zia:index/CloudAppControlRuleDepartments:CloudAppControlRuleDepartments","description":"Name-ID pairs of departments for which rule must be applied"},"description":{"type":"string","description":"Additional information about the forwarding rule"},"deviceGroups":{"$ref":"#/types/zia:index/CloudAppControlRuleDeviceGroups:CloudAppControlRuleDeviceGroups","description":"This field is applicable for devices that are managed using Zscaler Client Connector."},"deviceTrustLevels":{"type":"array","items":{"type":"string"},"description":"List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation."},"devices":{"$ref":"#/types/zia:index/CloudAppControlRuleDevices:CloudAppControlRuleDevices","description":"Name-ID pairs of devices for which rule must be applied."},"enforceTimeValidity":{"type":"boolean","description":"Enforce a set a validity time period for the URL Filtering rule."},"eunEnabled":{"type":"boolean"},"eunTemplateId":{"type":"integer"},"groups":{"$ref":"#/types/zia:index/CloudAppControlRuleGroups:CloudAppControlRuleGroups","description":"Name-ID pairs of groups for which rule must be applied"},"labels":{"$ref":"#/types/zia:index/CloudAppControlRuleLabels:CloudAppControlRuleLabels","description":"The URL Filtering rule's label."},"locationGroups":{"$ref":"#/types/zia:index/CloudAppControlRuleLocationGroups:CloudAppControlRuleLocationGroups","description":"Name-ID pairs of the location groups to which the rule must be applied."},"locations":{"$ref":"#/types/zia:index/CloudAppControlRuleLocations:CloudAppControlRuleLocations","description":"Name-ID pairs of locations for which rule must be applied"},"name":{"type":"string","description":"The name of the forwarding rule"},"order":{"type":"integer","description":"The order of execution for the forwarding rule order"},"rank":{"type":"integer","description":"Admin rank assigned to the forwarding rule"},"ruleId":{"type":"integer","description":"A unique identifier assigned to the forwarding rule"},"sizeQuota":{"type":"integer","description":"Size quota in KB beyond which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to 'BLOCK', this field is not applicable."},"state":{"type":"string","description":"Determines whether the Firewall Filtering policy rule is enabled or disabled"},"tenancyProfileIds":{"$ref":"#/types/zia:index/CloudAppControlRuleTenancyProfileIds:CloudAppControlRuleTenancyProfileIds","description":"Name-ID pairs of groups for which rule must be applied"},"timeQuota":{"type":"integer","description":"Time quota in minutes, after which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to 'BLOCK', this field is not applicable."},"timeWindows":{"$ref":"#/types/zia:index/CloudAppControlRuleTimeWindows:CloudAppControlRuleTimeWindows","description":"Name-ID pairs of time interval during which rule must be enforced."},"type":{"type":"string","description":"Supported App Control Types"},"userAgentTypes":{"type":"array","items":{"type":"string"},"description":"Supported User Agent Types"},"userRiskScoreLevels":{"type":"array","items":{"type":"string"}},"users":{"$ref":"#/types/zia:index/CloudAppControlRuleUsers:CloudAppControlRuleUsers","description":"Name-ID pairs of users for which rule must be applied"},"validityEndTime":{"type":"string","description":"If enforceTimeValidity is set to true, the URL Filtering rule ceases to be valid on this end date and time."},"validityStartTime":{"type":"string","description":"If enforceTimeValidity is set to true, the URL Filtering rule is valid starting on this date and time."},"validityTimeZoneId":{"type":"string","description":"If enforceTimeValidity is set to true, the URL Filtering rule date and time is valid based on this time zone ID. Use IANA Format TimeZone."}},"required":["name","order","ruleId"],"inputProperties":{"actions":{"type":"array","items":{"type":"string"},"description":"Actions allowed for the specified type."},"applications":{"type":"array","items":{"type":"string"},"description":"The list of cloud applications to which the cloud app control rule must be applied\n\t\t\t\tUse the data source\u003cspan pulumi-lang-nodejs=\" zia.getCloudApplications \" pulumi-lang-dotnet=\" zia.getCloudApplications \" pulumi-lang-go=\" getCloudApplications \" pulumi-lang-python=\" get_cloud_applications \" pulumi-lang-yaml=\" zia.getCloudApplications \" pulumi-lang-java=\" zia.getCloudApplications \"\u003e zia.getCloudApplications \u003c/span\u003eto get the list of available cloud applications:\n\t\t\t\thttps://registry.terraform.io/providers/zscaler/zia/latest/docs/data-sources/zia_cloud_applications"},"browserEunTemplateId":{"type":"integer"},"cascadingEnabled":{"type":"boolean","description":"Enforce the URL Filtering policy on a transaction, even after it is explicitly allowed by the Cloud App Control policy."},"cbiProfiles":{"type":"array","items":{"$ref":"#/types/zia:index/CloudAppControlRuleCbiProfile:CloudAppControlRuleCbiProfile"}},"cloudAppInstances":{"$ref":"#/types/zia:index/CloudAppControlRuleCloudAppInstances:CloudAppControlRuleCloudAppInstances","description":"The cloud application instance ID."},"cloudAppRiskProfiles":{"type":"array","items":{"$ref":"#/types/zia:index/CloudAppControlRuleCloudAppRiskProfile:CloudAppControlRuleCloudAppRiskProfile"},"description":"The DLP server, using ICAP, to which the transaction content is forwarded."},"departments":{"$ref":"#/types/zia:index/CloudAppControlRuleDepartments:CloudAppControlRuleDepartments","description":"Name-ID pairs of departments for which rule must be applied"},"description":{"type":"string","description":"Additional information about the forwarding rule"},"deviceGroups":{"$ref":"#/types/zia:index/CloudAppControlRuleDeviceGroups:CloudAppControlRuleDeviceGroups","description":"This field is applicable for devices that are managed using Zscaler Client Connector."},"deviceTrustLevels":{"type":"array","items":{"type":"string"},"description":"List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation."},"devices":{"$ref":"#/types/zia:index/CloudAppControlRuleDevices:CloudAppControlRuleDevices","description":"Name-ID pairs of devices for which rule must be applied."},"enforceTimeValidity":{"type":"boolean","description":"Enforce a set a validity time period for the URL Filtering rule."},"eunEnabled":{"type":"boolean"},"eunTemplateId":{"type":"integer"},"groups":{"$ref":"#/types/zia:index/CloudAppControlRuleGroups:CloudAppControlRuleGroups","description":"Name-ID pairs of groups for which rule must be applied"},"labels":{"$ref":"#/types/zia:index/CloudAppControlRuleLabels:CloudAppControlRuleLabels","description":"The URL Filtering rule's label."},"locationGroups":{"$ref":"#/types/zia:index/CloudAppControlRuleLocationGroups:CloudAppControlRuleLocationGroups","description":"Name-ID pairs of the location groups to which the rule must be applied."},"locations":{"$ref":"#/types/zia:index/CloudAppControlRuleLocations:CloudAppControlRuleLocations","description":"Name-ID pairs of locations for which rule must be applied"},"name":{"type":"string","description":"The name of the forwarding rule"},"order":{"type":"integer","description":"The order of execution for the forwarding rule order"},"rank":{"type":"integer","description":"Admin rank assigned to the forwarding rule"},"sizeQuota":{"type":"integer","description":"Size quota in KB beyond which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to 'BLOCK', this field is not applicable."},"state":{"type":"string","description":"Determines whether the Firewall Filtering policy rule is enabled or disabled"},"tenancyProfileIds":{"$ref":"#/types/zia:index/CloudAppControlRuleTenancyProfileIds:CloudAppControlRuleTenancyProfileIds","description":"Name-ID pairs of groups for which rule must be applied"},"timeQuota":{"type":"integer","description":"Time quota in minutes, after which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to 'BLOCK', this field is not applicable."},"timeWindows":{"$ref":"#/types/zia:index/CloudAppControlRuleTimeWindows:CloudAppControlRuleTimeWindows","description":"Name-ID pairs of time interval during which rule must be enforced."},"type":{"type":"string","description":"Supported App Control Types"},"userAgentTypes":{"type":"array","items":{"type":"string"},"description":"Supported User Agent Types"},"userRiskScoreLevels":{"type":"array","items":{"type":"string"}},"users":{"$ref":"#/types/zia:index/CloudAppControlRuleUsers:CloudAppControlRuleUsers","description":"Name-ID pairs of users for which rule must be applied"},"validityEndTime":{"type":"string","description":"If enforceTimeValidity is set to true, the URL Filtering rule ceases to be valid on this end date and time."},"validityStartTime":{"type":"string","description":"If enforceTimeValidity is set to true, the URL Filtering rule is valid starting on this date and time."},"validityTimeZoneId":{"type":"string","description":"If enforceTimeValidity is set to true, the URL Filtering rule date and time is valid based on this time zone ID. Use IANA Format TimeZone."}},"requiredInputs":["order"],"stateInputs":{"description":"Input properties used for looking up and filtering CloudAppControlRule resources.\n","properties":{"actions":{"type":"array","items":{"type":"string"},"description":"Actions allowed for the specified type."},"applications":{"type":"array","items":{"type":"string"},"description":"The list of cloud applications to which the cloud app control rule must be applied\n\t\t\t\tUse the data source\u003cspan pulumi-lang-nodejs=\" zia.getCloudApplications \" pulumi-lang-dotnet=\" zia.getCloudApplications \" pulumi-lang-go=\" getCloudApplications \" pulumi-lang-python=\" get_cloud_applications \" pulumi-lang-yaml=\" zia.getCloudApplications \" pulumi-lang-java=\" zia.getCloudApplications \"\u003e zia.getCloudApplications \u003c/span\u003eto get the list of available cloud applications:\n\t\t\t\thttps://registry.terraform.io/providers/zscaler/zia/latest/docs/data-sources/zia_cloud_applications"},"browserEunTemplateId":{"type":"integer"},"cascadingEnabled":{"type":"boolean","description":"Enforce the URL Filtering policy on a transaction, even after it is explicitly allowed by the Cloud App Control policy."},"cbiProfiles":{"type":"array","items":{"$ref":"#/types/zia:index/CloudAppControlRuleCbiProfile:CloudAppControlRuleCbiProfile"}},"cloudAppInstances":{"$ref":"#/types/zia:index/CloudAppControlRuleCloudAppInstances:CloudAppControlRuleCloudAppInstances","description":"The cloud application instance ID."},"cloudAppRiskProfiles":{"type":"array","items":{"$ref":"#/types/zia:index/CloudAppControlRuleCloudAppRiskProfile:CloudAppControlRuleCloudAppRiskProfile"},"description":"The DLP server, using ICAP, to which the transaction content is forwarded."},"departments":{"$ref":"#/types/zia:index/CloudAppControlRuleDepartments:CloudAppControlRuleDepartments","description":"Name-ID pairs of departments for which rule must be applied"},"description":{"type":"string","description":"Additional information about the forwarding rule"},"deviceGroups":{"$ref":"#/types/zia:index/CloudAppControlRuleDeviceGroups:CloudAppControlRuleDeviceGroups","description":"This field is applicable for devices that are managed using Zscaler Client Connector."},"deviceTrustLevels":{"type":"array","items":{"type":"string"},"description":"List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation."},"devices":{"$ref":"#/types/zia:index/CloudAppControlRuleDevices:CloudAppControlRuleDevices","description":"Name-ID pairs of devices for which rule must be applied."},"enforceTimeValidity":{"type":"boolean","description":"Enforce a set a validity time period for the URL Filtering rule."},"eunEnabled":{"type":"boolean"},"eunTemplateId":{"type":"integer"},"groups":{"$ref":"#/types/zia:index/CloudAppControlRuleGroups:CloudAppControlRuleGroups","description":"Name-ID pairs of groups for which rule must be applied"},"labels":{"$ref":"#/types/zia:index/CloudAppControlRuleLabels:CloudAppControlRuleLabels","description":"The URL Filtering rule's label."},"locationGroups":{"$ref":"#/types/zia:index/CloudAppControlRuleLocationGroups:CloudAppControlRuleLocationGroups","description":"Name-ID pairs of the location groups to which the rule must be applied."},"locations":{"$ref":"#/types/zia:index/CloudAppControlRuleLocations:CloudAppControlRuleLocations","description":"Name-ID pairs of locations for which rule must be applied"},"name":{"type":"string","description":"The name of the forwarding rule"},"order":{"type":"integer","description":"The order of execution for the forwarding rule order"},"rank":{"type":"integer","description":"Admin rank assigned to the forwarding rule"},"ruleId":{"type":"integer","description":"A unique identifier assigned to the forwarding rule"},"sizeQuota":{"type":"integer","description":"Size quota in KB beyond which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to 'BLOCK', this field is not applicable."},"state":{"type":"string","description":"Determines whether the Firewall Filtering policy rule is enabled or disabled"},"tenancyProfileIds":{"$ref":"#/types/zia:index/CloudAppControlRuleTenancyProfileIds:CloudAppControlRuleTenancyProfileIds","description":"Name-ID pairs of groups for which rule must be applied"},"timeQuota":{"type":"integer","description":"Time quota in minutes, after which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to 'BLOCK', this field is not applicable."},"timeWindows":{"$ref":"#/types/zia:index/CloudAppControlRuleTimeWindows:CloudAppControlRuleTimeWindows","description":"Name-ID pairs of time interval during which rule must be enforced."},"type":{"type":"string","description":"Supported App Control Types"},"userAgentTypes":{"type":"array","items":{"type":"string"},"description":"Supported User Agent Types"},"userRiskScoreLevels":{"type":"array","items":{"type":"string"}},"users":{"$ref":"#/types/zia:index/CloudAppControlRuleUsers:CloudAppControlRuleUsers","description":"Name-ID pairs of users for which rule must be applied"},"validityEndTime":{"type":"string","description":"If enforceTimeValidity is set to true, the URL Filtering rule ceases to be valid on this end date and time."},"validityStartTime":{"type":"string","description":"If enforceTimeValidity is set to true, the URL Filtering rule is valid starting on this date and time."},"validityTimeZoneId":{"type":"string","description":"If enforceTimeValidity is set to true, the URL Filtering rule date and time is valid based on this time zone ID. Use IANA Format TimeZone."}},"type":"object"}},"zia:index/cloudApplicationInstance:CloudApplicationInstance":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-cloud-application-instances)\n* [API documentation](https://help.zscaler.com/zia/cloud-app-control-policy#/cloudApplicationInstances-post)\n\nThe **zia_cloud_application_instance** resource allows the creation and management of cloud application instance.\n\n## Example Usage\n\n```hcl\nresource \"zia_cloud_application_instance\" \"this\" {\n  name          = \"SharePointOnline\"\n  instance_type = \"SHAREPOINTONLINE\"\n\n  instance_identifiers {\n    instance_identifier      = \"acme.sharepoint.com\"\n    instance_identifier_name = \"acme\"\n    identifier_type          = \"URL\"\n  }\n\n  instance_identifiers {\n    instance_identifier      = \"acme1.sharepoint.com\"\n    instance_identifier_name = \"acme1\"\n    identifier_type          = \"URL\"\n  }\n\n  instance_identifiers {\n    instance_identifier      = \"acme2.sharepoint.com\"\n    instance_identifier_name = \"acme2\"\n    identifier_type          = \"URL\"\n  }\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_cloud_application_instance** can be imported by using `\u003cINSTANCE_ID\u003e` or `\u003cINSTANCE_NAME\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/cloudApplicationInstance:CloudApplicationInstance example \u003cinstance_id\u003e\n```\n\nor\n\n```sh\n$ pulumi import zia:index/cloudApplicationInstance:CloudApplicationInstance example \u003cinstance_name\u003e\n```\n\n","properties":{"instanceId":{"type":"integer"},"instanceIdentifiers":{"type":"array","items":{"$ref":"#/types/zia:index/CloudApplicationInstanceInstanceIdentifier:CloudApplicationInstanceInstanceIdentifier"},"description":"List of identifiers for the cloud application instance."},"instanceType":{"type":"string","description":"Type of the cloud application instance."},"name":{"type":"string","description":"Name of the cloud application instance."}},"required":["instanceId","name"],"inputProperties":{"instanceIdentifiers":{"type":"array","items":{"$ref":"#/types/zia:index/CloudApplicationInstanceInstanceIdentifier:CloudApplicationInstanceInstanceIdentifier"},"description":"List of identifiers for the cloud application instance."},"instanceType":{"type":"string","description":"Type of the cloud application instance."},"name":{"type":"string","description":"Name of the cloud application instance."}},"stateInputs":{"description":"Input properties used for looking up and filtering CloudApplicationInstance resources.\n","properties":{"instanceId":{"type":"integer"},"instanceIdentifiers":{"type":"array","items":{"$ref":"#/types/zia:index/CloudApplicationInstanceInstanceIdentifier:CloudApplicationInstanceInstanceIdentifier"},"description":"List of identifiers for the cloud application instance."},"instanceType":{"type":"string","description":"Type of the cloud application instance."},"name":{"type":"string","description":"Name of the cloud application instance."}},"type":"object"}},"zia:index/cloudNSSFeed:CloudNSSFeed":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-nss-feeds)\n* [API documentation](https://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get)\n\nUse the **zia_cloud_nss_feed** resource to create, update, and delete cloud NSS feeds in the ZIA Admin Portal\n\n## Example Usage\n\n### NSS Splunk Feed\n\n```hcl\nresource \"zia_cloud_nss_feed\" \"this\" {\n  name          = \"Splunk_Feed\"\n  feed_status   = \"ENABLED\"\n  nss_log_type  = \"WEBLOG\"\n  nss_feed_type = \"JSON\"\n  time_zone     = \"GMT\"\n  custom_escaped_character = [\n    \"ASCII_34\",\n    \"ASCII_44\",\n    \"ASCII_92\"\n  ]\n  eps_rate_limit     = 0\n  max_batch_size     = 512\n  json_array_toggle  = true\n  siem_type          = \"SPLUNK\"\n  connection_url     = \"http://3.87.81.187:8088/services/collector?auto_extract_timestamp=true\"\n  connection_headers = [\"Authorization:Splunk xxxxx-xxx-xxxx-xxxx-xxxxxxxx\"]\n  nss_type           = \"NSS_FOR_WEB\"\n\n  feed_output_format = \"\\\\{ \\\"sourcetype\\\" : \\\"zscalernss-web\\\", \\\"event\\\" : \\\\{\\\"datetime\\\":\\\"%d{yy}-%02d{mth}-%02d{dd} %02d{hh}:%02d{mm}:%02d{ss}\\\",\\\"reason\\\":\\\"%s{reason}\\\",\\\"event_id\\\":\\\"%d{recordid}\\\",\\\"protocol\\\":\\\"%s{proto}\\\",\\\"action\\\":\\\"%s{action}\\\",\\\"transactionsize\\\":\\\"%d{totalsize}\\\",\\\"responsesize\\\":\\\"%d{respsize}\\\",\\\"requestsize\\\":\\\"%d{reqsize}\\\",\\\"urlcategory\\\":\\\"%s{urlcat}\\\",\\\"serverip\\\":\\\"%s{sip}\\\",\\\"requestmethod\\\":\\\"%s{reqmethod}\\\",\\\"refererURL\\\":\\\"%s{ereferer}\\\",\\\"useragent\\\":\\\"%s{eua}\\\",\\\"product\\\":\\\"NSS\\\",\\\"location\\\":\\\"%s{elocation}\\\",\\\"ClientIP\\\":\\\"%s{cip}\\\",\\\"status\\\":\\\"%s{respcode}\\\",\\\"user\\\":\\\"%s{elogin}\\\",\\\"url\\\":\\\"%s{eurl}\\\",\\\"vendor\\\":\\\"Zscaler\\\",\\\"hostname\\\":\\\"%s{ehost}\\\",\\\"clientpublicIP\\\":\\\"%s{cintip}\\\",\\\"threatcategory\\\":\\\"%s{malwarecat}\\\",\\\"threatname\\\":\\\"%s{threatname}\\\",\\\"filetype\\\":\\\"%s{filetype}\\\",\\\"appname\\\":\\\"%s{appname}\\\",\\\"app_status\\\":\\\"%s{app_status}\\\",\\\"pagerisk\\\":\\\"%d{riskscore}\\\",\\\"threatseverity\\\":\\\"%s{threatseverity}\\\",\\\"department\\\":\\\"%s{edepartment}\\\",\\\"urlsupercategory\\\":\\\"%s{urlsupercat}\\\",\\\"appclass\\\":\\\"%s{appclass}\\\",\\\"dlpengine\\\":\\\"%s{dlpeng}\\\",\\\"urlclass\\\":\\\"%s{urlclass}\\\",\\\"threatclass\\\":\\\"%s{malwareclass}\\\",\\\"dlpdictionaries\\\":\\\"%s{dlpdict}\\\",\\\"fileclass\\\":\\\"%s{fileclass}\\\",\\\"bwthrottle\\\":\\\"%s{bwthrottle}\\\",\\\"contenttype\\\":\\\"%s{contenttype}\\\",\\\"unscannabletype\\\":\\\"%s{unscannabletype}\\\",\\\"deviceowner\\\":\\\"%s{deviceowner}\\\",\\\"devicehostname\\\":\\\"%s{devicehostname}\\\",\\\"keyprotectiontype\\\":\\\"%s{keyprotectiontype}\\\"\\\\}\\\\}\\n\"\n    departments {\n        id = [ 4451590 ]\n    }\n    users {\n        id = [ 6438644 ]\n    }\n    url_categories {\n        id = [ data.zia_url_categories.this.val ]\n    }\n}\n```\n\n### NSS Splunk Feed - Google Chronicle\n\n```hcl\nresource \"zia_cloud_nss_feed\" \"this\" {\n  name          = \"Google_Firewall_Terraform\"\n  feed_status   = \"ENABLED\"\n  nss_log_type  = \"FWLOG\"\n  nss_feed_type = \"JSON\"\n  time_zone     = \"GMT_06_00_BANGLADESH_CENTRAL_ASIA_GMT_06_00\"\n  custom_escaped_character = [\n    \"ASCII_44\",\n    \"ASCII_92\",\n    \"ASCII_34\"\n  ]\n  # eps_rate_limit     = 0\n  max_batch_size     = 512\n  json_array_toggle  = true\n  siem_type          = \"SPLUNK\"\n  connection_url     = \"https://us-chronicle.googleapis.com/v1alpha/projects/xxxxxxx/locations/us/instances/xxxxxxxxxxx/feeds/xxxx-xxxx-xxxx-xxxx-xxxxxxxx:importPushLogs\"\n  connection_headers = [\n    \"X-goog-api-key: \u003cYour API Key\u003e\",\n    \"X-Webhook-Access-Key:\u003cYour Webhook API Key\u003e\"\n    ]\n  nss_type           = \"NSS_FOR_FIREWALL\"\n  firewall_logging_mode = \"ALL\"\n  feed_output_format = \"\\\\{ \\\"sourcetype\\\" : \\\"zscalernss-fw\\\", \\\"event\\\" :\\\\{\\\"datetime\\\":\\\"%s{time}\\\",\\\"user\\\":\\\"%s{elogin}\\\",\\\"department\\\":\\\"%s{dept}\\\",\\\"locationname\\\":\\\"%s{location}\\\",\\\"cdport\\\":\\\"%d{cdport}\\\",\\\"csport\\\":\\\"%d{csport}\\\",\\\"sdport\\\":\\\"%d{sdport}\\\",\\\"ssport\\\":\\\"%d{ssport}\\\",\\\"csip\\\":\\\"%s{csip}\\\",\\\"cdip\\\":\\\"%s{cdip}\\\",\\\"ssip\\\":\\\"%s{ssip}\\\",\\\"sdip\\\":\\\"%s{sdip}\\\",\\\"tsip\\\":\\\"%s{tsip}\\\",\\\"tunsport\\\":\\\"%d{tsport}\\\",\\\"tuntype\\\":\\\"%s{ttype}\\\",\\\"action\\\":\\\"%s{action}\\\",\\\"dnat\\\":\\\"%s{dnat}\\\",\\\"stateful\\\":\\\"%s{stateful}\\\",\\\"aggregate\\\":\\\"%s{aggregate}\\\",\\\"nwsvc\\\":\\\"%s{nwsvc}\\\",\\\"nwapp\\\":\\\"%s{nwapp}\\\",\\\"proto\\\":\\\"%s{ipproto}\\\",\\\"ipcat\\\":\\\"%s{ipcat}\\\",\\\"destcountry\\\":\\\"%s{destcountry}\\\",\\\"avgduration\\\":\\\"%d{avgduration}\\\",\\\"rulelabel\\\":\\\"%s{erulelabel}\\\",\\\"inbytes\\\":\\\"%ld{inbytes}\\\",\\\"outbytes\\\":\\\"%ld{outbytes}\\\",\\\"duration\\\":\\\"%d{duration}\\\",\\\"durationms\\\":\\\"%d{durationms}\\\",\\\"numsessions\\\":\\\"%d{numsessions}\\\",\\\"ipsrulelabel\\\":\\\"%s{ipsrulelabel}\\\",\\\"threatcat\\\":\\\"%s{threatcat}\\\",\\\"threatname\\\":\\\"%s{ethreatname}\\\",\\\"deviceowner\\\":\\\"%s{deviceowner}\\\",\\\"devicehostname\\\":\\\"%s{devicehostname}\\\",\\\"threat_score\\\":\\\"%d{threat_score}\\\",\\\"threat_severity\\\":\\\"%s{threat_severity}\\\"\\\\}\\\\}\\n\"\n\n    departments {\n        id = [ 4451590 ]\n    }\n    users {\n        id = [ 6438644 ]\n    }\n    url_categories {\n        id = [ data.zia_url_categories.this.val ]\n    }\n}\n```\n\n## Block Attributes\n\n### \u003cspan pulumi-lang-nodejs=\"`casbTenant`\" pulumi-lang-dotnet=\"`CasbTenant`\" pulumi-lang-go=\"`casbTenant`\" pulumi-lang-python=\"`casb_tenant`\" pulumi-lang-yaml=\"`casbTenant`\" pulumi-lang-java=\"`casbTenant`\"\u003e`casb_tenant`\u003c/span\u003e CASB tenant filter\n\n* \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e - (Set of Integer) The unique identifiers for the CASB tenant.\n\n### \u003cspan pulumi-lang-nodejs=\"`locations`\" pulumi-lang-dotnet=\"`Locations`\" pulumi-lang-go=\"`locations`\" pulumi-lang-python=\"`locations`\" pulumi-lang-yaml=\"`locations`\" pulumi-lang-java=\"`locations`\"\u003e`locations`\u003c/span\u003e Location filter\n\n* \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e - (Set of Integer) The unique identifiers for the locations.\n\n### \u003cspan pulumi-lang-nodejs=\"`locationGroups`\" pulumi-lang-dotnet=\"`LocationGroups`\" pulumi-lang-go=\"`locationGroups`\" pulumi-lang-python=\"`location_groups`\" pulumi-lang-yaml=\"`locationGroups`\" pulumi-lang-java=\"`locationGroups`\"\u003e`location_groups`\u003c/span\u003e A filter based on location groups\n\n* \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e - (Set of Integer) The unique identifiers for the location groups.\n\n### \u003cspan pulumi-lang-nodejs=\"`departments`\" pulumi-lang-dotnet=\"`Departments`\" pulumi-lang-go=\"`departments`\" pulumi-lang-python=\"`departments`\" pulumi-lang-yaml=\"`departments`\" pulumi-lang-java=\"`departments`\"\u003e`departments`\u003c/span\u003e Department filter\n\n* \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e - (Set of Integer) The unique identifiers for the departments.\n\n### \u003cspan pulumi-lang-nodejs=\"`users`\" pulumi-lang-dotnet=\"`Users`\" pulumi-lang-go=\"`users`\" pulumi-lang-python=\"`users`\" pulumi-lang-yaml=\"`users`\" pulumi-lang-java=\"`users`\"\u003e`users`\u003c/span\u003e User filter\n\n* \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e - (Set of Integer) The unique identifiers for the users.\n\n### \u003cspan pulumi-lang-nodejs=\"`senderName`\" pulumi-lang-dotnet=\"`SenderName`\" pulumi-lang-go=\"`senderName`\" pulumi-lang-python=\"`sender_name`\" pulumi-lang-yaml=\"`senderName`\" pulumi-lang-java=\"`senderName`\"\u003e`sender_name`\u003c/span\u003e Filter based on sender or owner name\n\n* \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e - (Set of Integer) The unique identifiers for the sender names.\n\n### \u003cspan pulumi-lang-nodejs=\"`buckets`\" pulumi-lang-dotnet=\"`Buckets`\" pulumi-lang-go=\"`buckets`\" pulumi-lang-python=\"`buckets`\" pulumi-lang-yaml=\"`buckets`\" pulumi-lang-java=\"`buckets`\"\u003e`buckets`\u003c/span\u003e Filter based on public cloud storage buckets\n\n* \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e - (Set of Integer) The unique identifiers for the buckets.\n\n### \u003cspan pulumi-lang-nodejs=\"`externalOwners`\" pulumi-lang-dotnet=\"`ExternalOwners`\" pulumi-lang-go=\"`externalOwners`\" pulumi-lang-python=\"`external_owners`\" pulumi-lang-yaml=\"`externalOwners`\" pulumi-lang-java=\"`externalOwners`\"\u003e`external_owners`\u003c/span\u003e Filter logs associated with file owners (inside or outside your organization) who are not provisioned to ZIA services\n\n* \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e - (Set of Integer) The unique identifiers for the external owners.\n\n### \u003cspan pulumi-lang-nodejs=\"`externalCollaborators`\" pulumi-lang-dotnet=\"`ExternalCollaborators`\" pulumi-lang-go=\"`externalCollaborators`\" pulumi-lang-python=\"`external_collaborators`\" pulumi-lang-yaml=\"`externalCollaborators`\" pulumi-lang-java=\"`externalCollaborators`\"\u003e`external_collaborators`\u003c/span\u003e\n\n* \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e - (Set of Integer) The unique identifiers for the external collaborators.\n\n### \u003cspan pulumi-lang-nodejs=\"`internalCollaborators`\" pulumi-lang-dotnet=\"`InternalCollaborators`\" pulumi-lang-go=\"`internalCollaborators`\" pulumi-lang-python=\"`internal_collaborators`\" pulumi-lang-yaml=\"`internalCollaborators`\" pulumi-lang-java=\"`internalCollaborators`\"\u003e`internal_collaborators`\u003c/span\u003e Filter logs to specific recipients within your organization\n\n* \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e - (Set of Integer) The unique identifiers for the internal collaborators.\n\n### \u003cspan pulumi-lang-nodejs=\"`itsmObjectType`\" pulumi-lang-dotnet=\"`ItsmObjectType`\" pulumi-lang-go=\"`itsmObjectType`\" pulumi-lang-python=\"`itsm_object_type`\" pulumi-lang-yaml=\"`itsmObjectType`\" pulumi-lang-java=\"`itsmObjectType`\"\u003e`itsm_object_type`\u003c/span\u003e ITSM object type filter\n\n* \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e - (Set of Integer) The unique identifiers for the ITSM object types.\n\n### \u003cspan pulumi-lang-nodejs=\"`dlpEngines`\" pulumi-lang-dotnet=\"`DlpEngines`\" pulumi-lang-go=\"`dlpEngines`\" pulumi-lang-python=\"`dlp_engines`\" pulumi-lang-yaml=\"`dlpEngines`\" pulumi-lang-java=\"`dlpEngines`\"\u003e`dlp_engines`\u003c/span\u003e DLP engine filter\n\n* \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e - (Set of Integer) The unique identifiers for the DLP engines.\n  \u003e **NOTE** When associating a DLP Engine, you can use the \u003cspan pulumi-lang-nodejs=\"`zia.DLPEngines`\" pulumi-lang-dotnet=\"`zia.DLPEngines`\" pulumi-lang-go=\"`DLPEngines`\" pulumi-lang-python=\"`DLPEngines`\" pulumi-lang-yaml=\"`zia.DLPEngines`\" pulumi-lang-java=\"`zia.DLPEngines`\"\u003e`zia.DLPEngines`\u003c/span\u003e resource or data source.\n\n### \u003cspan pulumi-lang-nodejs=\"`dlpDictionaries`\" pulumi-lang-dotnet=\"`DlpDictionaries`\" pulumi-lang-go=\"`dlpDictionaries`\" pulumi-lang-python=\"`dlp_dictionaries`\" pulumi-lang-yaml=\"`dlpDictionaries`\" pulumi-lang-java=\"`dlpDictionaries`\"\u003e`dlp_dictionaries`\u003c/span\u003e DLP dictionary filter\n\n* \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e - (Set of Integer) The unique identifiers for the DLP dictionaries.\n  \u003e **NOTE** When associating a DLP Dictionary, you can use the \u003cspan pulumi-lang-nodejs=\"`zia.DLPDictionaries`\" pulumi-lang-dotnet=\"`zia.DLPDictionaries`\" pulumi-lang-go=\"`DLPDictionaries`\" pulumi-lang-python=\"`DLPDictionaries`\" pulumi-lang-yaml=\"`zia.DLPDictionaries`\" pulumi-lang-java=\"`zia.DLPDictionaries`\"\u003e`zia.DLPDictionaries`\u003c/span\u003e resource or data source.\n\n### \u003cspan pulumi-lang-nodejs=\"`urlCategories`\" pulumi-lang-dotnet=\"`UrlCategories`\" pulumi-lang-go=\"`urlCategories`\" pulumi-lang-python=\"`url_categories`\" pulumi-lang-yaml=\"`urlCategories`\" pulumi-lang-java=\"`urlCategories`\"\u003e`url_categories`\u003c/span\u003e -  URL category filter\n\n* \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e - (Set of Integer) Identifier that uniquely identifies an entity\n  \u003e **NOTE** When associating a URL category, you can use the \u003cspan pulumi-lang-nodejs=\"`zia.URLCategories`\" pulumi-lang-dotnet=\"`zia.URLCategories`\" pulumi-lang-go=\"`URLCategories`\" pulumi-lang-python=\"`URLCategories`\" pulumi-lang-yaml=\"`zia.URLCategories`\" pulumi-lang-java=\"`zia.URLCategories`\"\u003e`zia.URLCategories`\u003c/span\u003e resource or data source; however, you must export the attribute \u003cspan pulumi-lang-nodejs=\"`val`\" pulumi-lang-dotnet=\"`Val`\" pulumi-lang-go=\"`val`\" pulumi-lang-python=\"`val`\" pulumi-lang-yaml=\"`val`\" pulumi-lang-java=\"`val`\"\u003e`val`\u003c/span\u003e\n\n### \u003cspan pulumi-lang-nodejs=\"`vpnCredentials`\" pulumi-lang-dotnet=\"`VpnCredentials`\" pulumi-lang-go=\"`vpnCredentials`\" pulumi-lang-python=\"`vpn_credentials`\" pulumi-lang-yaml=\"`vpnCredentials`\" pulumi-lang-java=\"`vpnCredentials`\"\u003e`vpn_credentials`\u003c/span\u003e Filter based on specific VPN credentials\n\n* \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e - (Set of Integer) The unique identifiers for the VPN credentials.\n\n### \u003cspan pulumi-lang-nodejs=\"`rules`\" pulumi-lang-dotnet=\"`Rules`\" pulumi-lang-go=\"`rules`\" pulumi-lang-python=\"`rules`\" pulumi-lang-yaml=\"`rules`\" pulumi-lang-java=\"`rules`\"\u003e`rules`\u003c/span\u003e Policy rules filter (e.g., Firewall Filtering or DNS Control rule filter)\n\n* \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e - (Set of Integer) The unique identifiers for the rules.\n\n### \u003cspan pulumi-lang-nodejs=\"`nwServices`\" pulumi-lang-dotnet=\"`NwServices`\" pulumi-lang-go=\"`nwServices`\" pulumi-lang-python=\"`nw_services`\" pulumi-lang-yaml=\"`nwServices`\" pulumi-lang-java=\"`nwServices`\"\u003e`nw_services`\u003c/span\u003e Network services filter\n\n* \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e - (Set of Integer) The unique identifiers for the network services.\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\nCloud NSS feeds can be imported using the \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`name`\" pulumi-lang-dotnet=\"`Name`\" pulumi-lang-go=\"`name`\" pulumi-lang-python=\"`name`\" pulumi-lang-yaml=\"`name`\" pulumi-lang-java=\"`name`\"\u003e`name`\u003c/span\u003e, e.g.\n\n```sh\n$ pulumi import zia:index/cloudNSSFeed:CloudNSSFeed example 123456789\n```\n\nor\n\n```sh\n$ pulumi import zia:index/cloudNSSFeed:CloudNSSFeed example \"Splunk_Audit_Feed_Terraform\"\n```\n\n","properties":{"actionFilter":{"type":"string","description":"Policy action filter"},"activities":{"type":"array","items":{"type":"string"},"description":"CASB activity filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"advUserAgents":{"type":"array","items":{"type":"string"},"description":"Filter based on custom user agent strings"},"advancedThreats":{"type":"array","items":{"type":"string"},"description":"Advanced threats filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"alerts":{"type":"array","items":{"type":"string"},"description":"Alert filter\n\t\t\t\tSupported Values: CRITICAL, WARN"},"auditLogTypes":{"type":"array","items":{"type":"string"},"description":"Audit log type filter"},"authenticationToken":{"type":"string","description":"The authentication token value"},"authenticationUrl":{"type":"string","description":"Authentication URL applicable when SIEM type is set to Azure Sentinel"},"base64EncodedCertificate":{"type":"string","description":"Base64-encoded certificate"},"buckets":{"$ref":"#/types/zia:index/CloudNSSFeedBuckets:CloudNSSFeedBuckets","description":"Filter based on public cloud storage buckets"},"casbActions":{"type":"array","items":{"type":"string"},"description":"CASB policy action filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"casbApplications":{"type":"array","items":{"type":"string"},"description":"CASB application filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"casbFileTypeSuperCategories":{"type":"array","items":{"type":"string"},"description":"Endpoint DLP file type category filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"casbFileTypes":{"type":"array","items":{"type":"string"},"description":"Endpoint DLP file type filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"casbPolicyTypes":{"type":"array","items":{"type":"string"},"description":"CASB policy type filter\n\t\t\t\tSupported Values: MALWARE, DLP, ALL_INCIDENT"},"casbSeverities":{"type":"array","items":{"type":"string"},"description":"Zscaler's Cloud Access Security Broker (CASB) severity filter\n\t\t\t\tSupported Values: RULE_SEVERITY_HIGH, RULE_SEVERITY_MEDIUM, RULE_SEVERITY_LOW, RULE_SEVERITY_INFO"},"casbTenant":{"$ref":"#/types/zia:index/CloudNSSFeedCasbTenant:CloudNSSFeedCasbTenant","description":"CASB tenant filter"},"channelNames":{"type":"array","items":{"type":"string"},"description":"Collaboration channel name filter"},"clientDestinationIps":{"type":"array","items":{"type":"string"},"description":"Client's destination IPv4 addresses in Firewall policy"},"clientDestinationPorts":{"type":"array","items":{"type":"string"},"description":"Firewall logs filter based on a client's destination"},"clientId":{"type":"string","description":"Client ID applicable when SIEM type is set to S3 or Azure Sentinel"},"clientIps":{"type":"array","items":{"type":"string"},"description":"Filter to limit the logs based on a client's public IPv4 addresses"},"clientSecret":{"type":"string","description":"Client secret applicable when SIEM type is set to S3 or Azure Sentinel"},"clientSourceIps":{"type":"array","items":{"type":"string"},"description":"Client source IPs configured for NSS feed."},"clientSourcePorts":{"type":"array","items":{"type":"string"},"description":"Firewall log filter based on a client's source ports"},"connectionHeaders":{"type":"array","items":{"type":"string"},"description":"The HTTP Connection headers"},"connectionUrl":{"type":"string","description":"The HTTPS URL of the SIEM log collection API endpoint"},"countries":{"type":"array","items":{"type":"string"},"description":"Countries filter in the Firewall policy\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"customEscapedCharacters":{"type":"array","items":{"type":"string"},"description":"Characters that need to be encoded using hex when they appear in URL, Host, or Referrer"},"departments":{"$ref":"#/types/zia:index/CloudNSSFeedDepartments:CloudNSSFeedDepartments","description":"Departments filter"},"direction":{"type":"string","description":"Traffic direction filter specifying inbound or outbound"},"dlpDictionaries":{"$ref":"#/types/zia:index/CloudNSSFeedDlpDictionaries:CloudNSSFeedDlpDictionaries","description":"DLP dictionary filter"},"dlpEngines":{"$ref":"#/types/zia:index/CloudNSSFeedDlpEngines:CloudNSSFeedDlpEngines","description":"DLP engine filter"},"dnsActions":{"type":"array","items":{"type":"string"},"description":"DNS Control policy action filter"},"dnsRequestTypes":{"type":"array","items":{"type":"string"},"description":"DNS request types included in the feed\n\t\t\t\tSupported Values: ANY, NONE, DNSREQ_A, DNSREQ_NS, DNSREQ_CNAME, DNSREQ_SOA, DNSREQ_WKS,\n\t\t\t\tDNSREQ_PTR, DNSREQ_HINFO, DNSREQ_MINFO, DNSREQ_MX, DNSREQ_TXT, DNSREQ_AAAA,\n\t\t\t\tDNSREQ_ISDN, DNSREQ_LOC, DNSREQ_RP, DNSREQ_RT, DNSREQ_MR, DNSREQ_MG,\n\t\t\t\tDNSREQ_MB, DNSREQ_AFSDB, DNSREQ_HIP, DNSREQ_SRV, DNSREQ_DS, DNSREQ_NAPTR,\n\t\t\t\tDNSREQ_NSEC, DNSREQ_DNSKEY, DNSREQ_HTTPS, DNSREQ_UNKNOWN"},"dnsResponseTypes":{"type":"array","items":{"type":"string"},"description":"DNS response types filter\n\t\t\t\tSupported Values: ANY, DNSRES_ZSCODE, DNSRES_CNAME, DNSRES_IPV6, DNSRES_SRV_CODE, DNSRES_IPV4"},"dnsResponses":{"type":"array","items":{"type":"string"},"description":"DNS responses filter"},"domains":{"type":"array","items":{"type":"string"},"description":"Filter to limit the logs to sessions associated with specific domains"},"downloadTimes":{"type":"array","items":{"type":"string"},"description":"Download time filter"},"durations":{"type":"array","items":{"type":"string"},"description":"Filter based on time durations"},"emailDlpLogTypes":{"type":"array","items":{"type":"string"},"description":"Email DLP record type filter\n\t\t\t\tSupported Values: EPDLP_SCAN_AGGREGATE, EPDLP_SENSITIVE_ACTIVITY, EPDLP_DLP_INCIDENT"},"emailDlpPolicyAction":{"type":"string","description":"Action filter for Email DLP log type"},"endPointDlpLogTypes":{"type":"array","items":{"type":"string"},"description":"Endpoint DLP log type filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"epsRateLimit":{"type":"integer","description":"Event per second limit"},"event":{"type":"string","description":"CASB event filter"},"externalCollaborators":{"$ref":"#/types/zia:index/CloudNSSFeedExternalCollaborators:CloudNSSFeedExternalCollaborators","description":"Filter logs to specific recipients outside your organization"},"externalOwners":{"$ref":"#/types/zia:index/CloudNSSFeedExternalOwners:CloudNSSFeedExternalOwners","description":"Filter logs associated with file owners (inside or outside your organization) who are not provisioned to ZIA services"},"feedOutputFormat":{"type":"string","description":"Output format used for the feed"},"feedStatus":{"type":"string","description":"The status of the feed"},"fileNames":{"type":"array","items":{"type":"string"},"description":"Filter based on the file name"},"fileSizes":{"type":"array","items":{"type":"string"},"description":"File size filter"},"fileSources":{"type":"array","items":{"type":"string"},"description":"Filter based on the file source"},"fileTypeCategories":{"type":"array","items":{"type":"string"},"description":"Filter based on the file type in download\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"fileTypeSuperCategories":{"type":"array","items":{"type":"string"},"description":"Filter based on the category of file type in download\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"firewallActions":{"type":"array","items":{"type":"string"},"description":"Firewall actions included in the NSS feed\n\t\t\t\tSupported Values: BLOCK,ALLOW,BLOCK_DROP,BLOCK_RESET,BLOCK_ICMP,COUNTRY_BLOCK\n\t\t\t\tIPS_BLOCK_DROP,IPS_BLOCK_RESET,ALLOW_INSUFFICIENT_APPDATA,\n\t\t\t\tBLOCK_ABUSE_DROP,INT_ERR_DROP,CFG_BYPASSED,CFG_TIMEDOUT"},"firewallLoggingMode":{"type":"string","description":"Filter based on the Firewall Filtering policy logging mode"},"fullUrls":{"type":"array","items":{"type":"string"},"description":"Filter to limit the logs based on specific full URLs"},"grantType":{"type":"string","description":"Grant type applicable when SIEM type is set to Azure Sentinel"},"hostNames":{"type":"array","items":{"type":"string"},"description":"Filter to limit the logs based on specific hostnames"},"inBoundBytes":{"type":"array","items":{"type":"string"},"description":"Filter based on inbound bytes"},"internalCollaborators":{"$ref":"#/types/zia:index/CloudNSSFeedInternalCollaborators:CloudNSSFeedInternalCollaborators","description":"Filter logs to specific recipients within your organization"},"internalIps":{"type":"array","items":{"type":"string"},"description":"Filter based on internal IPv4 addresses"},"itsmObjectType":{"$ref":"#/types/zia:index/CloudNSSFeedItsmObjectType:CloudNSSFeedItsmObjectType","description":"ITSM object type filter"},"jsonArrayToggle":{"type":"boolean","description":"A Boolean value indicating whether streaming of logs in JSON array format (e.g., [{JSON1},{JSON2}]) is enabled or disabled for the JSON feed output type"},"locationGroups":{"$ref":"#/types/zia:index/CloudNSSFeedLocationGroups:CloudNSSFeedLocationGroups","description":"A filter based on location groups"},"locations":{"$ref":"#/types/zia:index/CloudNSSFeedLocations:CloudNSSFeedLocations","description":"Location filter"},"malwareClasses":{"type":"array","items":{"type":"string"},"description":"Malware category filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"malwareNames":{"type":"array","items":{"type":"string"},"description":"Filter based on malware names\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"maxBatchSize":{"type":"integer","description":"The maximum batch size in KB"},"name":{"type":"string","description":"The name of the cloud NSS feed"},"natActions":{"type":"array","items":{"type":"string"},"description":"NAT Control policy actions filter\n\t\t\t\tSupported Values: NONE, DNAT"},"nssFeedType":{"type":"string","description":"NSS feed format type (e.g. CSV, syslog, Splunk Common Information Model (CIM), etc."},"nssId":{"type":"integer"},"nssLogType":{"type":"string","description":"The type of NSS logs that are streamed (e.g. Web, Firewall, DNS, Alert, etc.)"},"nssType":{"type":"string","description":"NSS type"},"nwApplications":{"type":"array","items":{"type":"string"},"description":"Filter to include specific network applications in the logs.\n\t\t\t\tBy default, all network applications are included in the logs\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"nwApplicationsExcludes":{"type":"array","items":{"type":"string"},"description":"Filter to include specific network applications in the logs.\n\t\t\t\tBy default, no network application is excluded from the logs\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"nwServices":{"$ref":"#/types/zia:index/CloudNSSFeedNwServices:CloudNSSFeedNwServices","description":"Firewall network services filter"},"oauthAuthentication":{"type":"boolean","description":"A Boolean value indicating whether OAuth 2.0 authentication is enabled or not"},"objectNames":{"type":"array","items":{"type":"string"},"description":"CRM object name filter"},"objectType1s":{"type":"array","items":{"type":"string"},"description":"CASB activity object type filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"objectType2s":{"type":"array","items":{"type":"string"},"description":"CASB activity object type filter if applicable\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"objectTypes":{"type":"array","items":{"type":"string"},"description":"CRM object type filter"},"outBoundBytes":{"type":"array","items":{"type":"string"},"description":"Filter based on outbound bytes"},"pageRiskIndexes":{"type":"array","items":{"type":"string"},"description":"Page Risk Index filter"},"policyReasons":{"type":"array","items":{"type":"string"},"description":"Policy reason filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"projectNames":{"type":"array","items":{"type":"string"},"description":"Repository project name filter"},"protocolTypes":{"type":"array","items":{"type":"string"},"description":"Protocol types filter\n\t\t\t\tSupported Values: TUNNEL, SSL, HTTP, HTTPS, FTP, FTPOVERHTTP, HTTP_PROXY, TUNNEL_SSL, DNSOVERHTTPS, WEBSOCKET, WEBSOCKET_SSL"},"refererUrls":{"type":"array","items":{"type":"string"},"description":"Referrer URL filter"},"repoNames":{"type":"array","items":{"type":"string"},"description":"Repository name filter"},"requestMethods":{"type":"array","items":{"type":"string"},"description":"Request methods filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"requestSizes":{"type":"array","items":{"type":"string"},"description":"Request size filter"},"responseCodes":{"type":"array","items":{"type":"string"},"description":"Response codes filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"responseSizes":{"type":"array","items":{"type":"string"},"description":"Request size filter"},"rules":{"$ref":"#/types/zia:index/CloudNSSFeedRules:CloudNSSFeedRules","description":"Policy rules filter (e.g., Firewall Filtering or DNS Control rule filter)"},"scanTimes":{"type":"array","items":{"type":"string"},"description":"Scan time filter"},"scope":{"type":"string","description":"Scope applicable when SIEM type is set to Azure Sentinel"},"senderName":{"$ref":"#/types/zia:index/CloudNSSFeedSenderName:CloudNSSFeedSenderName","description":"Filter based on sender or owner name"},"serverDestinationIps":{"type":"array","items":{"type":"string"},"description":"Filter based on the server's destination IPv4 addresses in Firewall policy"},"serverIps":{"type":"array","items":{"type":"string"},"description":"Filter to limit the logs based on the server's IPv4 addresses"},"serverSourceIps":{"type":"array","items":{"type":"string"},"description":"Filter based on the server's source IPv4 addresses in Firewall policy"},"serverSourcePorts":{"type":"array","items":{"type":"string"},"description":"Firewall log filter based on the traffic destination name"},"sessionCounts":{"type":"array","items":{"type":"string"},"description":"Firewall logs filter based on the number of sessions"},"siemType":{"type":"string","description":"Cloud NSS SIEM type"},"threatNames":{"type":"array","items":{"type":"string"},"description":"Filter based on threat names"},"timeZone":{"type":"string","description":"Specifies the time zone that must be used in the output file\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"trafficForwards":{"type":"array","items":{"type":"string"},"description":"Filter based on the firewall traffic forwarding method\n\t\t\t\tSupported Values: ANY, NONE, PBF, GRE, IPSEC, Z_APP, ZAPP_GRE, ZAPP_IPSEC, EC, MTGRE, ZAPP_DIRECT, CCA, MTUN_PROXY, MTUN_CBI"},"transactionSizes":{"type":"array","items":{"type":"string"},"description":"Transaction size filter"},"tunnelDestIps":{"type":"array","items":{"type":"string"},"description":"Destination IPv4 addresses of tunnels"},"tunnelIps":{"type":"array","items":{"type":"string"},"description":"Filter based on tunnel IPv4 addresses in Firewall policy"},"tunnelSourceIps":{"type":"array","items":{"type":"string"},"description":"Source IPv4 addresses of tunnels"},"tunnelSourcePorts":{"type":"array","items":{"type":"string"},"description":"Filter based on the tunnel source port"},"tunnelTypes":{"type":"array","items":{"type":"string"},"description":"Tunnel type filter\n\t\t\t\tSupported Values: GRE, IPSEC_IKEV1, IPSEC_IKEV2, SVPN, EXTRANET, ZUB, ZCB"},"urlCategories":{"$ref":"#/types/zia:index/CloudNSSFeedUrlCategories:CloudNSSFeedUrlCategories","description":"URL category filter"},"urlClasses":{"type":"array","items":{"type":"string"},"description":"URL category filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"urlSuperCategories":{"type":"array","items":{"type":"string"},"description":"URL supercategory filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"userAgents":{"type":"array","items":{"type":"string"},"description":"Predefined user agents filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"users":{"$ref":"#/types/zia:index/CloudNSSFeedUsers:CloudNSSFeedUsers","description":"Users filter"},"vpnCredentials":{"$ref":"#/types/zia:index/CloudNSSFeedVpnCredentials:CloudNSSFeedVpnCredentials","description":"Filter based on specific VPN credentials"},"webApplicationClasses":{"type":"array","items":{"type":"string"},"description":"Cloud application categories Filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"webApplications":{"type":"array","items":{"type":"string"},"description":"Filter to include specific cloud applications in the logs.\n\t\t\t\tBy default, all cloud applications are included in the logs.\n\t\t\t\tTo obtain the list of cloud applications that can be specified in this attribute, use the GET /cloudApplications/lite request\n\t\t\t\tTo retrieve the list of cloud applications, use the data source: zia_cloud_applications"},"webApplicationsExcludes":{"type":"array","items":{"type":"string"},"description":"Filter to exclude specific cloud applications from the logs.\n\t\t\t\tBy default, no cloud applications is excluded from the logs.\n\t\t\t\tTo obtain the list of cloud applications that can be specified in this attribute, use the GET /cloudApplications/lite request.\n\t\t\t\tTo retrieve the list of cloud applications, use the data source: zia_cloud_applications"},"webTrafficForwards":{"type":"array","items":{"type":"string"},"description":"Filter based on the web traffic forwarding method\n\t\t\t\tSupported Values: ANY, NONE, PBF, GRE, IPSEC, Z_APP, ZAPP_GRE, ZAPP_IPSEC, EC, MTGRE, ZAPP_DIRECT, CCA, MTUN_PROXY, MTUN_CBI"}},"required":["name","nssId"],"inputProperties":{"actionFilter":{"type":"string","description":"Policy action filter"},"activities":{"type":"array","items":{"type":"string"},"description":"CASB activity filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"advUserAgents":{"type":"array","items":{"type":"string"},"description":"Filter based on custom user agent strings"},"advancedThreats":{"type":"array","items":{"type":"string"},"description":"Advanced threats filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"alerts":{"type":"array","items":{"type":"string"},"description":"Alert filter\n\t\t\t\tSupported Values: CRITICAL, WARN"},"auditLogTypes":{"type":"array","items":{"type":"string"},"description":"Audit log type filter"},"authenticationToken":{"type":"string","description":"The authentication token value"},"authenticationUrl":{"type":"string","description":"Authentication URL applicable when SIEM type is set to Azure Sentinel"},"base64EncodedCertificate":{"type":"string","description":"Base64-encoded certificate"},"buckets":{"$ref":"#/types/zia:index/CloudNSSFeedBuckets:CloudNSSFeedBuckets","description":"Filter based on public cloud storage buckets"},"casbActions":{"type":"array","items":{"type":"string"},"description":"CASB policy action filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"casbApplications":{"type":"array","items":{"type":"string"},"description":"CASB application filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"casbFileTypeSuperCategories":{"type":"array","items":{"type":"string"},"description":"Endpoint DLP file type category filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"casbFileTypes":{"type":"array","items":{"type":"string"},"description":"Endpoint DLP file type filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"casbPolicyTypes":{"type":"array","items":{"type":"string"},"description":"CASB policy type filter\n\t\t\t\tSupported Values: MALWARE, DLP, ALL_INCIDENT"},"casbSeverities":{"type":"array","items":{"type":"string"},"description":"Zscaler's Cloud Access Security Broker (CASB) severity filter\n\t\t\t\tSupported Values: RULE_SEVERITY_HIGH, RULE_SEVERITY_MEDIUM, RULE_SEVERITY_LOW, RULE_SEVERITY_INFO"},"casbTenant":{"$ref":"#/types/zia:index/CloudNSSFeedCasbTenant:CloudNSSFeedCasbTenant","description":"CASB tenant filter"},"channelNames":{"type":"array","items":{"type":"string"},"description":"Collaboration channel name filter"},"clientDestinationIps":{"type":"array","items":{"type":"string"},"description":"Client's destination IPv4 addresses in Firewall policy"},"clientDestinationPorts":{"type":"array","items":{"type":"string"},"description":"Firewall logs filter based on a client's destination"},"clientId":{"type":"string","description":"Client ID applicable when SIEM type is set to S3 or Azure Sentinel"},"clientIps":{"type":"array","items":{"type":"string"},"description":"Filter to limit the logs based on a client's public IPv4 addresses"},"clientSecret":{"type":"string","description":"Client secret applicable when SIEM type is set to S3 or Azure Sentinel"},"clientSourceIps":{"type":"array","items":{"type":"string"},"description":"Client source IPs configured for NSS feed."},"clientSourcePorts":{"type":"array","items":{"type":"string"},"description":"Firewall log filter based on a client's source ports"},"connectionHeaders":{"type":"array","items":{"type":"string"},"description":"The HTTP Connection headers"},"connectionUrl":{"type":"string","description":"The HTTPS URL of the SIEM log collection API endpoint"},"countries":{"type":"array","items":{"type":"string"},"description":"Countries filter in the Firewall policy\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"customEscapedCharacters":{"type":"array","items":{"type":"string"},"description":"Characters that need to be encoded using hex when they appear in URL, Host, or Referrer"},"departments":{"$ref":"#/types/zia:index/CloudNSSFeedDepartments:CloudNSSFeedDepartments","description":"Departments filter"},"direction":{"type":"string","description":"Traffic direction filter specifying inbound or outbound"},"dlpDictionaries":{"$ref":"#/types/zia:index/CloudNSSFeedDlpDictionaries:CloudNSSFeedDlpDictionaries","description":"DLP dictionary filter"},"dlpEngines":{"$ref":"#/types/zia:index/CloudNSSFeedDlpEngines:CloudNSSFeedDlpEngines","description":"DLP engine filter"},"dnsActions":{"type":"array","items":{"type":"string"},"description":"DNS Control policy action filter"},"dnsRequestTypes":{"type":"array","items":{"type":"string"},"description":"DNS request types included in the feed\n\t\t\t\tSupported Values: ANY, NONE, DNSREQ_A, DNSREQ_NS, DNSREQ_CNAME, DNSREQ_SOA, DNSREQ_WKS,\n\t\t\t\tDNSREQ_PTR, DNSREQ_HINFO, DNSREQ_MINFO, DNSREQ_MX, DNSREQ_TXT, DNSREQ_AAAA,\n\t\t\t\tDNSREQ_ISDN, DNSREQ_LOC, DNSREQ_RP, DNSREQ_RT, DNSREQ_MR, DNSREQ_MG,\n\t\t\t\tDNSREQ_MB, DNSREQ_AFSDB, DNSREQ_HIP, DNSREQ_SRV, DNSREQ_DS, DNSREQ_NAPTR,\n\t\t\t\tDNSREQ_NSEC, DNSREQ_DNSKEY, DNSREQ_HTTPS, DNSREQ_UNKNOWN"},"dnsResponseTypes":{"type":"array","items":{"type":"string"},"description":"DNS response types filter\n\t\t\t\tSupported Values: ANY, DNSRES_ZSCODE, DNSRES_CNAME, DNSRES_IPV6, DNSRES_SRV_CODE, DNSRES_IPV4"},"dnsResponses":{"type":"array","items":{"type":"string"},"description":"DNS responses filter"},"domains":{"type":"array","items":{"type":"string"},"description":"Filter to limit the logs to sessions associated with specific domains"},"downloadTimes":{"type":"array","items":{"type":"string"},"description":"Download time filter"},"durations":{"type":"array","items":{"type":"string"},"description":"Filter based on time durations"},"emailDlpLogTypes":{"type":"array","items":{"type":"string"},"description":"Email DLP record type filter\n\t\t\t\tSupported Values: EPDLP_SCAN_AGGREGATE, EPDLP_SENSITIVE_ACTIVITY, EPDLP_DLP_INCIDENT"},"emailDlpPolicyAction":{"type":"string","description":"Action filter for Email DLP log type"},"endPointDlpLogTypes":{"type":"array","items":{"type":"string"},"description":"Endpoint DLP log type filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"epsRateLimit":{"type":"integer","description":"Event per second limit"},"event":{"type":"string","description":"CASB event filter"},"externalCollaborators":{"$ref":"#/types/zia:index/CloudNSSFeedExternalCollaborators:CloudNSSFeedExternalCollaborators","description":"Filter logs to specific recipients outside your organization"},"externalOwners":{"$ref":"#/types/zia:index/CloudNSSFeedExternalOwners:CloudNSSFeedExternalOwners","description":"Filter logs associated with file owners (inside or outside your organization) who are not provisioned to ZIA services"},"feedOutputFormat":{"type":"string","description":"Output format used for the feed"},"feedStatus":{"type":"string","description":"The status of the feed"},"fileNames":{"type":"array","items":{"type":"string"},"description":"Filter based on the file name"},"fileSizes":{"type":"array","items":{"type":"string"},"description":"File size filter"},"fileSources":{"type":"array","items":{"type":"string"},"description":"Filter based on the file source"},"fileTypeCategories":{"type":"array","items":{"type":"string"},"description":"Filter based on the file type in download\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"fileTypeSuperCategories":{"type":"array","items":{"type":"string"},"description":"Filter based on the category of file type in download\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"firewallActions":{"type":"array","items":{"type":"string"},"description":"Firewall actions included in the NSS feed\n\t\t\t\tSupported Values: BLOCK,ALLOW,BLOCK_DROP,BLOCK_RESET,BLOCK_ICMP,COUNTRY_BLOCK\n\t\t\t\tIPS_BLOCK_DROP,IPS_BLOCK_RESET,ALLOW_INSUFFICIENT_APPDATA,\n\t\t\t\tBLOCK_ABUSE_DROP,INT_ERR_DROP,CFG_BYPASSED,CFG_TIMEDOUT"},"firewallLoggingMode":{"type":"string","description":"Filter based on the Firewall Filtering policy logging mode"},"fullUrls":{"type":"array","items":{"type":"string"},"description":"Filter to limit the logs based on specific full URLs"},"grantType":{"type":"string","description":"Grant type applicable when SIEM type is set to Azure Sentinel"},"hostNames":{"type":"array","items":{"type":"string"},"description":"Filter to limit the logs based on specific hostnames"},"inBoundBytes":{"type":"array","items":{"type":"string"},"description":"Filter based on inbound bytes"},"internalCollaborators":{"$ref":"#/types/zia:index/CloudNSSFeedInternalCollaborators:CloudNSSFeedInternalCollaborators","description":"Filter logs to specific recipients within your organization"},"internalIps":{"type":"array","items":{"type":"string"},"description":"Filter based on internal IPv4 addresses"},"itsmObjectType":{"$ref":"#/types/zia:index/CloudNSSFeedItsmObjectType:CloudNSSFeedItsmObjectType","description":"ITSM object type filter"},"jsonArrayToggle":{"type":"boolean","description":"A Boolean value indicating whether streaming of logs in JSON array format (e.g., [{JSON1},{JSON2}]) is enabled or disabled for the JSON feed output type"},"locationGroups":{"$ref":"#/types/zia:index/CloudNSSFeedLocationGroups:CloudNSSFeedLocationGroups","description":"A filter based on location groups"},"locations":{"$ref":"#/types/zia:index/CloudNSSFeedLocations:CloudNSSFeedLocations","description":"Location filter"},"malwareClasses":{"type":"array","items":{"type":"string"},"description":"Malware category filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"malwareNames":{"type":"array","items":{"type":"string"},"description":"Filter based on malware names\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"maxBatchSize":{"type":"integer","description":"The maximum batch size in KB"},"name":{"type":"string","description":"The name of the cloud NSS feed"},"natActions":{"type":"array","items":{"type":"string"},"description":"NAT Control policy actions filter\n\t\t\t\tSupported Values: NONE, DNAT"},"nssFeedType":{"type":"string","description":"NSS feed format type (e.g. CSV, syslog, Splunk Common Information Model (CIM), etc."},"nssLogType":{"type":"string","description":"The type of NSS logs that are streamed (e.g. Web, Firewall, DNS, Alert, etc.)"},"nssType":{"type":"string","description":"NSS type"},"nwApplications":{"type":"array","items":{"type":"string"},"description":"Filter to include specific network applications in the logs.\n\t\t\t\tBy default, all network applications are included in the logs\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"nwApplicationsExcludes":{"type":"array","items":{"type":"string"},"description":"Filter to include specific network applications in the logs.\n\t\t\t\tBy default, no network application is excluded from the logs\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"nwServices":{"$ref":"#/types/zia:index/CloudNSSFeedNwServices:CloudNSSFeedNwServices","description":"Firewall network services filter"},"oauthAuthentication":{"type":"boolean","description":"A Boolean value indicating whether OAuth 2.0 authentication is enabled or not"},"objectNames":{"type":"array","items":{"type":"string"},"description":"CRM object name filter"},"objectType1s":{"type":"array","items":{"type":"string"},"description":"CASB activity object type filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"objectType2s":{"type":"array","items":{"type":"string"},"description":"CASB activity object type filter if applicable\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"objectTypes":{"type":"array","items":{"type":"string"},"description":"CRM object type filter"},"outBoundBytes":{"type":"array","items":{"type":"string"},"description":"Filter based on outbound bytes"},"pageRiskIndexes":{"type":"array","items":{"type":"string"},"description":"Page Risk Index filter"},"policyReasons":{"type":"array","items":{"type":"string"},"description":"Policy reason filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"projectNames":{"type":"array","items":{"type":"string"},"description":"Repository project name filter"},"protocolTypes":{"type":"array","items":{"type":"string"},"description":"Protocol types filter\n\t\t\t\tSupported Values: TUNNEL, SSL, HTTP, HTTPS, FTP, FTPOVERHTTP, HTTP_PROXY, TUNNEL_SSL, DNSOVERHTTPS, WEBSOCKET, WEBSOCKET_SSL"},"refererUrls":{"type":"array","items":{"type":"string"},"description":"Referrer URL filter"},"repoNames":{"type":"array","items":{"type":"string"},"description":"Repository name filter"},"requestMethods":{"type":"array","items":{"type":"string"},"description":"Request methods filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"requestSizes":{"type":"array","items":{"type":"string"},"description":"Request size filter"},"responseCodes":{"type":"array","items":{"type":"string"},"description":"Response codes filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"responseSizes":{"type":"array","items":{"type":"string"},"description":"Request size filter"},"rules":{"$ref":"#/types/zia:index/CloudNSSFeedRules:CloudNSSFeedRules","description":"Policy rules filter (e.g., Firewall Filtering or DNS Control rule filter)"},"scanTimes":{"type":"array","items":{"type":"string"},"description":"Scan time filter"},"scope":{"type":"string","description":"Scope applicable when SIEM type is set to Azure Sentinel"},"senderName":{"$ref":"#/types/zia:index/CloudNSSFeedSenderName:CloudNSSFeedSenderName","description":"Filter based on sender or owner name"},"serverDestinationIps":{"type":"array","items":{"type":"string"},"description":"Filter based on the server's destination IPv4 addresses in Firewall policy"},"serverIps":{"type":"array","items":{"type":"string"},"description":"Filter to limit the logs based on the server's IPv4 addresses"},"serverSourceIps":{"type":"array","items":{"type":"string"},"description":"Filter based on the server's source IPv4 addresses in Firewall policy"},"serverSourcePorts":{"type":"array","items":{"type":"string"},"description":"Firewall log filter based on the traffic destination name"},"sessionCounts":{"type":"array","items":{"type":"string"},"description":"Firewall logs filter based on the number of sessions"},"siemType":{"type":"string","description":"Cloud NSS SIEM type"},"threatNames":{"type":"array","items":{"type":"string"},"description":"Filter based on threat names"},"timeZone":{"type":"string","description":"Specifies the time zone that must be used in the output file\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"trafficForwards":{"type":"array","items":{"type":"string"},"description":"Filter based on the firewall traffic forwarding method\n\t\t\t\tSupported Values: ANY, NONE, PBF, GRE, IPSEC, Z_APP, ZAPP_GRE, ZAPP_IPSEC, EC, MTGRE, ZAPP_DIRECT, CCA, MTUN_PROXY, MTUN_CBI"},"transactionSizes":{"type":"array","items":{"type":"string"},"description":"Transaction size filter"},"tunnelDestIps":{"type":"array","items":{"type":"string"},"description":"Destination IPv4 addresses of tunnels"},"tunnelIps":{"type":"array","items":{"type":"string"},"description":"Filter based on tunnel IPv4 addresses in Firewall policy"},"tunnelSourceIps":{"type":"array","items":{"type":"string"},"description":"Source IPv4 addresses of tunnels"},"tunnelSourcePorts":{"type":"array","items":{"type":"string"},"description":"Filter based on the tunnel source port"},"tunnelTypes":{"type":"array","items":{"type":"string"},"description":"Tunnel type filter\n\t\t\t\tSupported Values: GRE, IPSEC_IKEV1, IPSEC_IKEV2, SVPN, EXTRANET, ZUB, ZCB"},"urlCategories":{"$ref":"#/types/zia:index/CloudNSSFeedUrlCategories:CloudNSSFeedUrlCategories","description":"URL category filter"},"urlClasses":{"type":"array","items":{"type":"string"},"description":"URL category filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"urlSuperCategories":{"type":"array","items":{"type":"string"},"description":"URL supercategory filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"userAgents":{"type":"array","items":{"type":"string"},"description":"Predefined user agents filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"users":{"$ref":"#/types/zia:index/CloudNSSFeedUsers:CloudNSSFeedUsers","description":"Users filter"},"vpnCredentials":{"$ref":"#/types/zia:index/CloudNSSFeedVpnCredentials:CloudNSSFeedVpnCredentials","description":"Filter based on specific VPN credentials"},"webApplicationClasses":{"type":"array","items":{"type":"string"},"description":"Cloud application categories Filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"webApplications":{"type":"array","items":{"type":"string"},"description":"Filter to include specific cloud applications in the logs.\n\t\t\t\tBy default, all cloud applications are included in the logs.\n\t\t\t\tTo obtain the list of cloud applications that can be specified in this attribute, use the GET /cloudApplications/lite request\n\t\t\t\tTo retrieve the list of cloud applications, use the data source: zia_cloud_applications"},"webApplicationsExcludes":{"type":"array","items":{"type":"string"},"description":"Filter to exclude specific cloud applications from the logs.\n\t\t\t\tBy default, no cloud applications is excluded from the logs.\n\t\t\t\tTo obtain the list of cloud applications that can be specified in this attribute, use the GET /cloudApplications/lite request.\n\t\t\t\tTo retrieve the list of cloud applications, use the data source: zia_cloud_applications"},"webTrafficForwards":{"type":"array","items":{"type":"string"},"description":"Filter based on the web traffic forwarding method\n\t\t\t\tSupported Values: ANY, NONE, PBF, GRE, IPSEC, Z_APP, ZAPP_GRE, ZAPP_IPSEC, EC, MTGRE, ZAPP_DIRECT, CCA, MTUN_PROXY, MTUN_CBI"}},"stateInputs":{"description":"Input properties used for looking up and filtering CloudNSSFeed resources.\n","properties":{"actionFilter":{"type":"string","description":"Policy action filter"},"activities":{"type":"array","items":{"type":"string"},"description":"CASB activity filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"advUserAgents":{"type":"array","items":{"type":"string"},"description":"Filter based on custom user agent strings"},"advancedThreats":{"type":"array","items":{"type":"string"},"description":"Advanced threats filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"alerts":{"type":"array","items":{"type":"string"},"description":"Alert filter\n\t\t\t\tSupported Values: CRITICAL, WARN"},"auditLogTypes":{"type":"array","items":{"type":"string"},"description":"Audit log type filter"},"authenticationToken":{"type":"string","description":"The authentication token value"},"authenticationUrl":{"type":"string","description":"Authentication URL applicable when SIEM type is set to Azure Sentinel"},"base64EncodedCertificate":{"type":"string","description":"Base64-encoded certificate"},"buckets":{"$ref":"#/types/zia:index/CloudNSSFeedBuckets:CloudNSSFeedBuckets","description":"Filter based on public cloud storage buckets"},"casbActions":{"type":"array","items":{"type":"string"},"description":"CASB policy action filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"casbApplications":{"type":"array","items":{"type":"string"},"description":"CASB application filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"casbFileTypeSuperCategories":{"type":"array","items":{"type":"string"},"description":"Endpoint DLP file type category filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"casbFileTypes":{"type":"array","items":{"type":"string"},"description":"Endpoint DLP file type filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"casbPolicyTypes":{"type":"array","items":{"type":"string"},"description":"CASB policy type filter\n\t\t\t\tSupported Values: MALWARE, DLP, ALL_INCIDENT"},"casbSeverities":{"type":"array","items":{"type":"string"},"description":"Zscaler's Cloud Access Security Broker (CASB) severity filter\n\t\t\t\tSupported Values: RULE_SEVERITY_HIGH, RULE_SEVERITY_MEDIUM, RULE_SEVERITY_LOW, RULE_SEVERITY_INFO"},"casbTenant":{"$ref":"#/types/zia:index/CloudNSSFeedCasbTenant:CloudNSSFeedCasbTenant","description":"CASB tenant filter"},"channelNames":{"type":"array","items":{"type":"string"},"description":"Collaboration channel name filter"},"clientDestinationIps":{"type":"array","items":{"type":"string"},"description":"Client's destination IPv4 addresses in Firewall policy"},"clientDestinationPorts":{"type":"array","items":{"type":"string"},"description":"Firewall logs filter based on a client's destination"},"clientId":{"type":"string","description":"Client ID applicable when SIEM type is set to S3 or Azure Sentinel"},"clientIps":{"type":"array","items":{"type":"string"},"description":"Filter to limit the logs based on a client's public IPv4 addresses"},"clientSecret":{"type":"string","description":"Client secret applicable when SIEM type is set to S3 or Azure Sentinel"},"clientSourceIps":{"type":"array","items":{"type":"string"},"description":"Client source IPs configured for NSS feed."},"clientSourcePorts":{"type":"array","items":{"type":"string"},"description":"Firewall log filter based on a client's source ports"},"connectionHeaders":{"type":"array","items":{"type":"string"},"description":"The HTTP Connection headers"},"connectionUrl":{"type":"string","description":"The HTTPS URL of the SIEM log collection API endpoint"},"countries":{"type":"array","items":{"type":"string"},"description":"Countries filter in the Firewall policy\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"customEscapedCharacters":{"type":"array","items":{"type":"string"},"description":"Characters that need to be encoded using hex when they appear in URL, Host, or Referrer"},"departments":{"$ref":"#/types/zia:index/CloudNSSFeedDepartments:CloudNSSFeedDepartments","description":"Departments filter"},"direction":{"type":"string","description":"Traffic direction filter specifying inbound or outbound"},"dlpDictionaries":{"$ref":"#/types/zia:index/CloudNSSFeedDlpDictionaries:CloudNSSFeedDlpDictionaries","description":"DLP dictionary filter"},"dlpEngines":{"$ref":"#/types/zia:index/CloudNSSFeedDlpEngines:CloudNSSFeedDlpEngines","description":"DLP engine filter"},"dnsActions":{"type":"array","items":{"type":"string"},"description":"DNS Control policy action filter"},"dnsRequestTypes":{"type":"array","items":{"type":"string"},"description":"DNS request types included in the feed\n\t\t\t\tSupported Values: ANY, NONE, DNSREQ_A, DNSREQ_NS, DNSREQ_CNAME, DNSREQ_SOA, DNSREQ_WKS,\n\t\t\t\tDNSREQ_PTR, DNSREQ_HINFO, DNSREQ_MINFO, DNSREQ_MX, DNSREQ_TXT, DNSREQ_AAAA,\n\t\t\t\tDNSREQ_ISDN, DNSREQ_LOC, DNSREQ_RP, DNSREQ_RT, DNSREQ_MR, DNSREQ_MG,\n\t\t\t\tDNSREQ_MB, DNSREQ_AFSDB, DNSREQ_HIP, DNSREQ_SRV, DNSREQ_DS, DNSREQ_NAPTR,\n\t\t\t\tDNSREQ_NSEC, DNSREQ_DNSKEY, DNSREQ_HTTPS, DNSREQ_UNKNOWN"},"dnsResponseTypes":{"type":"array","items":{"type":"string"},"description":"DNS response types filter\n\t\t\t\tSupported Values: ANY, DNSRES_ZSCODE, DNSRES_CNAME, DNSRES_IPV6, DNSRES_SRV_CODE, DNSRES_IPV4"},"dnsResponses":{"type":"array","items":{"type":"string"},"description":"DNS responses filter"},"domains":{"type":"array","items":{"type":"string"},"description":"Filter to limit the logs to sessions associated with specific domains"},"downloadTimes":{"type":"array","items":{"type":"string"},"description":"Download time filter"},"durations":{"type":"array","items":{"type":"string"},"description":"Filter based on time durations"},"emailDlpLogTypes":{"type":"array","items":{"type":"string"},"description":"Email DLP record type filter\n\t\t\t\tSupported Values: EPDLP_SCAN_AGGREGATE, EPDLP_SENSITIVE_ACTIVITY, EPDLP_DLP_INCIDENT"},"emailDlpPolicyAction":{"type":"string","description":"Action filter for Email DLP log type"},"endPointDlpLogTypes":{"type":"array","items":{"type":"string"},"description":"Endpoint DLP log type filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"epsRateLimit":{"type":"integer","description":"Event per second limit"},"event":{"type":"string","description":"CASB event filter"},"externalCollaborators":{"$ref":"#/types/zia:index/CloudNSSFeedExternalCollaborators:CloudNSSFeedExternalCollaborators","description":"Filter logs to specific recipients outside your organization"},"externalOwners":{"$ref":"#/types/zia:index/CloudNSSFeedExternalOwners:CloudNSSFeedExternalOwners","description":"Filter logs associated with file owners (inside or outside your organization) who are not provisioned to ZIA services"},"feedOutputFormat":{"type":"string","description":"Output format used for the feed"},"feedStatus":{"type":"string","description":"The status of the feed"},"fileNames":{"type":"array","items":{"type":"string"},"description":"Filter based on the file name"},"fileSizes":{"type":"array","items":{"type":"string"},"description":"File size filter"},"fileSources":{"type":"array","items":{"type":"string"},"description":"Filter based on the file source"},"fileTypeCategories":{"type":"array","items":{"type":"string"},"description":"Filter based on the file type in download\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"fileTypeSuperCategories":{"type":"array","items":{"type":"string"},"description":"Filter based on the category of file type in download\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"firewallActions":{"type":"array","items":{"type":"string"},"description":"Firewall actions included in the NSS feed\n\t\t\t\tSupported Values: BLOCK,ALLOW,BLOCK_DROP,BLOCK_RESET,BLOCK_ICMP,COUNTRY_BLOCK\n\t\t\t\tIPS_BLOCK_DROP,IPS_BLOCK_RESET,ALLOW_INSUFFICIENT_APPDATA,\n\t\t\t\tBLOCK_ABUSE_DROP,INT_ERR_DROP,CFG_BYPASSED,CFG_TIMEDOUT"},"firewallLoggingMode":{"type":"string","description":"Filter based on the Firewall Filtering policy logging mode"},"fullUrls":{"type":"array","items":{"type":"string"},"description":"Filter to limit the logs based on specific full URLs"},"grantType":{"type":"string","description":"Grant type applicable when SIEM type is set to Azure Sentinel"},"hostNames":{"type":"array","items":{"type":"string"},"description":"Filter to limit the logs based on specific hostnames"},"inBoundBytes":{"type":"array","items":{"type":"string"},"description":"Filter based on inbound bytes"},"internalCollaborators":{"$ref":"#/types/zia:index/CloudNSSFeedInternalCollaborators:CloudNSSFeedInternalCollaborators","description":"Filter logs to specific recipients within your organization"},"internalIps":{"type":"array","items":{"type":"string"},"description":"Filter based on internal IPv4 addresses"},"itsmObjectType":{"$ref":"#/types/zia:index/CloudNSSFeedItsmObjectType:CloudNSSFeedItsmObjectType","description":"ITSM object type filter"},"jsonArrayToggle":{"type":"boolean","description":"A Boolean value indicating whether streaming of logs in JSON array format (e.g., [{JSON1},{JSON2}]) is enabled or disabled for the JSON feed output type"},"locationGroups":{"$ref":"#/types/zia:index/CloudNSSFeedLocationGroups:CloudNSSFeedLocationGroups","description":"A filter based on location groups"},"locations":{"$ref":"#/types/zia:index/CloudNSSFeedLocations:CloudNSSFeedLocations","description":"Location filter"},"malwareClasses":{"type":"array","items":{"type":"string"},"description":"Malware category filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"malwareNames":{"type":"array","items":{"type":"string"},"description":"Filter based on malware names\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"maxBatchSize":{"type":"integer","description":"The maximum batch size in KB"},"name":{"type":"string","description":"The name of the cloud NSS feed"},"natActions":{"type":"array","items":{"type":"string"},"description":"NAT Control policy actions filter\n\t\t\t\tSupported Values: NONE, DNAT"},"nssFeedType":{"type":"string","description":"NSS feed format type (e.g. CSV, syslog, Splunk Common Information Model (CIM), etc."},"nssId":{"type":"integer"},"nssLogType":{"type":"string","description":"The type of NSS logs that are streamed (e.g. Web, Firewall, DNS, Alert, etc.)"},"nssType":{"type":"string","description":"NSS type"},"nwApplications":{"type":"array","items":{"type":"string"},"description":"Filter to include specific network applications in the logs.\n\t\t\t\tBy default, all network applications are included in the logs\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"nwApplicationsExcludes":{"type":"array","items":{"type":"string"},"description":"Filter to include specific network applications in the logs.\n\t\t\t\tBy default, no network application is excluded from the logs\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"nwServices":{"$ref":"#/types/zia:index/CloudNSSFeedNwServices:CloudNSSFeedNwServices","description":"Firewall network services filter"},"oauthAuthentication":{"type":"boolean","description":"A Boolean value indicating whether OAuth 2.0 authentication is enabled or not"},"objectNames":{"type":"array","items":{"type":"string"},"description":"CRM object name filter"},"objectType1s":{"type":"array","items":{"type":"string"},"description":"CASB activity object type filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"objectType2s":{"type":"array","items":{"type":"string"},"description":"CASB activity object type filter if applicable\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"objectTypes":{"type":"array","items":{"type":"string"},"description":"CRM object type filter"},"outBoundBytes":{"type":"array","items":{"type":"string"},"description":"Filter based on outbound bytes"},"pageRiskIndexes":{"type":"array","items":{"type":"string"},"description":"Page Risk Index filter"},"policyReasons":{"type":"array","items":{"type":"string"},"description":"Policy reason filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"projectNames":{"type":"array","items":{"type":"string"},"description":"Repository project name filter"},"protocolTypes":{"type":"array","items":{"type":"string"},"description":"Protocol types filter\n\t\t\t\tSupported Values: TUNNEL, SSL, HTTP, HTTPS, FTP, FTPOVERHTTP, HTTP_PROXY, TUNNEL_SSL, DNSOVERHTTPS, WEBSOCKET, WEBSOCKET_SSL"},"refererUrls":{"type":"array","items":{"type":"string"},"description":"Referrer URL filter"},"repoNames":{"type":"array","items":{"type":"string"},"description":"Repository name filter"},"requestMethods":{"type":"array","items":{"type":"string"},"description":"Request methods filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"requestSizes":{"type":"array","items":{"type":"string"},"description":"Request size filter"},"responseCodes":{"type":"array","items":{"type":"string"},"description":"Response codes filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"responseSizes":{"type":"array","items":{"type":"string"},"description":"Request size filter"},"rules":{"$ref":"#/types/zia:index/CloudNSSFeedRules:CloudNSSFeedRules","description":"Policy rules filter (e.g., Firewall Filtering or DNS Control rule filter)"},"scanTimes":{"type":"array","items":{"type":"string"},"description":"Scan time filter"},"scope":{"type":"string","description":"Scope applicable when SIEM type is set to Azure Sentinel"},"senderName":{"$ref":"#/types/zia:index/CloudNSSFeedSenderName:CloudNSSFeedSenderName","description":"Filter based on sender or owner name"},"serverDestinationIps":{"type":"array","items":{"type":"string"},"description":"Filter based on the server's destination IPv4 addresses in Firewall policy"},"serverIps":{"type":"array","items":{"type":"string"},"description":"Filter to limit the logs based on the server's IPv4 addresses"},"serverSourceIps":{"type":"array","items":{"type":"string"},"description":"Filter based on the server's source IPv4 addresses in Firewall policy"},"serverSourcePorts":{"type":"array","items":{"type":"string"},"description":"Firewall log filter based on the traffic destination name"},"sessionCounts":{"type":"array","items":{"type":"string"},"description":"Firewall logs filter based on the number of sessions"},"siemType":{"type":"string","description":"Cloud NSS SIEM type"},"threatNames":{"type":"array","items":{"type":"string"},"description":"Filter based on threat names"},"timeZone":{"type":"string","description":"Specifies the time zone that must be used in the output file\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"trafficForwards":{"type":"array","items":{"type":"string"},"description":"Filter based on the firewall traffic forwarding method\n\t\t\t\tSupported Values: ANY, NONE, PBF, GRE, IPSEC, Z_APP, ZAPP_GRE, ZAPP_IPSEC, EC, MTGRE, ZAPP_DIRECT, CCA, MTUN_PROXY, MTUN_CBI"},"transactionSizes":{"type":"array","items":{"type":"string"},"description":"Transaction size filter"},"tunnelDestIps":{"type":"array","items":{"type":"string"},"description":"Destination IPv4 addresses of tunnels"},"tunnelIps":{"type":"array","items":{"type":"string"},"description":"Filter based on tunnel IPv4 addresses in Firewall policy"},"tunnelSourceIps":{"type":"array","items":{"type":"string"},"description":"Source IPv4 addresses of tunnels"},"tunnelSourcePorts":{"type":"array","items":{"type":"string"},"description":"Filter based on the tunnel source port"},"tunnelTypes":{"type":"array","items":{"type":"string"},"description":"Tunnel type filter\n\t\t\t\tSupported Values: GRE, IPSEC_IKEV1, IPSEC_IKEV2, SVPN, EXTRANET, ZUB, ZCB"},"urlCategories":{"$ref":"#/types/zia:index/CloudNSSFeedUrlCategories:CloudNSSFeedUrlCategories","description":"URL category filter"},"urlClasses":{"type":"array","items":{"type":"string"},"description":"URL category filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"urlSuperCategories":{"type":"array","items":{"type":"string"},"description":"URL supercategory filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"userAgents":{"type":"array","items":{"type":"string"},"description":"Predefined user agents filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"users":{"$ref":"#/types/zia:index/CloudNSSFeedUsers:CloudNSSFeedUsers","description":"Users filter"},"vpnCredentials":{"$ref":"#/types/zia:index/CloudNSSFeedVpnCredentials:CloudNSSFeedVpnCredentials","description":"Filter based on specific VPN credentials"},"webApplicationClasses":{"type":"array","items":{"type":"string"},"description":"Cloud application categories Filter\n\t\t\t\tSee the [Cloud Nanolog Streaming Service (NSS) documentation\n\t\t\t\thttps://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get"},"webApplications":{"type":"array","items":{"type":"string"},"description":"Filter to include specific cloud applications in the logs.\n\t\t\t\tBy default, all cloud applications are included in the logs.\n\t\t\t\tTo obtain the list of cloud applications that can be specified in this attribute, use the GET /cloudApplications/lite request\n\t\t\t\tTo retrieve the list of cloud applications, use the data source: zia_cloud_applications"},"webApplicationsExcludes":{"type":"array","items":{"type":"string"},"description":"Filter to exclude specific cloud applications from the logs.\n\t\t\t\tBy default, no cloud applications is excluded from the logs.\n\t\t\t\tTo obtain the list of cloud applications that can be specified in this attribute, use the GET /cloudApplications/lite request.\n\t\t\t\tTo retrieve the list of cloud applications, use the data source: zia_cloud_applications"},"webTrafficForwards":{"type":"array","items":{"type":"string"},"description":"Filter based on the web traffic forwarding method\n\t\t\t\tSupported Values: ANY, NONE, PBF, GRE, IPSEC, Z_APP, ZAPP_GRE, ZAPP_IPSEC, EC, MTGRE, ZAPP_DIRECT, CCA, MTUN_PROXY, MTUN_CBI"}},"type":"object"}},"zia:index/customFileTypes:CustomFileTypes":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-file-type-control)\n* [API documentation](https://help.zscaler.com/zia/file-type-control-policy#/customFileTypes-get)\n\nThe **zia_custom_file_types** resource allows the creation and management of ZIA custom file type in the Zscaler Internet Access.\n\n## Example Usage\n\n```hcl\nresource \"zia_custom_file_types\" \"this\" {\n  name = \"FileType02\"\n  description = \"FileType02\"\n  extension = \"tf\"\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_custom_file_types** can be imported by using `\u003cFILE ID\u003e` or `\u003cFILE NAME\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/customFileTypes:CustomFileTypes example \u003cfile_id\u003e\n```\n\nor\n\n```sh\n$ pulumi import zia:index/customFileTypes:CustomFileTypes example \u003cfile_name\u003e\n```\n\n","properties":{"description":{"type":"string","description":"Additional information about the custom file type, if any."},"extension":{"type":"string","description":"The file type extension. The maximum extension length is 10 characters."},"fileId":{"type":"integer","description":"The unique identifier for the custom file type."},"fileTypeId":{"type":"integer","description":"File type ID. This ID is assigned and maintained for all file types including predefined and custom file types, and this value is different from the custom file type ID."},"name":{"type":"string","description":"The name of the custom file type."}},"required":["fileId","fileTypeId","name"],"inputProperties":{"description":{"type":"string","description":"Additional information about the custom file type, if any."},"extension":{"type":"string","description":"The file type extension. The maximum extension length is 10 characters."},"name":{"type":"string","description":"The name of the custom file type."}},"stateInputs":{"description":"Input properties used for looking up and filtering CustomFileTypes resources.\n","properties":{"description":{"type":"string","description":"Additional information about the custom file type, if any."},"extension":{"type":"string","description":"The file type extension. The maximum extension length is 10 characters."},"fileId":{"type":"integer","description":"The unique identifier for the custom file type."},"fileTypeId":{"type":"integer","description":"File type ID. This ID is assigned and maintained for all file types including predefined and custom file types, and this value is different from the custom file type ID."},"name":{"type":"string","description":"The name of the custom file type."}},"type":"object"}},"zia:index/dCExclusions:DCExclusions":{"description":"* [Official documentation](https://help.zscaler.com/zia/excluding-data-center-based-traffic-forwarding-method)\n* [API documentation](https://help.zscaler.com/legacy-apis/traffic-forwarding-0#/dcExclusions-get)\n\nUse the **zia_dc_exclusions** Resource to add a data center (DC) exclusion to disable the tunnels terminating at a virtual IP address of a Zscaler DC, triggering a failover from primary to secondary tunnels in the event of service disruptions, Zscaler Trust Portal incidents, disasters, etc. You can configure to exclude a specific DC based on the traffic forwarding method for a designated time period.\n\n\u003e NOTE: This an Early Access feature.\n\n## Example Usage\n\n```hcl\ndata \"zia_datacenters\" \"this\" {\n  name = \"SJC4\"\n}\n\n# Using Unix timestamps\nresource \"zia_dc_exclusions\" \"this\" {\n  datacenter_id = data.zia_datacenters.this.datacenter_id\n  start_time   = 1770422399\n  end_time     = 1770508799\n  description  = \"Optional description\"\n}\n\n# Using human-readable UTC date/time (same as zia_sub_cloud exclusions)\nresource \"zia_dc_exclusions\" \"utc\" {\n  datacenter_id  = data.zia_datacenters.this.datacenter_id\n  start_time_utc = \"02/05/2026 12:00 am\"\n  end_time_utc   = \"02/19/2026 11:59 pm\"\n  description    = \"Optional description\"\n}\n```\n","properties":{"datacenterId":{"type":"integer","description":"Datacenter ID (dcid) to exclude. Required on create; can be omitted when importing by ID. Use the numeric ID from\u003cspan pulumi-lang-nodejs=\" zia.getDatacenters \" pulumi-lang-dotnet=\" zia.getDatacenters \" pulumi-lang-go=\" getDatacenters \" pulumi-lang-python=\" get_datacenters \" pulumi-lang-yaml=\" zia.getDatacenters \" pulumi-lang-java=\" zia.getDatacenters \"\u003e zia.getDatacenters \u003c/span\u003e(e.g. datacenter_id) or this resource's id."},"description":{"type":"string","description":"Description of the DC exclusion."},"endTime":{"type":"integer","description":"Unix timestamp when the exclusion window ends. Either\u003cspan pulumi-lang-nodejs=\" endTime \" pulumi-lang-dotnet=\" EndTime \" pulumi-lang-go=\" endTime \" pulumi-lang-python=\" end_time \" pulumi-lang-yaml=\" endTime \" pulumi-lang-java=\" endTime \"\u003e end_time \u003c/span\u003eor\u003cspan pulumi-lang-nodejs=\" endTimeUtc \" pulumi-lang-dotnet=\" EndTimeUtc \" pulumi-lang-go=\" endTimeUtc \" pulumi-lang-python=\" end_time_utc \" pulumi-lang-yaml=\" endTimeUtc \" pulumi-lang-java=\" endTimeUtc \"\u003e end_time_utc \u003c/span\u003emust be set."},"endTimeUtc":{"type":"string","description":"(String) Exclusion window end in UTC, formatted as `MM/DD/YYYY HH:MM am/pm` (computed from API).\n"},"expired":{"type":"boolean","description":"(Boolean) Whether the exclusion has expired (read-only from API).\n"},"startTime":{"type":"integer","description":"Unix timestamp when the exclusion window starts. Either\u003cspan pulumi-lang-nodejs=\" startTime \" pulumi-lang-dotnet=\" StartTime \" pulumi-lang-go=\" startTime \" pulumi-lang-python=\" start_time \" pulumi-lang-yaml=\" startTime \" pulumi-lang-java=\" startTime \"\u003e start_time \u003c/span\u003eor\u003cspan pulumi-lang-nodejs=\" startTimeUtc \" pulumi-lang-dotnet=\" StartTimeUtc \" pulumi-lang-go=\" startTimeUtc \" pulumi-lang-python=\" start_time_utc \" pulumi-lang-yaml=\" startTimeUtc \" pulumi-lang-java=\" startTimeUtc \"\u003e start_time_utc \u003c/span\u003emust be set."},"startTimeUtc":{"type":"string","description":"(String) Exclusion window start in UTC, formatted as `MM/DD/YYYY HH:MM am/pm` (computed from API).\n"}},"required":["datacenterId","endTime","endTimeUtc","expired","startTime","startTimeUtc"],"inputProperties":{"datacenterId":{"type":"integer","description":"Datacenter ID (dcid) to exclude. Required on create; can be omitted when importing by ID. Use the numeric ID from\u003cspan pulumi-lang-nodejs=\" zia.getDatacenters \" pulumi-lang-dotnet=\" zia.getDatacenters \" pulumi-lang-go=\" getDatacenters \" pulumi-lang-python=\" get_datacenters \" pulumi-lang-yaml=\" zia.getDatacenters \" pulumi-lang-java=\" zia.getDatacenters \"\u003e zia.getDatacenters \u003c/span\u003e(e.g. datacenter_id) or this resource's id.","willReplaceOnChanges":true},"description":{"type":"string","description":"Description of the DC exclusion."},"endTime":{"type":"integer","description":"Unix timestamp when the exclusion window ends. Either\u003cspan pulumi-lang-nodejs=\" endTime \" pulumi-lang-dotnet=\" EndTime \" pulumi-lang-go=\" endTime \" pulumi-lang-python=\" end_time \" pulumi-lang-yaml=\" endTime \" pulumi-lang-java=\" endTime \"\u003e end_time \u003c/span\u003eor\u003cspan pulumi-lang-nodejs=\" endTimeUtc \" pulumi-lang-dotnet=\" EndTimeUtc \" pulumi-lang-go=\" endTimeUtc \" pulumi-lang-python=\" end_time_utc \" pulumi-lang-yaml=\" endTimeUtc \" pulumi-lang-java=\" endTimeUtc \"\u003e end_time_utc \u003c/span\u003emust be set."},"endTimeUtc":{"type":"string","description":"(String) Exclusion window end in UTC, formatted as `MM/DD/YYYY HH:MM am/pm` (computed from API).\n"},"startTime":{"type":"integer","description":"Unix timestamp when the exclusion window starts. Either\u003cspan pulumi-lang-nodejs=\" startTime \" pulumi-lang-dotnet=\" StartTime \" pulumi-lang-go=\" startTime \" pulumi-lang-python=\" start_time \" pulumi-lang-yaml=\" startTime \" pulumi-lang-java=\" startTime \"\u003e start_time \u003c/span\u003eor\u003cspan pulumi-lang-nodejs=\" startTimeUtc \" pulumi-lang-dotnet=\" StartTimeUtc \" pulumi-lang-go=\" startTimeUtc \" pulumi-lang-python=\" start_time_utc \" pulumi-lang-yaml=\" startTimeUtc \" pulumi-lang-java=\" startTimeUtc \"\u003e start_time_utc \u003c/span\u003emust be set."},"startTimeUtc":{"type":"string","description":"(String) Exclusion window start in UTC, formatted as `MM/DD/YYYY HH:MM am/pm` (computed from API).\n"}},"stateInputs":{"description":"Input properties used for looking up and filtering DCExclusions resources.\n","properties":{"datacenterId":{"type":"integer","description":"Datacenter ID (dcid) to exclude. Required on create; can be omitted when importing by ID. Use the numeric ID from\u003cspan pulumi-lang-nodejs=\" zia.getDatacenters \" pulumi-lang-dotnet=\" zia.getDatacenters \" pulumi-lang-go=\" getDatacenters \" pulumi-lang-python=\" get_datacenters \" pulumi-lang-yaml=\" zia.getDatacenters \" pulumi-lang-java=\" zia.getDatacenters \"\u003e zia.getDatacenters \u003c/span\u003e(e.g. datacenter_id) or this resource's id.","willReplaceOnChanges":true},"description":{"type":"string","description":"Description of the DC exclusion."},"endTime":{"type":"integer","description":"Unix timestamp when the exclusion window ends. Either\u003cspan pulumi-lang-nodejs=\" endTime \" pulumi-lang-dotnet=\" EndTime \" pulumi-lang-go=\" endTime \" pulumi-lang-python=\" end_time \" pulumi-lang-yaml=\" endTime \" pulumi-lang-java=\" endTime \"\u003e end_time \u003c/span\u003eor\u003cspan pulumi-lang-nodejs=\" endTimeUtc \" pulumi-lang-dotnet=\" EndTimeUtc \" pulumi-lang-go=\" endTimeUtc \" pulumi-lang-python=\" end_time_utc \" pulumi-lang-yaml=\" endTimeUtc \" pulumi-lang-java=\" endTimeUtc \"\u003e end_time_utc \u003c/span\u003emust be set."},"endTimeUtc":{"type":"string","description":"(String) Exclusion window end in UTC, formatted as `MM/DD/YYYY HH:MM am/pm` (computed from API).\n"},"expired":{"type":"boolean","description":"(Boolean) Whether the exclusion has expired (read-only from API).\n"},"startTime":{"type":"integer","description":"Unix timestamp when the exclusion window starts. Either\u003cspan pulumi-lang-nodejs=\" startTime \" pulumi-lang-dotnet=\" StartTime \" pulumi-lang-go=\" startTime \" pulumi-lang-python=\" start_time \" pulumi-lang-yaml=\" startTime \" pulumi-lang-java=\" startTime \"\u003e start_time \u003c/span\u003eor\u003cspan pulumi-lang-nodejs=\" startTimeUtc \" pulumi-lang-dotnet=\" StartTimeUtc \" pulumi-lang-go=\" startTimeUtc \" pulumi-lang-python=\" start_time_utc \" pulumi-lang-yaml=\" startTimeUtc \" pulumi-lang-java=\" startTimeUtc \"\u003e start_time_utc \u003c/span\u003emust be set."},"startTimeUtc":{"type":"string","description":"(String) Exclusion window start in UTC, formatted as `MM/DD/YYYY HH:MM am/pm` (computed from API).\n"}},"type":"object"}},"zia:index/dLPDictionaries:DLPDictionaries":{"description":"* [Official documentation](https://help.zscaler.com/zia/adding-custom-dlp-dictionary)\n* [API documentation](https://help.zscaler.com/zia/data-loss-prevention#/dlpDictionaries-post)\n\nThe **zia_dlp_dictionaries** resource allows the creation and management of ZIA DLP dictionaries in the Zscaler Internet Access cloud or via the API.\n\n## Example Usage\n\n```hcl\nresource \"zia_dlp_dictionaries\" \"example\"{\n    name = \"Your Dictionary Name\"\n    description = \"Your Description\"\n    phrases {\n        action = \"PHRASE_COUNT_TYPE_ALL\"\n        phrase = \"YourPhrase\"\n    }\n    custom_phrase_match_type = \"MATCH_ALL_CUSTOM_PHRASE_PATTERN_DICTIONARY\"\n    patterns {\n        action = \"PATTERN_COUNT_TYPE_UNIQUE\"\n        pattern = \"YourPattern\"\n    }\n    dictionary_type = \"PATTERNS_AND_PHRASES\"\n}\n```\n\n### With Hierarchical Identifiers (Clone Predefined Dictionary)\n\n```hcl\ndata \"zia_dlp_dictionary_predefined_identifiers\" \"this\" {\n  name = \"EUIBAN_LEAKAGE\"\n}\n\ndata \"zia_dlp_dictionaries\" \"this\" {\n  name = \"EUIBAN_LEAKAGE\"\n}\n\nresource \"zia_dlp_dictionaries\" \"example\"{\n    name                     = \"Example Dictionary Clone\"\n    description              = \"Example Dictionary Clone\"\n    confidence_level_for_predefined_dict = \"CONFIDENCE_LEVEL_MEDIUM\"\n    hierarchical_identifiers = [data.zia_dlp_dictionary_predefined_identifiers.this.predefined_identifiers]\n    confidence_threshold     = \"CONFIDENCE_LEVEL_HIGH\"\n    dict_template_id         = data.zia_dlp_dictionaries.this.id\n    phrases {\n        action = \"PHRASE_COUNT_TYPE_ALL\"\n        phrase = \"YourPhrase1\"\n    }\n    custom_phrase_match_type = \"MATCH_ALL_CUSTOM_PHRASE_PATTERN_DICTIONARY\"\n    dictionary_type          = \"PATTERNS_AND_PHRASES\"\n}\n```\n\n### With Exact Data Match (EDM)\n\n```hcl\ndata \"zia_dlp_edm_schema\" \"this\"{\n    project_name = \"EDM_TEMPLATE01\"\n}\n\nresource \"zia_dlp_dictionaries\" \"dlp_dictionaries\" {\n  name        = \"edm_dic_tf\"\n  description = \"edm dictionary\"\n  dictionary_type = \"EXACT_DATA_MATCH\"\n  custom = true\n\n  exact_data_match_details {\n    schema_id = data.zia_dlp_edm_schema.this.schema_id\n    primary_fields             = [3]\n    secondary_fields          = [1,2]\n    secondary_field_match_on  = \"MATCHON_ALL\"\n\n  }\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_dlp_dictionaries** can be imported by using `\u003cDICTIONARY ID\u003e` or `\u003cDICTIONARY_NAME\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/dLPDictionaries:DLPDictionaries example \u003cdictionary_id\u003e\n```\n\nor\n\n```sh\n$ pulumi import zia:index/dLPDictionaries:DLPDictionaries example \u003cdictionary_name\u003e\n```\n\n","properties":{"binNumbers":{"type":"array","items":{"type":"integer"},"description":"The list of Bank Identification Number (BIN) values that are included or excluded from the Credit Cards dictionary. BIN values can be specified only for Diners Club, Mastercard, RuPay, and Visa cards. Up to 512 BIN values can be configured in a dictionary. Note: This field is applicable only to the predefined Credit Cards dictionary and its clones."},"confidenceLevelForPredefinedDict":{"type":"string","description":"The DLP confidence threshold for predefined dictionaries"},"confidenceThreshold":{"type":"string","description":"The DLP confidence threshold"},"custom":{"type":"boolean","description":"The DLP dictionary proximity length."},"customPhraseMatchType":{"type":"string"},"description":{"type":"string","description":"The desciption of the DLP dictionary"},"dictTemplateId":{"type":"integer","description":"ID of the predefined dictionary (original source dictionary) that is used for cloning. This field is applicable only to cloned dictionaries. Only a limited set of identification-based predefined dictionaries (e.g., Credit Cards, Social Security Numbers, National Identification Numbers, etc.) can be cloned. Up to 4 clones can be created from a predefined dictionary."},"dictionaryId":{"type":"integer"},"dictionaryType":{"type":"string","description":"The DLP dictionary type."},"exactDataMatchDetails":{"type":"array","items":{"$ref":"#/types/zia:index/DLPDictionariesExactDataMatchDetail:DLPDictionariesExactDataMatchDetail"},"description":"Exact Data Match (EDM) related information for custom DLP dictionaries."},"hierarchicalIdentifiers":{"type":"array","items":{"type":"string"},"description":"List of hierarchical identifiers for the DLP dictionary."},"idmProfileMatchAccuracies":{"type":"array","items":{"$ref":"#/types/zia:index/DLPDictionariesIdmProfileMatchAccuracy:DLPDictionariesIdmProfileMatchAccuracy"},"description":"List of Indexed Document Match (IDM) profiles and their corresponding match accuracy for custom DLP dictionaries."},"ignoreExactMatchIdmDict":{"type":"boolean","description":"Indicates whether to exclude documents that are a 100% match to already-indexed documents from triggering an Indexed Document Match (IDM) Dictionary."},"includeBinNumbers":{"type":"boolean","description":"A true value denotes that the specified Bank Identification Number (BIN) values are included in the Credit Cards dictionary. A false value denotes that the specified BIN values are excluded from the Credit Cards dictionary.Note: This field is applicable only to the predefined Credit Cards dictionary and its clones."},"name":{"type":"string","description":"The DLP dictionary's name"},"patterns":{"type":"array","items":{"$ref":"#/types/zia:index/DLPDictionariesPattern:DLPDictionariesPattern"},"description":"List containing the patterns used within a custom DLP dictionary. This attribute is not applicable to predefined DLP dictionaries"},"phrases":{"type":"array","items":{"$ref":"#/types/zia:index/DLPDictionariesPhrase:DLPDictionariesPhrase"}},"proximity":{"type":"integer","description":"The DLP dictionary proximity length that defines how close a high confidence phrase must be to an instance of the pattern (that the dictionary detects) to count as a match."},"proximityEnabledForCustomDictionary":{"type":"boolean","description":"A Boolean constant that indicates if proximity length is enabled or disabled for a custom DLP dictionary."}},"required":["custom","dictionaryId","idmProfileMatchAccuracies","includeBinNumbers","name","patterns","phrases"],"inputProperties":{"binNumbers":{"type":"array","items":{"type":"integer"},"description":"The list of Bank Identification Number (BIN) values that are included or excluded from the Credit Cards dictionary. BIN values can be specified only for Diners Club, Mastercard, RuPay, and Visa cards. Up to 512 BIN values can be configured in a dictionary. Note: This field is applicable only to the predefined Credit Cards dictionary and its clones."},"confidenceLevelForPredefinedDict":{"type":"string","description":"The DLP confidence threshold for predefined dictionaries"},"confidenceThreshold":{"type":"string","description":"The DLP confidence threshold"},"custom":{"type":"boolean","description":"The DLP dictionary proximity length."},"customPhraseMatchType":{"type":"string"},"description":{"type":"string","description":"The desciption of the DLP dictionary"},"dictTemplateId":{"type":"integer","description":"ID of the predefined dictionary (original source dictionary) that is used for cloning. This field is applicable only to cloned dictionaries. Only a limited set of identification-based predefined dictionaries (e.g., Credit Cards, Social Security Numbers, National Identification Numbers, etc.) can be cloned. Up to 4 clones can be created from a predefined dictionary."},"dictionaryType":{"type":"string","description":"The DLP dictionary type."},"exactDataMatchDetails":{"type":"array","items":{"$ref":"#/types/zia:index/DLPDictionariesExactDataMatchDetail:DLPDictionariesExactDataMatchDetail"},"description":"Exact Data Match (EDM) related information for custom DLP dictionaries."},"hierarchicalIdentifiers":{"type":"array","items":{"type":"string"},"description":"List of hierarchical identifiers for the DLP dictionary."},"idmProfileMatchAccuracies":{"type":"array","items":{"$ref":"#/types/zia:index/DLPDictionariesIdmProfileMatchAccuracy:DLPDictionariesIdmProfileMatchAccuracy"},"description":"List of Indexed Document Match (IDM) profiles and their corresponding match accuracy for custom DLP dictionaries."},"ignoreExactMatchIdmDict":{"type":"boolean","description":"Indicates whether to exclude documents that are a 100% match to already-indexed documents from triggering an Indexed Document Match (IDM) Dictionary."},"includeBinNumbers":{"type":"boolean","description":"A true value denotes that the specified Bank Identification Number (BIN) values are included in the Credit Cards dictionary. A false value denotes that the specified BIN values are excluded from the Credit Cards dictionary.Note: This field is applicable only to the predefined Credit Cards dictionary and its clones."},"name":{"type":"string","description":"The DLP dictionary's name"},"patterns":{"type":"array","items":{"$ref":"#/types/zia:index/DLPDictionariesPattern:DLPDictionariesPattern"},"description":"List containing the patterns used within a custom DLP dictionary. This attribute is not applicable to predefined DLP dictionaries"},"phrases":{"type":"array","items":{"$ref":"#/types/zia:index/DLPDictionariesPhrase:DLPDictionariesPhrase"}},"proximity":{"type":"integer","description":"The DLP dictionary proximity length that defines how close a high confidence phrase must be to an instance of the pattern (that the dictionary detects) to count as a match."},"proximityEnabledForCustomDictionary":{"type":"boolean","description":"A Boolean constant that indicates if proximity length is enabled or disabled for a custom DLP dictionary."}},"stateInputs":{"description":"Input properties used for looking up and filtering DLPDictionaries resources.\n","properties":{"binNumbers":{"type":"array","items":{"type":"integer"},"description":"The list of Bank Identification Number (BIN) values that are included or excluded from the Credit Cards dictionary. BIN values can be specified only for Diners Club, Mastercard, RuPay, and Visa cards. Up to 512 BIN values can be configured in a dictionary. Note: This field is applicable only to the predefined Credit Cards dictionary and its clones."},"confidenceLevelForPredefinedDict":{"type":"string","description":"The DLP confidence threshold for predefined dictionaries"},"confidenceThreshold":{"type":"string","description":"The DLP confidence threshold"},"custom":{"type":"boolean","description":"The DLP dictionary proximity length."},"customPhraseMatchType":{"type":"string"},"description":{"type":"string","description":"The desciption of the DLP dictionary"},"dictTemplateId":{"type":"integer","description":"ID of the predefined dictionary (original source dictionary) that is used for cloning. This field is applicable only to cloned dictionaries. Only a limited set of identification-based predefined dictionaries (e.g., Credit Cards, Social Security Numbers, National Identification Numbers, etc.) can be cloned. Up to 4 clones can be created from a predefined dictionary."},"dictionaryId":{"type":"integer"},"dictionaryType":{"type":"string","description":"The DLP dictionary type."},"exactDataMatchDetails":{"type":"array","items":{"$ref":"#/types/zia:index/DLPDictionariesExactDataMatchDetail:DLPDictionariesExactDataMatchDetail"},"description":"Exact Data Match (EDM) related information for custom DLP dictionaries."},"hierarchicalIdentifiers":{"type":"array","items":{"type":"string"},"description":"List of hierarchical identifiers for the DLP dictionary."},"idmProfileMatchAccuracies":{"type":"array","items":{"$ref":"#/types/zia:index/DLPDictionariesIdmProfileMatchAccuracy:DLPDictionariesIdmProfileMatchAccuracy"},"description":"List of Indexed Document Match (IDM) profiles and their corresponding match accuracy for custom DLP dictionaries."},"ignoreExactMatchIdmDict":{"type":"boolean","description":"Indicates whether to exclude documents that are a 100% match to already-indexed documents from triggering an Indexed Document Match (IDM) Dictionary."},"includeBinNumbers":{"type":"boolean","description":"A true value denotes that the specified Bank Identification Number (BIN) values are included in the Credit Cards dictionary. A false value denotes that the specified BIN values are excluded from the Credit Cards dictionary.Note: This field is applicable only to the predefined Credit Cards dictionary and its clones."},"name":{"type":"string","description":"The DLP dictionary's name"},"patterns":{"type":"array","items":{"$ref":"#/types/zia:index/DLPDictionariesPattern:DLPDictionariesPattern"},"description":"List containing the patterns used within a custom DLP dictionary. This attribute is not applicable to predefined DLP dictionaries"},"phrases":{"type":"array","items":{"$ref":"#/types/zia:index/DLPDictionariesPhrase:DLPDictionariesPhrase"}},"proximity":{"type":"integer","description":"The DLP dictionary proximity length that defines how close a high confidence phrase must be to an instance of the pattern (that the dictionary detects) to count as a match."},"proximityEnabledForCustomDictionary":{"type":"boolean","description":"A Boolean constant that indicates if proximity length is enabled or disabled for a custom DLP dictionary."}},"type":"object"}},"zia:index/dLPEngines:DLPEngines":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-dlp-engines)\n* [API documentation](https://help.zscaler.com/zia/data-loss-prevention#/dlpEngines-get)\n\nUse the **zia_dlp_engines** resource allows the creation and management of ZIA DLP Engines in the Zscaler Internet Access cloud or via the API.\n\n⚠️ **WARNING:** \"Before using the new `\u003cspan pulumi-lang-nodejs=\"`zia.DLPEngines`\" pulumi-lang-dotnet=\"`zia.DLPEngines`\" pulumi-lang-go=\"`DLPEngines`\" pulumi-lang-python=\"`DLPEngines`\" pulumi-lang-yaml=\"`zia.DLPEngines`\" pulumi-lang-java=\"`zia.DLPEngines`\"\u003e`zia.DLPEngines`\u003c/span\u003e` resource contact [Zscaler Support](https://help.zscaler.com/login-tickets).\" and request the following API methods ``POST``, ``PUT``, and ``DELETE`` to be enabled for your organization.\n\n## Example Usage\n\n```hcl\n# Retrieve a DLP Engine by name\nresource \"zia_dlp_engines\" \"this\" {\n  name = \"Example\"\n  description = \"Example\"\n  engine_expression = \"((D63.S \u003e 1))\"\n  custom_dlp_engine = true\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_dlp_engines** can be imported by using `\u003cENGINE_ID\u003e` or `\u003cENGINE_NAME\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/dLPEngines:DLPEngines example \u003cengine_id\u003e\n```\n\nor\n\n```sh\n$ pulumi import zia:index/dLPEngines:DLPEngines example \u003cengine_name\u003e\n```\n\n","properties":{"customDlpEngine":{"type":"boolean","description":"Indicates whether this is a custom DLP engine. If this value is set to true, the engine is custom."},"description":{"type":"string","description":"The DLP engine's description."},"engineExpression":{"type":"string","description":"The boolean logical operator in which various DLP dictionaries are combined within a DLP engine's expression."},"engineId":{"type":"integer"},"name":{"type":"string","description":"The DLP engine name as configured by the admin."}},"required":["engineId","name"],"inputProperties":{"customDlpEngine":{"type":"boolean","description":"Indicates whether this is a custom DLP engine. If this value is set to true, the engine is custom."},"description":{"type":"string","description":"The DLP engine's description."},"engineExpression":{"type":"string","description":"The boolean logical operator in which various DLP dictionaries are combined within a DLP engine's expression."},"name":{"type":"string","description":"The DLP engine name as configured by the admin."}},"stateInputs":{"description":"Input properties used for looking up and filtering DLPEngines resources.\n","properties":{"customDlpEngine":{"type":"boolean","description":"Indicates whether this is a custom DLP engine. If this value is set to true, the engine is custom."},"description":{"type":"string","description":"The DLP engine's description."},"engineExpression":{"type":"string","description":"The boolean logical operator in which various DLP dictionaries are combined within a DLP engine's expression."},"engineId":{"type":"integer"},"name":{"type":"string","description":"The DLP engine name as configured by the admin."}},"type":"object"}},"zia:index/dLPNotificationTemplates:DLPNotificationTemplates":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-dlp-notification-templates)\n* [API documentation](https://help.zscaler.com/zia/data-loss-prevention#/dlpNotificationTemplates-get)\n\nThe **zia_dlp_notification_templates** resource allows the creation and management of ZIA DLP Notification Templates in the Zscaler Internet Access cloud or via the API.\n\n## Example Usage\n\n```hcl\nresource \"zia_dlp_notification_templates\" \"example\" {\n    name                = \"DLP Auditor Template Test\"\n    subject             = \"DLP Violation: ${TRANSACTION_ID} ${ENGINES}\"\n    attach_content      = true\n    tls_enabled         = true\n    html_message        = file(\"./index.html\")\n    plain_text_message = file(\"./dlp.txt\")\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_dlp_notification_templates** can be imported by using `\u003cTEMPLATE ID\u003e` or `\u003cTEMPLATE NAME\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/dLPNotificationTemplates:DLPNotificationTemplates example \u003ctemplate_id\u003e\n```\n\nor\n\n```sh\n$ pulumi import zia:index/dLPNotificationTemplates:DLPNotificationTemplates example \u003ctemplate_name\u003e\n```\n\n","properties":{"attachContent":{"type":"boolean","description":"f set to true, the content that is violation is attached to the DLP notification email"},"htmlMessage":{"type":"string","description":"The template for the HTML message body that must be displayed in the DLP notification email"},"name":{"type":"string","description":"The DLP notification template name"},"plainTextMessage":{"type":"string","description":"The template for the plain text UTF-8 message body that must be displayed in the DLP notification email"},"subject":{"type":"string","description":"The Subject line that is displayed within the DLP notification email"},"templateId":{"type":"integer","description":"The unique identifier for a DLP notification template"},"tlsEnabled":{"type":"boolean","description":"If set to true, TLS will be enabled"}},"required":["htmlMessage","name","plainTextMessage","subject","templateId"],"inputProperties":{"attachContent":{"type":"boolean","description":"f set to true, the content that is violation is attached to the DLP notification email"},"htmlMessage":{"type":"string","description":"The template for the HTML message body that must be displayed in the DLP notification email"},"name":{"type":"string","description":"The DLP notification template name"},"plainTextMessage":{"type":"string","description":"The template for the plain text UTF-8 message body that must be displayed in the DLP notification email"},"subject":{"type":"string","description":"The Subject line that is displayed within the DLP notification email"},"tlsEnabled":{"type":"boolean","description":"If set to true, TLS will be enabled"}},"requiredInputs":["htmlMessage","plainTextMessage","subject"],"stateInputs":{"description":"Input properties used for looking up and filtering DLPNotificationTemplates resources.\n","properties":{"attachContent":{"type":"boolean","description":"f set to true, the content that is violation is attached to the DLP notification email"},"htmlMessage":{"type":"string","description":"The template for the HTML message body that must be displayed in the DLP notification email"},"name":{"type":"string","description":"The DLP notification template name"},"plainTextMessage":{"type":"string","description":"The template for the plain text UTF-8 message body that must be displayed in the DLP notification email"},"subject":{"type":"string","description":"The Subject line that is displayed within the DLP notification email"},"templateId":{"type":"integer","description":"The unique identifier for a DLP notification template"},"tlsEnabled":{"type":"boolean","description":"If set to true, TLS will be enabled"}},"type":"object"}},"zia:index/dLPWebRules:DLPWebRules":{"description":"* [Official documentation](https://help.zscaler.com/zia/configuring-dlp-policy-rules-content-inspection#Rules)\n* [API documentation](https://help.zscaler.com/zia/data-loss-prevention#/webDlpRules-get)\n\nThe **zia_dlp_web_rules** resource allows the creation and management of ZIA DLP Web Rules in the Zscaler Internet Access cloud or via the API.\n\n⚠️ **WARNING:** Zscaler Internet Access DLP supports a maximum of 127 Web DLP Rules to be created via API.\n\n## Example Usage\n\n### \"FTCATEGORY_ALL_OUTBOUND\" File Type\"\n\n```hcl\ndata \"zia_dlp_engines\" \"this\" {\n  predefined_engine_name = \"EXTERNAL\"\n}\n\nresource \"zia_dlp_web_rules\" \"this\" {\n  name                       = \"Example\"\n  description                = \"Example\"\n  action                     = \"BLOCK\"\n  order                      = 1\n  rank                       = 7\n  state                      = \"ENABLED\"\n  protocols                  = [ \"FTP_RULE\", \"HTTPS_RULE\", \"HTTP_RULE\" ]\n  file_types                 = [ \"FTCATEGORY_ALL_OUTBOUND\" ]\n  zscaler_incident_receiver  = false\n  without_content_inspection = true\n  user_risk_score_levels     = [ \"LOW\", \"MEDIUM\", \"HIGH\", \"CRITICAL\" ]\n  severity                   = \"RULE_SEVERITY_HIGH\"\n  dlp_engines {\n    id = [ data.zia_dlp_engines.this.id ]\n  }\n}\n```\n\n```hcl\n// Example 1: Using data source to reference existing URL category\ndata \"zia_url_categories\" \"existing_category\" {\n    configured_name = \"Example\"\n}\n\n// Example 2: Creating new URL category and referencing it\nresource \"zia_url_categories\" \"new_category\" {\n  configured_name = \"Custom_Category\"\n  description     = \"Custom category for DLP rules\"\n  custom_category = true\n  super_category  = \"USER_DEFINED\"\n  type            = \"URL_CATEGORY\"\n}\n\n// Retrieve an ICAP Server by Name\ndata \"zia_dlp_icap_servers\" \"this\" {\n  name = \"ZS_ICAP_01\"\n}\n\nresource \"zia_dlp_web_rules\" \"this\" {\n  name                      = \"Terraform_Test\"\n  description               = \"Terraform_Test\"\n  action                    = \"BLOCK\"\n  order                     = 1\n  protocols                 = [\"FTP_RULE\", \"HTTPS_RULE\", \"HTTP_RULE\"]\n  rank                      = 7\n  state                     = \"ENABLED\"\n  zscaler_incident_receiver = true\n  without_content_inspection = false\n  url_categories {\n    id = [ data.zia_url_categories.existing_category.val ]\n  }\n  icap_server {\n    id = data.zia_dlp_icap_servers.this.id\n  }\n}\n\nresource \"zia_dlp_web_rules\" \"with_new_category\" {\n  name                      = \"Terraform_Test_New_Category\"\n  description               = \"Terraform_Test with new category\"\n  action                    = \"BLOCK\"\n  order                     = 2\n  protocols                 = [\"FTP_RULE\", \"HTTPS_RULE\", \"HTTP_RULE\"]\n  rank                      = 7\n  state                     = \"ENABLED\"\n  zscaler_incident_receiver = true\n  without_content_inspection = false\n  url_categories {\n    id = [ zia_url_categories.new_category.val ]\n  }\n  icap_server {\n    id = data.zia_dlp_icap_servers.this.id\n  }\n}\n```\n\n### \"FTCATEGORY_ALL_OUTBOUND\" File Type - New\"\n\n```hcl\ndata \"zia_dlp_engines\" \"this\" {\n  predefined_engine_name = \"EXTERNAL\"\n}\n\ndata \"zia_file_type_categories\" \"this\" {\n    name = \"FileType01\"\n}\n\nresource \"zia_dlp_web_rules\" \"this\" {\n  name                       = \"Example\"\n  description                = \"Example\"\n  action                     = \"BLOCK\"\n  order                      = 1\n  rank                       = 7\n  state                      = \"ENABLED\"\n  protocols                  = [ \"FTP_RULE\", \"HTTPS_RULE\", \"HTTP_RULE\" ]\n  zscaler_incident_receiver  = false\n  without_content_inspection = true\n  user_risk_score_levels     = [ \"LOW\", \"MEDIUM\", \"HIGH\", \"CRITICAL\" ]\n  severity                   = \"RULE_SEVERITY_HIGH\"\n  file_type_categories {\n    id = [ data.zia_file_type_categories.this.id ]\n  }\n  dlp_engines {\n    id = [ data.zia_dlp_engines.this.id ]\n  }\n}\n```\n\n### \"Specify Incident Receiver Setting\"\n\n```hcl\n// Retrieve a custom URL Category by Name\ndata \"zia_url_categories\" \"this\"{\n    configured_name = \"Example\"\n}\n\n// Retrieve a Incident Receiver by Name\ndata \"zia_dlp_incident_receiver_servers\" \"this\" {\n  name = \"ZS_INC_RECEIVER_01\"\n}\n\nresource \"zia_dlp_web_rules\" \"this\" {\n  name                      = \"Terraform_Test\"\n  description               = \"Terraform_Test\"\n  action                    = \"BLOCK\"\n  order                     = 1\n  protocols                 = [\"FTP_RULE\", \"HTTPS_RULE\", \"HTTP_RULE\"]\n  rank                      = 7\n  state                     = \"ENABLED\"\n  zscaler_incident_receiver = true\n  without_content_inspection = false\n  url_categories {\n    id = [ data.zia_url_categories.this.val ]\n  }\n  icap_server {\n    id = data.zia_dlp_incident_receiver_servers.this.id\n  }\n  notification_template {\n    id = data.zia_dlp_notification_templates.this.id\n  }\n}\n```\n\n### \"Creating Parent Rules And SubRules\"\n\n⚠️ **WARNING:** Destroying a parent rule will also destroy all subrules\n\n **NOTE** Exception rules can be configured only when the inline DLP rule evaluation type is set\n to evaluate all DLP rules in the DLP Advanced Settings.\n To learn more, see [Configuring DLP Advanced Settings](https://help.zscaler.com/%22/zia/configuring-dlp-advanced-settings/%22)\n\n```hcl\nresource \"zia_dlp_web_rules\" \"parent_rule\" {\n  name                       = \"ParentRule1\"\n  description                = \"ParentRule1\"\n  action                     = \"ALLOW\"\n  state                      = \"ENABLED\"\n  order                      = 1\n  rank                       = 0\n  protocols                  = [\"FTP_RULE\", \"HTTPS_RULE\", \"HTTP_RULE\"]\n  cloud_applications         = [\"GOOGLE_WEBMAIL\", \"WINDOWS_LIVE_HOTMAIL\"]\n  without_content_inspection = false\n  match_only                 = false\n  min_size                   = 20\n  zscaler_incident_receiver  = true\n}\n\nresource \"zia_dlp_web_rules\" \"subrule1\" {\n  name                       = \"SubRule1\"\n  description                = \"SubRule1\"\n  action                     = \"ALLOW\"\n  state                      = \"ENABLED\"\n  order                      = 1\n  rank                       = 0\n  protocols                  = [\"FTP_RULE\", \"HTTPS_RULE\", \"HTTP_RULE\"]\n  cloud_applications         = [\"GOOGLE_WEBMAIL\", \"WINDOWS_LIVE_HOTMAIL\"]\n  without_content_inspection = false\n  match_only                 = false\n  parent_rule = zia_dlp_web_rules.parent_rule.id\n}\n```\n\n### \"Configuring Receiver For DLP Policy Rule\"\n\n```hcl\nresource \"zia_dlp_web_rules\" \"with_receiver\" {\n  name                       = \"Terraform_Test_with_Receiver\"\n  description                = \"DLP rule with receiver configuration\"\n  action                     = \"ALLOW\"\n  state                      = \"ENABLED\"\n  order                      = 1\n  rank                       = 0\n  protocols                  = [\n    \"WEBSOCKETSSL_RULE\",\n    \"WEBSOCKET_RULE\",\n    \"FTP_RULE\",\n    \"HTTPS_RULE\",\n    \"HTTP_RULE\"\n  ]\n  severity = \"RULE_SEVERITY_HIGH\"\n\n  # Basic receiver configuration with just ID\n  receiver {\n    id = \"23136553\"\n  }\n}\n```\n\n### Configure Cloud To Cloud Forwarding\n\n```hcl\n# Retrieve Cloud-to-Cloud Incident Receiver (C2CIR) information\ndata \"zia_dlp_cloud_to_cloud_ir\" \"this\" {\n  name = \"AzureTenant01\"\n}\n\n# Output the retrieved C2CIR information for reference\noutput \"zia_dlp_cloud_to_cloud_ir\" {\n  value = data.zia_dlp_cloud_to_cloud_ir.this\n}\n\nresource \"zia_dlp_web_rules\" \"this\" {\n  name                       = \"Terraform_Test_policy_prod_tf\"\n  description                = \"Terraform_Test_policy_prod_tf\"\n  action                     = \"ALLOW\"\n  state                      = \"ENABLED\"\n  order                      = 1\n  rank                       = 0\n  protocols                  = [\n        \"WEBSOCKETSSL_RULE\",\n        \"WEBSOCKET_RULE\",\n        \"FTP_RULE\",\n        \"HTTPS_RULE\",\n        \"HTTP_RULE\"\n    ]\n  severity = \"RULE_SEVERITY_HIGH\"\n\n  # Configure receiver using values from the C2CIR data source\n  receiver {\n    id   = tostring(data.zia_dlp_cloud_to_cloud_ir.this.onboardable_entity[0].tenant_authorization_info[0].smir_bucket_config[0].id)\n    name = data.zia_dlp_cloud_to_cloud_ir.this.onboardable_entity[0].tenant_authorization_info[0].smir_bucket_config[0].config_name\n    type = data.zia_dlp_cloud_to_cloud_ir.this.onboardable_entity[0].type\n    tenant {\n      id   = tostring(data.zia_dlp_cloud_to_cloud_ir.this.id)\n      name = data.zia_dlp_cloud_to_cloud_ir.this.name\n    }\n  }\n}\n```\n\n**Note:** The receiver configuration uses values from the C2CIR data source:\n\n* \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e: Uses the SMIR bucket configuration ID (converted to string)\n* \u003cspan pulumi-lang-nodejs=\"`name`\" pulumi-lang-dotnet=\"`Name`\" pulumi-lang-go=\"`name`\" pulumi-lang-python=\"`name`\" pulumi-lang-yaml=\"`name`\" pulumi-lang-java=\"`name`\"\u003e`name`\u003c/span\u003e: Uses the SMIR bucket configuration name\n* \u003cspan pulumi-lang-nodejs=\"`type`\" pulumi-lang-dotnet=\"`Type`\" pulumi-lang-go=\"`type`\" pulumi-lang-python=\"`type`\" pulumi-lang-yaml=\"`type`\" pulumi-lang-java=\"`type`\"\u003e`type`\u003c/span\u003e: Uses the onboardable entity type (e.g., \"C2CIR\")\n* `tenant.id`: Uses the C2CIR tenant ID (converted to string)\n* `tenant.name`: Uses the C2CIR tenant name\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_dlp_web_rules** can be imported by using `\u003cRULE ID\u003e` or `\u003cRULE NAME\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/dLPWebRules:DLPWebRules example \u003crule_id\u003e\n```\n\nor\n\n```sh\n$ pulumi import zia:index/dLPWebRules:DLPWebRules example \u003crule_name\u003e\n```\n\n","properties":{"action":{"type":"string","description":"The action taken when traffic matches the DLP policy rule criteria."},"auditors":{"type":"array","items":{"$ref":"#/types/zia:index/DLPWebRulesAuditor:DLPWebRulesAuditor"},"description":"The auditor to which the DLP policy rule must be applied"},"cloudApplications":{"type":"array","items":{"type":"string"},"description":"The list of cloud applications to which the DLP policy rule must be applied\n\t\t\t\tUse the data source\u003cspan pulumi-lang-nodejs=\" zia.getCloudApplications \" pulumi-lang-dotnet=\" zia.getCloudApplications \" pulumi-lang-go=\" getCloudApplications \" pulumi-lang-python=\" get_cloud_applications \" pulumi-lang-yaml=\" zia.getCloudApplications \" pulumi-lang-java=\" zia.getCloudApplications \"\u003e zia.getCloudApplications \u003c/span\u003eto get the list of available cloud applications:\n\t\t\t\thttps://registry.terraform.io/providers/zscaler/zia/latest/docs/data-sources/zia_cloud_applications"},"departments":{"$ref":"#/types/zia:index/DLPWebRulesDepartments:DLPWebRulesDepartments","description":"The Name-ID pairs of departments to which the DLP policy rule must be applied"},"description":{"type":"string","description":"The description of the DLP policy rule."},"dlpDownloadScanEnabled":{"type":"boolean","description":"Indicates a DLP policy rule without content inspection, when the value is set to true."},"dlpEngines":{"$ref":"#/types/zia:index/DLPWebRulesDlpEngines:DLPWebRulesDlpEngines","description":"The list of DLP engines to which the DLP policy rule must be applied"},"eunTemplateId":{"type":"integer","description":"The EUN template ID associated with the rule"},"excludedDepartments":{"$ref":"#/types/zia:index/DLPWebRulesExcludedDepartments:DLPWebRulesExcludedDepartments","description":"The Name-ID pairs of departments which the DLP policy rule must exclude"},"excludedDomainProfiles":{"$ref":"#/types/zia:index/DLPWebRulesExcludedDomainProfiles:DLPWebRulesExcludedDomainProfiles","description":"The Name-ID pairs of domain profiles to which the DLP policy rule must exclude"},"excludedGroups":{"$ref":"#/types/zia:index/DLPWebRulesExcludedGroups:DLPWebRulesExcludedGroups","description":"The Name-ID pairs of groups which the DLP policy rule must exclude"},"excludedUsers":{"$ref":"#/types/zia:index/DLPWebRulesExcludedUsers:DLPWebRulesExcludedUsers","description":"The Name-ID pairs of users which the DLP policy rule must exclude"},"externalAuditorEmail":{"type":"string","description":"The email address of an external auditor to whom DLP email notifications are sent"},"fileTypeCategories":{"$ref":"#/types/zia:index/DLPWebRulesFileTypeCategories:DLPWebRulesFileTypeCategories","description":"The list of file types to which the rule applies"},"fileTypes":{"type":"array","items":{"type":"string"},"description":"The list of file types for which the DLP policy rule must be applied,\n\t\t\t\tSee the Web DLP Rules API for the list of available File types:\n\t\t\t\thttps://help.zscaler.com/zia/data-loss-prevention#/webDlpRules-get"},"groups":{"$ref":"#/types/zia:index/DLPWebRulesGroups:DLPWebRulesGroups","description":"The Name-ID pairs of groups to which the DLP policy rule must be applied"},"icapServers":{"type":"array","items":{"$ref":"#/types/zia:index/DLPWebRulesIcapServer:DLPWebRulesIcapServer"},"description":"The DLP server, using ICAP, to which the transaction content is forwarded"},"includedDomainProfiles":{"$ref":"#/types/zia:index/DLPWebRulesIncludedDomainProfiles:DLPWebRulesIncludedDomainProfiles","description":"The Name-ID pairs of domain profiiles which the DLP policy rule must include"},"inspectHttpGetEnabled":{"type":"boolean"},"labels":{"$ref":"#/types/zia:index/DLPWebRulesLabels:DLPWebRulesLabels","description":"list of Labels that are applicable to the rule"},"locationGroups":{"$ref":"#/types/zia:index/DLPWebRulesLocationGroups:DLPWebRulesLocationGroups","description":"The Name-ID pairs of locations groups to which the DLP policy rule must be applied"},"locations":{"$ref":"#/types/zia:index/DLPWebRulesLocations:DLPWebRulesLocations","description":"The Name-ID pairs of locations to which the DLP policy rule must be applied"},"matchOnly":{"type":"boolean","description":"The match only criteria for DLP engines."},"minSize":{"type":"integer","description":"The minimum file size (in KB) used for evaluation of the DLP policy rule."},"name":{"type":"string","description":"The DLP policy rule name."},"notificationTemplates":{"type":"array","items":{"$ref":"#/types/zia:index/DLPWebRulesNotificationTemplate:DLPWebRulesNotificationTemplate"},"description":"The template used for DLP notification emails"},"order":{"type":"integer","description":"The rule order of execution for the DLP policy rule with respect to other rules."},"parentRule":{"type":"integer","description":"The unique identifier of the parent rule under which an exception rule is added"},"protocols":{"type":"array","items":{"type":"string"},"description":"The protocol criteria specified for the DLP policy rule."},"rank":{"type":"integer","description":"Admin rank of the admin who creates this rule"},"receiver":{"$ref":"#/types/zia:index/DLPWebRulesReceiver:DLPWebRulesReceiver","description":"The receiver information for the DLP policy rule"},"ruleId":{"type":"integer"},"severity":{"type":"string","description":"Indicates the severity selected for the DLP rule violation"},"sourceIpGroups":{"$ref":"#/types/zia:index/DLPWebRulesSourceIpGroups:DLPWebRulesSourceIpGroups","description":"list of source ip groups"},"state":{"type":"string","description":"Enables or disables the DLP policy rule."},"subRules":{"type":"array","items":{"type":"string"},"description":"The list of exception rules added to a parent rule"},"timeWindows":{"$ref":"#/types/zia:index/DLPWebRulesTimeWindows:DLPWebRulesTimeWindows","description":"list of source ip groups"},"urlCategories":{"$ref":"#/types/zia:index/DLPWebRulesUrlCategories:DLPWebRulesUrlCategories","description":"The list of URL categories to which the DLP policy rule must be applied"},"userRiskScoreLevels":{"type":"array","items":{"type":"string"}},"users":{"$ref":"#/types/zia:index/DLPWebRulesUsers:DLPWebRulesUsers","description":"The Name-ID pairs of users to which the DLP policy rule must be applied"},"withoutContentInspection":{"type":"boolean","description":"Indicates a DLP policy rule without content inspection, when the value is set to true."},"workloadGroups":{"type":"array","items":{"$ref":"#/types/zia:index/DLPWebRulesWorkloadGroup:DLPWebRulesWorkloadGroup"},"description":"The list of preconfigured workload groups to which the policy must be applied"},"zccNotificationsEnabled":{"type":"boolean","description":"Indicates a DLP policy rule without content inspection, when the value is set to true."},"zscalerIncidentReceiver":{"type":"boolean","description":"Indicates whether a Zscaler Incident Receiver is associated to the DLP policy rule"}},"required":["action","dlpDownloadScanEnabled","fileTypes","matchOnly","minSize","name","order","parentRule","protocols","rank","ruleId","severity","state","subRules","userRiskScoreLevels","withoutContentInspection","workloadGroups","zccNotificationsEnabled"],"inputProperties":{"action":{"type":"string","description":"The action taken when traffic matches the DLP policy rule criteria."},"auditors":{"type":"array","items":{"$ref":"#/types/zia:index/DLPWebRulesAuditor:DLPWebRulesAuditor"},"description":"The auditor to which the DLP policy rule must be applied"},"cloudApplications":{"type":"array","items":{"type":"string"},"description":"The list of cloud applications to which the DLP policy rule must be applied\n\t\t\t\tUse the data source\u003cspan pulumi-lang-nodejs=\" zia.getCloudApplications \" pulumi-lang-dotnet=\" zia.getCloudApplications \" pulumi-lang-go=\" getCloudApplications \" pulumi-lang-python=\" get_cloud_applications \" pulumi-lang-yaml=\" zia.getCloudApplications \" pulumi-lang-java=\" zia.getCloudApplications \"\u003e zia.getCloudApplications \u003c/span\u003eto get the list of available cloud applications:\n\t\t\t\thttps://registry.terraform.io/providers/zscaler/zia/latest/docs/data-sources/zia_cloud_applications"},"departments":{"$ref":"#/types/zia:index/DLPWebRulesDepartments:DLPWebRulesDepartments","description":"The Name-ID pairs of departments to which the DLP policy rule must be applied"},"description":{"type":"string","description":"The description of the DLP policy rule."},"dlpDownloadScanEnabled":{"type":"boolean","description":"Indicates a DLP policy rule without content inspection, when the value is set to true."},"dlpEngines":{"$ref":"#/types/zia:index/DLPWebRulesDlpEngines:DLPWebRulesDlpEngines","description":"The list of DLP engines to which the DLP policy rule must be applied"},"eunTemplateId":{"type":"integer","description":"The EUN template ID associated with the rule"},"excludedDepartments":{"$ref":"#/types/zia:index/DLPWebRulesExcludedDepartments:DLPWebRulesExcludedDepartments","description":"The Name-ID pairs of departments which the DLP policy rule must exclude"},"excludedDomainProfiles":{"$ref":"#/types/zia:index/DLPWebRulesExcludedDomainProfiles:DLPWebRulesExcludedDomainProfiles","description":"The Name-ID pairs of domain profiles to which the DLP policy rule must exclude"},"excludedGroups":{"$ref":"#/types/zia:index/DLPWebRulesExcludedGroups:DLPWebRulesExcludedGroups","description":"The Name-ID pairs of groups which the DLP policy rule must exclude"},"excludedUsers":{"$ref":"#/types/zia:index/DLPWebRulesExcludedUsers:DLPWebRulesExcludedUsers","description":"The Name-ID pairs of users which the DLP policy rule must exclude"},"externalAuditorEmail":{"type":"string","description":"The email address of an external auditor to whom DLP email notifications are sent"},"fileTypeCategories":{"$ref":"#/types/zia:index/DLPWebRulesFileTypeCategories:DLPWebRulesFileTypeCategories","description":"The list of file types to which the rule applies"},"fileTypes":{"type":"array","items":{"type":"string"},"description":"The list of file types for which the DLP policy rule must be applied,\n\t\t\t\tSee the Web DLP Rules API for the list of available File types:\n\t\t\t\thttps://help.zscaler.com/zia/data-loss-prevention#/webDlpRules-get"},"groups":{"$ref":"#/types/zia:index/DLPWebRulesGroups:DLPWebRulesGroups","description":"The Name-ID pairs of groups to which the DLP policy rule must be applied"},"icapServers":{"type":"array","items":{"$ref":"#/types/zia:index/DLPWebRulesIcapServer:DLPWebRulesIcapServer"},"description":"The DLP server, using ICAP, to which the transaction content is forwarded"},"includedDomainProfiles":{"$ref":"#/types/zia:index/DLPWebRulesIncludedDomainProfiles:DLPWebRulesIncludedDomainProfiles","description":"The Name-ID pairs of domain profiiles which the DLP policy rule must include"},"inspectHttpGetEnabled":{"type":"boolean"},"labels":{"$ref":"#/types/zia:index/DLPWebRulesLabels:DLPWebRulesLabels","description":"list of Labels that are applicable to the rule"},"locationGroups":{"$ref":"#/types/zia:index/DLPWebRulesLocationGroups:DLPWebRulesLocationGroups","description":"The Name-ID pairs of locations groups to which the DLP policy rule must be applied"},"locations":{"$ref":"#/types/zia:index/DLPWebRulesLocations:DLPWebRulesLocations","description":"The Name-ID pairs of locations to which the DLP policy rule must be applied"},"matchOnly":{"type":"boolean","description":"The match only criteria for DLP engines."},"minSize":{"type":"integer","description":"The minimum file size (in KB) used for evaluation of the DLP policy rule."},"name":{"type":"string","description":"The DLP policy rule name."},"notificationTemplates":{"type":"array","items":{"$ref":"#/types/zia:index/DLPWebRulesNotificationTemplate:DLPWebRulesNotificationTemplate"},"description":"The template used for DLP notification emails"},"order":{"type":"integer","description":"The rule order of execution for the DLP policy rule with respect to other rules."},"parentRule":{"type":"integer","description":"The unique identifier of the parent rule under which an exception rule is added"},"protocols":{"type":"array","items":{"type":"string"},"description":"The protocol criteria specified for the DLP policy rule."},"rank":{"type":"integer","description":"Admin rank of the admin who creates this rule"},"receiver":{"$ref":"#/types/zia:index/DLPWebRulesReceiver:DLPWebRulesReceiver","description":"The receiver information for the DLP policy rule"},"severity":{"type":"string","description":"Indicates the severity selected for the DLP rule violation"},"sourceIpGroups":{"$ref":"#/types/zia:index/DLPWebRulesSourceIpGroups:DLPWebRulesSourceIpGroups","description":"list of source ip groups"},"state":{"type":"string","description":"Enables or disables the DLP policy rule."},"subRules":{"type":"array","items":{"type":"string"},"description":"The list of exception rules added to a parent rule"},"timeWindows":{"$ref":"#/types/zia:index/DLPWebRulesTimeWindows:DLPWebRulesTimeWindows","description":"list of source ip groups"},"urlCategories":{"$ref":"#/types/zia:index/DLPWebRulesUrlCategories:DLPWebRulesUrlCategories","description":"The list of URL categories to which the DLP policy rule must be applied"},"userRiskScoreLevels":{"type":"array","items":{"type":"string"}},"users":{"$ref":"#/types/zia:index/DLPWebRulesUsers:DLPWebRulesUsers","description":"The Name-ID pairs of users to which the DLP policy rule must be applied"},"withoutContentInspection":{"type":"boolean","description":"Indicates a DLP policy rule without content inspection, when the value is set to true."},"workloadGroups":{"type":"array","items":{"$ref":"#/types/zia:index/DLPWebRulesWorkloadGroup:DLPWebRulesWorkloadGroup"},"description":"The list of preconfigured workload groups to which the policy must be applied"},"zccNotificationsEnabled":{"type":"boolean","description":"Indicates a DLP policy rule without content inspection, when the value is set to true."},"zscalerIncidentReceiver":{"type":"boolean","description":"Indicates whether a Zscaler Incident Receiver is associated to the DLP policy rule"}},"requiredInputs":["order"],"stateInputs":{"description":"Input properties used for looking up and filtering DLPWebRules resources.\n","properties":{"action":{"type":"string","description":"The action taken when traffic matches the DLP policy rule criteria."},"auditors":{"type":"array","items":{"$ref":"#/types/zia:index/DLPWebRulesAuditor:DLPWebRulesAuditor"},"description":"The auditor to which the DLP policy rule must be applied"},"cloudApplications":{"type":"array","items":{"type":"string"},"description":"The list of cloud applications to which the DLP policy rule must be applied\n\t\t\t\tUse the data source\u003cspan pulumi-lang-nodejs=\" zia.getCloudApplications \" pulumi-lang-dotnet=\" zia.getCloudApplications \" pulumi-lang-go=\" getCloudApplications \" pulumi-lang-python=\" get_cloud_applications \" pulumi-lang-yaml=\" zia.getCloudApplications \" pulumi-lang-java=\" zia.getCloudApplications \"\u003e zia.getCloudApplications \u003c/span\u003eto get the list of available cloud applications:\n\t\t\t\thttps://registry.terraform.io/providers/zscaler/zia/latest/docs/data-sources/zia_cloud_applications"},"departments":{"$ref":"#/types/zia:index/DLPWebRulesDepartments:DLPWebRulesDepartments","description":"The Name-ID pairs of departments to which the DLP policy rule must be applied"},"description":{"type":"string","description":"The description of the DLP policy rule."},"dlpDownloadScanEnabled":{"type":"boolean","description":"Indicates a DLP policy rule without content inspection, when the value is set to true."},"dlpEngines":{"$ref":"#/types/zia:index/DLPWebRulesDlpEngines:DLPWebRulesDlpEngines","description":"The list of DLP engines to which the DLP policy rule must be applied"},"eunTemplateId":{"type":"integer","description":"The EUN template ID associated with the rule"},"excludedDepartments":{"$ref":"#/types/zia:index/DLPWebRulesExcludedDepartments:DLPWebRulesExcludedDepartments","description":"The Name-ID pairs of departments which the DLP policy rule must exclude"},"excludedDomainProfiles":{"$ref":"#/types/zia:index/DLPWebRulesExcludedDomainProfiles:DLPWebRulesExcludedDomainProfiles","description":"The Name-ID pairs of domain profiles to which the DLP policy rule must exclude"},"excludedGroups":{"$ref":"#/types/zia:index/DLPWebRulesExcludedGroups:DLPWebRulesExcludedGroups","description":"The Name-ID pairs of groups which the DLP policy rule must exclude"},"excludedUsers":{"$ref":"#/types/zia:index/DLPWebRulesExcludedUsers:DLPWebRulesExcludedUsers","description":"The Name-ID pairs of users which the DLP policy rule must exclude"},"externalAuditorEmail":{"type":"string","description":"The email address of an external auditor to whom DLP email notifications are sent"},"fileTypeCategories":{"$ref":"#/types/zia:index/DLPWebRulesFileTypeCategories:DLPWebRulesFileTypeCategories","description":"The list of file types to which the rule applies"},"fileTypes":{"type":"array","items":{"type":"string"},"description":"The list of file types for which the DLP policy rule must be applied,\n\t\t\t\tSee the Web DLP Rules API for the list of available File types:\n\t\t\t\thttps://help.zscaler.com/zia/data-loss-prevention#/webDlpRules-get"},"groups":{"$ref":"#/types/zia:index/DLPWebRulesGroups:DLPWebRulesGroups","description":"The Name-ID pairs of groups to which the DLP policy rule must be applied"},"icapServers":{"type":"array","items":{"$ref":"#/types/zia:index/DLPWebRulesIcapServer:DLPWebRulesIcapServer"},"description":"The DLP server, using ICAP, to which the transaction content is forwarded"},"includedDomainProfiles":{"$ref":"#/types/zia:index/DLPWebRulesIncludedDomainProfiles:DLPWebRulesIncludedDomainProfiles","description":"The Name-ID pairs of domain profiiles which the DLP policy rule must include"},"inspectHttpGetEnabled":{"type":"boolean"},"labels":{"$ref":"#/types/zia:index/DLPWebRulesLabels:DLPWebRulesLabels","description":"list of Labels that are applicable to the rule"},"locationGroups":{"$ref":"#/types/zia:index/DLPWebRulesLocationGroups:DLPWebRulesLocationGroups","description":"The Name-ID pairs of locations groups to which the DLP policy rule must be applied"},"locations":{"$ref":"#/types/zia:index/DLPWebRulesLocations:DLPWebRulesLocations","description":"The Name-ID pairs of locations to which the DLP policy rule must be applied"},"matchOnly":{"type":"boolean","description":"The match only criteria for DLP engines."},"minSize":{"type":"integer","description":"The minimum file size (in KB) used for evaluation of the DLP policy rule."},"name":{"type":"string","description":"The DLP policy rule name."},"notificationTemplates":{"type":"array","items":{"$ref":"#/types/zia:index/DLPWebRulesNotificationTemplate:DLPWebRulesNotificationTemplate"},"description":"The template used for DLP notification emails"},"order":{"type":"integer","description":"The rule order of execution for the DLP policy rule with respect to other rules."},"parentRule":{"type":"integer","description":"The unique identifier of the parent rule under which an exception rule is added"},"protocols":{"type":"array","items":{"type":"string"},"description":"The protocol criteria specified for the DLP policy rule."},"rank":{"type":"integer","description":"Admin rank of the admin who creates this rule"},"receiver":{"$ref":"#/types/zia:index/DLPWebRulesReceiver:DLPWebRulesReceiver","description":"The receiver information for the DLP policy rule"},"ruleId":{"type":"integer"},"severity":{"type":"string","description":"Indicates the severity selected for the DLP rule violation"},"sourceIpGroups":{"$ref":"#/types/zia:index/DLPWebRulesSourceIpGroups:DLPWebRulesSourceIpGroups","description":"list of source ip groups"},"state":{"type":"string","description":"Enables or disables the DLP policy rule."},"subRules":{"type":"array","items":{"type":"string"},"description":"The list of exception rules added to a parent rule"},"timeWindows":{"$ref":"#/types/zia:index/DLPWebRulesTimeWindows:DLPWebRulesTimeWindows","description":"list of source ip groups"},"urlCategories":{"$ref":"#/types/zia:index/DLPWebRulesUrlCategories:DLPWebRulesUrlCategories","description":"The list of URL categories to which the DLP policy rule must be applied"},"userRiskScoreLevels":{"type":"array","items":{"type":"string"}},"users":{"$ref":"#/types/zia:index/DLPWebRulesUsers:DLPWebRulesUsers","description":"The Name-ID pairs of users to which the DLP policy rule must be applied"},"withoutContentInspection":{"type":"boolean","description":"Indicates a DLP policy rule without content inspection, when the value is set to true."},"workloadGroups":{"type":"array","items":{"$ref":"#/types/zia:index/DLPWebRulesWorkloadGroup:DLPWebRulesWorkloadGroup"},"description":"The list of preconfigured workload groups to which the policy must be applied"},"zccNotificationsEnabled":{"type":"boolean","description":"Indicates a DLP policy rule without content inspection, when the value is set to true."},"zscalerIncidentReceiver":{"type":"boolean","description":"Indicates whether a Zscaler Incident Receiver is associated to the DLP policy rule"}},"type":"object"}},"zia:index/endUserNotification:EndUserNotification":{"description":"* [Official documentation](https://help.zscaler.com/zia/understanding-browser-based-end-user-notifications)\n* [API documentation](https://help.zscaler.com/zia/end-user-notifications#/eun-get)\n\nThe **zia_end_user_notification** resource allows you to update the browser-based end user notification (EUN) configuration details. To learn more see [Understanding Browser-Based End User Notifications](https://help.zscaler.com/unified/understanding-browser-based-end-user-notifications)\n\n## Example Usage\n\n### NOTIFICATION TYPE - DEFAULT\n\n```hcl\n# END USER NOTIFICATION TYPE - DEFAULT\nresource \"zia_end_user_notification\" \"this\" {\n  aup_frequency     = \"NEVER\"\n  aup_message       = \"Please review and accept the terms.\"\n  notification_type = \"DEFAULT\"\n  custom_text       = \"Website blocked\"\n\n  url_cat_review_enabled                  = true\n  url_cat_review_submit_to_security_cloud = true\n  url_cat_review_text                     = \"Click here to submit a review request.\"\n\n  security_review_enabled                  = true\n  security_review_submit_to_security_cloud = true\n  security_review_text                     = \"Request a security review if this message appears in error.\"\n\n  web_dlp_review_enabled                  = true\n  web_dlp_review_submit_to_security_cloud = false\n  web_dlp_review_custom_location          = \"https://dlp-review-location.com\"\n  web_dlp_review_text                     = \"This file is being reviewed for security reasons.\"\n\n  redirect_url    = \"https://dlp-review-location.com\"\n  support_email   = \"support@8061240.zscalerbeta.net\"\n  support_phone   = \"+91-9000000000\"\n  org_policy_link = \"http://8061240.zscalerbeta.net/policy.html\"\n\n  caution_again_after = 300\n  caution_per_domain  = true\n  caution_custom_text = \"Access to this site is restricted. Proceed with caution.\"\n\n  idp_proxy_notification_text         = \"Your connection is being proxied through the organization's secure access service.\"\n  quarantine_custom_notification_text = \"The file is being analyzed for potential security risks. Please wait while the process completes.\"\n}\n```\n\n### NOTIFICATION TYPE - CUSTOM\n\n```hcl\n# END USER NOTIFICATION TYPE - CUSTOM\nresource \"zia_end_user_notification\" \"this\" {\n  aup_frequency     = \"ON_WEEKDAY\"\n  aup_day_offset    = \"1\"\n  aup_message       = \"Please review and accept the terms.\"\n  notification_type = \"CUSTOM\"\n  display_reason    = true\n  display_company_name = true\n  display_company_logo = true\n  custom_text       = \"Website blocked\"\n\n  url_cat_review_enabled                  = true\n  url_cat_review_submit_to_security_cloud = true\n  url_cat_review_custom_location          = \"https://custom-review-location.com\"\n  url_cat_review_text                     = \"Click here to submit a review request.\"\n\n  security_review_enabled                  = true\n  security_review_submit_to_security_cloud = true\n  security_review_custom_location          = \"https://security-review-location.com\"\n  security_review_text                     = \"Request a security review if this message appears in error.\"\n\n  web_dlp_review_enabled                  = true\n  web_dlp_review_submit_to_security_cloud = false\n  web_dlp_review_custom_location          = \"https://dlp-review-location.com\"\n  web_dlp_review_text                     = \"This file is being reviewed for security reasons.\"\n\n  redirect_url    = \"https://dlp-review-location.com\"\n  support_email   = \"support@8061240.zscalerbeta.net\"\n  support_phone   = \"+91-9000000000\"\n  org_policy_link = \"http://8061240.zscalerbeta.net/policy.html\"\n\n  caution_again_after = 300\n  caution_per_domain  = true\n  caution_custom_text = \"Access to this site is restricted. Proceed with caution.\"\n\n  idp_proxy_notification_text         = \"Your connection is being proxied through the organization's secure access service.\"\n  quarantine_custom_notification_text = \"The file is being analyzed for potential security risks. Please wait while the process completes.\"\n}\n```\n\n## Important Notes\n\n**Text Attributes and CSS Styling**: When setting attributes such as \u003cspan pulumi-lang-nodejs=\"`customText`\" pulumi-lang-dotnet=\"`CustomText`\" pulumi-lang-go=\"`customText`\" pulumi-lang-python=\"`custom_text`\" pulumi-lang-yaml=\"`customText`\" pulumi-lang-java=\"`customText`\"\u003e`custom_text`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`urlCatReviewText`\" pulumi-lang-dotnet=\"`UrlCatReviewText`\" pulumi-lang-go=\"`urlCatReviewText`\" pulumi-lang-python=\"`url_cat_review_text`\" pulumi-lang-yaml=\"`urlCatReviewText`\" pulumi-lang-java=\"`urlCatReviewText`\"\u003e`url_cat_review_text`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`securityReviewText`\" pulumi-lang-dotnet=\"`SecurityReviewText`\" pulumi-lang-go=\"`securityReviewText`\" pulumi-lang-python=\"`security_review_text`\" pulumi-lang-yaml=\"`securityReviewText`\" pulumi-lang-java=\"`securityReviewText`\"\u003e`security_review_text`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`webDlpReviewText`\" pulumi-lang-dotnet=\"`WebDlpReviewText`\" pulumi-lang-go=\"`webDlpReviewText`\" pulumi-lang-python=\"`web_dlp_review_text`\" pulumi-lang-yaml=\"`webDlpReviewText`\" pulumi-lang-java=\"`webDlpReviewText`\"\u003e`web_dlp_review_text`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`cautionCustomText`\" pulumi-lang-dotnet=\"`CautionCustomText`\" pulumi-lang-go=\"`cautionCustomText`\" pulumi-lang-python=\"`caution_custom_text`\" pulumi-lang-yaml=\"`cautionCustomText`\" pulumi-lang-java=\"`cautionCustomText`\"\u003e`caution_custom_text`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`idpProxyNotificationText`\" pulumi-lang-dotnet=\"`IdpProxyNotificationText`\" pulumi-lang-go=\"`idpProxyNotificationText`\" pulumi-lang-python=\"`idp_proxy_notification_text`\" pulumi-lang-yaml=\"`idpProxyNotificationText`\" pulumi-lang-java=\"`idpProxyNotificationText`\"\u003e`idp_proxy_notification_text`\u003c/span\u003e, and \u003cspan pulumi-lang-nodejs=\"`quarantineCustomNotificationText`\" pulumi-lang-dotnet=\"`QuarantineCustomNotificationText`\" pulumi-lang-go=\"`quarantineCustomNotificationText`\" pulumi-lang-python=\"`quarantine_custom_notification_text`\" pulumi-lang-yaml=\"`quarantineCustomNotificationText`\" pulumi-lang-java=\"`quarantineCustomNotificationText`\"\u003e`quarantine_custom_notification_text`\u003c/span\u003e, we recommend using heredocs (EOT) especially when including CSS stylesheets. This ensures proper formatting and readability of complex text content.\n\n**JavaScript Limitation**: The ZIA API currently does not accept JavaScript tags in notification text attributes. Using JavaScript tags will result in an HTTP 406 Rejected error. For more information on customizing EUN CSS styles, see the [Zscaler documentation](https://help.zscaler.com/zia/customizing-euns-css-styles).\n\n### Example with Heredoc for CSS Styling\n\n```hcl\nresource \"zia_end_user_notification\" \"this\" {\n  notification_type = \"CUSTOM\"\n  custom_text = \u003c\u003cEOT\n    \u003cdiv style=\"background-color: #f0f0f0; padding: 20px; border-radius: 5px;\"\u003e\n      \u003ch2 style=\"color: #333;\"\u003eAccess Blocked\u003c/h2\u003e\n      \u003cp style=\"color: #666;\"\u003eThis website has been blocked for security reasons.\u003c/p\u003e\n    \u003c/div\u003e\n  EOT\n\n  url_cat_review_text = \u003c\u003cEOT\n    \u003cdiv style=\"text-align: center; margin: 10px 0;\"\u003e\n      \u003cbutton style=\"background-color: #007bff; color: white; padding: 10px 20px; border: none; border-radius: 3px;\"\u003e\n        Request Review\n      \u003c/button\u003e\n    \u003c/div\u003e\n  EOT\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_end_user_notification** can be imported by using \u003cspan pulumi-lang-nodejs=\"`enduserNotification`\" pulumi-lang-dotnet=\"`EnduserNotification`\" pulumi-lang-go=\"`enduserNotification`\" pulumi-lang-python=\"`enduser_notification`\" pulumi-lang-yaml=\"`enduserNotification`\" pulumi-lang-java=\"`enduserNotification`\"\u003e`enduser_notification`\u003c/span\u003e as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/endUserNotification:EndUserNotification this \"enduser_notification\"\n```\n\n","properties":{"aupCustomFrequency":{"type":"integer","description":"The custom frequency (in days) for showing the AUP to the end users. Valid range is 0 to 180."},"aupDayOffset":{"type":"integer","description":"Specifies which day of the week or month the AUP is shown for users when aupFrequency is set. Valid range is 0 to 31."},"aupFrequency":{"type":"string","description":"The frequency at which the Acceptable Use Policy (AUP) is shown to the end users"},"aupMessage":{"type":"string","description":"The acceptable use statement that is shown in the AUP"},"cautionAgainAfter":{"type":"integer","description":"The time interval at which the caution notification is shown when users continue browsing a restricted site."},"cautionCustomText":{"type":"string","description":"The custom message that appears in the caution notification"},"cautionPerDomain":{"type":"boolean","description":"Specifies whether to display the caution notification at a specific time interval for URLs in the Miscellaneous or Unknown category."},"customText":{"type":"string","description":"The custom text shown in the EUN"},"displayCompanyLogo":{"type":"boolean","description":"A Boolean value indicating whether your organization's logo appears in the EUN or not"},"displayCompanyName":{"type":"boolean","description":"A Boolean value indicating whether the organization's name appears in the EUN or not"},"displayReason":{"type":"boolean","description":"A Boolean value indicating whether or not the reason for cautioning or blocking access to a site, file, or application is shown when the respective notification is triggered"},"idpProxyNotificationText":{"type":"string","description":"The message that appears in the IdP Proxy notification"},"notificationType":{"type":"string","description":"The type of EUN as default or custom"},"orgPolicyLink":{"type":"string","description":"The URL of the organization's policy page. This field is required for the default notification type."},"quarantineCustomNotificationText":{"type":"string","description":"The message that appears in the quarantine notification"},"redirectUrl":{"type":"string","description":"The redirect URL for the external site hosting the EUN specified when the custom notification type is selected"},"securityReviewCustomLocation":{"type":"string","description":"Value indicating whether or not to include the ECS option in all DNS queries, originating from all locations and remote users."},"securityReviewEnabled":{"type":"boolean","description":"A Boolean value indicating whether the Security Violation notification is enabled or disabled"},"securityReviewSubmitToSecurityCloud":{"type":"boolean","description":"A Boolean value indicating whether users' review requests for blocked URLs are submitted to the Zscaler service (i.e., Security Cloud) or a custom location."},"securityReviewText":{"type":"string","description":"The message that appears in the Security Violation notification"},"supportEmail":{"type":"string","description":"The email address for writing to IT Support"},"supportPhone":{"type":"string","description":"The phone number for contacting IT Support"},"urlCatReviewCustomLocation":{"type":"string","description":"A custom URL location where users' review requests for blocked URLs are sent"},"urlCatReviewEnabled":{"type":"boolean","description":"A Boolean value indicating whether the URL Categorization notification is enabled or disabled"},"urlCatReviewSubmitToSecurityCloud":{"type":"boolean","description":"A Boolean value indicating whether users' review requests for possibly misclassified URLs are submitted to the Zscaler service (i.e., Security Cloud) or a custom location."},"urlCatReviewText":{"type":"string","description":"The message that appears in the URL Categorization notification"},"webDlpReviewCustomLocation":{"type":"string","description":"A custom URL location where users' review requests for the web DLP policy violation are sent"},"webDlpReviewEnabled":{"type":"boolean","description":"A Boolean value indicating whether the Web DLP Violation notification is enabled or disabled"},"webDlpReviewSubmitToSecurityCloud":{"type":"boolean","description":"A Boolean value indicating whether users' review requests for web DLP policy violation are submitted to the Zscaler service (i.e., Security Cloud) or a custom location."},"webDlpReviewText":{"type":"string","description":"The message that appears in the Web DLP Violation notification"}},"inputProperties":{"aupCustomFrequency":{"type":"integer","description":"The custom frequency (in days) for showing the AUP to the end users. Valid range is 0 to 180."},"aupDayOffset":{"type":"integer","description":"Specifies which day of the week or month the AUP is shown for users when aupFrequency is set. Valid range is 0 to 31."},"aupFrequency":{"type":"string","description":"The frequency at which the Acceptable Use Policy (AUP) is shown to the end users"},"aupMessage":{"type":"string","description":"The acceptable use statement that is shown in the AUP"},"cautionAgainAfter":{"type":"integer","description":"The time interval at which the caution notification is shown when users continue browsing a restricted site."},"cautionCustomText":{"type":"string","description":"The custom message that appears in the caution notification"},"cautionPerDomain":{"type":"boolean","description":"Specifies whether to display the caution notification at a specific time interval for URLs in the Miscellaneous or Unknown category."},"customText":{"type":"string","description":"The custom text shown in the EUN"},"displayCompanyLogo":{"type":"boolean","description":"A Boolean value indicating whether your organization's logo appears in the EUN or not"},"displayCompanyName":{"type":"boolean","description":"A Boolean value indicating whether the organization's name appears in the EUN or not"},"displayReason":{"type":"boolean","description":"A Boolean value indicating whether or not the reason for cautioning or blocking access to a site, file, or application is shown when the respective notification is triggered"},"idpProxyNotificationText":{"type":"string","description":"The message that appears in the IdP Proxy notification"},"notificationType":{"type":"string","description":"The type of EUN as default or custom"},"orgPolicyLink":{"type":"string","description":"The URL of the organization's policy page. This field is required for the default notification type."},"quarantineCustomNotificationText":{"type":"string","description":"The message that appears in the quarantine notification"},"redirectUrl":{"type":"string","description":"The redirect URL for the external site hosting the EUN specified when the custom notification type is selected"},"securityReviewCustomLocation":{"type":"string","description":"Value indicating whether or not to include the ECS option in all DNS queries, originating from all locations and remote users."},"securityReviewEnabled":{"type":"boolean","description":"A Boolean value indicating whether the Security Violation notification is enabled or disabled"},"securityReviewSubmitToSecurityCloud":{"type":"boolean","description":"A Boolean value indicating whether users' review requests for blocked URLs are submitted to the Zscaler service (i.e., Security Cloud) or a custom location."},"securityReviewText":{"type":"string","description":"The message that appears in the Security Violation notification"},"supportEmail":{"type":"string","description":"The email address for writing to IT Support"},"supportPhone":{"type":"string","description":"The phone number for contacting IT Support"},"urlCatReviewCustomLocation":{"type":"string","description":"A custom URL location where users' review requests for blocked URLs are sent"},"urlCatReviewEnabled":{"type":"boolean","description":"A Boolean value indicating whether the URL Categorization notification is enabled or disabled"},"urlCatReviewSubmitToSecurityCloud":{"type":"boolean","description":"A Boolean value indicating whether users' review requests for possibly misclassified URLs are submitted to the Zscaler service (i.e., Security Cloud) or a custom location."},"urlCatReviewText":{"type":"string","description":"The message that appears in the URL Categorization notification"},"webDlpReviewCustomLocation":{"type":"string","description":"A custom URL location where users' review requests for the web DLP policy violation are sent"},"webDlpReviewEnabled":{"type":"boolean","description":"A Boolean value indicating whether the Web DLP Violation notification is enabled or disabled"},"webDlpReviewSubmitToSecurityCloud":{"type":"boolean","description":"A Boolean value indicating whether users' review requests for web DLP policy violation are submitted to the Zscaler service (i.e., Security Cloud) or a custom location."},"webDlpReviewText":{"type":"string","description":"The message that appears in the Web DLP Violation notification"}},"stateInputs":{"description":"Input properties used for looking up and filtering EndUserNotification resources.\n","properties":{"aupCustomFrequency":{"type":"integer","description":"The custom frequency (in days) for showing the AUP to the end users. Valid range is 0 to 180."},"aupDayOffset":{"type":"integer","description":"Specifies which day of the week or month the AUP is shown for users when aupFrequency is set. Valid range is 0 to 31."},"aupFrequency":{"type":"string","description":"The frequency at which the Acceptable Use Policy (AUP) is shown to the end users"},"aupMessage":{"type":"string","description":"The acceptable use statement that is shown in the AUP"},"cautionAgainAfter":{"type":"integer","description":"The time interval at which the caution notification is shown when users continue browsing a restricted site."},"cautionCustomText":{"type":"string","description":"The custom message that appears in the caution notification"},"cautionPerDomain":{"type":"boolean","description":"Specifies whether to display the caution notification at a specific time interval for URLs in the Miscellaneous or Unknown category."},"customText":{"type":"string","description":"The custom text shown in the EUN"},"displayCompanyLogo":{"type":"boolean","description":"A Boolean value indicating whether your organization's logo appears in the EUN or not"},"displayCompanyName":{"type":"boolean","description":"A Boolean value indicating whether the organization's name appears in the EUN or not"},"displayReason":{"type":"boolean","description":"A Boolean value indicating whether or not the reason for cautioning or blocking access to a site, file, or application is shown when the respective notification is triggered"},"idpProxyNotificationText":{"type":"string","description":"The message that appears in the IdP Proxy notification"},"notificationType":{"type":"string","description":"The type of EUN as default or custom"},"orgPolicyLink":{"type":"string","description":"The URL of the organization's policy page. This field is required for the default notification type."},"quarantineCustomNotificationText":{"type":"string","description":"The message that appears in the quarantine notification"},"redirectUrl":{"type":"string","description":"The redirect URL for the external site hosting the EUN specified when the custom notification type is selected"},"securityReviewCustomLocation":{"type":"string","description":"Value indicating whether or not to include the ECS option in all DNS queries, originating from all locations and remote users."},"securityReviewEnabled":{"type":"boolean","description":"A Boolean value indicating whether the Security Violation notification is enabled or disabled"},"securityReviewSubmitToSecurityCloud":{"type":"boolean","description":"A Boolean value indicating whether users' review requests for blocked URLs are submitted to the Zscaler service (i.e., Security Cloud) or a custom location."},"securityReviewText":{"type":"string","description":"The message that appears in the Security Violation notification"},"supportEmail":{"type":"string","description":"The email address for writing to IT Support"},"supportPhone":{"type":"string","description":"The phone number for contacting IT Support"},"urlCatReviewCustomLocation":{"type":"string","description":"A custom URL location where users' review requests for blocked URLs are sent"},"urlCatReviewEnabled":{"type":"boolean","description":"A Boolean value indicating whether the URL Categorization notification is enabled or disabled"},"urlCatReviewSubmitToSecurityCloud":{"type":"boolean","description":"A Boolean value indicating whether users' review requests for possibly misclassified URLs are submitted to the Zscaler service (i.e., Security Cloud) or a custom location."},"urlCatReviewText":{"type":"string","description":"The message that appears in the URL Categorization notification"},"webDlpReviewCustomLocation":{"type":"string","description":"A custom URL location where users' review requests for the web DLP policy violation are sent"},"webDlpReviewEnabled":{"type":"boolean","description":"A Boolean value indicating whether the Web DLP Violation notification is enabled or disabled"},"webDlpReviewSubmitToSecurityCloud":{"type":"boolean","description":"A Boolean value indicating whether users' review requests for web DLP policy violation are submitted to the Zscaler service (i.e., Security Cloud) or a custom location."},"webDlpReviewText":{"type":"string","description":"The message that appears in the Web DLP Violation notification"}},"type":"object"}},"zia:index/extranet:Extranet":{"description":"* [Official documentation](https://help.zscaler.com/legacy-apis/traffic-forwarding-0#/extranet-get)\n* [API documentation](https://help.zscaler.com/zia/understanding-extranet-application-support)\n\nUse the **zia_extranet** resource Adds a new extranet for the organization in the Zscaler Internet Access cloud. Extranets are configured as part of Zscaler Extranet Application Support which allows an organization to connect its internal network with another organization’s network (e.g., partners, third-party vendors, etc.) that does not use the Zscaler service. Extranet Application Support enables Zscaler-managed organization users to securely access extranet resources through an IPSec VPN tunnel established between the Zscaler data center and the external organization’s data center, without requiring additional hardware or software installations.\n\n\u003e NOTE: This an Early Access feature.\n\n## Example Usage\n\n### Retrieve By Name\n\n```hcl\nresource \"zia_extranet\" \"this\" {\n    name        = \"Extranet01\"\n    description = \"Extranet01\"\n\n    extranet_dns_list {\n        name                 = \"DNS01\"\n        primary_dns_server   = \"8.8.8.8\"\n        secondary_dns_server = \"4.4.4.4\"\n        use_as_default       = true\n    }\n\n    extranet_dns_list {\n        name                 = \"DNS02\"\n        primary_dns_server   = \"192.168.1.1\"\n        secondary_dns_server = \"192.168.1.2\"\n        use_as_default       = false\n    }\n\n    extranet_ip_pool_list {\n        name           = \"TFS01\"\n        ip_start       = \"10.0.0.1\"\n        ip_end         = \"10.0.0.21\"\n        use_as_default = true\n    }\n\n    extranet_ip_pool_list {\n        name           = \"TFS02\"\n        ip_start       = \"10.0.0.22\"\n        ip_end         = \"10.0.0.43\"\n        use_as_default = false\n    }\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_extranet** can be imported by using `\u003cEXTRANET ID\u003e` or `\u003cEXTRANET NAME\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/extranet:Extranet example \u003cextranet_id\u003e\n```\n\nor\n\n```sh\n$ pulumi import zia:index/extranet:Extranet example \u003cextranet_name\u003e\n```\n\n","properties":{"description":{"type":"string","description":"(String) The description of the extranet.\n"},"extranetDnsLists":{"type":"array","items":{"$ref":"#/types/zia:index/ExtranetExtranetDnsList:ExtranetExtranetDnsList"},"description":"(List) Information about the DNS servers specified for the extranet.\n"},"extranetId":{"type":"integer"},"extranetIpPoolLists":{"type":"array","items":{"$ref":"#/types/zia:index/ExtranetExtranetIpPoolList:ExtranetExtranetIpPoolList"},"description":"(List) Information about the traffic selectors (IP pools) specified for the extranet.\n"},"name":{"type":"string","description":"(String) The name of the IP pool.\n"}},"required":["extranetId","name"],"inputProperties":{"description":{"type":"string","description":"(String) The description of the extranet.\n"},"extranetDnsLists":{"type":"array","items":{"$ref":"#/types/zia:index/ExtranetExtranetDnsList:ExtranetExtranetDnsList"},"description":"(List) Information about the DNS servers specified for the extranet.\n"},"extranetIpPoolLists":{"type":"array","items":{"$ref":"#/types/zia:index/ExtranetExtranetIpPoolList:ExtranetExtranetIpPoolList"},"description":"(List) Information about the traffic selectors (IP pools) specified for the extranet.\n"},"name":{"type":"string","description":"(String) The name of the IP pool.\n"}},"stateInputs":{"description":"Input properties used for looking up and filtering Extranet resources.\n","properties":{"description":{"type":"string","description":"(String) The description of the extranet.\n"},"extranetDnsLists":{"type":"array","items":{"$ref":"#/types/zia:index/ExtranetExtranetDnsList:ExtranetExtranetDnsList"},"description":"(List) Information about the DNS servers specified for the extranet.\n"},"extranetId":{"type":"integer"},"extranetIpPoolLists":{"type":"array","items":{"$ref":"#/types/zia:index/ExtranetExtranetIpPoolList:ExtranetExtranetIpPoolList"},"description":"(List) Information about the traffic selectors (IP pools) specified for the extranet.\n"},"name":{"type":"string","description":"(String) The name of the IP pool.\n"}},"type":"object"}},"zia:index/fileTypeControlRules:FileTypeControlRules":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-file-type-control)\n* [API documentation](https://help.zscaler.com/zia/file-type-control-policy#/fileTypeRules-post)\n\nThe **zia_file_type_control_rules** resource allows the creation and management of ZIA file type control rules in the Zscaler Internet Access.\n\n## Example Usage\n\n```hcl\ndata \"zia_department_management\" \"engineering\" {\n name = \"Engineering\"\n}\n\ndata \"zia_group_management\" \"normal_internet\" {\n    name = \"Normal_Internet\"\n}\n\ndata \"zia_cloud_applications\" \"this\" {\n  policy_type = \"cloud_application_policy\"\n  app_class   = [\"AI_ML\"]\n}\n\nresource \"zia_file_type_control_rules\" \"this\" {\n    name               = \"Terraform_File_Type01\"\n    description        = \"Terraform_File_Type01\"\n    state              = \"ENABLED\"\n    order              = 1\n    rank               = 7\n    filtering_action   = \"BLOCK\"\n    operation          = \"DOWNLOAD\"\n    active_content     = true\n    unscannable        = false\n    device_trust_levels = [\"UNKNOWN_DEVICETRUSTLEVEL\", \"LOW_TRUST\", \"MEDIUM_TRUST\", \"HIGH_TRUST\"]\n    file_types         = [\"FTCATEGORY_MS_WORD\", \"FTCATEGORY_MS_POWERPOINT\", \"FTCATEGORY_PDF_DOCUMENT\", \"FTCATEGORY_MS_EXCEL\"]\n    protocols          = [\"FOHTTP_RULE\", \"FTP_RULE\", \"HTTPS_RULE\", \"HTTP_RULE\"]\n    cloud_applications = tolist([for app in data.zia_cloud_applications.this.applications : app[\"app\"]])\n\n    departments {\n        id = [ data.zia_department_management.engineering.id ]\n    }\n    groups {\n        id = [ data.zia_group_management.normal_internet.id ]\n    }\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_file_type_control_rules** can be imported by using `\u003cRULE ID\u003e` or `\u003cRULE NAME\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/fileTypeControlRules:FileTypeControlRules example \u003crule_id\u003e\n```\n\nor\n\n```sh\n$ pulumi import zia:index/fileTypeControlRules:FileTypeControlRules example \u003crule_name\u003e\n```\n\n","properties":{"activeContent":{"type":"boolean","description":"Flag to check whether a file has active content or not"},"browserEunTemplateId":{"type":"integer"},"capturePcap":{"type":"boolean","description":"A Boolean value that indicates whether packet capture (PCAP) is enabled or not"},"cloudApplications":{"type":"array","items":{"type":"string"},"description":"The list of cloud applications to which the File Type Control rule must be applied\n\t\t\t\tUse the data source\u003cspan pulumi-lang-nodejs=\" zia.getCloudApplications \" pulumi-lang-dotnet=\" zia.getCloudApplications \" pulumi-lang-go=\" getCloudApplications \" pulumi-lang-python=\" get_cloud_applications \" pulumi-lang-yaml=\" zia.getCloudApplications \" pulumi-lang-java=\" zia.getCloudApplications \"\u003e zia.getCloudApplications \u003c/span\u003eto get the list of available cloud applications:\n\t\t\t\thttps://registry.terraform.io/providers/zscaler/zia/latest/docs/data-sources/zia_cloud_applications"},"departments":{"$ref":"#/types/zia:index/FileTypeControlRulesDepartments:FileTypeControlRulesDepartments","description":"The Name-ID pairs of departments to which the File Type Control rule must be applied."},"description":{"type":"string","description":"The description of the File Type Control rule."},"deviceGroups":{"$ref":"#/types/zia:index/FileTypeControlRulesDeviceGroups:FileTypeControlRulesDeviceGroups","description":"This field is applicable for devices that are managed using Zscaler Client Connector."},"deviceTrustLevels":{"type":"array","items":{"type":"string"},"description":"List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation."},"devices":{"$ref":"#/types/zia:index/FileTypeControlRulesDevices:FileTypeControlRulesDevices","description":"Name-ID pairs of devices for which rule must be applied."},"fileTypes":{"type":"array","items":{"type":"string"},"description":"File type categories for which the policy is applied. If not set, the rule is applied across all file types\n\t\t\t\tSee the available file types API in:\n\t\t\t\thttps://help.zscaler.com/zia/file-type-control-policy#/fileTypeRules-get"},"filteringAction":{"type":"string","description":"Action taken when traffic matches policy. This field is not applicable to the Lite API."},"groups":{"$ref":"#/types/zia:index/FileTypeControlRulesGroups:FileTypeControlRulesGroups","description":"The Name-ID pairs of groups to which the File Type Control rule must be applied."},"labels":{"$ref":"#/types/zia:index/FileTypeControlRulesLabels:FileTypeControlRulesLabels","description":"list of Labels that are applicable to the rule."},"locationGroups":{"$ref":"#/types/zia:index/FileTypeControlRulesLocationGroups:FileTypeControlRulesLocationGroups","description":"Name-ID pairs of locations groups for which rule must be applied."},"locations":{"$ref":"#/types/zia:index/FileTypeControlRulesLocations:FileTypeControlRulesLocations","description":"Name-ID pairs of locations for the which policy must be applied. If not set, policy is applied for all locations."},"maxSize":{"type":"integer","description":"Maximum file size (in KB) used for evaluation of the FTP rule"},"minSize":{"type":"integer","description":"Minimum file size (in KB) used for evaluation of the FTP rule"},"name":{"type":"string","description":"The File Type Control policy rule name."},"operation":{"type":"string","description":"File operation performed. This field is not applicable to the Lite API."},"order":{"type":"integer","description":"The rule order of execution for the  File Type Control rule with respect to other rules."},"protocols":{"type":"array","items":{"type":"string"},"description":"Protocol for the given rule. This field is not applicable to the Lite API."},"rank":{"type":"integer","description":"Admin rank of the admin who creates this rule"},"ruleId":{"type":"integer"},"state":{"type":"string","description":"Enables or disables the File Type Control rule."},"timeWindows":{"$ref":"#/types/zia:index/FileTypeControlRulesTimeWindows:FileTypeControlRulesTimeWindows","description":"list of time interval during which rule must be enforced."},"unscannable":{"type":"boolean","description":"Flag to check whether a file has active content or not"},"urlCategories":{"type":"array","items":{"type":"string"},"description":"The list of URL Categories to which the file type control rule rule must be applied.\n\t\t\t\tSee the URL Categories API for the list of available categories:\n\t\t\t\thttps://help.zscaler.com/zia/url-categories#/urlCategories-get"},"users":{"$ref":"#/types/zia:index/FileTypeControlRulesUsers:FileTypeControlRulesUsers","description":"The Name-ID pairs of users to which the File Type Control rule must be applied."},"zpaAppSegments":{"type":"array","items":{"$ref":"#/types/zia:index/FileTypeControlRulesZpaAppSegment:FileTypeControlRulesZpaAppSegment"},"description":"List of Source IP Anchoring-enabled ZPA Application Segments for which this rule is applicable"}},"required":["activeContent","capturePcap","fileTypes","filteringAction","maxSize","minSize","name","operation","order","protocols","rank","ruleId","state","unscannable","zpaAppSegments"],"inputProperties":{"activeContent":{"type":"boolean","description":"Flag to check whether a file has active content or not"},"browserEunTemplateId":{"type":"integer"},"capturePcap":{"type":"boolean","description":"A Boolean value that indicates whether packet capture (PCAP) is enabled or not"},"cloudApplications":{"type":"array","items":{"type":"string"},"description":"The list of cloud applications to which the File Type Control rule must be applied\n\t\t\t\tUse the data source\u003cspan pulumi-lang-nodejs=\" zia.getCloudApplications \" pulumi-lang-dotnet=\" zia.getCloudApplications \" pulumi-lang-go=\" getCloudApplications \" pulumi-lang-python=\" get_cloud_applications \" pulumi-lang-yaml=\" zia.getCloudApplications \" pulumi-lang-java=\" zia.getCloudApplications \"\u003e zia.getCloudApplications \u003c/span\u003eto get the list of available cloud applications:\n\t\t\t\thttps://registry.terraform.io/providers/zscaler/zia/latest/docs/data-sources/zia_cloud_applications"},"departments":{"$ref":"#/types/zia:index/FileTypeControlRulesDepartments:FileTypeControlRulesDepartments","description":"The Name-ID pairs of departments to which the File Type Control rule must be applied."},"description":{"type":"string","description":"The description of the File Type Control rule."},"deviceGroups":{"$ref":"#/types/zia:index/FileTypeControlRulesDeviceGroups:FileTypeControlRulesDeviceGroups","description":"This field is applicable for devices that are managed using Zscaler Client Connector."},"deviceTrustLevels":{"type":"array","items":{"type":"string"},"description":"List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation."},"devices":{"$ref":"#/types/zia:index/FileTypeControlRulesDevices:FileTypeControlRulesDevices","description":"Name-ID pairs of devices for which rule must be applied."},"fileTypes":{"type":"array","items":{"type":"string"},"description":"File type categories for which the policy is applied. If not set, the rule is applied across all file types\n\t\t\t\tSee the available file types API in:\n\t\t\t\thttps://help.zscaler.com/zia/file-type-control-policy#/fileTypeRules-get"},"filteringAction":{"type":"string","description":"Action taken when traffic matches policy. This field is not applicable to the Lite API."},"groups":{"$ref":"#/types/zia:index/FileTypeControlRulesGroups:FileTypeControlRulesGroups","description":"The Name-ID pairs of groups to which the File Type Control rule must be applied."},"labels":{"$ref":"#/types/zia:index/FileTypeControlRulesLabels:FileTypeControlRulesLabels","description":"list of Labels that are applicable to the rule."},"locationGroups":{"$ref":"#/types/zia:index/FileTypeControlRulesLocationGroups:FileTypeControlRulesLocationGroups","description":"Name-ID pairs of locations groups for which rule must be applied."},"locations":{"$ref":"#/types/zia:index/FileTypeControlRulesLocations:FileTypeControlRulesLocations","description":"Name-ID pairs of locations for the which policy must be applied. If not set, policy is applied for all locations."},"maxSize":{"type":"integer","description":"Maximum file size (in KB) used for evaluation of the FTP rule"},"minSize":{"type":"integer","description":"Minimum file size (in KB) used for evaluation of the FTP rule"},"name":{"type":"string","description":"The File Type Control policy rule name."},"operation":{"type":"string","description":"File operation performed. This field is not applicable to the Lite API."},"order":{"type":"integer","description":"The rule order of execution for the  File Type Control rule with respect to other rules."},"protocols":{"type":"array","items":{"type":"string"},"description":"Protocol for the given rule. This field is not applicable to the Lite API."},"rank":{"type":"integer","description":"Admin rank of the admin who creates this rule"},"state":{"type":"string","description":"Enables or disables the File Type Control rule."},"timeWindows":{"$ref":"#/types/zia:index/FileTypeControlRulesTimeWindows:FileTypeControlRulesTimeWindows","description":"list of time interval during which rule must be enforced."},"unscannable":{"type":"boolean","description":"Flag to check whether a file has active content or not"},"urlCategories":{"type":"array","items":{"type":"string"},"description":"The list of URL Categories to which the file type control rule rule must be applied.\n\t\t\t\tSee the URL Categories API for the list of available categories:\n\t\t\t\thttps://help.zscaler.com/zia/url-categories#/urlCategories-get"},"users":{"$ref":"#/types/zia:index/FileTypeControlRulesUsers:FileTypeControlRulesUsers","description":"The Name-ID pairs of users to which the File Type Control rule must be applied."},"zpaAppSegments":{"type":"array","items":{"$ref":"#/types/zia:index/FileTypeControlRulesZpaAppSegment:FileTypeControlRulesZpaAppSegment"},"description":"List of Source IP Anchoring-enabled ZPA Application Segments for which this rule is applicable"}},"requiredInputs":["order","protocols"],"stateInputs":{"description":"Input properties used for looking up and filtering FileTypeControlRules resources.\n","properties":{"activeContent":{"type":"boolean","description":"Flag to check whether a file has active content or not"},"browserEunTemplateId":{"type":"integer"},"capturePcap":{"type":"boolean","description":"A Boolean value that indicates whether packet capture (PCAP) is enabled or not"},"cloudApplications":{"type":"array","items":{"type":"string"},"description":"The list of cloud applications to which the File Type Control rule must be applied\n\t\t\t\tUse the data source\u003cspan pulumi-lang-nodejs=\" zia.getCloudApplications \" pulumi-lang-dotnet=\" zia.getCloudApplications \" pulumi-lang-go=\" getCloudApplications \" pulumi-lang-python=\" get_cloud_applications \" pulumi-lang-yaml=\" zia.getCloudApplications \" pulumi-lang-java=\" zia.getCloudApplications \"\u003e zia.getCloudApplications \u003c/span\u003eto get the list of available cloud applications:\n\t\t\t\thttps://registry.terraform.io/providers/zscaler/zia/latest/docs/data-sources/zia_cloud_applications"},"departments":{"$ref":"#/types/zia:index/FileTypeControlRulesDepartments:FileTypeControlRulesDepartments","description":"The Name-ID pairs of departments to which the File Type Control rule must be applied."},"description":{"type":"string","description":"The description of the File Type Control rule."},"deviceGroups":{"$ref":"#/types/zia:index/FileTypeControlRulesDeviceGroups:FileTypeControlRulesDeviceGroups","description":"This field is applicable for devices that are managed using Zscaler Client Connector."},"deviceTrustLevels":{"type":"array","items":{"type":"string"},"description":"List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation."},"devices":{"$ref":"#/types/zia:index/FileTypeControlRulesDevices:FileTypeControlRulesDevices","description":"Name-ID pairs of devices for which rule must be applied."},"fileTypes":{"type":"array","items":{"type":"string"},"description":"File type categories for which the policy is applied. If not set, the rule is applied across all file types\n\t\t\t\tSee the available file types API in:\n\t\t\t\thttps://help.zscaler.com/zia/file-type-control-policy#/fileTypeRules-get"},"filteringAction":{"type":"string","description":"Action taken when traffic matches policy. This field is not applicable to the Lite API."},"groups":{"$ref":"#/types/zia:index/FileTypeControlRulesGroups:FileTypeControlRulesGroups","description":"The Name-ID pairs of groups to which the File Type Control rule must be applied."},"labels":{"$ref":"#/types/zia:index/FileTypeControlRulesLabels:FileTypeControlRulesLabels","description":"list of Labels that are applicable to the rule."},"locationGroups":{"$ref":"#/types/zia:index/FileTypeControlRulesLocationGroups:FileTypeControlRulesLocationGroups","description":"Name-ID pairs of locations groups for which rule must be applied."},"locations":{"$ref":"#/types/zia:index/FileTypeControlRulesLocations:FileTypeControlRulesLocations","description":"Name-ID pairs of locations for the which policy must be applied. If not set, policy is applied for all locations."},"maxSize":{"type":"integer","description":"Maximum file size (in KB) used for evaluation of the FTP rule"},"minSize":{"type":"integer","description":"Minimum file size (in KB) used for evaluation of the FTP rule"},"name":{"type":"string","description":"The File Type Control policy rule name."},"operation":{"type":"string","description":"File operation performed. This field is not applicable to the Lite API."},"order":{"type":"integer","description":"The rule order of execution for the  File Type Control rule with respect to other rules."},"protocols":{"type":"array","items":{"type":"string"},"description":"Protocol for the given rule. This field is not applicable to the Lite API."},"rank":{"type":"integer","description":"Admin rank of the admin who creates this rule"},"ruleId":{"type":"integer"},"state":{"type":"string","description":"Enables or disables the File Type Control rule."},"timeWindows":{"$ref":"#/types/zia:index/FileTypeControlRulesTimeWindows:FileTypeControlRulesTimeWindows","description":"list of time interval during which rule must be enforced."},"unscannable":{"type":"boolean","description":"Flag to check whether a file has active content or not"},"urlCategories":{"type":"array","items":{"type":"string"},"description":"The list of URL Categories to which the file type control rule rule must be applied.\n\t\t\t\tSee the URL Categories API for the list of available categories:\n\t\t\t\thttps://help.zscaler.com/zia/url-categories#/urlCategories-get"},"users":{"$ref":"#/types/zia:index/FileTypeControlRulesUsers:FileTypeControlRulesUsers","description":"The Name-ID pairs of users to which the File Type Control rule must be applied."},"zpaAppSegments":{"type":"array","items":{"$ref":"#/types/zia:index/FileTypeControlRulesZpaAppSegment:FileTypeControlRulesZpaAppSegment"},"description":"List of Source IP Anchoring-enabled ZPA Application Segments for which this rule is applicable"}},"type":"object"}},"zia:index/firewallDNSRule:FirewallDNSRule":{"description":"* [Official documentation](https://help.zscaler.com/zia/configuring-dns-control-policy)\n* [API documentation](https://help.zscaler.com/zia/dns-control-policy#/firewallDnsRules-post)\n\nThe **zia_firewall_dns_rule** resource allows the creation and management of ZIA Cloud Firewall DNS rules in the Zscaler Internet Access.\n\n**NOTE 1** Zscaler Cloud Firewall contain default and predefined rules which cannot be deleted (not all attributes are supported on predefined rules). The provider **automatically handles predefined rules** during rule ordering. You can simply use sequential order values (1, 2, 3...) and the provider will:\n\n* Automatically place new rules at the correct position\n* Handle reordering around predefined rules\n* Avoid configuration drift\n\nExample: If there are predefined rules in your tenant, you can still configure your rules starting at `order = 1`. The provider will automatically handle the reordering to place your rules in the correct position relative to predefined rules.\n\n**NOTE 2** Certain attributes on \u003cspan pulumi-lang-nodejs=\"`predefined`\" pulumi-lang-dotnet=\"`Predefined`\" pulumi-lang-go=\"`predefined`\" pulumi-lang-python=\"`predefined`\" pulumi-lang-yaml=\"`predefined`\" pulumi-lang-java=\"`predefined`\"\u003e`predefined`\u003c/span\u003e rules can still be managed or updated via Terraform such as:\n\n* \u003cspan pulumi-lang-nodejs=\"`description`\" pulumi-lang-dotnet=\"`Description`\" pulumi-lang-go=\"`description`\" pulumi-lang-python=\"`description`\" pulumi-lang-yaml=\"`description`\" pulumi-lang-java=\"`description`\"\u003e`description`\u003c/span\u003e - (Optional) Enter additional notes or information. The description cannot exceed 10,240 characters.\n* \u003cspan pulumi-lang-nodejs=\"`state`\" pulumi-lang-dotnet=\"`State`\" pulumi-lang-go=\"`state`\" pulumi-lang-python=\"`state`\" pulumi-lang-yaml=\"`state`\" pulumi-lang-java=\"`state`\"\u003e`state`\u003c/span\u003e - (Optional) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to\n* \u003cspan pulumi-lang-nodejs=\"`labels`\" pulumi-lang-dotnet=\"`Labels`\" pulumi-lang-go=\"`labels`\" pulumi-lang-python=\"`labels`\" pulumi-lang-yaml=\"`labels`\" pulumi-lang-java=\"`labels`\"\u003e`labels`\u003c/span\u003e (list) - Labels that are applicable to the rule.\n      - \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e - (Integer) Identifier that uniquely identifies an entity\n\n**NOTE 3** The import of \u003cspan pulumi-lang-nodejs=\"`predefined`\" pulumi-lang-dotnet=\"`Predefined`\" pulumi-lang-go=\"`predefined`\" pulumi-lang-python=\"`predefined`\" pulumi-lang-yaml=\"`predefined`\" pulumi-lang-java=\"`predefined`\"\u003e`predefined`\u003c/span\u003e rules is still possible in case you want o have them under the Terraform management; however, remember that these rules cannot be deleted. That means, the provider will fail when executing `terraform destroy`; hence, you must remove the rules you want to delete, and re-run `pulumi up` instead.\n\n## Example Usage\n\n### Create Firewall DNS Rules - Redirect Action\n\n```hcl\ndata \"zia_department_management\" \"engineering\" {\n name = \"Engineering\"\n}\n\ndata \"zia_group_management\" \"normal_internet\" {\n    name = \"Normal_Internet\"\n}\n\ndata \"zia_firewall_filtering_time_window\" \"work_hours\" {\n    name = \"Work hours\"\n}\n\nresource \"zia_firewall_dns_rule\" \"this\" {\n    name = \"Example_DNS_Rule01\"\n    description = \"Example_DNS_Rule01\"\n    action = \"REDIR_REQ\"\n    state = \"ENABLED\"\n    order = 10\n    rank = 7\n    redirect_ip = \"8.8.8.8\"\n    dest_countries = [\"CA\", \"US\"]\n    source_countries = [\"CA\", \"US\"]\n    protocols = [\"ANY_RULE\"]\n    departments {\n        id = [ data.zia_department_management.engineering.id ]\n    }\n    groups {\n        id = [ data.zia_group_management.normal_internet.id ]\n    }\n    time_windows {\n        id = [ data.zia_firewall_filtering_time_window.work_hours.id ]\n    }\n}\n```\n\n### Create Firewall DNS Rules - Redirect Request DOH\n\n```hcl\nresource \"zia_firewall_dns_rule\" \"this2\" {\n    name = \"Example_DNS_Rule02\"\n    description = \"Example_DNS_Rule02\"\n    action = \"REDIR_REQ_DOH\"\n    state = \"ENABLED\"\n    order = 12\n    rank = 7\n    dest_countries = [\"CA\", \"US\"]\n    source_countries = [\"CA\", \"US\"]\n    protocols = [\"ANY_RULE\"]\n    dns_gateway {\n      id = 18207342\n      name = \"DNS_GW01\"\n    }\n}\n```\n\n### Create Firewall DNS Rules - Redirect TCP Request\n\nresource \u003cspan pulumi-lang-nodejs=\"\"zia.FirewallDNSRule\"\" pulumi-lang-dotnet=\"\"zia.FirewallDNSRule\"\" pulumi-lang-go=\"\"FirewallDNSRule\"\" pulumi-lang-python=\"\"FirewallDNSRule\"\" pulumi-lang-yaml=\"\"zia.FirewallDNSRule\"\" pulumi-lang-java=\"\"zia.FirewallDNSRule\"\"\u003e\"zia.FirewallDNSRule\"\u003c/span\u003e \"this3\" {\n    name = \"Example_DNS_Rule03\"\n    description = \"Example_DNS_Rule03\"\n    action = \"REDIR_REQ_TCP\"\n    state = \"ENABLED\"\n    order = 13\n    rank = 7\n   \u003cspan pulumi-lang-nodejs=\" destCountries \" pulumi-lang-dotnet=\" DestCountries \" pulumi-lang-go=\" destCountries \" pulumi-lang-python=\" dest_countries \" pulumi-lang-yaml=\" destCountries \" pulumi-lang-java=\" destCountries \"\u003e dest_countries \u003c/span\u003e= [\"CA\", \"US\"]\n   \u003cspan pulumi-lang-nodejs=\" sourceCountries \" pulumi-lang-dotnet=\" SourceCountries \" pulumi-lang-go=\" sourceCountries \" pulumi-lang-python=\" source_countries \" pulumi-lang-yaml=\" sourceCountries \" pulumi-lang-java=\" sourceCountries \"\u003e source_countries \u003c/span\u003e= [\"CA\", \"US\"]\n    protocols = [\"ANY_RULE\"]\n   \u003cspan pulumi-lang-nodejs=\" dnsGateway \" pulumi-lang-dotnet=\" DnsGateway \" pulumi-lang-go=\" dnsGateway \" pulumi-lang-python=\" dns_gateway \" pulumi-lang-yaml=\" dnsGateway \" pulumi-lang-java=\" dnsGateway \"\u003e dns_gateway \u003c/span\u003e{\n      id = 18207342\n      name = \"DNS_GW01\"\n    }\n}\n","properties":{"action":{"type":"string","description":"(String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: `ALLOW`, `BLOCK`, `REDIR_REQ`, `REDIR_RES`, `REDIR_ZPA`, `REDIR_REQ_DOH`, `REDIR_REQ_KEEP_SENDER`, `REDIR_REQ_TCP`, `REDIR_REQ_UDP`, `BLOCK_WITH_RESPONSE`\n"},"applicationGroups":{"$ref":"#/types/zia:index/FirewallDNSRuleApplicationGroups:FirewallDNSRuleApplicationGroups","description":"(List of Objects) DNS application groups to which the rule applies\n"},"applications":{"type":"array","items":{"type":"string"},"description":"(Set of Strings) DNS tunnels and network applications to which the rule applies. To retrieve the available list of DNS tunnels applications use the data source: \u003cspan pulumi-lang-nodejs=\"`zia.getCloudApplications`\" pulumi-lang-dotnet=\"`zia.getCloudApplications`\" pulumi-lang-go=\"`getCloudApplications`\" pulumi-lang-python=\"`get_cloud_applications`\" pulumi-lang-yaml=\"`zia.getCloudApplications`\" pulumi-lang-java=\"`zia.getCloudApplications`\"\u003e`zia.getCloudApplications`\u003c/span\u003e with the \u003cspan pulumi-lang-nodejs=\"`appClass`\" pulumi-lang-dotnet=\"`AppClass`\" pulumi-lang-go=\"`appClass`\" pulumi-lang-python=\"`app_class`\" pulumi-lang-yaml=\"`appClass`\" pulumi-lang-java=\"`appClass`\"\u003e`app_class`\u003c/span\u003e value `DNS_OVER_HTTPS`. For the complete list of supported file types refer to the  [ZIA API documentation](https://help.zscaler.com/zia/data-loss-prevention#/webDlpRules-post). To retrieve the list of cloud applications, use the data source: \u003cspan pulumi-lang-nodejs=\"`zia.getCloudApplications`\" pulumi-lang-dotnet=\"`zia.getCloudApplications`\" pulumi-lang-go=\"`getCloudApplications`\" pulumi-lang-python=\"`get_cloud_applications`\" pulumi-lang-yaml=\"`zia.getCloudApplications`\" pulumi-lang-java=\"`zia.getCloudApplications`\"\u003e`zia.getCloudApplications`\u003c/span\u003e\n"},"blockResponseCode":{"type":"string","description":"(String) Specifies the DNS response code to be sent to the client when the action is configured to block and send response code. Supported values are: `ANY`, `NONE`, `FORMERR`, `SERVFAIL`, `NXDOMAIN`, `NOTIMP`, `REFUSED`, `YXDOMAIN`, `YXRRSET`, `NXRRSET`, `NOTAUTH`, `NOTZONE`, `BADVERS`, `BADKEY`, `BADTIME`, `BADMODE`, `BADNAME`, `BADALG`, `BADTRUNC`, `UNSUPPORTED`, `BYPASS`, `INT_ERROR`, `SRV_TIMEOUT`, `EMPTY_RESP`,\n`REQ_BLOCKED`, `ADMIN_DROP`, `WCDN_TIMEOUT`, `IPS_BLOCK`, `FQDN_RESOLV_FAIL`\n"},"capturePcap":{"type":"boolean","description":"(Boolean) Value that indicates whether packet capture (PCAP) is enabled or not\n"},"defaultDnsRuleNameUsed":{"type":"boolean","description":"(Boolean) A Boolean value that indicates whether the default DNS rule name is used for the rule.\n"},"defaultRule":{"type":"boolean","description":"(Boolean) Value that indicates whether the rule is the Default Cloud DNS Rule or not\n"},"departments":{"$ref":"#/types/zia:index/FirewallDNSRuleDepartments:FirewallDNSRuleDepartments","description":"(List of Objects) Apply to any number of departments When not used it implies `Any` to apply the rule to all departments.\n"},"description":{"type":"string","description":"(String) Enter additional notes or information. The description cannot exceed 10,240 characters.\n"},"destAddresses":{"type":"array","items":{"type":"string"},"description":"(Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).\n"},"destCountries":{"type":"array","items":{"type":"string"},"description":"(Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.\n**NOTE**: Provide a 2 letter [ISO3166 Alpha2 Country code](https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes). i.e ``\"US\"``, ``\"CA\"``\n"},"destIpCategories":{"type":"array","items":{"type":"string"},"description":"(Set of String)  identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.\n"},"destIpGroups":{"$ref":"#/types/zia:index/FirewallDNSRuleDestIpGroups:FirewallDNSRuleDestIpGroups","description":"** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.\n"},"destIpv6Groups":{"$ref":"#/types/zia:index/FirewallDNSRuleDestIpv6Groups:FirewallDNSRuleDestIpv6Groups","description":"list of destination ip groups"},"deviceGroups":{"$ref":"#/types/zia:index/FirewallDNSRuleDeviceGroups:FirewallDNSRuleDeviceGroups","description":"(List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.\n"},"devices":{"$ref":"#/types/zia:index/FirewallDNSRuleDevices:FirewallDNSRuleDevices","description":"(List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.\n"},"dnsGateway":{"$ref":"#/types/zia:index/FirewallDNSRuleDnsGateway:FirewallDNSRuleDnsGateway","description":"(Set of Objects) The DNS gateway used to redirect traffic, specified when the rule action is to redirect DNS request to an external DNS service. Only one DNS Gateway is supported.\n"},"dnsRuleRequestTypes":{"type":"array","items":{"type":"string"},"description":"(Set of Strings) DNS request types to which the rule applies. Supportedn values are:\n`A`, `NS`, `MD`, `MF`, `CNAME`, `SOA`, `MB`, `MG`, `MR`, `NULL`, `WKS`, `PTR`, `HINFO`, `MINFO`, `MX`, `TXT`, `RP`, `AFSDB`,\n`X25`, `ISDN`, `RT`, `NSAP`, `NSAP_PTR`, `SIG`, `KEY`, `PX`, `GPOS`, `AAAA`, `LOC`, `NXT`, `EID`, `NIMLOC`, `SRV`, `ATMA`,\n`NAPTR`, `KX`, `CERT`, `A6`, `DNAME`, `SINK`, `OPT`, `APL`, `DS`, `SSHFP`, `PSECKEF`, `RRSIG`, `NSEC`, `DNSKEY`,\n`DHCID`, `NSEC3`, `NSEC3PARAM`, `TLSA`, `HIP`, `NINFO`, `RKEY`, `TALINK`, `CDS`, `CDNSKEY`, `OPENPGPKEY`, `CSYNC`,\n`ZONEMD`, `SVCB`, `HTTPS`,\n"},"ednsEcsObject":{"$ref":"#/types/zia:index/FirewallDNSRuleEdnsEcsObject:FirewallDNSRuleEdnsEcsObject","description":"(List of Objects) The EDNS ECS object which resolves DNS request. Only one object is supported.\n"},"groups":{"$ref":"#/types/zia:index/FirewallDNSRuleGroups:FirewallDNSRuleGroups","description":"(List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`8`\" pulumi-lang-dotnet=\"`8`\" pulumi-lang-go=\"`8`\" pulumi-lang-python=\"`8`\" pulumi-lang-yaml=\"`8`\" pulumi-lang-java=\"`8`\"\u003e`8`\u003c/span\u003e groups. When not used it implies `Any` to apply the rule to all groups.\n"},"isWebEunEnabled":{"type":"boolean","description":"(Boolean) A Boolean value that indicates whether Enhanced User Notification (EUN) is enabled for the rule.\n"},"labels":{"$ref":"#/types/zia:index/FirewallDNSRuleLabels:FirewallDNSRuleLabels","description":"(List of Objects) Labels that are applicable to the rule.\n"},"locationGroups":{"$ref":"#/types/zia:index/FirewallDNSRuleLocationGroups:FirewallDNSRuleLocationGroups","description":"(List of Objects)You can manually select up to \u003cspan pulumi-lang-nodejs=\"`32`\" pulumi-lang-dotnet=\"`32`\" pulumi-lang-go=\"`32`\" pulumi-lang-python=\"`32`\" pulumi-lang-yaml=\"`32`\" pulumi-lang-java=\"`32`\"\u003e`32`\u003c/span\u003e location groups. When not used it implies `Any` to apply the rule to all location groups.\n"},"locations":{"$ref":"#/types/zia:index/FirewallDNSRuleLocations:FirewallDNSRuleLocations","description":"(List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`8`\" pulumi-lang-dotnet=\"`8`\" pulumi-lang-go=\"`8`\" pulumi-lang-python=\"`8`\" pulumi-lang-yaml=\"`8`\" pulumi-lang-java=\"`8`\"\u003e`8`\u003c/span\u003e locations. When not used it implies `Any` to apply the rule to all groups.\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"},"order":{"type":"integer","description":"(Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.\n"},"predefined":{"type":"boolean","description":"(Boolean) A Boolean field that indicates that the rule is predefined by using a true value\n"},"protocols":{"type":"array","items":{"type":"string"},"description":"(Set of Strings) The protocols to which the rules applies. Supported Values: `ANY_RULE`, `SMRULEF_CASCADING_ALLOWED`, `TCP_RULE`, `UDP_RULE`, `DOHTTPS_RULE`\n"},"rank":{"type":"integer","description":"(Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank in UI first. The default value is \u003cspan pulumi-lang-nodejs=\"`7`\" pulumi-lang-dotnet=\"`7`\" pulumi-lang-go=\"`7`\" pulumi-lang-python=\"`7`\" pulumi-lang-yaml=\"`7`\" pulumi-lang-java=\"`7`\"\u003e`7`\u003c/span\u003e. Visit to learn more [About Admin Rank](https://help.zscaler.com/zia/about-admin-rank)\n"},"redirectIp":{"type":"string","description":"(String) The IP address to which the traffic will be redirected to when the DNAT rule is triggered. If not set, no redirection is done to specific IP addresses. Only supported when the \u003cspan pulumi-lang-nodejs=\"`action`\" pulumi-lang-dotnet=\"`Action`\" pulumi-lang-go=\"`action`\" pulumi-lang-python=\"`action`\" pulumi-lang-yaml=\"`action`\" pulumi-lang-java=\"`action`\"\u003e`action`\u003c/span\u003e is `REDIR_REQ`\n"},"resCategories":{"type":"array","items":{"type":"string"},"description":"(Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.\n"},"ruleId":{"type":"integer"},"sourceCountries":{"type":"array","items":{"type":"string"},"description":"(Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries.\n**NOTE**: Provide a 2 letter [ISO3166 Alpha2 Country code](https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes). i.e ``\"US\"``, ``\"CA\"``\n"},"srcIpGroups":{"$ref":"#/types/zia:index/FirewallDNSRuleSrcIpGroups:FirewallDNSRuleSrcIpGroups","description":"(List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.\n"},"srcIps":{"type":"array","items":{"type":"string"},"description":"(Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).\n"},"srcIpv6Groups":{"$ref":"#/types/zia:index/FirewallDNSRuleSrcIpv6Groups:FirewallDNSRuleSrcIpv6Groups","description":"(List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.\n"},"state":{"type":"string","description":"(Optional) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule. Supported Values: `ENABLED`, `DISABLED`\n"},"timeWindows":{"$ref":"#/types/zia:index/FirewallDNSRuleTimeWindows:FirewallDNSRuleTimeWindows","description":"(List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`1`\" pulumi-lang-dotnet=\"`1`\" pulumi-lang-go=\"`1`\" pulumi-lang-python=\"`1`\" pulumi-lang-yaml=\"`1`\" pulumi-lang-java=\"`1`\"\u003e`1`\u003c/span\u003e time intervals. When not used it implies \u003cspan pulumi-lang-nodejs=\"`always`\" pulumi-lang-dotnet=\"`Always`\" pulumi-lang-go=\"`always`\" pulumi-lang-python=\"`always`\" pulumi-lang-yaml=\"`always`\" pulumi-lang-java=\"`always`\"\u003e`always`\u003c/span\u003e to apply the rule to all time intervals.\n"},"users":{"$ref":"#/types/zia:index/FirewallDNSRuleUsers:FirewallDNSRuleUsers","description":"(List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`4`\" pulumi-lang-dotnet=\"`4`\" pulumi-lang-go=\"`4`\" pulumi-lang-python=\"`4`\" pulumi-lang-yaml=\"`4`\" pulumi-lang-java=\"`4`\"\u003e`4`\u003c/span\u003e general and/or special users. When not used it implies `Any` to apply the rule to all users.\n"},"zpaIpGroup":{"$ref":"#/types/zia:index/FirewallDNSRuleZpaIpGroup:FirewallDNSRuleZpaIpGroup","description":"(Set of Objects) The ZPA IP pool specified when the rule action is to resolve domain names of ZPA applications to an ephemeral IP address from a preconfigured IP pool. Only one object is supported.\n"}},"required":["capturePcap","destCountries","dnsGateway","ednsEcsObject","name","order","ruleId","sourceCountries","zpaIpGroup"],"inputProperties":{"action":{"type":"string","description":"(String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: `ALLOW`, `BLOCK`, `REDIR_REQ`, `REDIR_RES`, `REDIR_ZPA`, `REDIR_REQ_DOH`, `REDIR_REQ_KEEP_SENDER`, `REDIR_REQ_TCP`, `REDIR_REQ_UDP`, `BLOCK_WITH_RESPONSE`\n"},"applicationGroups":{"$ref":"#/types/zia:index/FirewallDNSRuleApplicationGroups:FirewallDNSRuleApplicationGroups","description":"(List of Objects) DNS application groups to which the rule applies\n"},"applications":{"type":"array","items":{"type":"string"},"description":"(Set of Strings) DNS tunnels and network applications to which the rule applies. To retrieve the available list of DNS tunnels applications use the data source: \u003cspan pulumi-lang-nodejs=\"`zia.getCloudApplications`\" pulumi-lang-dotnet=\"`zia.getCloudApplications`\" pulumi-lang-go=\"`getCloudApplications`\" pulumi-lang-python=\"`get_cloud_applications`\" pulumi-lang-yaml=\"`zia.getCloudApplications`\" pulumi-lang-java=\"`zia.getCloudApplications`\"\u003e`zia.getCloudApplications`\u003c/span\u003e with the \u003cspan pulumi-lang-nodejs=\"`appClass`\" pulumi-lang-dotnet=\"`AppClass`\" pulumi-lang-go=\"`appClass`\" pulumi-lang-python=\"`app_class`\" pulumi-lang-yaml=\"`appClass`\" pulumi-lang-java=\"`appClass`\"\u003e`app_class`\u003c/span\u003e value `DNS_OVER_HTTPS`. For the complete list of supported file types refer to the  [ZIA API documentation](https://help.zscaler.com/zia/data-loss-prevention#/webDlpRules-post). To retrieve the list of cloud applications, use the data source: \u003cspan pulumi-lang-nodejs=\"`zia.getCloudApplications`\" pulumi-lang-dotnet=\"`zia.getCloudApplications`\" pulumi-lang-go=\"`getCloudApplications`\" pulumi-lang-python=\"`get_cloud_applications`\" pulumi-lang-yaml=\"`zia.getCloudApplications`\" pulumi-lang-java=\"`zia.getCloudApplications`\"\u003e`zia.getCloudApplications`\u003c/span\u003e\n"},"blockResponseCode":{"type":"string","description":"(String) Specifies the DNS response code to be sent to the client when the action is configured to block and send response code. Supported values are: `ANY`, `NONE`, `FORMERR`, `SERVFAIL`, `NXDOMAIN`, `NOTIMP`, `REFUSED`, `YXDOMAIN`, `YXRRSET`, `NXRRSET`, `NOTAUTH`, `NOTZONE`, `BADVERS`, `BADKEY`, `BADTIME`, `BADMODE`, `BADNAME`, `BADALG`, `BADTRUNC`, `UNSUPPORTED`, `BYPASS`, `INT_ERROR`, `SRV_TIMEOUT`, `EMPTY_RESP`,\n`REQ_BLOCKED`, `ADMIN_DROP`, `WCDN_TIMEOUT`, `IPS_BLOCK`, `FQDN_RESOLV_FAIL`\n"},"capturePcap":{"type":"boolean","description":"(Boolean) Value that indicates whether packet capture (PCAP) is enabled or not\n"},"defaultDnsRuleNameUsed":{"type":"boolean","description":"(Boolean) A Boolean value that indicates whether the default DNS rule name is used for the rule.\n"},"defaultRule":{"type":"boolean","description":"(Boolean) Value that indicates whether the rule is the Default Cloud DNS Rule or not\n"},"departments":{"$ref":"#/types/zia:index/FirewallDNSRuleDepartments:FirewallDNSRuleDepartments","description":"(List of Objects) Apply to any number of departments When not used it implies `Any` to apply the rule to all departments.\n"},"description":{"type":"string","description":"(String) Enter additional notes or information. The description cannot exceed 10,240 characters.\n"},"destAddresses":{"type":"array","items":{"type":"string"},"description":"(Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).\n"},"destCountries":{"type":"array","items":{"type":"string"},"description":"(Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.\n**NOTE**: Provide a 2 letter [ISO3166 Alpha2 Country code](https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes). i.e ``\"US\"``, ``\"CA\"``\n"},"destIpCategories":{"type":"array","items":{"type":"string"},"description":"(Set of String)  identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.\n"},"destIpGroups":{"$ref":"#/types/zia:index/FirewallDNSRuleDestIpGroups:FirewallDNSRuleDestIpGroups","description":"** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.\n"},"destIpv6Groups":{"$ref":"#/types/zia:index/FirewallDNSRuleDestIpv6Groups:FirewallDNSRuleDestIpv6Groups","description":"list of destination ip groups"},"deviceGroups":{"$ref":"#/types/zia:index/FirewallDNSRuleDeviceGroups:FirewallDNSRuleDeviceGroups","description":"(List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.\n"},"devices":{"$ref":"#/types/zia:index/FirewallDNSRuleDevices:FirewallDNSRuleDevices","description":"(List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.\n"},"dnsGateway":{"$ref":"#/types/zia:index/FirewallDNSRuleDnsGateway:FirewallDNSRuleDnsGateway","description":"(Set of Objects) The DNS gateway used to redirect traffic, specified when the rule action is to redirect DNS request to an external DNS service. Only one DNS Gateway is supported.\n"},"dnsRuleRequestTypes":{"type":"array","items":{"type":"string"},"description":"(Set of Strings) DNS request types to which the rule applies. Supportedn values are:\n`A`, `NS`, `MD`, `MF`, `CNAME`, `SOA`, `MB`, `MG`, `MR`, `NULL`, `WKS`, `PTR`, `HINFO`, `MINFO`, `MX`, `TXT`, `RP`, `AFSDB`,\n`X25`, `ISDN`, `RT`, `NSAP`, `NSAP_PTR`, `SIG`, `KEY`, `PX`, `GPOS`, `AAAA`, `LOC`, `NXT`, `EID`, `NIMLOC`, `SRV`, `ATMA`,\n`NAPTR`, `KX`, `CERT`, `A6`, `DNAME`, `SINK`, `OPT`, `APL`, `DS`, `SSHFP`, `PSECKEF`, `RRSIG`, `NSEC`, `DNSKEY`,\n`DHCID`, `NSEC3`, `NSEC3PARAM`, `TLSA`, `HIP`, `NINFO`, `RKEY`, `TALINK`, `CDS`, `CDNSKEY`, `OPENPGPKEY`, `CSYNC`,\n`ZONEMD`, `SVCB`, `HTTPS`,\n"},"ednsEcsObject":{"$ref":"#/types/zia:index/FirewallDNSRuleEdnsEcsObject:FirewallDNSRuleEdnsEcsObject","description":"(List of Objects) The EDNS ECS object which resolves DNS request. Only one object is supported.\n"},"groups":{"$ref":"#/types/zia:index/FirewallDNSRuleGroups:FirewallDNSRuleGroups","description":"(List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`8`\" pulumi-lang-dotnet=\"`8`\" pulumi-lang-go=\"`8`\" pulumi-lang-python=\"`8`\" pulumi-lang-yaml=\"`8`\" pulumi-lang-java=\"`8`\"\u003e`8`\u003c/span\u003e groups. When not used it implies `Any` to apply the rule to all groups.\n"},"isWebEunEnabled":{"type":"boolean","description":"(Boolean) A Boolean value that indicates whether Enhanced User Notification (EUN) is enabled for the rule.\n"},"labels":{"$ref":"#/types/zia:index/FirewallDNSRuleLabels:FirewallDNSRuleLabels","description":"(List of Objects) Labels that are applicable to the rule.\n"},"locationGroups":{"$ref":"#/types/zia:index/FirewallDNSRuleLocationGroups:FirewallDNSRuleLocationGroups","description":"(List of Objects)You can manually select up to \u003cspan pulumi-lang-nodejs=\"`32`\" pulumi-lang-dotnet=\"`32`\" pulumi-lang-go=\"`32`\" pulumi-lang-python=\"`32`\" pulumi-lang-yaml=\"`32`\" pulumi-lang-java=\"`32`\"\u003e`32`\u003c/span\u003e location groups. When not used it implies `Any` to apply the rule to all location groups.\n"},"locations":{"$ref":"#/types/zia:index/FirewallDNSRuleLocations:FirewallDNSRuleLocations","description":"(List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`8`\" pulumi-lang-dotnet=\"`8`\" pulumi-lang-go=\"`8`\" pulumi-lang-python=\"`8`\" pulumi-lang-yaml=\"`8`\" pulumi-lang-java=\"`8`\"\u003e`8`\u003c/span\u003e locations. When not used it implies `Any` to apply the rule to all groups.\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"},"order":{"type":"integer","description":"(Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.\n"},"predefined":{"type":"boolean","description":"(Boolean) A Boolean field that indicates that the rule is predefined by using a true value\n"},"protocols":{"type":"array","items":{"type":"string"},"description":"(Set of Strings) The protocols to which the rules applies. Supported Values: `ANY_RULE`, `SMRULEF_CASCADING_ALLOWED`, `TCP_RULE`, `UDP_RULE`, `DOHTTPS_RULE`\n"},"rank":{"type":"integer","description":"(Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank in UI first. The default value is \u003cspan pulumi-lang-nodejs=\"`7`\" pulumi-lang-dotnet=\"`7`\" pulumi-lang-go=\"`7`\" pulumi-lang-python=\"`7`\" pulumi-lang-yaml=\"`7`\" pulumi-lang-java=\"`7`\"\u003e`7`\u003c/span\u003e. Visit to learn more [About Admin Rank](https://help.zscaler.com/zia/about-admin-rank)\n"},"redirectIp":{"type":"string","description":"(String) The IP address to which the traffic will be redirected to when the DNAT rule is triggered. If not set, no redirection is done to specific IP addresses. Only supported when the \u003cspan pulumi-lang-nodejs=\"`action`\" pulumi-lang-dotnet=\"`Action`\" pulumi-lang-go=\"`action`\" pulumi-lang-python=\"`action`\" pulumi-lang-yaml=\"`action`\" pulumi-lang-java=\"`action`\"\u003e`action`\u003c/span\u003e is `REDIR_REQ`\n"},"resCategories":{"type":"array","items":{"type":"string"},"description":"(Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.\n"},"sourceCountries":{"type":"array","items":{"type":"string"},"description":"(Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries.\n**NOTE**: Provide a 2 letter [ISO3166 Alpha2 Country code](https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes). i.e ``\"US\"``, ``\"CA\"``\n"},"srcIpGroups":{"$ref":"#/types/zia:index/FirewallDNSRuleSrcIpGroups:FirewallDNSRuleSrcIpGroups","description":"(List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.\n"},"srcIps":{"type":"array","items":{"type":"string"},"description":"(Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).\n"},"srcIpv6Groups":{"$ref":"#/types/zia:index/FirewallDNSRuleSrcIpv6Groups:FirewallDNSRuleSrcIpv6Groups","description":"(List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.\n"},"state":{"type":"string","description":"(Optional) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule. Supported Values: `ENABLED`, `DISABLED`\n"},"timeWindows":{"$ref":"#/types/zia:index/FirewallDNSRuleTimeWindows:FirewallDNSRuleTimeWindows","description":"(List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`1`\" pulumi-lang-dotnet=\"`1`\" pulumi-lang-go=\"`1`\" pulumi-lang-python=\"`1`\" pulumi-lang-yaml=\"`1`\" pulumi-lang-java=\"`1`\"\u003e`1`\u003c/span\u003e time intervals. When not used it implies \u003cspan pulumi-lang-nodejs=\"`always`\" pulumi-lang-dotnet=\"`Always`\" pulumi-lang-go=\"`always`\" pulumi-lang-python=\"`always`\" pulumi-lang-yaml=\"`always`\" pulumi-lang-java=\"`always`\"\u003e`always`\u003c/span\u003e to apply the rule to all time intervals.\n"},"users":{"$ref":"#/types/zia:index/FirewallDNSRuleUsers:FirewallDNSRuleUsers","description":"(List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`4`\" pulumi-lang-dotnet=\"`4`\" pulumi-lang-go=\"`4`\" pulumi-lang-python=\"`4`\" pulumi-lang-yaml=\"`4`\" pulumi-lang-java=\"`4`\"\u003e`4`\u003c/span\u003e general and/or special users. When not used it implies `Any` to apply the rule to all users.\n"},"zpaIpGroup":{"$ref":"#/types/zia:index/FirewallDNSRuleZpaIpGroup:FirewallDNSRuleZpaIpGroup","description":"(Set of Objects) The ZPA IP pool specified when the rule action is to resolve domain names of ZPA applications to an ephemeral IP address from a preconfigured IP pool. Only one object is supported.\n"}},"requiredInputs":["order"],"stateInputs":{"description":"Input properties used for looking up and filtering FirewallDNSRule resources.\n","properties":{"action":{"type":"string","description":"(String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: `ALLOW`, `BLOCK`, `REDIR_REQ`, `REDIR_RES`, `REDIR_ZPA`, `REDIR_REQ_DOH`, `REDIR_REQ_KEEP_SENDER`, `REDIR_REQ_TCP`, `REDIR_REQ_UDP`, `BLOCK_WITH_RESPONSE`\n"},"applicationGroups":{"$ref":"#/types/zia:index/FirewallDNSRuleApplicationGroups:FirewallDNSRuleApplicationGroups","description":"(List of Objects) DNS application groups to which the rule applies\n"},"applications":{"type":"array","items":{"type":"string"},"description":"(Set of Strings) DNS tunnels and network applications to which the rule applies. To retrieve the available list of DNS tunnels applications use the data source: \u003cspan pulumi-lang-nodejs=\"`zia.getCloudApplications`\" pulumi-lang-dotnet=\"`zia.getCloudApplications`\" pulumi-lang-go=\"`getCloudApplications`\" pulumi-lang-python=\"`get_cloud_applications`\" pulumi-lang-yaml=\"`zia.getCloudApplications`\" pulumi-lang-java=\"`zia.getCloudApplications`\"\u003e`zia.getCloudApplications`\u003c/span\u003e with the \u003cspan pulumi-lang-nodejs=\"`appClass`\" pulumi-lang-dotnet=\"`AppClass`\" pulumi-lang-go=\"`appClass`\" pulumi-lang-python=\"`app_class`\" pulumi-lang-yaml=\"`appClass`\" pulumi-lang-java=\"`appClass`\"\u003e`app_class`\u003c/span\u003e value `DNS_OVER_HTTPS`. For the complete list of supported file types refer to the  [ZIA API documentation](https://help.zscaler.com/zia/data-loss-prevention#/webDlpRules-post). To retrieve the list of cloud applications, use the data source: \u003cspan pulumi-lang-nodejs=\"`zia.getCloudApplications`\" pulumi-lang-dotnet=\"`zia.getCloudApplications`\" pulumi-lang-go=\"`getCloudApplications`\" pulumi-lang-python=\"`get_cloud_applications`\" pulumi-lang-yaml=\"`zia.getCloudApplications`\" pulumi-lang-java=\"`zia.getCloudApplications`\"\u003e`zia.getCloudApplications`\u003c/span\u003e\n"},"blockResponseCode":{"type":"string","description":"(String) Specifies the DNS response code to be sent to the client when the action is configured to block and send response code. Supported values are: `ANY`, `NONE`, `FORMERR`, `SERVFAIL`, `NXDOMAIN`, `NOTIMP`, `REFUSED`, `YXDOMAIN`, `YXRRSET`, `NXRRSET`, `NOTAUTH`, `NOTZONE`, `BADVERS`, `BADKEY`, `BADTIME`, `BADMODE`, `BADNAME`, `BADALG`, `BADTRUNC`, `UNSUPPORTED`, `BYPASS`, `INT_ERROR`, `SRV_TIMEOUT`, `EMPTY_RESP`,\n`REQ_BLOCKED`, `ADMIN_DROP`, `WCDN_TIMEOUT`, `IPS_BLOCK`, `FQDN_RESOLV_FAIL`\n"},"capturePcap":{"type":"boolean","description":"(Boolean) Value that indicates whether packet capture (PCAP) is enabled or not\n"},"defaultDnsRuleNameUsed":{"type":"boolean","description":"(Boolean) A Boolean value that indicates whether the default DNS rule name is used for the rule.\n"},"defaultRule":{"type":"boolean","description":"(Boolean) Value that indicates whether the rule is the Default Cloud DNS Rule or not\n"},"departments":{"$ref":"#/types/zia:index/FirewallDNSRuleDepartments:FirewallDNSRuleDepartments","description":"(List of Objects) Apply to any number of departments When not used it implies `Any` to apply the rule to all departments.\n"},"description":{"type":"string","description":"(String) Enter additional notes or information. The description cannot exceed 10,240 characters.\n"},"destAddresses":{"type":"array","items":{"type":"string"},"description":"(Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).\n"},"destCountries":{"type":"array","items":{"type":"string"},"description":"(Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.\n**NOTE**: Provide a 2 letter [ISO3166 Alpha2 Country code](https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes). i.e ``\"US\"``, ``\"CA\"``\n"},"destIpCategories":{"type":"array","items":{"type":"string"},"description":"(Set of String)  identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.\n"},"destIpGroups":{"$ref":"#/types/zia:index/FirewallDNSRuleDestIpGroups:FirewallDNSRuleDestIpGroups","description":"** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.\n"},"destIpv6Groups":{"$ref":"#/types/zia:index/FirewallDNSRuleDestIpv6Groups:FirewallDNSRuleDestIpv6Groups","description":"list of destination ip groups"},"deviceGroups":{"$ref":"#/types/zia:index/FirewallDNSRuleDeviceGroups:FirewallDNSRuleDeviceGroups","description":"(List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.\n"},"devices":{"$ref":"#/types/zia:index/FirewallDNSRuleDevices:FirewallDNSRuleDevices","description":"(List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.\n"},"dnsGateway":{"$ref":"#/types/zia:index/FirewallDNSRuleDnsGateway:FirewallDNSRuleDnsGateway","description":"(Set of Objects) The DNS gateway used to redirect traffic, specified when the rule action is to redirect DNS request to an external DNS service. Only one DNS Gateway is supported.\n"},"dnsRuleRequestTypes":{"type":"array","items":{"type":"string"},"description":"(Set of Strings) DNS request types to which the rule applies. Supportedn values are:\n`A`, `NS`, `MD`, `MF`, `CNAME`, `SOA`, `MB`, `MG`, `MR`, `NULL`, `WKS`, `PTR`, `HINFO`, `MINFO`, `MX`, `TXT`, `RP`, `AFSDB`,\n`X25`, `ISDN`, `RT`, `NSAP`, `NSAP_PTR`, `SIG`, `KEY`, `PX`, `GPOS`, `AAAA`, `LOC`, `NXT`, `EID`, `NIMLOC`, `SRV`, `ATMA`,\n`NAPTR`, `KX`, `CERT`, `A6`, `DNAME`, `SINK`, `OPT`, `APL`, `DS`, `SSHFP`, `PSECKEF`, `RRSIG`, `NSEC`, `DNSKEY`,\n`DHCID`, `NSEC3`, `NSEC3PARAM`, `TLSA`, `HIP`, `NINFO`, `RKEY`, `TALINK`, `CDS`, `CDNSKEY`, `OPENPGPKEY`, `CSYNC`,\n`ZONEMD`, `SVCB`, `HTTPS`,\n"},"ednsEcsObject":{"$ref":"#/types/zia:index/FirewallDNSRuleEdnsEcsObject:FirewallDNSRuleEdnsEcsObject","description":"(List of Objects) The EDNS ECS object which resolves DNS request. Only one object is supported.\n"},"groups":{"$ref":"#/types/zia:index/FirewallDNSRuleGroups:FirewallDNSRuleGroups","description":"(List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`8`\" pulumi-lang-dotnet=\"`8`\" pulumi-lang-go=\"`8`\" pulumi-lang-python=\"`8`\" pulumi-lang-yaml=\"`8`\" pulumi-lang-java=\"`8`\"\u003e`8`\u003c/span\u003e groups. When not used it implies `Any` to apply the rule to all groups.\n"},"isWebEunEnabled":{"type":"boolean","description":"(Boolean) A Boolean value that indicates whether Enhanced User Notification (EUN) is enabled for the rule.\n"},"labels":{"$ref":"#/types/zia:index/FirewallDNSRuleLabels:FirewallDNSRuleLabels","description":"(List of Objects) Labels that are applicable to the rule.\n"},"locationGroups":{"$ref":"#/types/zia:index/FirewallDNSRuleLocationGroups:FirewallDNSRuleLocationGroups","description":"(List of Objects)You can manually select up to \u003cspan pulumi-lang-nodejs=\"`32`\" pulumi-lang-dotnet=\"`32`\" pulumi-lang-go=\"`32`\" pulumi-lang-python=\"`32`\" pulumi-lang-yaml=\"`32`\" pulumi-lang-java=\"`32`\"\u003e`32`\u003c/span\u003e location groups. When not used it implies `Any` to apply the rule to all location groups.\n"},"locations":{"$ref":"#/types/zia:index/FirewallDNSRuleLocations:FirewallDNSRuleLocations","description":"(List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`8`\" pulumi-lang-dotnet=\"`8`\" pulumi-lang-go=\"`8`\" pulumi-lang-python=\"`8`\" pulumi-lang-yaml=\"`8`\" pulumi-lang-java=\"`8`\"\u003e`8`\u003c/span\u003e locations. When not used it implies `Any` to apply the rule to all groups.\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"},"order":{"type":"integer","description":"(Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.\n"},"predefined":{"type":"boolean","description":"(Boolean) A Boolean field that indicates that the rule is predefined by using a true value\n"},"protocols":{"type":"array","items":{"type":"string"},"description":"(Set of Strings) The protocols to which the rules applies. Supported Values: `ANY_RULE`, `SMRULEF_CASCADING_ALLOWED`, `TCP_RULE`, `UDP_RULE`, `DOHTTPS_RULE`\n"},"rank":{"type":"integer","description":"(Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank in UI first. The default value is \u003cspan pulumi-lang-nodejs=\"`7`\" pulumi-lang-dotnet=\"`7`\" pulumi-lang-go=\"`7`\" pulumi-lang-python=\"`7`\" pulumi-lang-yaml=\"`7`\" pulumi-lang-java=\"`7`\"\u003e`7`\u003c/span\u003e. Visit to learn more [About Admin Rank](https://help.zscaler.com/zia/about-admin-rank)\n"},"redirectIp":{"type":"string","description":"(String) The IP address to which the traffic will be redirected to when the DNAT rule is triggered. If not set, no redirection is done to specific IP addresses. Only supported when the \u003cspan pulumi-lang-nodejs=\"`action`\" pulumi-lang-dotnet=\"`Action`\" pulumi-lang-go=\"`action`\" pulumi-lang-python=\"`action`\" pulumi-lang-yaml=\"`action`\" pulumi-lang-java=\"`action`\"\u003e`action`\u003c/span\u003e is `REDIR_REQ`\n"},"resCategories":{"type":"array","items":{"type":"string"},"description":"(Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.\n"},"ruleId":{"type":"integer"},"sourceCountries":{"type":"array","items":{"type":"string"},"description":"(Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries.\n**NOTE**: Provide a 2 letter [ISO3166 Alpha2 Country code](https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes). i.e ``\"US\"``, ``\"CA\"``\n"},"srcIpGroups":{"$ref":"#/types/zia:index/FirewallDNSRuleSrcIpGroups:FirewallDNSRuleSrcIpGroups","description":"(List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.\n"},"srcIps":{"type":"array","items":{"type":"string"},"description":"(Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).\n"},"srcIpv6Groups":{"$ref":"#/types/zia:index/FirewallDNSRuleSrcIpv6Groups:FirewallDNSRuleSrcIpv6Groups","description":"(List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.\n"},"state":{"type":"string","description":"(Optional) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule. Supported Values: `ENABLED`, `DISABLED`\n"},"timeWindows":{"$ref":"#/types/zia:index/FirewallDNSRuleTimeWindows:FirewallDNSRuleTimeWindows","description":"(List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`1`\" pulumi-lang-dotnet=\"`1`\" pulumi-lang-go=\"`1`\" pulumi-lang-python=\"`1`\" pulumi-lang-yaml=\"`1`\" pulumi-lang-java=\"`1`\"\u003e`1`\u003c/span\u003e time intervals. When not used it implies \u003cspan pulumi-lang-nodejs=\"`always`\" pulumi-lang-dotnet=\"`Always`\" pulumi-lang-go=\"`always`\" pulumi-lang-python=\"`always`\" pulumi-lang-yaml=\"`always`\" pulumi-lang-java=\"`always`\"\u003e`always`\u003c/span\u003e to apply the rule to all time intervals.\n"},"users":{"$ref":"#/types/zia:index/FirewallDNSRuleUsers:FirewallDNSRuleUsers","description":"(List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`4`\" pulumi-lang-dotnet=\"`4`\" pulumi-lang-go=\"`4`\" pulumi-lang-python=\"`4`\" pulumi-lang-yaml=\"`4`\" pulumi-lang-java=\"`4`\"\u003e`4`\u003c/span\u003e general and/or special users. When not used it implies `Any` to apply the rule to all users.\n"},"zpaIpGroup":{"$ref":"#/types/zia:index/FirewallDNSRuleZpaIpGroup:FirewallDNSRuleZpaIpGroup","description":"(Set of Objects) The ZPA IP pool specified when the rule action is to resolve domain names of ZPA applications to an ephemeral IP address from a preconfigured IP pool. Only one object is supported.\n"}},"type":"object"}},"zia:index/firewallFilteringApplicationGroups:FirewallFilteringApplicationGroups":{"description":"* [Official documentation](https://help.zscaler.com/zia/firewall-policies#/networkApplicationGroups/{groupId}-get)\n* [API documentation](https://help.zscaler.com/zia/firewall-policies#/networkApplicationGroups/{groupId}-get)\n\nThe **zia_firewall_filtering_network_application_groups** resource allows the creation and management of ZIA Cloud Firewall IP source groups in the Zscaler Internet Access. This resource can then be associated with a ZIA cloud firewall filtering rule.\n\n## Example Usage\n\n```hcl\n# Add applications to a network application group\nresource \"zia_firewall_filtering_network_application_groups\" \"example\" {\n  name        = \"Example\"\n  description = \"Example\"\n  network_applications = [ \"LDAP\", \"LDAPS\", \"SRVLOC\"]\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_firewall_filtering_network_application_groups** can be imported by using `\u003cGROUP_ID\u003e` or `\u003cGROUP_NAME\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/firewallFilteringApplicationGroups:FirewallFilteringApplicationGroups example \u003cgroup_id\u003e\n```\n\nor\n\n```sh\n$ pulumi import zia:index/firewallFilteringApplicationGroups:FirewallFilteringApplicationGroups example \u003cgroup_name\u003e\n```\n\n","properties":{"appId":{"type":"integer"},"description":{"type":"string"},"name":{"type":"string"},"networkApplications":{"type":"array","items":{"type":"string"}}},"required":["appId","name"],"inputProperties":{"description":{"type":"string"},"name":{"type":"string"},"networkApplications":{"type":"array","items":{"type":"string"}}},"stateInputs":{"description":"Input properties used for looking up and filtering FirewallFilteringApplicationGroups resources.\n","properties":{"appId":{"type":"integer"},"description":{"type":"string"},"name":{"type":"string"},"networkApplications":{"type":"array","items":{"type":"string"}}},"type":"object"}},"zia:index/firewallFilteringDestinationGroups:FirewallFilteringDestinationGroups":{"description":"* [Official documentation](https://help.zscaler.com/zia/firewall-policies#/ipDestinationGroups-post)\n* [API documentation](https://help.zscaler.com/zia/firewall-policies#/ipDestinationGroups-post)\n\nThe **zia_firewall_filtering_destination_groups** resource allows the creation and management of ZIA Cloud Firewall IP destination groups in the Zscaler Internet Access. This resource can then be associated with a ZIA cloud firewall filtering rule.\n\n## Example Usage\n\n```hcl\n# IP Destination Group of Type DSTN_FQDN\nresource \"zia_firewall_filtering_destination_groups\" \"dstn_fqdn\" {\n  name        = \"Example Destination FQDN\"\n  description = \"Example Destination FQDN\"\n  type        = \"DSTN_FQDN\"\n  addresses = [ \"test1.acme.com\", \"test2.acme.com\", \"test3.acme.com\" ]\n}\n```\n\n```hcl\n# IP Destination Group of Type DSTN_IP\nresource \"zia_firewall_filtering_destination_groups\" \"example_dstn_ip\" {\n  name        = \"Example Destination IP\"\n  description = \"Example Destination IP\"\n  type        = \"DSTN_IP\"\n  addresses = [\"3.217.228.0-3.217.231.255\",\n    \"3.235.112.0-3.235.119.255\",\n    \"52.23.61.0-52.23.62.25\",\n    \"35.80.88.0-35.80.95.255\"]\n}\n```\n\n```hcl\n# IP Destination Group of Type DSTN_DOMAIN\nresource \"zia_firewall_filtering_destination_groups\" \"example_dstn_domain\" {\n  name          = \"Example Destination Domain\"\n  description   = \"Example Destination Domain\"\n  type          = \"DSTN_DOMAIN\"\n  addresses     = [\"acme.com\", \"acme1.com\"]\n}\n```\n\n```hcl\n# IP Destination Group of Type DSTN_OTHER\nresource \"zia_firewall_filtering_destination_groups\" \"example_dstn_other\" {\n  name          = \"Example Destination Other\"\n  description   = \"Example Destination Other\"\n  type          = \"DSTN_OTHER\"\n  countries     = [\"COUNTRY_CA\"]\n  ip_categories = [\"CUSTOM_01\", \"CUSTOM_02\"]\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_firewall_filtering_destination_groups** can be imported by using `\u003cGROUP_ID\u003e` or `\u003cGROUP_NAME\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/firewallFilteringDestinationGroups:FirewallFilteringDestinationGroups example \u003cgroup_id\u003e\n```\n\nor\n\n```sh\n$ pulumi import zia:index/firewallFilteringDestinationGroups:FirewallFilteringDestinationGroups example \u003cgroup_name\u003e\n```\n\n","properties":{"addresses":{"type":"array","items":{"type":"string"},"description":"Destination IP addresses within the group"},"countries":{"type":"array","items":{"type":"string"},"description":"Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries."},"description":{"type":"string","description":"Additional information about the destination IP group"},"groupId":{"type":"integer","description":"Unique identifer for the destination IP group"},"ipCategories":{"type":"array","items":{"type":"string"},"description":"List of URL categories for which rule must be applied"},"name":{"type":"string","description":"Destination IP group name"},"type":{"type":"string","description":"Destination IP group type (i.e., the group can contain destination IP addresses or FQDNs)"}},"required":["addresses","countries","groupId","name","type"],"inputProperties":{"addresses":{"type":"array","items":{"type":"string"},"description":"Destination IP addresses within the group"},"countries":{"type":"array","items":{"type":"string"},"description":"Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries."},"description":{"type":"string","description":"Additional information about the destination IP group"},"ipCategories":{"type":"array","items":{"type":"string"},"description":"List of URL categories for which rule must be applied"},"name":{"type":"string","description":"Destination IP group name"},"type":{"type":"string","description":"Destination IP group type (i.e., the group can contain destination IP addresses or FQDNs)","willReplaceOnChanges":true}},"stateInputs":{"description":"Input properties used for looking up and filtering FirewallFilteringDestinationGroups resources.\n","properties":{"addresses":{"type":"array","items":{"type":"string"},"description":"Destination IP addresses within the group"},"countries":{"type":"array","items":{"type":"string"},"description":"Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries."},"description":{"type":"string","description":"Additional information about the destination IP group"},"groupId":{"type":"integer","description":"Unique identifer for the destination IP group"},"ipCategories":{"type":"array","items":{"type":"string"},"description":"List of URL categories for which rule must be applied"},"name":{"type":"string","description":"Destination IP group name"},"type":{"type":"string","description":"Destination IP group type (i.e., the group can contain destination IP addresses or FQDNs)","willReplaceOnChanges":true}},"type":"object"}},"zia:index/firewallFilteringNetworkServices:FirewallFilteringNetworkServices":{"description":"* [Official documentation](https://help.zscaler.com/zia/firewall-policies#/networkServices-get)\n* [API documentation](https://help.zscaler.com/zia/firewall-policies#/networkServices-get)\n\nThe **zia_firewall_filtering_network_service** resource allows the creation and management of ZIA Cloud Firewall IP network services in the Zscaler Internet Access. This resource can then be associated with a ZIA cloud firewall filtering rule and network service group resources.\n\n## Example Usage\n\n```hcl\nresource \"zia_firewall_filtering_network_service\" \"example\" {\n  name        = \"example\"\n  description = \"example\"\n  src_tcp_ports {\n    start = 5000\n  }\n  src_tcp_ports {\n    start = 5001\n  }\n  src_tcp_ports {\n    start = 5002\n    end   = 5005\n  }\n  dest_tcp_ports {\n    start = 5000\n  }\n    dest_tcp_ports {\n    start = 5001\n  }\n  dest_tcp_ports {\n    start = 5003\n    end   = 5005\n  }\n  type = \"CUSTOM\"\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_firewall_filtering_network_service** can be imported by using `\u003cSERVICE_ID\u003e` or `\u003cSERVICE_NAME\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/firewallFilteringNetworkServices:FirewallFilteringNetworkServices example \u003cservice_id\u003e\n```\n\nor\n\n```sh\n$ pulumi import zia:index/firewallFilteringNetworkServices:FirewallFilteringNetworkServices example \u003cservice_name\u003e\n```\n\n","properties":{"description":{"type":"string"},"destTcpPorts":{"type":"array","items":{"$ref":"#/types/zia:index/FirewallFilteringNetworkServicesDestTcpPort:FirewallFilteringNetworkServicesDestTcpPort"},"description":"dest tcp ports"},"destUdpPorts":{"type":"array","items":{"$ref":"#/types/zia:index/FirewallFilteringNetworkServicesDestUdpPort:FirewallFilteringNetworkServicesDestUdpPort"},"description":"dest udp ports"},"isNameL10nTag":{"type":"boolean"},"name":{"type":"string"},"networkServiceId":{"type":"integer"},"srcTcpPorts":{"type":"array","items":{"$ref":"#/types/zia:index/FirewallFilteringNetworkServicesSrcTcpPort:FirewallFilteringNetworkServicesSrcTcpPort"},"description":"src tcp ports"},"srcUdpPorts":{"type":"array","items":{"$ref":"#/types/zia:index/FirewallFilteringNetworkServicesSrcUdpPort:FirewallFilteringNetworkServicesSrcUdpPort"},"description":"src udp ports"},"tag":{"type":"string"},"type":{"type":"string"}},"required":["name","networkServiceId","tag"],"inputProperties":{"description":{"type":"string"},"destTcpPorts":{"type":"array","items":{"$ref":"#/types/zia:index/FirewallFilteringNetworkServicesDestTcpPort:FirewallFilteringNetworkServicesDestTcpPort"},"description":"dest tcp ports"},"destUdpPorts":{"type":"array","items":{"$ref":"#/types/zia:index/FirewallFilteringNetworkServicesDestUdpPort:FirewallFilteringNetworkServicesDestUdpPort"},"description":"dest udp ports"},"isNameL10nTag":{"type":"boolean"},"name":{"type":"string"},"srcTcpPorts":{"type":"array","items":{"$ref":"#/types/zia:index/FirewallFilteringNetworkServicesSrcTcpPort:FirewallFilteringNetworkServicesSrcTcpPort"},"description":"src tcp ports"},"srcUdpPorts":{"type":"array","items":{"$ref":"#/types/zia:index/FirewallFilteringNetworkServicesSrcUdpPort:FirewallFilteringNetworkServicesSrcUdpPort"},"description":"src udp ports"},"tag":{"type":"string"},"type":{"type":"string"}},"stateInputs":{"description":"Input properties used for looking up and filtering FirewallFilteringNetworkServices resources.\n","properties":{"description":{"type":"string"},"destTcpPorts":{"type":"array","items":{"$ref":"#/types/zia:index/FirewallFilteringNetworkServicesDestTcpPort:FirewallFilteringNetworkServicesDestTcpPort"},"description":"dest tcp ports"},"destUdpPorts":{"type":"array","items":{"$ref":"#/types/zia:index/FirewallFilteringNetworkServicesDestUdpPort:FirewallFilteringNetworkServicesDestUdpPort"},"description":"dest udp ports"},"isNameL10nTag":{"type":"boolean"},"name":{"type":"string"},"networkServiceId":{"type":"integer"},"srcTcpPorts":{"type":"array","items":{"$ref":"#/types/zia:index/FirewallFilteringNetworkServicesSrcTcpPort:FirewallFilteringNetworkServicesSrcTcpPort"},"description":"src tcp ports"},"srcUdpPorts":{"type":"array","items":{"$ref":"#/types/zia:index/FirewallFilteringNetworkServicesSrcUdpPort:FirewallFilteringNetworkServicesSrcUdpPort"},"description":"src udp ports"},"tag":{"type":"string"},"type":{"type":"string"}},"type":"object"}},"zia:index/firewallFilteringRule:FirewallFilteringRule":{"description":"* [Official documentation](https://help.zscaler.com/zia/firewall-policies#/firewallFilteringRules-post)\n* [API documentation](https://help.zscaler.com/zia/firewall-policies#/firewallFilteringRules-post)\n\nThe **zia_firewall_filtering_rule** resource allows the creation and management of ZIA Cloud Firewall filtering rules in the Zscaler Internet Access.\n\n**NOTE 1** Zscaler Cloud Firewall contain default and predefined rules which cannot be deleted (not all attributes are supported on predefined rules). The provider **automatically handles predefined rules** during rule ordering. You can simply use sequential order values (1, 2, 3...) and the provider will:\n\n* Automatically place new rules at the correct position\n* Handle reordering around predefined rules\n* Avoid configuration drift\n\nExample: If there are predefined rules in your tenant, you can still configure your rules starting at `order = 1`. The provider will automatically handle the reordering to place your rules in the correct position relative to predefined rules.\n\n**NOTE 2** Certain attributes on \u003cspan pulumi-lang-nodejs=\"`predefined`\" pulumi-lang-dotnet=\"`Predefined`\" pulumi-lang-go=\"`predefined`\" pulumi-lang-python=\"`predefined`\" pulumi-lang-yaml=\"`predefined`\" pulumi-lang-java=\"`predefined`\"\u003e`predefined`\u003c/span\u003e rules can still be managed or updated via Terraform such as:\n\n* \u003cspan pulumi-lang-nodejs=\"`description`\" pulumi-lang-dotnet=\"`Description`\" pulumi-lang-go=\"`description`\" pulumi-lang-python=\"`description`\" pulumi-lang-yaml=\"`description`\" pulumi-lang-java=\"`description`\"\u003e`description`\u003c/span\u003e - (Optional) Enter additional notes or information. The description cannot exceed 10,240 characters.\n* \u003cspan pulumi-lang-nodejs=\"`state`\" pulumi-lang-dotnet=\"`State`\" pulumi-lang-go=\"`state`\" pulumi-lang-python=\"`state`\" pulumi-lang-yaml=\"`state`\" pulumi-lang-java=\"`state`\"\u003e`state`\u003c/span\u003e - (Optional) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.\n* \u003cspan pulumi-lang-nodejs=\"`order`\" pulumi-lang-dotnet=\"`Order`\" pulumi-lang-go=\"`order`\" pulumi-lang-python=\"`order`\" pulumi-lang-yaml=\"`order`\" pulumi-lang-java=\"`order`\"\u003e`order`\u003c/span\u003e - (Optional) Rule order number of the Firewall Filtering policy rule\n\n* \u003cspan pulumi-lang-nodejs=\"`labels`\" pulumi-lang-dotnet=\"`Labels`\" pulumi-lang-go=\"`labels`\" pulumi-lang-python=\"`labels`\" pulumi-lang-yaml=\"`labels`\" pulumi-lang-java=\"`labels`\"\u003e`labels`\u003c/span\u003e (list) - Labels that are applicable to the rule.\n      * \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e - (Integer) Identifier that uniquely identifies an entity\n\n**NOTE 3** The following attributes on \u003cspan pulumi-lang-nodejs=\"`predefined`\" pulumi-lang-dotnet=\"`Predefined`\" pulumi-lang-go=\"`predefined`\" pulumi-lang-python=\"`predefined`\" pulumi-lang-yaml=\"`predefined`\" pulumi-lang-java=\"`predefined`\"\u003e`predefined`\u003c/span\u003e rules **cannot** be updated:\n\n* \u003cspan pulumi-lang-nodejs=\"`name`\" pulumi-lang-dotnet=\"`Name`\" pulumi-lang-go=\"`name`\" pulumi-lang-python=\"`name`\" pulumi-lang-yaml=\"`name`\" pulumi-lang-java=\"`name`\"\u003e`name`\u003c/span\u003e - Name of the Firewall Filtering policy rule\n* \u003cspan pulumi-lang-nodejs=\"`action`\" pulumi-lang-dotnet=\"`Action`\" pulumi-lang-go=\"`action`\" pulumi-lang-python=\"`action`\" pulumi-lang-yaml=\"`action`\" pulumi-lang-java=\"`action`\"\u003e`action`\u003c/span\u003e - The action the Firewall Filtering policy rule takes when packets match the rule. Supported Values: `ALLOW`, `BLOCK_DROP`, `BLOCK_RESET`, `BLOCK_ICMP`, `EVAL_NWAPP`\n* \u003cspan pulumi-lang-nodejs=\"`rank`\" pulumi-lang-dotnet=\"`Rank`\" pulumi-lang-go=\"`rank`\" pulumi-lang-python=\"`rank`\" pulumi-lang-yaml=\"`rank`\" pulumi-lang-java=\"`rank`\"\u003e`rank`\u003c/span\u003e - (Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank in UI first. The default value is \u003cspan pulumi-lang-nodejs=\"`7`\" pulumi-lang-dotnet=\"`7`\" pulumi-lang-go=\"`7`\" pulumi-lang-python=\"`7`\" pulumi-lang-yaml=\"`7`\" pulumi-lang-java=\"`7`\"\u003e`7`\u003c/span\u003e. Visit to learn more [About Admin Rank](https://help.zscaler.com/zia/about-admin-rank)\n* Most other attributes that define the rule's behavior\n\n**NOTE 4** The import of \u003cspan pulumi-lang-nodejs=\"`predefined`\" pulumi-lang-dotnet=\"`Predefined`\" pulumi-lang-go=\"`predefined`\" pulumi-lang-python=\"`predefined`\" pulumi-lang-yaml=\"`predefined`\" pulumi-lang-java=\"`predefined`\"\u003e`predefined`\u003c/span\u003e rules is still possible in case you want o have them under the Terraform management; however, remember that these rules cannot be deleted. That means, the provider will fail when executing `terraform destroy`; hence, you must remove the rules you want to delete, and re-run `pulumi up` instead.\n\n## Example Usage\n\n```hcl\ndata \"zia_firewall_filtering_network_service\" \"zscaler_proxy_nw_services\" {\n    name = \"ZSCALER_PROXY_NW_SERVICES\"\n}\n\ndata \"zia_department_management\" \"engineering\" {\n name = \"Engineering\"\n}\n\ndata \"zia_group_management\" \"normal_internet\" {\n    name = \"Normal_Internet\"\n}\n\ndata \"zia_firewall_filtering_time_window\" \"work_hours\" {\n    name = \"Work hours\"\n}\n\nresource \"zia_firewall_filtering_rule\" \"example\" {\n    name                = \"Example\"\n    description         = \"Example\"\n    action              = \"ALLOW\"\n    state               = \"ENABLED\"\n    order               = 1\n    enable_full_logging = true\n    nw_services {\n        id = [ data.zia_firewall_filtering_network_service.zscaler_proxy_nw_services.id ]\n    }\n    departments {\n        id = [ data.zia_department_management.engineering.id ]\n    }\n    groups {\n        id = [ data.zia_group_management.normal_internet.id ]\n    }\n    time_windows {\n        id = [ data.zia_firewall_filtering_time_window.work_hours.id ]\n    }\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_firewall_filtering_rule** can be imported by using `\u003cRULE ID\u003e` or `\u003cRULE NAME\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/firewallFilteringRule:FirewallFilteringRule example \u003crule_id\u003e\n```\n\nor\n\n```sh\n$ pulumi import zia:index/firewallFilteringRule:FirewallFilteringRule example \u003crule_name\u003e\n```\n\n","properties":{"action":{"type":"string","description":"The action the Firewall Filtering policy rule takes when packets match the rule"},"appServiceGroups":{"$ref":"#/types/zia:index/FirewallFilteringRuleAppServiceGroups:FirewallFilteringRuleAppServiceGroups","description":"list of application service groups"},"appServices":{"$ref":"#/types/zia:index/FirewallFilteringRuleAppServices:FirewallFilteringRuleAppServices","description":"list of application services"},"defaultRule":{"type":"boolean","description":"If set to true, the default rule is applied"},"departments":{"$ref":"#/types/zia:index/FirewallFilteringRuleDepartments:FirewallFilteringRuleDepartments","description":"list of departments for which rule must be applied"},"description":{"type":"string","description":"Additional information about the rule"},"destAddresses":{"type":"array","items":{"type":"string"},"description":"Destination addresses. Supports IPv4, FQDNs, or wildcard FQDNs"},"destCountries":{"type":"array","items":{"type":"string"},"description":"Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries."},"destIpCategories":{"type":"array","items":{"type":"string"}},"destIpGroups":{"$ref":"#/types/zia:index/FirewallFilteringRuleDestIpGroups:FirewallFilteringRuleDestIpGroups","description":"list of destination ip groups"},"deviceGroups":{"$ref":"#/types/zia:index/FirewallFilteringRuleDeviceGroups:FirewallFilteringRuleDeviceGroups","description":"This field is applicable for devices that are managed using Zscaler Client Connector."},"deviceTrustLevels":{"type":"array","items":{"type":"string"},"description":"List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation."},"devices":{"$ref":"#/types/zia:index/FirewallFilteringRuleDevices:FirewallFilteringRuleDevices","description":"Name-ID pairs of devices for which rule must be applied."},"enableFullLogging":{"type":"boolean"},"excludeSrcCountries":{"type":"boolean"},"groups":{"$ref":"#/types/zia:index/FirewallFilteringRuleGroups:FirewallFilteringRuleGroups","description":"list of groups for which rule must be applied"},"labels":{"$ref":"#/types/zia:index/FirewallFilteringRuleLabels:FirewallFilteringRuleLabels","description":"list of Labels that are applicable to the rule."},"locationGroups":{"$ref":"#/types/zia:index/FirewallFilteringRuleLocationGroups:FirewallFilteringRuleLocationGroups","description":"list of locations groups"},"locations":{"$ref":"#/types/zia:index/FirewallFilteringRuleLocations:FirewallFilteringRuleLocations","description":"list of locations for which rule must be applied"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule"},"nwApplicationGroups":{"$ref":"#/types/zia:index/FirewallFilteringRuleNwApplicationGroups:FirewallFilteringRuleNwApplicationGroups","description":"list of nw application groups"},"nwApplications":{"type":"array","items":{"type":"string"}},"nwServiceGroups":{"$ref":"#/types/zia:index/FirewallFilteringRuleNwServiceGroups:FirewallFilteringRuleNwServiceGroups","description":"list of nw service groups"},"nwServices":{"$ref":"#/types/zia:index/FirewallFilteringRuleNwServices:FirewallFilteringRuleNwServices","description":"list of nw services"},"order":{"type":"integer","description":"Rule order number. If omitted, the rule will be added to the end of the rule set."},"predefined":{"type":"boolean","description":"If set to true, a predefined rule is applied"},"rank":{"type":"integer","description":"Admin rank of the Firewall Filtering policy rule"},"ruleId":{"type":"integer"},"sourceCountries":{"type":"array","items":{"type":"string"},"description":"Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries."},"srcIpGroups":{"$ref":"#/types/zia:index/FirewallFilteringRuleSrcIpGroups:FirewallFilteringRuleSrcIpGroups","description":"list of source ip groups"},"srcIps":{"type":"array","items":{"type":"string"},"description":"User-defined source IP addresses for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address."},"state":{"type":"string","description":"Determines whether the Firewall Filtering policy rule is enabled or disabled"},"timeWindows":{"$ref":"#/types/zia:index/FirewallFilteringRuleTimeWindows:FirewallFilteringRuleTimeWindows","description":"The time interval in which the Firewall Filtering policy rule applies"},"users":{"$ref":"#/types/zia:index/FirewallFilteringRuleUsers:FirewallFilteringRuleUsers","description":"list of users for which rule must be applied"},"workloadGroups":{"type":"array","items":{"$ref":"#/types/zia:index/FirewallFilteringRuleWorkloadGroup:FirewallFilteringRuleWorkloadGroup"},"description":"The list of preconfigured workload groups to which the policy must be applied"},"zpaAppSegments":{"type":"array","items":{"$ref":"#/types/zia:index/FirewallFilteringRuleZpaAppSegment:FirewallFilteringRuleZpaAppSegment"},"description":"The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method."}},"required":["destCountries","name","order","ruleId","sourceCountries","workloadGroups","zpaAppSegments"],"inputProperties":{"action":{"type":"string","description":"The action the Firewall Filtering policy rule takes when packets match the rule"},"appServiceGroups":{"$ref":"#/types/zia:index/FirewallFilteringRuleAppServiceGroups:FirewallFilteringRuleAppServiceGroups","description":"list of application service groups"},"appServices":{"$ref":"#/types/zia:index/FirewallFilteringRuleAppServices:FirewallFilteringRuleAppServices","description":"list of application services"},"defaultRule":{"type":"boolean","description":"If set to true, the default rule is applied"},"departments":{"$ref":"#/types/zia:index/FirewallFilteringRuleDepartments:FirewallFilteringRuleDepartments","description":"list of departments for which rule must be applied"},"description":{"type":"string","description":"Additional information about the rule"},"destAddresses":{"type":"array","items":{"type":"string"},"description":"Destination addresses. Supports IPv4, FQDNs, or wildcard FQDNs"},"destCountries":{"type":"array","items":{"type":"string"},"description":"Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries."},"destIpCategories":{"type":"array","items":{"type":"string"}},"destIpGroups":{"$ref":"#/types/zia:index/FirewallFilteringRuleDestIpGroups:FirewallFilteringRuleDestIpGroups","description":"list of destination ip groups"},"deviceGroups":{"$ref":"#/types/zia:index/FirewallFilteringRuleDeviceGroups:FirewallFilteringRuleDeviceGroups","description":"This field is applicable for devices that are managed using Zscaler Client Connector."},"deviceTrustLevels":{"type":"array","items":{"type":"string"},"description":"List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation."},"devices":{"$ref":"#/types/zia:index/FirewallFilteringRuleDevices:FirewallFilteringRuleDevices","description":"Name-ID pairs of devices for which rule must be applied."},"enableFullLogging":{"type":"boolean"},"excludeSrcCountries":{"type":"boolean"},"groups":{"$ref":"#/types/zia:index/FirewallFilteringRuleGroups:FirewallFilteringRuleGroups","description":"list of groups for which rule must be applied"},"labels":{"$ref":"#/types/zia:index/FirewallFilteringRuleLabels:FirewallFilteringRuleLabels","description":"list of Labels that are applicable to the rule."},"locationGroups":{"$ref":"#/types/zia:index/FirewallFilteringRuleLocationGroups:FirewallFilteringRuleLocationGroups","description":"list of locations groups"},"locations":{"$ref":"#/types/zia:index/FirewallFilteringRuleLocations:FirewallFilteringRuleLocations","description":"list of locations for which rule must be applied"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule"},"nwApplicationGroups":{"$ref":"#/types/zia:index/FirewallFilteringRuleNwApplicationGroups:FirewallFilteringRuleNwApplicationGroups","description":"list of nw application groups"},"nwApplications":{"type":"array","items":{"type":"string"}},"nwServiceGroups":{"$ref":"#/types/zia:index/FirewallFilteringRuleNwServiceGroups:FirewallFilteringRuleNwServiceGroups","description":"list of nw service groups"},"nwServices":{"$ref":"#/types/zia:index/FirewallFilteringRuleNwServices:FirewallFilteringRuleNwServices","description":"list of nw services"},"order":{"type":"integer","description":"Rule order number. If omitted, the rule will be added to the end of the rule set."},"predefined":{"type":"boolean","description":"If set to true, a predefined rule is applied"},"rank":{"type":"integer","description":"Admin rank of the Firewall Filtering policy rule"},"sourceCountries":{"type":"array","items":{"type":"string"},"description":"Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries."},"srcIpGroups":{"$ref":"#/types/zia:index/FirewallFilteringRuleSrcIpGroups:FirewallFilteringRuleSrcIpGroups","description":"list of source ip groups"},"srcIps":{"type":"array","items":{"type":"string"},"description":"User-defined source IP addresses for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address."},"state":{"type":"string","description":"Determines whether the Firewall Filtering policy rule is enabled or disabled"},"timeWindows":{"$ref":"#/types/zia:index/FirewallFilteringRuleTimeWindows:FirewallFilteringRuleTimeWindows","description":"The time interval in which the Firewall Filtering policy rule applies"},"users":{"$ref":"#/types/zia:index/FirewallFilteringRuleUsers:FirewallFilteringRuleUsers","description":"list of users for which rule must be applied"},"workloadGroups":{"type":"array","items":{"$ref":"#/types/zia:index/FirewallFilteringRuleWorkloadGroup:FirewallFilteringRuleWorkloadGroup"},"description":"The list of preconfigured workload groups to which the policy must be applied"},"zpaAppSegments":{"type":"array","items":{"$ref":"#/types/zia:index/FirewallFilteringRuleZpaAppSegment:FirewallFilteringRuleZpaAppSegment"},"description":"The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method."}},"requiredInputs":["order"],"stateInputs":{"description":"Input properties used for looking up and filtering FirewallFilteringRule resources.\n","properties":{"action":{"type":"string","description":"The action the Firewall Filtering policy rule takes when packets match the rule"},"appServiceGroups":{"$ref":"#/types/zia:index/FirewallFilteringRuleAppServiceGroups:FirewallFilteringRuleAppServiceGroups","description":"list of application service groups"},"appServices":{"$ref":"#/types/zia:index/FirewallFilteringRuleAppServices:FirewallFilteringRuleAppServices","description":"list of application services"},"defaultRule":{"type":"boolean","description":"If set to true, the default rule is applied"},"departments":{"$ref":"#/types/zia:index/FirewallFilteringRuleDepartments:FirewallFilteringRuleDepartments","description":"list of departments for which rule must be applied"},"description":{"type":"string","description":"Additional information about the rule"},"destAddresses":{"type":"array","items":{"type":"string"},"description":"Destination addresses. Supports IPv4, FQDNs, or wildcard FQDNs"},"destCountries":{"type":"array","items":{"type":"string"},"description":"Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries."},"destIpCategories":{"type":"array","items":{"type":"string"}},"destIpGroups":{"$ref":"#/types/zia:index/FirewallFilteringRuleDestIpGroups:FirewallFilteringRuleDestIpGroups","description":"list of destination ip groups"},"deviceGroups":{"$ref":"#/types/zia:index/FirewallFilteringRuleDeviceGroups:FirewallFilteringRuleDeviceGroups","description":"This field is applicable for devices that are managed using Zscaler Client Connector."},"deviceTrustLevels":{"type":"array","items":{"type":"string"},"description":"List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation."},"devices":{"$ref":"#/types/zia:index/FirewallFilteringRuleDevices:FirewallFilteringRuleDevices","description":"Name-ID pairs of devices for which rule must be applied."},"enableFullLogging":{"type":"boolean"},"excludeSrcCountries":{"type":"boolean"},"groups":{"$ref":"#/types/zia:index/FirewallFilteringRuleGroups:FirewallFilteringRuleGroups","description":"list of groups for which rule must be applied"},"labels":{"$ref":"#/types/zia:index/FirewallFilteringRuleLabels:FirewallFilteringRuleLabels","description":"list of Labels that are applicable to the rule."},"locationGroups":{"$ref":"#/types/zia:index/FirewallFilteringRuleLocationGroups:FirewallFilteringRuleLocationGroups","description":"list of locations groups"},"locations":{"$ref":"#/types/zia:index/FirewallFilteringRuleLocations:FirewallFilteringRuleLocations","description":"list of locations for which rule must be applied"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule"},"nwApplicationGroups":{"$ref":"#/types/zia:index/FirewallFilteringRuleNwApplicationGroups:FirewallFilteringRuleNwApplicationGroups","description":"list of nw application groups"},"nwApplications":{"type":"array","items":{"type":"string"}},"nwServiceGroups":{"$ref":"#/types/zia:index/FirewallFilteringRuleNwServiceGroups:FirewallFilteringRuleNwServiceGroups","description":"list of nw service groups"},"nwServices":{"$ref":"#/types/zia:index/FirewallFilteringRuleNwServices:FirewallFilteringRuleNwServices","description":"list of nw services"},"order":{"type":"integer","description":"Rule order number. If omitted, the rule will be added to the end of the rule set."},"predefined":{"type":"boolean","description":"If set to true, a predefined rule is applied"},"rank":{"type":"integer","description":"Admin rank of the Firewall Filtering policy rule"},"ruleId":{"type":"integer"},"sourceCountries":{"type":"array","items":{"type":"string"},"description":"Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries."},"srcIpGroups":{"$ref":"#/types/zia:index/FirewallFilteringRuleSrcIpGroups:FirewallFilteringRuleSrcIpGroups","description":"list of source ip groups"},"srcIps":{"type":"array","items":{"type":"string"},"description":"User-defined source IP addresses for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address."},"state":{"type":"string","description":"Determines whether the Firewall Filtering policy rule is enabled or disabled"},"timeWindows":{"$ref":"#/types/zia:index/FirewallFilteringRuleTimeWindows:FirewallFilteringRuleTimeWindows","description":"The time interval in which the Firewall Filtering policy rule applies"},"users":{"$ref":"#/types/zia:index/FirewallFilteringRuleUsers:FirewallFilteringRuleUsers","description":"list of users for which rule must be applied"},"workloadGroups":{"type":"array","items":{"$ref":"#/types/zia:index/FirewallFilteringRuleWorkloadGroup:FirewallFilteringRuleWorkloadGroup"},"description":"The list of preconfigured workload groups to which the policy must be applied"},"zpaAppSegments":{"type":"array","items":{"$ref":"#/types/zia:index/FirewallFilteringRuleZpaAppSegment:FirewallFilteringRuleZpaAppSegment"},"description":"The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method."}},"type":"object"}},"zia:index/firewallFilteringServiceGroups:FirewallFilteringServiceGroups":{"description":"* [Official documentation](https://help.zscaler.com/zia/firewall-policies#/networkServiceGroups-get)\n* [API documentation](https://help.zscaler.com/zia/firewall-policies#/networkServiceGroups-get)\n\nThe **zia_firewall_filtering_network_service_groups** resource allows the creation and management of ZIA Cloud Firewall IP network service groups in the Zscaler Internet Access. This resource can then be associated with a ZIA cloud firewall filtering rule.\n\n## Example Usage\n\n```hcl\ndata \"zia_firewall_filtering_network_service\" \"example1\" {\n  name = \"FTP\"\n}\n\ndata \"zia_firewall_filtering_network_service\" \"example2\" {\n  name = \"NETBIOS\"\n}\n\ndata \"zia_firewall_filtering_network_service\" \"example3\" {\n  name = \"DNS\"\n}\n\n# Add network services to a network services group\nresource \"zia_firewall_filtering_network_service_groups\" \"example\"{\n    name        = \"example\"\n    description = \"example\"\n    services {\n        id = [\n            data.zia_firewall_filtering_network_service.example1.id,\n            data.zia_firewall_filtering_network_service.example2.id,\n            data.zia_firewall_filtering_network_service.example3.id\n        ]\n    }\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**firewall_filtering_network_service_groups** can be imported by using `\u003cGROUP_ID\u003e` or `\u003cGROUP_NAME\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/firewallFilteringServiceGroups:FirewallFilteringServiceGroups example \u003cgroup_id\u003e\n```\n\nor\n\n```sh\n$ pulumi import zia:index/firewallFilteringServiceGroups:FirewallFilteringServiceGroups example \u003cgroup_name\u003e\n```\n\n","properties":{"description":{"type":"string"},"groupId":{"type":"integer"},"name":{"type":"string"},"services":{"type":"array","items":{"$ref":"#/types/zia:index/FirewallFilteringServiceGroupsService:FirewallFilteringServiceGroupsService"},"description":"list of services IDs"}},"required":["groupId","name","services"],"inputProperties":{"description":{"type":"string"},"name":{"type":"string"},"services":{"type":"array","items":{"$ref":"#/types/zia:index/FirewallFilteringServiceGroupsService:FirewallFilteringServiceGroupsService"},"description":"list of services IDs"}},"stateInputs":{"description":"Input properties used for looking up and filtering FirewallFilteringServiceGroups resources.\n","properties":{"description":{"type":"string"},"groupId":{"type":"integer"},"name":{"type":"string"},"services":{"type":"array","items":{"$ref":"#/types/zia:index/FirewallFilteringServiceGroupsService:FirewallFilteringServiceGroupsService"},"description":"list of services IDs"}},"type":"object"}},"zia:index/firewallFilteringSourceGroups:FirewallFilteringSourceGroups":{"description":"* [Official documentation](https://help.zscaler.com/zia/firewall-policies#/ipSourceGroups-get)\n* [API documentation](https://help.zscaler.com/zia/firewall-policies#/ipSourceGroups-get)\n\nThe **zia_firewall_filtering_ip_source_groups** resource allows the creation and management of ZIA Cloud Firewall IP source groups in the Zscaler Internet Access. This resource can then be associated with a ZIA cloud firewall filtering rule.\n\n## Example Usage\n\n```hcl\n# Add an IP address or addresses to a new IP Source Group\nresource \"zia_firewall_filtering_ip_source_groups\" \"example\" {\n  name        = \"Example\"\n  description = \"Example\"\n  ip_addresses = [ \"192.168.100.1\", \"192.168.100.2\", \"192.168.100.3\"]\n}\n```\n\n```hcl\n# Add an IP address range(s) to a new IP Source Group\nresource \"zia_firewall_filtering_ip_source_groups\" \"example\" {\n  name        = \"Example\"\n  description = \"Example\"\n  ip_addresses = [ \"192.0.2.1-192.0.2.10\" ]\n}\n```\n\n```hcl\n# Add subnet to a new IP Source Group\nresource \"zia_firewall_filtering_ip_source_groups\" \"example\" {\n  name        = \"Example\"\n  description = \"Example\"\n  ip_addresses = [ \"203.0.113.0/24\" ]\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_firewall_filtering_ip_source_groups** can be imported by using `\u003cGROUP_ID\u003e` or `\u003cGROUP_NAME\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/firewallFilteringSourceGroups:FirewallFilteringSourceGroups example \u003cgroup_id\u003e\n```\n\nor\n\n```sh\n$ pulumi import zia:index/firewallFilteringSourceGroups:FirewallFilteringSourceGroups example \u003cgroup_name\u003e\n```\n\n","properties":{"description":{"type":"string"},"groupId":{"type":"integer"},"ipAddresses":{"type":"array","items":{"type":"string"}},"name":{"type":"string"}},"required":["groupId","ipAddresses","name"],"inputProperties":{"description":{"type":"string"},"ipAddresses":{"type":"array","items":{"type":"string"}},"name":{"type":"string"}},"requiredInputs":["ipAddresses"],"stateInputs":{"description":"Input properties used for looking up and filtering FirewallFilteringSourceGroups resources.\n","properties":{"description":{"type":"string"},"groupId":{"type":"integer"},"ipAddresses":{"type":"array","items":{"type":"string"}},"name":{"type":"string"}},"type":"object"}},"zia:index/forwardingControlProxies:ForwardingControlProxies":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-third-party-proxies)\n* [API documentation](https://help.zscaler.com/zia/forwarding-control-policy#/proxies-get)\n\nUse the **zia_forwarding_control_proxies** resource allows the creation and management of ZIA forwarding control Proxies for third-party proxy services integration between Zscaler Internet Access and Zscaler Private Access. This resource can then be associated with a ZIA Forwarding Control Rule.\n\n## Example Usage\n\n### No Certificate\n\n```hcl\nresource \"zia_forwarding_control_proxies\" \"this\" {\n  name  = \"Proxy01_Terraform\"\n  description = \"Proxy01_Terraform\"\n  type = \"PROXYCHAIN\"\n  address = \"192.168.1.150\"\n  port = 5000\n  insert_xau_header = true\n  base64_encode_xau_header = true\n}\n```\n\n### With Certificate\n\n```hcl\nresource \"zia_forwarding_control_proxies\" \"this\" {\n  name  = \"Proxy01_Terraform\"\n  description = \"Proxy01_Terraform\"\n  type = \"PROXYCHAIN\"\n  address = \"192.168.1.150\"\n  port = 5000\n  insert_xau_header = true\n  base64_encode_xau_header = true\n  cert {\n    id = 18492369\n  }\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_forwarding_control_proxies** can be imported by using `\u003cPROXY_ID\u003e` or `\u003cPROXY_NAME\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/forwardingControlProxies:ForwardingControlProxies example \u003cproxy_id\u003e\n```\n\nor\n\n```sh\n$ pulumi import zia:index/forwardingControlProxies:ForwardingControlProxies example \u003cproxy_name\u003e\n```\n\n","properties":{"address":{"type":"string","description":"The IP address or the FQDN of the third-party proxy service\n"},"base64EncodeXauHeader":{"type":"boolean","description":"(Boolean) Flag indicating whether the added X-Authenticated-User header is Base64 encoded. When enabled, the user ID is encoded using the Base64 encoding method.\n"},"certs":{"type":"array","items":{"$ref":"#/types/zia:index/ForwardingControlProxiesCert:ForwardingControlProxiesCert"},"description":"(Set of Objects) The root certificate used by the third-party proxy to perform SSL inspection. This root certificate is used by Zscaler to validate the SSL leaf certificates signed by the upstream proxy. The required root certificate appears in this drop-down list only if it is uploaded from the Administration \u003e Root Certificates page.\n"},"description":{"type":"string","description":"(String) Additional notes or information\n"},"insertXauHeader":{"type":"boolean","description":"(Boolean) Flag indicating whether X-Authenticated-User header is added by the proxy. Enable to automatically insert authenticated user ID to the HTTP header, X-Authenticated-User.\n"},"name":{"type":"string","description":"Proxy name for the third-party proxy services\n"},"port":{"type":"integer","description":"The port number on which the third-party proxy service listens to the requests forwarded from Zscaler\n"},"proxyId":{"type":"integer"},"type":{"type":"string","description":"Gateway type. Supported values: `PROXYCHAIN`, `ZIA`, `ECSELF`\n"}},"required":["name","proxyId"],"inputProperties":{"address":{"type":"string","description":"The IP address or the FQDN of the third-party proxy service\n"},"base64EncodeXauHeader":{"type":"boolean","description":"(Boolean) Flag indicating whether the added X-Authenticated-User header is Base64 encoded. When enabled, the user ID is encoded using the Base64 encoding method.\n"},"certs":{"type":"array","items":{"$ref":"#/types/zia:index/ForwardingControlProxiesCert:ForwardingControlProxiesCert"},"description":"(Set of Objects) The root certificate used by the third-party proxy to perform SSL inspection. This root certificate is used by Zscaler to validate the SSL leaf certificates signed by the upstream proxy. The required root certificate appears in this drop-down list only if it is uploaded from the Administration \u003e Root Certificates page.\n"},"description":{"type":"string","description":"(String) Additional notes or information\n"},"insertXauHeader":{"type":"boolean","description":"(Boolean) Flag indicating whether X-Authenticated-User header is added by the proxy. Enable to automatically insert authenticated user ID to the HTTP header, X-Authenticated-User.\n"},"name":{"type":"string","description":"Proxy name for the third-party proxy services\n"},"port":{"type":"integer","description":"The port number on which the third-party proxy service listens to the requests forwarded from Zscaler\n"},"type":{"type":"string","description":"Gateway type. Supported values: `PROXYCHAIN`, `ZIA`, `ECSELF`\n"}},"stateInputs":{"description":"Input properties used for looking up and filtering ForwardingControlProxies resources.\n","properties":{"address":{"type":"string","description":"The IP address or the FQDN of the third-party proxy service\n"},"base64EncodeXauHeader":{"type":"boolean","description":"(Boolean) Flag indicating whether the added X-Authenticated-User header is Base64 encoded. When enabled, the user ID is encoded using the Base64 encoding method.\n"},"certs":{"type":"array","items":{"$ref":"#/types/zia:index/ForwardingControlProxiesCert:ForwardingControlProxiesCert"},"description":"(Set of Objects) The root certificate used by the third-party proxy to perform SSL inspection. This root certificate is used by Zscaler to validate the SSL leaf certificates signed by the upstream proxy. The required root certificate appears in this drop-down list only if it is uploaded from the Administration \u003e Root Certificates page.\n"},"description":{"type":"string","description":"(String) Additional notes or information\n"},"insertXauHeader":{"type":"boolean","description":"(Boolean) Flag indicating whether X-Authenticated-User header is added by the proxy. Enable to automatically insert authenticated user ID to the HTTP header, X-Authenticated-User.\n"},"name":{"type":"string","description":"Proxy name for the third-party proxy services\n"},"port":{"type":"integer","description":"The port number on which the third-party proxy service listens to the requests forwarded from Zscaler\n"},"proxyId":{"type":"integer"},"type":{"type":"string","description":"Gateway type. Supported values: `PROXYCHAIN`, `ZIA`, `ECSELF`\n"}},"type":"object"}},"zia:index/forwardingControlRule:ForwardingControlRule":{"description":"* [Official documentation](https://help.zscaler.com/zia/configuring-forwarding-policy)\n* [API documentation](https://help.zscaler.com/zia/forwarding-control-policy#/forwardingRules-get)\n\nThe **zia_forwarding_control_rule** resource allows the creation and management of ZIA Forwarding Control rules in the Zscaler Internet Access.\n\n⚠️ **WARNING:**  - PR #373 - The resource \u003cspan pulumi-lang-nodejs=\"`zia.ForwardingControlRule`\" pulumi-lang-dotnet=\"`zia.ForwardingControlRule`\" pulumi-lang-go=\"`ForwardingControlRule`\" pulumi-lang-python=\"`ForwardingControlRule`\" pulumi-lang-yaml=\"`zia.ForwardingControlRule`\" pulumi-lang-java=\"`zia.ForwardingControlRule`\"\u003e`zia.ForwardingControlRule`\u003c/span\u003e now pauses for 60 seconds before proceeding with the create or update process whenever the \u003cspan pulumi-lang-nodejs=\"`forwardMethod`\" pulumi-lang-dotnet=\"`ForwardMethod`\" pulumi-lang-go=\"`forwardMethod`\" pulumi-lang-python=\"`forward_method`\" pulumi-lang-yaml=\"`forwardMethod`\" pulumi-lang-java=\"`forwardMethod`\"\u003e`forward_method`\u003c/span\u003e attribute is set to `ZPA`. In case of a failure related to resource synchronization, the provider will retry the resource creation or update up to 3 times, waiting 30 seconds between each retry. This behavior ensures that ZIA and ZPA have sufficient time to synchronize and replicate the necessary resource IDs, reducing the risk of transient errors during provisioning.\n\n  **NOTE**: This retry mechanism helps to automatically overcome temporary latency without manual intervention. This behavior does not affect forwarding rules configured with other\u003cspan pulumi-lang-nodejs=\" forwardMethods \" pulumi-lang-dotnet=\" ForwardMethods \" pulumi-lang-go=\" forwardMethods \" pulumi-lang-python=\" forward_methods \" pulumi-lang-yaml=\" forwardMethods \" pulumi-lang-java=\" forwardMethods \"\u003e forward_methods \u003c/span\u003esuch as `DIRECT`.\n\n## Example Usage\n\n### DIRECT Forwarding Method\n\n```hcl\nresource \"zia_forwarding_control_rule\" \"this\" {\n  name               = \"FC_DIRECT_RULE\"\n  description        = \"FC_DIRECT_RULE\"\n  order              = 1\n  rank               = 7\n  state              = \"ENABLED\"\n  type               = \"FORWARDING\"\n  forward_method     = \"DIRECT\"\n  src_ips            = [\"192.168.200.200\"]\n  dest_addresses     = [\"192.168.255.1\"]\n  dest_ip_categories = [\"ZSPROXY_IPS\", \"CUSTOM_01\"]\n  dest_countries     = [\"CA\", \"US\"]\n}\n```\n\n### ZPA Forwarding Method\n\n  ⚠️ **WARNING:**: You must use the ZPA provider in combination with the ZIA Terraform Provider to successfully configure a Forwarding control rule where the \u003cspan pulumi-lang-nodejs=\"`forwardMethod`\" pulumi-lang-dotnet=\"`ForwardMethod`\" pulumi-lang-go=\"`forwardMethod`\" pulumi-lang-python=\"`forward_method`\" pulumi-lang-yaml=\"`forwardMethod`\" pulumi-lang-java=\"`forwardMethod`\"\u003e`forward_method`\u003c/span\u003e is `ZPA`\n\n```hcl\n# ZPA Server Group\ndata \"zpa_server_group\" \"this\" {\n  name = \"Server_Group_IP_Source_Anchoring\"\n}\n\n# ZPA Application Segment\ndata \"zpa_application_segment\" \"this\" {\n  name = \"App_Segment_IP_Source_Anchoring\"\n}\n\nresource \"zia_forwarding_control_zpa_gateway\" \"this\" {\n    name = \"ZPA_GW01\"\n    description = \"ZPA_GW01\"\n    type = \"ZPA\"\n    zpa_server_group {\n      external_id = data.zpa_server_group.this.id\n      name = data.zpa_server_group.this.id\n    }\n    zpa_app_segments {\n        external_id = data.zpa_application_segment.this.id\n        name = data.zpa_application_segment.this.name\n    }\n}\n\nresource \"zia_forwarding_control_rule\" \"this\" {\n  name           = \"ZPA_FORWARDING_RULE\"\n  description    = \"ZPA_FORWARDING_RULE\"\n  order          = 1\n  rank           = 7\n  state          = \"ENABLED\"\n  type           = \"FORWARDING\"\n  forward_method = \"ZPA\"\n  zpa_gateway {\n    id   = zia_forwarding_control_zpa_gateway.this.id\n    name = zia_forwarding_control_zpa_gateway.this.name\n  }\n  zpa_app_segments {\n    name        = data.zpa_application_segment.this.name\n    external_id = data.zpa_application_segment.this.id\n  }\n}\n```\n\n### PROXYCHAIN Forwarding Method\n\n  ⚠️ **WARNING:**: Creating or retrieving a Proxy Gateway via API is not currently supported; hence, the \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e and \u003cspan pulumi-lang-nodejs=\"`name`\" pulumi-lang-dotnet=\"`Name`\" pulumi-lang-go=\"`name`\" pulumi-lang-python=\"`name`\" pulumi-lang-yaml=\"`name`\" pulumi-lang-java=\"`name`\"\u003e`name`\u003c/span\u003e for the \u003cspan pulumi-lang-nodejs=\"`proxyGateway`\" pulumi-lang-dotnet=\"`ProxyGateway`\" pulumi-lang-go=\"`proxyGateway`\" pulumi-lang-python=\"`proxy_gateway`\" pulumi-lang-yaml=\"`proxyGateway`\" pulumi-lang-java=\"`proxyGateway`\"\u003e`proxy_gateway`\u003c/span\u003e must be passed manually to the \u003cspan pulumi-lang-nodejs=\"`proxyGateway`\" pulumi-lang-dotnet=\"`ProxyGateway`\" pulumi-lang-go=\"`proxyGateway`\" pulumi-lang-python=\"`proxy_gateway`\" pulumi-lang-yaml=\"`proxyGateway`\" pulumi-lang-java=\"`proxyGateway`\"\u003e`proxy_gateway`\u003c/span\u003e block in the below configuration.\n\n```hcl\nresource \"zia_forwarding_control_rule\" \"this\" {\n  name               = \"PROXYCHAIN_FORWARDING_RULE\"\n  description        = \"PROXYCHAIN_FORWARDING_RULE\"\n  order              = 1\n  rank               = 7\n  state              = \"ENABLED\"\n  type               = \"FORWARDING\"\n  forward_method     = \"PROXYCHAIN\"\n  src_ips            = [\"192.168.200.200\"]\n  dest_addresses     = [\"192.168.255.1\"]\n  dest_ip_categories = [\"ZSPROXY_IPS\", \"CUSTOM_01\"]\n  dest_countries     = [\"CA\", \"US\"]\n  proxy_gateway {\n    id   = 2589270\n    name = \"ProxyGW01\"\n  }\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_forwarding_control_rule** can be imported by using `\u003cRULE ID\u003e` or `\u003cRULE NAME\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/forwardingControlRule:ForwardingControlRule example \u003crule_id\u003e\n```\n\nor\n\n```sh\n$ pulumi import zia:index/forwardingControlRule:ForwardingControlRule example \u003crule_name\u003e\n```\n\n","properties":{"appServiceGroups":{"$ref":"#/types/zia:index/ForwardingControlRuleAppServiceGroups:ForwardingControlRuleAppServiceGroups","description":"(list) - Application service groups on which this rule is applied\n"},"departments":{"$ref":"#/types/zia:index/ForwardingControlRuleDepartments:ForwardingControlRuleDepartments","description":"(list) Apply to any number of departments When not used it implies `Any` to apply the rule to all departments.\n"},"description":{"type":"string","description":"(string) - Additional information about the forwarding rule\n"},"destAddresses":{"type":"array","items":{"type":"string"},"description":"** - (list) -  IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.\n"},"destCountries":{"type":"array","items":{"type":"string"},"description":"** - (list) destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries. Provide a 2 letter [ISO3166 Alpha2 Country code](https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes).\n"},"destIpCategories":{"type":"array","items":{"type":"string"},"description":"** - (list) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.\n"},"destIpGroups":{"$ref":"#/types/zia:index/ForwardingControlRuleDestIpGroups:ForwardingControlRuleDestIpGroups","description":"** - (list) Any number of destination IP address groups that you want to control with this rule.\n"},"destIpv6Groups":{"$ref":"#/types/zia:index/ForwardingControlRuleDestIpv6Groups:ForwardingControlRuleDestIpv6Groups","description":"** - (list) Destination IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.\n"},"deviceGroups":{"$ref":"#/types/zia:index/ForwardingControlRuleDeviceGroups:ForwardingControlRuleDeviceGroups","description":"(list) Name-ID pairs of device groups for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.\n"},"ecGroups":{"$ref":"#/types/zia:index/ForwardingControlRuleEcGroups:ForwardingControlRuleEcGroups","description":"(list) - Name-ID pairs of the Zscaler Cloud Connector groups to which the forwarding rule applies\n"},"forwardMethod":{"type":"string","description":"The type of traffic forwarding method selected from the available options"},"groups":{"$ref":"#/types/zia:index/ForwardingControlRuleGroups:ForwardingControlRuleGroups","description":"(list) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`8`\" pulumi-lang-dotnet=\"`8`\" pulumi-lang-go=\"`8`\" pulumi-lang-python=\"`8`\" pulumi-lang-yaml=\"`8`\" pulumi-lang-java=\"`8`\"\u003e`8`\u003c/span\u003e groups. When not used it implies `Any` to apply the rule to all groups.\n"},"labels":{"$ref":"#/types/zia:index/ForwardingControlRuleLabels:ForwardingControlRuleLabels","description":"(list) Labels that are applicable to the rule.\n"},"locationGroups":{"$ref":"#/types/zia:index/ForwardingControlRuleLocationGroups:ForwardingControlRuleLocationGroups","description":"(Optional) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`32`\" pulumi-lang-dotnet=\"`32`\" pulumi-lang-go=\"`32`\" pulumi-lang-python=\"`32`\" pulumi-lang-yaml=\"`32`\" pulumi-lang-java=\"`32`\"\u003e`32`\u003c/span\u003e location groups. When not used it implies `Any` to apply the rule to all location groups.\n"},"locations":{"$ref":"#/types/zia:index/ForwardingControlRuleLocations:ForwardingControlRuleLocations","description":"(Optional) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`8`\" pulumi-lang-dotnet=\"`8`\" pulumi-lang-go=\"`8`\" pulumi-lang-python=\"`8`\" pulumi-lang-yaml=\"`8`\" pulumi-lang-java=\"`8`\"\u003e`8`\u003c/span\u003e locations. When not used it implies `Any` to apply the rule to all groups.\n"},"name":{"type":"string","description":"(string) The configured name of the entity\n"},"nwApplicationGroups":{"$ref":"#/types/zia:index/ForwardingControlRuleNwApplicationGroups:ForwardingControlRuleNwApplicationGroups","description":"(list) Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify\n"},"nwServiceGroups":{"$ref":"#/types/zia:index/ForwardingControlRuleNwServiceGroups:ForwardingControlRuleNwServiceGroups","description":"(list) Any number of predefined or custom network service groups to which the rule applies.\n"},"nwServices":{"$ref":"#/types/zia:index/ForwardingControlRuleNwServices:ForwardingControlRuleNwServices","description":"(list) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to `1,024` additional custom services.\n"},"order":{"type":"integer","description":"(int) - The order of execution for the forwarding rule order.\n"},"proxyGateway":{"$ref":"#/types/zia:index/ForwardingControlRuleProxyGateway:ForwardingControlRuleProxyGateway","description":"(set) The proxy gateway for which the rule is applicable. This field is applicable only for the `PROXYCHAIN` forwarding method.\n"},"rank":{"type":"integer","description":"Admin rank assigned to the forwarding rule"},"resCategories":{"type":"array","items":{"type":"string"},"description":"** - (list) List of destination domain categories to which the rule applies.\n"},"ruleId":{"type":"integer","description":"A unique identifier assigned to the forwarding rule"},"srcIpGroups":{"$ref":"#/types/zia:index/ForwardingControlRuleSrcIpGroups:ForwardingControlRuleSrcIpGroups","description":"(list) Any number of source IP address groups that you want to control with this rule.\n"},"srcIps":{"type":"array","items":{"type":"string"},"description":"(Optional) You can enter individual IP addresses, subnets, or address ranges.\n"},"srcIpv6Groups":{"$ref":"#/types/zia:index/ForwardingControlRuleSrcIpv6Groups:ForwardingControlRuleSrcIpv6Groups","description":"(list) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.\n"},"state":{"type":"string","description":"(string) - Indicates whether the forwarding rule is enabled or disabled. Supported values are: `ENABLED` and `DISABLED`.\n"},"type":{"type":"string","description":"The rule type selected from the available options"},"users":{"$ref":"#/types/zia:index/ForwardingControlRuleUsers:ForwardingControlRuleUsers","description":"(list) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`4`\" pulumi-lang-dotnet=\"`4`\" pulumi-lang-go=\"`4`\" pulumi-lang-python=\"`4`\" pulumi-lang-yaml=\"`4`\" pulumi-lang-java=\"`4`\"\u003e`4`\u003c/span\u003e general and/or special users. When not used it implies `Any` to apply the rule to all users.\n"},"zpaAppSegments":{"type":"array","items":{"$ref":"#/types/zia:index/ForwardingControlRuleZpaAppSegment:ForwardingControlRuleZpaAppSegment"},"description":"(set) The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the `ZPA` Gateway forwarding method.\n"},"zpaApplicationSegmentGroups":{"$ref":"#/types/zia:index/ForwardingControlRuleZpaApplicationSegmentGroups:ForwardingControlRuleZpaApplicationSegmentGroups","description":"(set) List of ZPA Application Segment Groups for which this rule is applicable. This field is applicable only for the `ECZPA` forwarding method (used for Zscaler Cloud Connector).\n"},"zpaApplicationSegments":{"$ref":"#/types/zia:index/ForwardingControlRuleZpaApplicationSegments:ForwardingControlRuleZpaApplicationSegments","description":"(set) List of ZPA Application Segments for which this rule is applicable. This field is applicable only for the `ECZPA` forwarding method (used for Zscaler Cloud Connector).\n"},"zpaGateway":{"$ref":"#/types/zia:index/ForwardingControlRuleZpaGateway:ForwardingControlRuleZpaGateway","description":"(set) The ZPA Gateway for which this rule is applicable. This field is applicable only for the `ZPA` forwarding method.\n"}},"required":["destCountries","forwardMethod","name","order","proxyGateway","ruleId","zpaAppSegments","zpaGateway"],"inputProperties":{"appServiceGroups":{"$ref":"#/types/zia:index/ForwardingControlRuleAppServiceGroups:ForwardingControlRuleAppServiceGroups","description":"(list) - Application service groups on which this rule is applied\n"},"departments":{"$ref":"#/types/zia:index/ForwardingControlRuleDepartments:ForwardingControlRuleDepartments","description":"(list) Apply to any number of departments When not used it implies `Any` to apply the rule to all departments.\n"},"description":{"type":"string","description":"(string) - Additional information about the forwarding rule\n"},"destAddresses":{"type":"array","items":{"type":"string"},"description":"** - (list) -  IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.\n"},"destCountries":{"type":"array","items":{"type":"string"},"description":"** - (list) destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries. Provide a 2 letter [ISO3166 Alpha2 Country code](https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes).\n"},"destIpCategories":{"type":"array","items":{"type":"string"},"description":"** - (list) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.\n"},"destIpGroups":{"$ref":"#/types/zia:index/ForwardingControlRuleDestIpGroups:ForwardingControlRuleDestIpGroups","description":"** - (list) Any number of destination IP address groups that you want to control with this rule.\n"},"destIpv6Groups":{"$ref":"#/types/zia:index/ForwardingControlRuleDestIpv6Groups:ForwardingControlRuleDestIpv6Groups","description":"** - (list) Destination IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.\n"},"deviceGroups":{"$ref":"#/types/zia:index/ForwardingControlRuleDeviceGroups:ForwardingControlRuleDeviceGroups","description":"(list) Name-ID pairs of device groups for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.\n"},"ecGroups":{"$ref":"#/types/zia:index/ForwardingControlRuleEcGroups:ForwardingControlRuleEcGroups","description":"(list) - Name-ID pairs of the Zscaler Cloud Connector groups to which the forwarding rule applies\n"},"forwardMethod":{"type":"string","description":"The type of traffic forwarding method selected from the available options"},"groups":{"$ref":"#/types/zia:index/ForwardingControlRuleGroups:ForwardingControlRuleGroups","description":"(list) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`8`\" pulumi-lang-dotnet=\"`8`\" pulumi-lang-go=\"`8`\" pulumi-lang-python=\"`8`\" pulumi-lang-yaml=\"`8`\" pulumi-lang-java=\"`8`\"\u003e`8`\u003c/span\u003e groups. When not used it implies `Any` to apply the rule to all groups.\n"},"labels":{"$ref":"#/types/zia:index/ForwardingControlRuleLabels:ForwardingControlRuleLabels","description":"(list) Labels that are applicable to the rule.\n"},"locationGroups":{"$ref":"#/types/zia:index/ForwardingControlRuleLocationGroups:ForwardingControlRuleLocationGroups","description":"(Optional) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`32`\" pulumi-lang-dotnet=\"`32`\" pulumi-lang-go=\"`32`\" pulumi-lang-python=\"`32`\" pulumi-lang-yaml=\"`32`\" pulumi-lang-java=\"`32`\"\u003e`32`\u003c/span\u003e location groups. When not used it implies `Any` to apply the rule to all location groups.\n"},"locations":{"$ref":"#/types/zia:index/ForwardingControlRuleLocations:ForwardingControlRuleLocations","description":"(Optional) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`8`\" pulumi-lang-dotnet=\"`8`\" pulumi-lang-go=\"`8`\" pulumi-lang-python=\"`8`\" pulumi-lang-yaml=\"`8`\" pulumi-lang-java=\"`8`\"\u003e`8`\u003c/span\u003e locations. When not used it implies `Any` to apply the rule to all groups.\n"},"name":{"type":"string","description":"(string) The configured name of the entity\n"},"nwApplicationGroups":{"$ref":"#/types/zia:index/ForwardingControlRuleNwApplicationGroups:ForwardingControlRuleNwApplicationGroups","description":"(list) Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify\n"},"nwServiceGroups":{"$ref":"#/types/zia:index/ForwardingControlRuleNwServiceGroups:ForwardingControlRuleNwServiceGroups","description":"(list) Any number of predefined or custom network service groups to which the rule applies.\n"},"nwServices":{"$ref":"#/types/zia:index/ForwardingControlRuleNwServices:ForwardingControlRuleNwServices","description":"(list) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to `1,024` additional custom services.\n"},"order":{"type":"integer","description":"(int) - The order of execution for the forwarding rule order.\n"},"proxyGateway":{"$ref":"#/types/zia:index/ForwardingControlRuleProxyGateway:ForwardingControlRuleProxyGateway","description":"(set) The proxy gateway for which the rule is applicable. This field is applicable only for the `PROXYCHAIN` forwarding method.\n"},"rank":{"type":"integer","description":"Admin rank assigned to the forwarding rule"},"resCategories":{"type":"array","items":{"type":"string"},"description":"** - (list) List of destination domain categories to which the rule applies.\n"},"srcIpGroups":{"$ref":"#/types/zia:index/ForwardingControlRuleSrcIpGroups:ForwardingControlRuleSrcIpGroups","description":"(list) Any number of source IP address groups that you want to control with this rule.\n"},"srcIps":{"type":"array","items":{"type":"string"},"description":"(Optional) You can enter individual IP addresses, subnets, or address ranges.\n"},"srcIpv6Groups":{"$ref":"#/types/zia:index/ForwardingControlRuleSrcIpv6Groups:ForwardingControlRuleSrcIpv6Groups","description":"(list) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.\n"},"state":{"type":"string","description":"(string) - Indicates whether the forwarding rule is enabled or disabled. Supported values are: `ENABLED` and `DISABLED`.\n"},"type":{"type":"string","description":"The rule type selected from the available options"},"users":{"$ref":"#/types/zia:index/ForwardingControlRuleUsers:ForwardingControlRuleUsers","description":"(list) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`4`\" pulumi-lang-dotnet=\"`4`\" pulumi-lang-go=\"`4`\" pulumi-lang-python=\"`4`\" pulumi-lang-yaml=\"`4`\" pulumi-lang-java=\"`4`\"\u003e`4`\u003c/span\u003e general and/or special users. When not used it implies `Any` to apply the rule to all users.\n"},"zpaAppSegments":{"type":"array","items":{"$ref":"#/types/zia:index/ForwardingControlRuleZpaAppSegment:ForwardingControlRuleZpaAppSegment"},"description":"(set) The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the `ZPA` Gateway forwarding method.\n"},"zpaApplicationSegmentGroups":{"$ref":"#/types/zia:index/ForwardingControlRuleZpaApplicationSegmentGroups:ForwardingControlRuleZpaApplicationSegmentGroups","description":"(set) List of ZPA Application Segment Groups for which this rule is applicable. This field is applicable only for the `ECZPA` forwarding method (used for Zscaler Cloud Connector).\n"},"zpaApplicationSegments":{"$ref":"#/types/zia:index/ForwardingControlRuleZpaApplicationSegments:ForwardingControlRuleZpaApplicationSegments","description":"(set) List of ZPA Application Segments for which this rule is applicable. This field is applicable only for the `ECZPA` forwarding method (used for Zscaler Cloud Connector).\n"},"zpaGateway":{"$ref":"#/types/zia:index/ForwardingControlRuleZpaGateway:ForwardingControlRuleZpaGateway","description":"(set) The ZPA Gateway for which this rule is applicable. This field is applicable only for the `ZPA` forwarding method.\n"}},"requiredInputs":["forwardMethod","order"],"stateInputs":{"description":"Input properties used for looking up and filtering ForwardingControlRule resources.\n","properties":{"appServiceGroups":{"$ref":"#/types/zia:index/ForwardingControlRuleAppServiceGroups:ForwardingControlRuleAppServiceGroups","description":"(list) - Application service groups on which this rule is applied\n"},"departments":{"$ref":"#/types/zia:index/ForwardingControlRuleDepartments:ForwardingControlRuleDepartments","description":"(list) Apply to any number of departments When not used it implies `Any` to apply the rule to all departments.\n"},"description":{"type":"string","description":"(string) - Additional information about the forwarding rule\n"},"destAddresses":{"type":"array","items":{"type":"string"},"description":"** - (list) -  IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.\n"},"destCountries":{"type":"array","items":{"type":"string"},"description":"** - (list) destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries. Provide a 2 letter [ISO3166 Alpha2 Country code](https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes).\n"},"destIpCategories":{"type":"array","items":{"type":"string"},"description":"** - (list) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.\n"},"destIpGroups":{"$ref":"#/types/zia:index/ForwardingControlRuleDestIpGroups:ForwardingControlRuleDestIpGroups","description":"** - (list) Any number of destination IP address groups that you want to control with this rule.\n"},"destIpv6Groups":{"$ref":"#/types/zia:index/ForwardingControlRuleDestIpv6Groups:ForwardingControlRuleDestIpv6Groups","description":"** - (list) Destination IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.\n"},"deviceGroups":{"$ref":"#/types/zia:index/ForwardingControlRuleDeviceGroups:ForwardingControlRuleDeviceGroups","description":"(list) Name-ID pairs of device groups for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.\n"},"ecGroups":{"$ref":"#/types/zia:index/ForwardingControlRuleEcGroups:ForwardingControlRuleEcGroups","description":"(list) - Name-ID pairs of the Zscaler Cloud Connector groups to which the forwarding rule applies\n"},"forwardMethod":{"type":"string","description":"The type of traffic forwarding method selected from the available options"},"groups":{"$ref":"#/types/zia:index/ForwardingControlRuleGroups:ForwardingControlRuleGroups","description":"(list) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`8`\" pulumi-lang-dotnet=\"`8`\" pulumi-lang-go=\"`8`\" pulumi-lang-python=\"`8`\" pulumi-lang-yaml=\"`8`\" pulumi-lang-java=\"`8`\"\u003e`8`\u003c/span\u003e groups. When not used it implies `Any` to apply the rule to all groups.\n"},"labels":{"$ref":"#/types/zia:index/ForwardingControlRuleLabels:ForwardingControlRuleLabels","description":"(list) Labels that are applicable to the rule.\n"},"locationGroups":{"$ref":"#/types/zia:index/ForwardingControlRuleLocationGroups:ForwardingControlRuleLocationGroups","description":"(Optional) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`32`\" pulumi-lang-dotnet=\"`32`\" pulumi-lang-go=\"`32`\" pulumi-lang-python=\"`32`\" pulumi-lang-yaml=\"`32`\" pulumi-lang-java=\"`32`\"\u003e`32`\u003c/span\u003e location groups. When not used it implies `Any` to apply the rule to all location groups.\n"},"locations":{"$ref":"#/types/zia:index/ForwardingControlRuleLocations:ForwardingControlRuleLocations","description":"(Optional) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`8`\" pulumi-lang-dotnet=\"`8`\" pulumi-lang-go=\"`8`\" pulumi-lang-python=\"`8`\" pulumi-lang-yaml=\"`8`\" pulumi-lang-java=\"`8`\"\u003e`8`\u003c/span\u003e locations. When not used it implies `Any` to apply the rule to all groups.\n"},"name":{"type":"string","description":"(string) The configured name of the entity\n"},"nwApplicationGroups":{"$ref":"#/types/zia:index/ForwardingControlRuleNwApplicationGroups:ForwardingControlRuleNwApplicationGroups","description":"(list) Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify\n"},"nwServiceGroups":{"$ref":"#/types/zia:index/ForwardingControlRuleNwServiceGroups:ForwardingControlRuleNwServiceGroups","description":"(list) Any number of predefined or custom network service groups to which the rule applies.\n"},"nwServices":{"$ref":"#/types/zia:index/ForwardingControlRuleNwServices:ForwardingControlRuleNwServices","description":"(list) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to `1,024` additional custom services.\n"},"order":{"type":"integer","description":"(int) - The order of execution for the forwarding rule order.\n"},"proxyGateway":{"$ref":"#/types/zia:index/ForwardingControlRuleProxyGateway:ForwardingControlRuleProxyGateway","description":"(set) The proxy gateway for which the rule is applicable. This field is applicable only for the `PROXYCHAIN` forwarding method.\n"},"rank":{"type":"integer","description":"Admin rank assigned to the forwarding rule"},"resCategories":{"type":"array","items":{"type":"string"},"description":"** - (list) List of destination domain categories to which the rule applies.\n"},"ruleId":{"type":"integer","description":"A unique identifier assigned to the forwarding rule"},"srcIpGroups":{"$ref":"#/types/zia:index/ForwardingControlRuleSrcIpGroups:ForwardingControlRuleSrcIpGroups","description":"(list) Any number of source IP address groups that you want to control with this rule.\n"},"srcIps":{"type":"array","items":{"type":"string"},"description":"(Optional) You can enter individual IP addresses, subnets, or address ranges.\n"},"srcIpv6Groups":{"$ref":"#/types/zia:index/ForwardingControlRuleSrcIpv6Groups:ForwardingControlRuleSrcIpv6Groups","description":"(list) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.\n"},"state":{"type":"string","description":"(string) - Indicates whether the forwarding rule is enabled or disabled. Supported values are: `ENABLED` and `DISABLED`.\n"},"type":{"type":"string","description":"The rule type selected from the available options"},"users":{"$ref":"#/types/zia:index/ForwardingControlRuleUsers:ForwardingControlRuleUsers","description":"(list) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`4`\" pulumi-lang-dotnet=\"`4`\" pulumi-lang-go=\"`4`\" pulumi-lang-python=\"`4`\" pulumi-lang-yaml=\"`4`\" pulumi-lang-java=\"`4`\"\u003e`4`\u003c/span\u003e general and/or special users. When not used it implies `Any` to apply the rule to all users.\n"},"zpaAppSegments":{"type":"array","items":{"$ref":"#/types/zia:index/ForwardingControlRuleZpaAppSegment:ForwardingControlRuleZpaAppSegment"},"description":"(set) The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the `ZPA` Gateway forwarding method.\n"},"zpaApplicationSegmentGroups":{"$ref":"#/types/zia:index/ForwardingControlRuleZpaApplicationSegmentGroups:ForwardingControlRuleZpaApplicationSegmentGroups","description":"(set) List of ZPA Application Segment Groups for which this rule is applicable. This field is applicable only for the `ECZPA` forwarding method (used for Zscaler Cloud Connector).\n"},"zpaApplicationSegments":{"$ref":"#/types/zia:index/ForwardingControlRuleZpaApplicationSegments:ForwardingControlRuleZpaApplicationSegments","description":"(set) List of ZPA Application Segments for which this rule is applicable. This field is applicable only for the `ECZPA` forwarding method (used for Zscaler Cloud Connector).\n"},"zpaGateway":{"$ref":"#/types/zia:index/ForwardingControlRuleZpaGateway:ForwardingControlRuleZpaGateway","description":"(set) The ZPA Gateway for which this rule is applicable. This field is applicable only for the `ZPA` forwarding method.\n"}},"type":"object"}},"zia:index/forwardingControlZPAGateway:ForwardingControlZPAGateway":{"description":"* [Official documentation](https://help.zscaler.com/zia/configuring-forwarding-policy)\n* [API documentation](https://help.zscaler.com/zia/forwarding-control-policy#/zpaGateways-post)\n\nUse the **forwarding_control_zpa_gateway** resource allows the creation and management of ZIA forwarding control ZPA Gateway used in IP Source Anchoring integration between Zscaler Internet Access and Zscaler Private Access. This resource can then be associated with a ZIA Forwarding Control Rule.\n\n⚠️ **IMPORTANT:**: To configure a ZPA Gateway you **MUST** use the ZPA Terraform Provider to configure a Server Group and Application Segment with the Source IP Anchoring feature enabled at the Application Segment resource. Please refer to the ZPA Terraform Provider documentation here\n\n## Example Usage\n\n```hcl\n# ZIA Forwarding Control - ZPA Gateway\ndata \"zpa_server_group\" \"this\" {\n  name = \"Server_Group_IP_Source_Anchoring\"\n}\n\ndata \"zpa_application_segment\" \"this1\" {\n  name = \"App_Segment_IP_Source_Anchoring\"\n}\n\ndata \"zpa_application_segment\" \"this2\" {\n  name = \"App_Segment_IP_Source_Anchoring2\"\n}\n\nresource \"zia_forwarding_control_zpa_gateway\" \"this\" {\n    name = \"ZPA_GW01\"\n    description = \"ZPA_GW01\"\n    type = \"ZPA\"\n    zpa_server_group {\n      external_id = data.zpa_server_group.this.id\n      name = data.zpa_server_group.this.id\n    }\n    zpa_app_segments {\n        external_id = data.zpa_application_segment.this1.id\n        name = data.zpa_application_segment.this1.name\n    }\n    zpa_app_segments {\n        external_id = data.zpa_application_segment.this2.id\n        name = data.zpa_application_segment.this2.name\n    }\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**forwarding_control_zpa_gateway** can be imported by using `\u003cGATEWAY_ID\u003e` or `\u003cGATEWAY_NAME\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/forwardingControlZPAGateway:ForwardingControlZPAGateway example \u003cgateway_id\u003e\n```\n\nor\n\n```sh\n$ pulumi import zia:index/forwardingControlZPAGateway:ForwardingControlZPAGateway example \u003cgateway_name\u003e\n```\n\n","properties":{"description":{"type":"string","description":"(string) - Additional details about the ZPA gateway\n"},"gatewayId":{"type":"integer"},"name":{"type":"string","description":"The name of the forwarding control ZPA Gateway to be exported.\n"},"type":{"type":"string","description":"(string) - Indicates whether the ZPA gateway is configured for Zscaler Internet Access (using option ZPA) or Zscaler Cloud Connector (using option ECZPA). Supported values: ``ZPA`` and ``ECZPA``\n"},"zpaAppSegments":{"type":"array","items":{"$ref":"#/types/zia:index/ForwardingControlZPAGatewayZpaAppSegment:ForwardingControlZPAGatewayZpaAppSegment"},"description":"The ZPA Server Group that is configured for Source IP Anchoring\n"},"zpaServerGroup":{"$ref":"#/types/zia:index/ForwardingControlZPAGatewayZpaServerGroup:ForwardingControlZPAGatewayZpaServerGroup","description":"The ZPA Server Group that is configured for Source IP Anchoring\n"}},"required":["gatewayId","name","zpaServerGroup"],"inputProperties":{"description":{"type":"string","description":"(string) - Additional details about the ZPA gateway\n"},"name":{"type":"string","description":"The name of the forwarding control ZPA Gateway to be exported.\n"},"type":{"type":"string","description":"(string) - Indicates whether the ZPA gateway is configured for Zscaler Internet Access (using option ZPA) or Zscaler Cloud Connector (using option ECZPA). Supported values: ``ZPA`` and ``ECZPA``\n"},"zpaAppSegments":{"type":"array","items":{"$ref":"#/types/zia:index/ForwardingControlZPAGatewayZpaAppSegment:ForwardingControlZPAGatewayZpaAppSegment"},"description":"The ZPA Server Group that is configured for Source IP Anchoring\n"},"zpaServerGroup":{"$ref":"#/types/zia:index/ForwardingControlZPAGatewayZpaServerGroup:ForwardingControlZPAGatewayZpaServerGroup","description":"The ZPA Server Group that is configured for Source IP Anchoring\n"}},"requiredInputs":["zpaServerGroup"],"stateInputs":{"description":"Input properties used for looking up and filtering ForwardingControlZPAGateway resources.\n","properties":{"description":{"type":"string","description":"(string) - Additional details about the ZPA gateway\n"},"gatewayId":{"type":"integer"},"name":{"type":"string","description":"The name of the forwarding control ZPA Gateway to be exported.\n"},"type":{"type":"string","description":"(string) - Indicates whether the ZPA gateway is configured for Zscaler Internet Access (using option ZPA) or Zscaler Cloud Connector (using option ECZPA). Supported values: ``ZPA`` and ``ECZPA``\n"},"zpaAppSegments":{"type":"array","items":{"$ref":"#/types/zia:index/ForwardingControlZPAGatewayZpaAppSegment:ForwardingControlZPAGatewayZpaAppSegment"},"description":"The ZPA Server Group that is configured for Source IP Anchoring\n"},"zpaServerGroup":{"$ref":"#/types/zia:index/ForwardingControlZPAGatewayZpaServerGroup:ForwardingControlZPAGatewayZpaServerGroup","description":"The ZPA Server Group that is configured for Source IP Anchoring\n"}},"type":"object"}},"zia:index/ftpControlPolicy:FtpControlPolicy":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-ftp-control)\n* [API documentation](https://help.zscaler.com/zia/ftp-control-policy#/ftpSettings-get)\n\nThe **zia_ftp_control_policy** resource allows you to update FTP control Policy. To learn more see [Configuring the FTP Control Policy](https://help.zscaler.com/zia/configuring-ftp-control-policy)\n\n## Example Usage\n\n```hcl\nresource \"zia_ftp_control_policy\" \"this\" {\n    ftp_enabled = true\n    ftp_over_http_enabled = true\n    url_categories = [\"HOBBIES_AND_LEISURE\", \"HEALTH\",\"HISTORY\",\"INSURANCE\",\"IMAGE_HOST\",\"INTERNET_SERVICES\",\"GOVERNMENT\"]\n    urls = [\"test1.acme.com\", \"test10.acme.com\"]\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_ftp_control_policy** can be imported by using \u003cspan pulumi-lang-nodejs=\"`ftpControl`\" pulumi-lang-dotnet=\"`FtpControl`\" pulumi-lang-go=\"`ftpControl`\" pulumi-lang-python=\"`ftp_control`\" pulumi-lang-yaml=\"`ftpControl`\" pulumi-lang-java=\"`ftpControl`\"\u003e`ftp_control`\u003c/span\u003e as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/ftpControlPolicy:FtpControlPolicy this \"ftp_control\"\n```\n\n","properties":{"ftpEnabled":{"type":"boolean","description":"Indicates whether to enable native FTP. When enabled, users can connect to native FTP sites and download files."},"ftpOverHttpEnabled":{"type":"boolean","description":"Indicates whether to enable FTP over HTTP."},"urlCategories":{"type":"array","items":{"type":"string"},"description":"List of URL categories that allow FTP traffic.\n\t\t\t\tSee the URL Categories API for the list of available categories:\n\t\t\t\thttps://help.zscaler.com/zia/url-categories#/urlCategories-get"},"urls":{"type":"array","items":{"type":"string"},"description":"Domains or URLs included for the FTP Control settings"}},"inputProperties":{"ftpEnabled":{"type":"boolean","description":"Indicates whether to enable native FTP. When enabled, users can connect to native FTP sites and download files."},"ftpOverHttpEnabled":{"type":"boolean","description":"Indicates whether to enable FTP over HTTP."},"urlCategories":{"type":"array","items":{"type":"string"},"description":"List of URL categories that allow FTP traffic.\n\t\t\t\tSee the URL Categories API for the list of available categories:\n\t\t\t\thttps://help.zscaler.com/zia/url-categories#/urlCategories-get"},"urls":{"type":"array","items":{"type":"string"},"description":"Domains or URLs included for the FTP Control settings"}},"stateInputs":{"description":"Input properties used for looking up and filtering FtpControlPolicy resources.\n","properties":{"ftpEnabled":{"type":"boolean","description":"Indicates whether to enable native FTP. When enabled, users can connect to native FTP sites and download files."},"ftpOverHttpEnabled":{"type":"boolean","description":"Indicates whether to enable FTP over HTTP."},"urlCategories":{"type":"array","items":{"type":"string"},"description":"List of URL categories that allow FTP traffic.\n\t\t\t\tSee the URL Categories API for the list of available categories:\n\t\t\t\thttps://help.zscaler.com/zia/url-categories#/urlCategories-get"},"urls":{"type":"array","items":{"type":"string"},"description":"Domains or URLs included for the FTP Control settings"}},"type":"object"}},"zia:index/iPSFirewallRule:IPSFirewallRule":{"description":"* [Official documentation](https://help.zscaler.com/zia/ips-control-policy#/firewallIpsRules-get)\n* [API documentation](https://help.zscaler.com/zia/configuring-ips-control-policy)\n\nThe **zia_firewall_ips_rule** resource allows the creation and management of ZIA Cloud Firewall IPS rules in the Zscaler Internet Access.\n\n**NOTE 1** Zscaler Cloud Firewall contain default and predefined rules which cannot be deleted (not all attributes are supported on predefined rules). The provider **automatically handles predefined rules** during rule ordering. You can simply use sequential order values (1, 2, 3...) and the provider will:\n\n* Automatically place new rules at the correct position\n* Handle reordering around predefined rules\n* Avoid configuration drift\n\nExample: If there are predefined rules in your tenant, you can still configure your rules starting at `order = 1`. The provider will automatically handle the reordering to place your rules in the correct position relative to predefined rules.\n\n## Example Usage\n\n```hcl\ndata \"zia_firewall_filtering_network_service\" \"zscaler_proxy_nw_services\" {\n    name = \"ZSCALER_PROXY_NW_SERVICES\"\n}\n\ndata \"zia_department_management\" \"engineering\" {\n name = \"Engineering\"\n}\n\ndata \"zia_group_management\" \"normal_internet\" {\n    name = \"Normal_Internet\"\n}\n\ndata \"zia_firewall_filtering_time_window\" \"work_hours\" {\n    name = \"Work hours\"\n}\n\nresource \"zia_firewall_ips_rule\" \"example\" {\n    name = \"Example_IPS_Rule01\"\n    description = \"Example_IPS_Rule01\"\n    action = \"ALLOW\"\n    state = \"ENABLED\"\n    order = 1\n    enable_full_logging = true\n    dest_countries = [\"CA\", \"US\"]\n    source_countries = [\"CA\", \"US\"]\n    threat_categories {\n        id = [ 66 ]\n    }\n    nw_services {\n        id = [ data.zia_firewall_filtering_network_service.zscaler_proxy_nw_services.id ]\n    }\n    departments {\n        id = [ data.zia_department_management.engineering.id ]\n    }\n    groups {\n        id = [ data.zia_group_management.normal_internet.id ]\n    }\n    time_windows {\n        id = [ data.zia_firewall_filtering_time_window.work_hours.id ]\n    }\n}\n```\n","properties":{"action":{"type":"string","description":"(String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: `ALLOW`, `BLOCK_DROP`, `BLOCK_RESET`, `BYPASS_IPS`\n"},"capturePcap":{"type":"boolean","description":"(Boolean) Value that indicates whether packet capture (PCAP) is enabled or not\n"},"defaultRule":{"type":"boolean","description":"(Boolean) Value that indicates whether the rule is the Default Cloud IPS Rule or not\n"},"departments":{"$ref":"#/types/zia:index/IPSFirewallRuleDepartments:IPSFirewallRuleDepartments","description":"(List of Objects) Apply to any number of departments When not used it implies `Any` to apply the rule to all departments.\n"},"description":{"type":"string","description":"(String) Enter additional notes or information. The description cannot exceed 10,240 characters.\n"},"destAddresses":{"type":"array","items":{"type":"string"},"description":"(Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).\n"},"destCountries":{"type":"array","items":{"type":"string"},"description":"(Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.\n**NOTE**: Provide a 2 letter [ISO3166 Alpha2 Country code](https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes). i.e ``\"US\"``, ``\"CA\"``\n"},"destIpCategories":{"type":"array","items":{"type":"string"},"description":"(Set of String)  identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.\n"},"destIpGroups":{"$ref":"#/types/zia:index/IPSFirewallRuleDestIpGroups:IPSFirewallRuleDestIpGroups","description":"** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.\n"},"destIpv6Groups":{"$ref":"#/types/zia:index/IPSFirewallRuleDestIpv6Groups:IPSFirewallRuleDestIpv6Groups","description":"list of destination ip groups"},"deviceGroups":{"$ref":"#/types/zia:index/IPSFirewallRuleDeviceGroups:IPSFirewallRuleDeviceGroups","description":"(List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.\n"},"devices":{"$ref":"#/types/zia:index/IPSFirewallRuleDevices:IPSFirewallRuleDevices","description":"(List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.\n"},"enableFullLogging":{"type":"boolean","description":"(Integer) A Boolean value that indicates whether full logging is enabled. A true value indicates that full logging is enabled, whereas a false value indicates that aggregate logging is enabled.\n"},"eunTemplateId":{"type":"integer","description":"(Integer) The ID of the Enhanced User Notification (EUN) template associated with the rule.\n"},"groups":{"$ref":"#/types/zia:index/IPSFirewallRuleGroups:IPSFirewallRuleGroups","description":"(List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`8`\" pulumi-lang-dotnet=\"`8`\" pulumi-lang-go=\"`8`\" pulumi-lang-python=\"`8`\" pulumi-lang-yaml=\"`8`\" pulumi-lang-java=\"`8`\"\u003e`8`\u003c/span\u003e groups. When not used it implies `Any` to apply the rule to all groups.\n"},"isEunEnabled":{"type":"boolean","description":"(Boolean) A Boolean value that indicates whether Enhanced User Notification (EUN) is enabled for the rule.\n"},"labels":{"$ref":"#/types/zia:index/IPSFirewallRuleLabels:IPSFirewallRuleLabels","description":"(List of Objects) Labels that are applicable to the rule.\n"},"locationGroups":{"$ref":"#/types/zia:index/IPSFirewallRuleLocationGroups:IPSFirewallRuleLocationGroups","description":"(List of Objects)You can manually select up to \u003cspan pulumi-lang-nodejs=\"`32`\" pulumi-lang-dotnet=\"`32`\" pulumi-lang-go=\"`32`\" pulumi-lang-python=\"`32`\" pulumi-lang-yaml=\"`32`\" pulumi-lang-java=\"`32`\"\u003e`32`\u003c/span\u003e location groups. When not used it implies `Any` to apply the rule to all location groups.\n"},"locations":{"$ref":"#/types/zia:index/IPSFirewallRuleLocations:IPSFirewallRuleLocations","description":"(List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`8`\" pulumi-lang-dotnet=\"`8`\" pulumi-lang-go=\"`8`\" pulumi-lang-python=\"`8`\" pulumi-lang-yaml=\"`8`\" pulumi-lang-java=\"`8`\"\u003e`8`\u003c/span\u003e locations. When not used it implies `Any` to apply the rule to all groups.\n"},"name":{"type":"string","description":"The name of the IPS Control rule"},"nwServiceGroups":{"$ref":"#/types/zia:index/IPSFirewallRuleNwServiceGroups:IPSFirewallRuleNwServiceGroups","description":"(List of Objects) Any number of predefined or custom network service groups to which the rule applies.\n"},"nwServices":{"$ref":"#/types/zia:index/IPSFirewallRuleNwServices:IPSFirewallRuleNwServices","description":"(List of Objects) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to `1,024` additional custom services.\n"},"order":{"type":"integer","description":"(Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.\n"},"predefined":{"type":"boolean","description":"(Boolean) A Boolean field that indicates that the rule is predefined by using a true value\n"},"rank":{"type":"integer","description":"(Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank in UI first. The default value is \u003cspan pulumi-lang-nodejs=\"`7`\" pulumi-lang-dotnet=\"`7`\" pulumi-lang-go=\"`7`\" pulumi-lang-python=\"`7`\" pulumi-lang-yaml=\"`7`\" pulumi-lang-java=\"`7`\"\u003e`7`\u003c/span\u003e. Visit to learn more [About Admin Rank](https://help.zscaler.com/zia/about-admin-rank)\n"},"resCategories":{"type":"array","items":{"type":"string"},"description":"(Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.\n"},"ruleId":{"type":"integer"},"sourceCountries":{"type":"array","items":{"type":"string"},"description":"(Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries.\n**NOTE**: Provide a 2 letter [ISO3166 Alpha2 Country code](https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes). i.e ``\"US\"``, ``\"CA\"``\n"},"srcIpGroups":{"$ref":"#/types/zia:index/IPSFirewallRuleSrcIpGroups:IPSFirewallRuleSrcIpGroups","description":"(List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.\n"},"srcIps":{"type":"array","items":{"type":"string"},"description":"(Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).\n"},"srcIpv6Groups":{"$ref":"#/types/zia:index/IPSFirewallRuleSrcIpv6Groups:IPSFirewallRuleSrcIpv6Groups","description":"(List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.\n"},"state":{"type":"string","description":"(Optional) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule. Supported Values: `ENABLED`, `DISABLED`\n"},"threatCategories":{"$ref":"#/types/zia:index/IPSFirewallRuleThreatCategories:IPSFirewallRuleThreatCategories","description":"(List of Objects) Advanced threat categories to which the rule applies\n"},"timeWindows":{"$ref":"#/types/zia:index/IPSFirewallRuleTimeWindows:IPSFirewallRuleTimeWindows","description":"(List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`1`\" pulumi-lang-dotnet=\"`1`\" pulumi-lang-go=\"`1`\" pulumi-lang-python=\"`1`\" pulumi-lang-yaml=\"`1`\" pulumi-lang-java=\"`1`\"\u003e`1`\u003c/span\u003e time intervals. When not used it implies \u003cspan pulumi-lang-nodejs=\"`always`\" pulumi-lang-dotnet=\"`Always`\" pulumi-lang-go=\"`always`\" pulumi-lang-python=\"`always`\" pulumi-lang-yaml=\"`always`\" pulumi-lang-java=\"`always`\"\u003e`always`\u003c/span\u003e to apply the rule to all time intervals.\n"},"users":{"$ref":"#/types/zia:index/IPSFirewallRuleUsers:IPSFirewallRuleUsers","description":"(List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`4`\" pulumi-lang-dotnet=\"`4`\" pulumi-lang-go=\"`4`\" pulumi-lang-python=\"`4`\" pulumi-lang-yaml=\"`4`\" pulumi-lang-java=\"`4`\"\u003e`4`\u003c/span\u003e general and/or special users. When not used it implies `Any` to apply the rule to all users.\n"},"zpaAppSegments":{"type":"array","items":{"$ref":"#/types/zia:index/IPSFirewallRuleZpaAppSegment:IPSFirewallRuleZpaAppSegment"},"description":"(List of Objects) The ZPA application segments to which the rule applies\n"}},"required":["capturePcap","destCountries","name","order","ruleId","sourceCountries","zpaAppSegments"],"inputProperties":{"action":{"type":"string","description":"(String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: `ALLOW`, `BLOCK_DROP`, `BLOCK_RESET`, `BYPASS_IPS`\n"},"capturePcap":{"type":"boolean","description":"(Boolean) Value that indicates whether packet capture (PCAP) is enabled or not\n"},"defaultRule":{"type":"boolean","description":"(Boolean) Value that indicates whether the rule is the Default Cloud IPS Rule or not\n"},"departments":{"$ref":"#/types/zia:index/IPSFirewallRuleDepartments:IPSFirewallRuleDepartments","description":"(List of Objects) Apply to any number of departments When not used it implies `Any` to apply the rule to all departments.\n"},"description":{"type":"string","description":"(String) Enter additional notes or information. The description cannot exceed 10,240 characters.\n"},"destAddresses":{"type":"array","items":{"type":"string"},"description":"(Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).\n"},"destCountries":{"type":"array","items":{"type":"string"},"description":"(Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.\n**NOTE**: Provide a 2 letter [ISO3166 Alpha2 Country code](https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes). i.e ``\"US\"``, ``\"CA\"``\n"},"destIpCategories":{"type":"array","items":{"type":"string"},"description":"(Set of String)  identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.\n"},"destIpGroups":{"$ref":"#/types/zia:index/IPSFirewallRuleDestIpGroups:IPSFirewallRuleDestIpGroups","description":"** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.\n"},"destIpv6Groups":{"$ref":"#/types/zia:index/IPSFirewallRuleDestIpv6Groups:IPSFirewallRuleDestIpv6Groups","description":"list of destination ip groups"},"deviceGroups":{"$ref":"#/types/zia:index/IPSFirewallRuleDeviceGroups:IPSFirewallRuleDeviceGroups","description":"(List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.\n"},"devices":{"$ref":"#/types/zia:index/IPSFirewallRuleDevices:IPSFirewallRuleDevices","description":"(List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.\n"},"enableFullLogging":{"type":"boolean","description":"(Integer) A Boolean value that indicates whether full logging is enabled. A true value indicates that full logging is enabled, whereas a false value indicates that aggregate logging is enabled.\n"},"eunTemplateId":{"type":"integer","description":"(Integer) The ID of the Enhanced User Notification (EUN) template associated with the rule.\n"},"groups":{"$ref":"#/types/zia:index/IPSFirewallRuleGroups:IPSFirewallRuleGroups","description":"(List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`8`\" pulumi-lang-dotnet=\"`8`\" pulumi-lang-go=\"`8`\" pulumi-lang-python=\"`8`\" pulumi-lang-yaml=\"`8`\" pulumi-lang-java=\"`8`\"\u003e`8`\u003c/span\u003e groups. When not used it implies `Any` to apply the rule to all groups.\n"},"isEunEnabled":{"type":"boolean","description":"(Boolean) A Boolean value that indicates whether Enhanced User Notification (EUN) is enabled for the rule.\n"},"labels":{"$ref":"#/types/zia:index/IPSFirewallRuleLabels:IPSFirewallRuleLabels","description":"(List of Objects) Labels that are applicable to the rule.\n"},"locationGroups":{"$ref":"#/types/zia:index/IPSFirewallRuleLocationGroups:IPSFirewallRuleLocationGroups","description":"(List of Objects)You can manually select up to \u003cspan pulumi-lang-nodejs=\"`32`\" pulumi-lang-dotnet=\"`32`\" pulumi-lang-go=\"`32`\" pulumi-lang-python=\"`32`\" pulumi-lang-yaml=\"`32`\" pulumi-lang-java=\"`32`\"\u003e`32`\u003c/span\u003e location groups. When not used it implies `Any` to apply the rule to all location groups.\n"},"locations":{"$ref":"#/types/zia:index/IPSFirewallRuleLocations:IPSFirewallRuleLocations","description":"(List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`8`\" pulumi-lang-dotnet=\"`8`\" pulumi-lang-go=\"`8`\" pulumi-lang-python=\"`8`\" pulumi-lang-yaml=\"`8`\" pulumi-lang-java=\"`8`\"\u003e`8`\u003c/span\u003e locations. When not used it implies `Any` to apply the rule to all groups.\n"},"name":{"type":"string","description":"The name of the IPS Control rule"},"nwServiceGroups":{"$ref":"#/types/zia:index/IPSFirewallRuleNwServiceGroups:IPSFirewallRuleNwServiceGroups","description":"(List of Objects) Any number of predefined or custom network service groups to which the rule applies.\n"},"nwServices":{"$ref":"#/types/zia:index/IPSFirewallRuleNwServices:IPSFirewallRuleNwServices","description":"(List of Objects) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to `1,024` additional custom services.\n"},"order":{"type":"integer","description":"(Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.\n"},"predefined":{"type":"boolean","description":"(Boolean) A Boolean field that indicates that the rule is predefined by using a true value\n"},"rank":{"type":"integer","description":"(Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank in UI first. The default value is \u003cspan pulumi-lang-nodejs=\"`7`\" pulumi-lang-dotnet=\"`7`\" pulumi-lang-go=\"`7`\" pulumi-lang-python=\"`7`\" pulumi-lang-yaml=\"`7`\" pulumi-lang-java=\"`7`\"\u003e`7`\u003c/span\u003e. Visit to learn more [About Admin Rank](https://help.zscaler.com/zia/about-admin-rank)\n"},"resCategories":{"type":"array","items":{"type":"string"},"description":"(Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.\n"},"sourceCountries":{"type":"array","items":{"type":"string"},"description":"(Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries.\n**NOTE**: Provide a 2 letter [ISO3166 Alpha2 Country code](https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes). i.e ``\"US\"``, ``\"CA\"``\n"},"srcIpGroups":{"$ref":"#/types/zia:index/IPSFirewallRuleSrcIpGroups:IPSFirewallRuleSrcIpGroups","description":"(List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.\n"},"srcIps":{"type":"array","items":{"type":"string"},"description":"(Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).\n"},"srcIpv6Groups":{"$ref":"#/types/zia:index/IPSFirewallRuleSrcIpv6Groups:IPSFirewallRuleSrcIpv6Groups","description":"(List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.\n"},"state":{"type":"string","description":"(Optional) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule. Supported Values: `ENABLED`, `DISABLED`\n"},"threatCategories":{"$ref":"#/types/zia:index/IPSFirewallRuleThreatCategories:IPSFirewallRuleThreatCategories","description":"(List of Objects) Advanced threat categories to which the rule applies\n"},"timeWindows":{"$ref":"#/types/zia:index/IPSFirewallRuleTimeWindows:IPSFirewallRuleTimeWindows","description":"(List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`1`\" pulumi-lang-dotnet=\"`1`\" pulumi-lang-go=\"`1`\" pulumi-lang-python=\"`1`\" pulumi-lang-yaml=\"`1`\" pulumi-lang-java=\"`1`\"\u003e`1`\u003c/span\u003e time intervals. When not used it implies \u003cspan pulumi-lang-nodejs=\"`always`\" pulumi-lang-dotnet=\"`Always`\" pulumi-lang-go=\"`always`\" pulumi-lang-python=\"`always`\" pulumi-lang-yaml=\"`always`\" pulumi-lang-java=\"`always`\"\u003e`always`\u003c/span\u003e to apply the rule to all time intervals.\n"},"users":{"$ref":"#/types/zia:index/IPSFirewallRuleUsers:IPSFirewallRuleUsers","description":"(List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`4`\" pulumi-lang-dotnet=\"`4`\" pulumi-lang-go=\"`4`\" pulumi-lang-python=\"`4`\" pulumi-lang-yaml=\"`4`\" pulumi-lang-java=\"`4`\"\u003e`4`\u003c/span\u003e general and/or special users. When not used it implies `Any` to apply the rule to all users.\n"},"zpaAppSegments":{"type":"array","items":{"$ref":"#/types/zia:index/IPSFirewallRuleZpaAppSegment:IPSFirewallRuleZpaAppSegment"},"description":"(List of Objects) The ZPA application segments to which the rule applies\n"}},"requiredInputs":["order"],"stateInputs":{"description":"Input properties used for looking up and filtering IPSFirewallRule resources.\n","properties":{"action":{"type":"string","description":"(String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: `ALLOW`, `BLOCK_DROP`, `BLOCK_RESET`, `BYPASS_IPS`\n"},"capturePcap":{"type":"boolean","description":"(Boolean) Value that indicates whether packet capture (PCAP) is enabled or not\n"},"defaultRule":{"type":"boolean","description":"(Boolean) Value that indicates whether the rule is the Default Cloud IPS Rule or not\n"},"departments":{"$ref":"#/types/zia:index/IPSFirewallRuleDepartments:IPSFirewallRuleDepartments","description":"(List of Objects) Apply to any number of departments When not used it implies `Any` to apply the rule to all departments.\n"},"description":{"type":"string","description":"(String) Enter additional notes or information. The description cannot exceed 10,240 characters.\n"},"destAddresses":{"type":"array","items":{"type":"string"},"description":"(Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).\n"},"destCountries":{"type":"array","items":{"type":"string"},"description":"(Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.\n**NOTE**: Provide a 2 letter [ISO3166 Alpha2 Country code](https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes). i.e ``\"US\"``, ``\"CA\"``\n"},"destIpCategories":{"type":"array","items":{"type":"string"},"description":"(Set of String)  identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.\n"},"destIpGroups":{"$ref":"#/types/zia:index/IPSFirewallRuleDestIpGroups:IPSFirewallRuleDestIpGroups","description":"** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.\n"},"destIpv6Groups":{"$ref":"#/types/zia:index/IPSFirewallRuleDestIpv6Groups:IPSFirewallRuleDestIpv6Groups","description":"list of destination ip groups"},"deviceGroups":{"$ref":"#/types/zia:index/IPSFirewallRuleDeviceGroups:IPSFirewallRuleDeviceGroups","description":"(List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.\n"},"devices":{"$ref":"#/types/zia:index/IPSFirewallRuleDevices:IPSFirewallRuleDevices","description":"(List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.\n"},"enableFullLogging":{"type":"boolean","description":"(Integer) A Boolean value that indicates whether full logging is enabled. A true value indicates that full logging is enabled, whereas a false value indicates that aggregate logging is enabled.\n"},"eunTemplateId":{"type":"integer","description":"(Integer) The ID of the Enhanced User Notification (EUN) template associated with the rule.\n"},"groups":{"$ref":"#/types/zia:index/IPSFirewallRuleGroups:IPSFirewallRuleGroups","description":"(List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`8`\" pulumi-lang-dotnet=\"`8`\" pulumi-lang-go=\"`8`\" pulumi-lang-python=\"`8`\" pulumi-lang-yaml=\"`8`\" pulumi-lang-java=\"`8`\"\u003e`8`\u003c/span\u003e groups. When not used it implies `Any` to apply the rule to all groups.\n"},"isEunEnabled":{"type":"boolean","description":"(Boolean) A Boolean value that indicates whether Enhanced User Notification (EUN) is enabled for the rule.\n"},"labels":{"$ref":"#/types/zia:index/IPSFirewallRuleLabels:IPSFirewallRuleLabels","description":"(List of Objects) Labels that are applicable to the rule.\n"},"locationGroups":{"$ref":"#/types/zia:index/IPSFirewallRuleLocationGroups:IPSFirewallRuleLocationGroups","description":"(List of Objects)You can manually select up to \u003cspan pulumi-lang-nodejs=\"`32`\" pulumi-lang-dotnet=\"`32`\" pulumi-lang-go=\"`32`\" pulumi-lang-python=\"`32`\" pulumi-lang-yaml=\"`32`\" pulumi-lang-java=\"`32`\"\u003e`32`\u003c/span\u003e location groups. When not used it implies `Any` to apply the rule to all location groups.\n"},"locations":{"$ref":"#/types/zia:index/IPSFirewallRuleLocations:IPSFirewallRuleLocations","description":"(List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`8`\" pulumi-lang-dotnet=\"`8`\" pulumi-lang-go=\"`8`\" pulumi-lang-python=\"`8`\" pulumi-lang-yaml=\"`8`\" pulumi-lang-java=\"`8`\"\u003e`8`\u003c/span\u003e locations. When not used it implies `Any` to apply the rule to all groups.\n"},"name":{"type":"string","description":"The name of the IPS Control rule"},"nwServiceGroups":{"$ref":"#/types/zia:index/IPSFirewallRuleNwServiceGroups:IPSFirewallRuleNwServiceGroups","description":"(List of Objects) Any number of predefined or custom network service groups to which the rule applies.\n"},"nwServices":{"$ref":"#/types/zia:index/IPSFirewallRuleNwServices:IPSFirewallRuleNwServices","description":"(List of Objects) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to `1,024` additional custom services.\n"},"order":{"type":"integer","description":"(Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.\n"},"predefined":{"type":"boolean","description":"(Boolean) A Boolean field that indicates that the rule is predefined by using a true value\n"},"rank":{"type":"integer","description":"(Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank in UI first. The default value is \u003cspan pulumi-lang-nodejs=\"`7`\" pulumi-lang-dotnet=\"`7`\" pulumi-lang-go=\"`7`\" pulumi-lang-python=\"`7`\" pulumi-lang-yaml=\"`7`\" pulumi-lang-java=\"`7`\"\u003e`7`\u003c/span\u003e. Visit to learn more [About Admin Rank](https://help.zscaler.com/zia/about-admin-rank)\n"},"resCategories":{"type":"array","items":{"type":"string"},"description":"(Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.\n"},"ruleId":{"type":"integer"},"sourceCountries":{"type":"array","items":{"type":"string"},"description":"(Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries.\n**NOTE**: Provide a 2 letter [ISO3166 Alpha2 Country code](https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes). i.e ``\"US\"``, ``\"CA\"``\n"},"srcIpGroups":{"$ref":"#/types/zia:index/IPSFirewallRuleSrcIpGroups:IPSFirewallRuleSrcIpGroups","description":"(List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.\n"},"srcIps":{"type":"array","items":{"type":"string"},"description":"(Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).\n"},"srcIpv6Groups":{"$ref":"#/types/zia:index/IPSFirewallRuleSrcIpv6Groups:IPSFirewallRuleSrcIpv6Groups","description":"(List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.\n"},"state":{"type":"string","description":"(Optional) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule. Supported Values: `ENABLED`, `DISABLED`\n"},"threatCategories":{"$ref":"#/types/zia:index/IPSFirewallRuleThreatCategories:IPSFirewallRuleThreatCategories","description":"(List of Objects) Advanced threat categories to which the rule applies\n"},"timeWindows":{"$ref":"#/types/zia:index/IPSFirewallRuleTimeWindows:IPSFirewallRuleTimeWindows","description":"(List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`1`\" pulumi-lang-dotnet=\"`1`\" pulumi-lang-go=\"`1`\" pulumi-lang-python=\"`1`\" pulumi-lang-yaml=\"`1`\" pulumi-lang-java=\"`1`\"\u003e`1`\u003c/span\u003e time intervals. When not used it implies \u003cspan pulumi-lang-nodejs=\"`always`\" pulumi-lang-dotnet=\"`Always`\" pulumi-lang-go=\"`always`\" pulumi-lang-python=\"`always`\" pulumi-lang-yaml=\"`always`\" pulumi-lang-java=\"`always`\"\u003e`always`\u003c/span\u003e to apply the rule to all time intervals.\n"},"users":{"$ref":"#/types/zia:index/IPSFirewallRuleUsers:IPSFirewallRuleUsers","description":"(List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`4`\" pulumi-lang-dotnet=\"`4`\" pulumi-lang-go=\"`4`\" pulumi-lang-python=\"`4`\" pulumi-lang-yaml=\"`4`\" pulumi-lang-java=\"`4`\"\u003e`4`\u003c/span\u003e general and/or special users. When not used it implies `Any` to apply the rule to all users.\n"},"zpaAppSegments":{"type":"array","items":{"$ref":"#/types/zia:index/IPSFirewallRuleZpaAppSegment:IPSFirewallRuleZpaAppSegment"},"description":"(List of Objects) The ZPA application segments to which the rule applies\n"}},"type":"object"},"aliases":[{"type":"zia:index/firewallIPSRule:FirewallIPSRule"}]},"zia:index/locationManagement:LocationManagement":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-locations)\n* [API documentation](https://help.zscaler.com/zia/location-management#/locations-get)\n\nThe **zia_location_management** resource allows the creation and management of ZIA locations in the Zscaler Internet Access. This resource can then be associated with a:\n\n* Static IP resource\n* GRE Tunnel resource\n* VPN credentials resource\n* URL filtering and firewall filtering rules\n\n## Example Usage\n\n### Location Management With UFQDN VPN Credential\n\n```hcl\nresource \"zia_location_management\" \"usa_sjc37\"{\n    name                        = \"USA_SJC_37\"\n    description                 = \"Created with Terraform\"\n    country                     = \"UNITED_STATES\"\n    tz                          = \"UNITED_STATES_AMERICA_LOS_ANGELES\"\n    auth_required               = true\n    idle_time_in_minutes        = 720\n    display_time_unit           = \"HOUR\"\n    surrogate_ip                = true\n    xff_forward_enabled         = true\n    ofw_enabled                 = true\n    ips_control                 = true\n    vpn_credentials {\n       id = zia_traffic_forwarding_vpn_credentials.usa_sjc37.id\n       type = zia_traffic_forwarding_vpn_credentials.usa_sjc37.type\n    }\n    depends_on = [zia_traffic_forwarding_vpn_credentials.usa_sjc37 ]\n}\n\nresource \"zia_traffic_forwarding_vpn_credentials\" \"usa_sjc37\"{\n    type            = \"UFQDN\"\n    fqdn            = \"usa_sjc37@acme.com\"\n    comments        = \"USA - San Jose IPSec Tunnel\"\n    pre_shared_key  = \"***************\"\n}\n```\n\n### Location Management With IP VPN Credential\n\n```hcl\n# ZIA Location Management with IP VPN Credential\nresource \"zia_location_management\" \"usa_sjc37\"{\n    name = \"USA_SJC_37\"\n    description = \"Created with Terraform\"\n    country = \"UNITED_STATES\"\n    tz = \"UNITED_STATES_AMERICA_LOS_ANGELES\"\n    auth_required = true\n    idle_time_in_minutes = 720\n    display_time_unit = \"HOUR\"\n    surrogate_ip = true\n    xff_forward_enabled = true\n    ofw_enabled = true\n    ips_control = true\n    ip_addresses = [ zia_traffic_forwarding_static_ip.usa_sjc37.ip_address ]\n    depends_on = [ zia_traffic_forwarding_static_ip.usa_sjc37, zia_traffic_forwarding_vpn_credentials.usa_sjc37 ]\n    vpn_credentials {\n       id = zia_traffic_forwarding_vpn_credentials.usa_sjc37.id\n       type = zia_traffic_forwarding_vpn_credentials.usa_sjc37.type\n       ip_address = zia_traffic_forwarding_static_ip.usa_sjc37.ip_address\n    }\n}\n\nresource \"zia_traffic_forwarding_vpn_credentials\" \"usa_sjc37\"{\n    type        = \"IP\"\n    ip_address  =  zia_traffic_forwarding_static_ip.usa_sjc37.ip_address\n    depends_on = [ zia_traffic_forwarding_static_ip.usa_sjc37 ]\n    comments    = \"Created via Terraform\"\n    pre_shared_key = \"******************\"\n}\n\nresource \"zia_traffic_forwarding_static_ip\" \"usa_sjc37\"{\n    ip_address =  \"1.1.1.1\"\n    routable_ip = true\n    comment = \"SJC37 - Static IP\"\n    geo_override = false\n}\n```\n\n### Location Management With Manual And Dynamic Location Groups\n\n```hcl\n# Retrieve ZIA Manual Location Groups\ndata \"zia_location_groups\" \"this\"{\n    name = \"SDWAN_CAN\"\n}\n\n# ZIA Location Management with UFQDN VPN Credential\nresource \"zia_location_management\" \"usa_sjc37\"{\n    name                        = \"USA_SJC_37\"\n    description                 = \"Created with Terraform\"\n    country                     = \"UNITED_STATES\"\n    tz                          = \"UNITED_STATES_AMERICA_LOS_ANGELES\"\n    state                       = \"California\"\n    auth_required               = true\n    idle_time_in_minutes        = 720\n    display_time_unit           = \"HOUR\"\n    surrogate_ip                = true\n    xff_forward_enabled         = true\n    ofw_enabled                 = true\n    ips_control                 = true\n    profile                     = \"CORPORATE\"\n    vpn_credentials {\n       id = zia_traffic_forwarding_vpn_credentials.usa_sjc37.id\n       type = zia_traffic_forwarding_vpn_credentials.usa_sjc37.type\n    }\n    static_location_groups {\n      id = [data.zia_location_groups.this.id]\n    }\n    depends_on = [zia_traffic_forwarding_vpn_credentials.usa_sjc37 ]\n}\n\nresource \"zia_traffic_forwarding_vpn_credentials\" \"usa_sjc37\"{\n    type            = \"UFQDN\"\n    fqdn            = \"usa_sjc37@acme.com\"\n    comments        = \"USA - San Jose IPSec Tunnel\"\n    pre_shared_key  = \"***************\"\n}\n```\n\n### Location Management With Excluded Manual And Dynamic Location Groups\n\n```hcl\n# Retrieve ZIA Manual Location Groups\ndata \"zia_location_groups\" \"this\"{\n    name = \"SDWAN_CAN\"\n}\n\n# ZIA Location Management with UFQDN VPN Credential\nresource \"zia_location_management\" \"usa_sjc37\"{\n    name                        = \"USA_SJC_37\"\n    description                 = \"Created with Terraform\"\n    country                     = \"UNITED_STATES\"\n    tz                          = \"UNITED_STATES_AMERICA_LOS_ANGELES\"\n    state                       = \"California\"\n    auth_required               = true\n    idle_time_in_minutes        = 720\n    display_time_unit           = \"HOUR\"\n    surrogate_ip                = true\n    xff_forward_enabled         = true\n    ofw_enabled                 = true\n    ips_control                 = true\n    exclude_from_dynamic_groups = true\n    exclude_from_manual_groups  = true\n    profile                     = \"CORPORATE\"\n    vpn_credentials {\n       id = zia_traffic_forwarding_vpn_credentials.usa_sjc37.id\n       type = zia_traffic_forwarding_vpn_credentials.usa_sjc37.type\n    }\n    depends_on = [zia_traffic_forwarding_vpn_credentials.usa_sjc37 ]\n}\n\nresource \"zia_traffic_forwarding_vpn_credentials\" \"usa_sjc37\"{\n    type            = \"UFQDN\"\n    fqdn            = \"usa_sjc37@acme.com\"\n    comments        = \"USA - San Jose IPSec Tunnel\"\n    pre_shared_key  = \"***************\"\n}\n```\n\n```hcl\nresource \"zia_location_management\" \"usa_sjc37_office_branch01\"{\n    name = \"USA_SJC37_Office-Branch01\"\n    description = \"Created with Terraform\"\n    country = \"UNITED_STATES\"\n    tz = \"UNITED_STATES_AMERICA_LOS_ANGELES\"\n    profile = \"CORPORATE\"\n    parent_id = zia_location_management.usa_sjc37.id\n    depends_on = [ zia_traffic_forwarding_static_ip.usa_sjc37, zia_traffic_forwarding_vpn_credentials.usa_sjc37, zia_location_management.usa_sjc37 ]\n    auth_required = true\n    idle_time_in_minutes = 720\n    display_time_unit = \"HOUR\"\n    surrogate_ip = true\n    ofw_enabled = true\n    ip_addresses = [ \"10.5.0.0-10.5.255.255\" ]\n    up_bandwidth = 10000\n    dn_bandwidth = 10000\n}\n```\n\n# ZIA SubLocation Management with UFQDN VPN Credential\n\n```hcl\n\nresource \"zia_traffic_forwarding_vpn_credentials\" \"usa_sjc37\"{\n    type            = \"UFQDN\"\n    fqdn            = \"usa_sjc37@acme.com\"\n    comments        = \"USA - San Jose IPSec Tunnel\"\n    pre_shared_key  = \"***************\"\n}\n\nresource \"zia_location_management\" \"usa_sjc37\"{\n    name                        = \"USA_SJC_37\"\n    description                 = \"Created with Terraform\"\n    country                     = \"UNITED_STATES\"\n    tz                          = \"UNITED_STATES_AMERICA_LOS_ANGELES\"\n    auth_required               = true\n    idle_time_in_minutes        = 720\n    display_time_unit           = \"HOUR\"\n    surrogate_ip                = true\n    xff_forward_enabled         = true\n    ofw_enabled                 = true\n    ips_control                 = true\n    vpn_credentials {\n       id = zia_traffic_forwarding_vpn_credentials.usa_sjc37.id\n       type = zia_traffic_forwarding_vpn_credentials.usa_sjc37.type\n    }\n}\n\nresource \"zia_location_management\" \"usa_sjc37_office_branch01\"{\n    name = \"USA_SJC37_Office-Branch01\"\n    description = \"Created with Terraform\"\n    country = \"UNITED_STATES\"\n    tz = \"UNITED_STATES_AMERICA_LOS_ANGELES\"\n    profile = \"CORPORATE\"\n    parent_id = zia_location_management.usa_sjc37.id\n    zia_traffic_forwarding_vpn_credentials.usa_sjc37, zia_location_management.usa_sjc37\n    auth_required = true\n    idle_time_in_minutes = 720\n    display_time_unit = \"HOUR\"\n    surrogate_ip = true\n    ofw_enabled = true\n    ip_addresses = [ \"10.5.0.0-10.5.255.255\" ]\n    up_bandwidth = 10000\n    dn_bandwidth = 10000\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_location_management** can be imported by using `\u003cLOCATION_ID\u003e` or `\u003cLOCATION_NAME\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/locationManagement:LocationManagement example \u003clocation_id\u003e\n```\n\nor\n\n```sh\n$ pulumi import zia:index/locationManagement:LocationManagement example \u003clocation_name\u003e\n```\n\n","properties":{"aupBlockInternetUntilAccepted":{"type":"boolean","description":"For First Time AUP Behavior, Block Internet Access. When set, all internet access (including non-HTTP traffic) is disabled until the user accepts the AUP."},"aupEnabled":{"type":"boolean","description":"Enable AUP. When set to true, AUP is enabled for the location."},"aupForceSslInspection":{"type":"boolean","description":"For First Time AUP Behavior, Force SSL Inspection. When set, Zscaler will force SSL Inspection in order to enforce AUP for HTTPS traffic."},"aupTimeoutInDays":{"type":"integer","description":"Custom AUP Frequency. Refresh time (in days) to re-validate the AUP."},"authRequired":{"type":"boolean","description":"Enforce Authentication. Required when ports are enabled, IP Surrogate is enabled, or Kerberos Authentication is enabled."},"basicAuthEnabled":{"type":"boolean","description":"Enable Basic Authentication at the location"},"cautionEnabled":{"type":"boolean","description":"Enable Caution. When set to true, a caution notifcation is enabled for the location."},"cookiesAndProxy":{"type":"boolean"},"country":{"type":"string","description":"Supported Countries"},"defaultExtranetDns":{"type":"boolean","description":"Indicates that the DNS server configuration used in the extranet is the designated default DNS server"},"defaultExtranetTsPool":{"type":"boolean","description":"Indicates that the traffic selector specified in the extranet is the designated default traffic selector"},"description":{"type":"string","description":"Additional notes or information regarding the location or sub-location. The description cannot exceed 1024 characters."},"digestAuthEnabled":{"type":"boolean","description":"Enable Digest Authentication at the location"},"displayTimeUnit":{"type":"string","description":"Display Time Unit. The time unit to display for IP Surrogate idle time to disassociation."},"dnBandwidth":{"type":"integer","description":"Download bandwidth in bytes. The value 0 implies no Bandwidth Control enforcement."},"excludeFromDynamicGroups":{"type":"boolean"},"excludeFromManualGroups":{"type":"boolean"},"extranetDns":{"type":"array","items":{"$ref":"#/types/zia:index/LocationManagementExtranetDn:LocationManagementExtranetDn"},"description":"The ID of the DNS server configuration used in the extranet"},"extranetIpPools":{"type":"array","items":{"$ref":"#/types/zia:index/LocationManagementExtranetIpPool:LocationManagementExtranetIpPool"},"description":"The ID of the traffic selector specified in the extranet"},"extranets":{"type":"array","items":{"$ref":"#/types/zia:index/LocationManagementExtranet:LocationManagementExtranet"},"description":"The ID of the extranet resource that must be assigned to the location"},"idleTimeInMinutes":{"type":"integer","description":"Idle Time to Disassociation. The user mapping idle time (in minutes) is required if a Surrogate IP is enabled."},"iotDiscoveryEnabled":{"type":"boolean","description":"Enable IOT Discovery at the location"},"iotEnforcePolicySet":{"type":"boolean"},"ipAddresses":{"type":"array","items":{"type":"string"},"description":"For locations: IP addresses of the egress points that are provisioned in the Zscaler Cloud. Each entry is a single IP address (e.g., 238.10.33.9)."},"ipsControl":{"type":"boolean","description":"Enable IPS Control. When set to true, IPS Control is enabled for the location if Firewall is enabled."},"ipv6Dns64prefix":{"type":"boolean","description":"(Optional) Name-ID pair of the NAT64 prefix configured as the DNS64 prefix for the location. If specified, the DNS64 prefix is used for the IP addresses that reside in this location. If not specified, a prefix is selected from the set of supported prefixes."},"ipv6Enabled":{"type":"boolean","description":"If set to true, IPv6 is enabled for the location and IPv6 traffic from the location can be forwarded to the Zscaler service to enforce security policies."},"kerberosAuth":{"type":"boolean","description":"Enable Kerberos Authentication at the location"},"locationId":{"type":"integer"},"name":{"type":"string","description":"Location Name."},"ofwEnabled":{"type":"boolean","description":"Enable Firewall. When set to true, Firewall is enabled for the location."},"other6SubLocation":{"type":"boolean","description":"If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv6 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other6 and it can be renamed, if required. This field is applicable only if ipv6Enabled is set is true."},"otherSubLocation":{"type":"boolean","description":"If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv4 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other and it can be renamed, if required."},"parentId":{"type":"integer","description":"Parent Location ID. If this ID does not exist or is 0, it is implied that it is a parent location. Otherwise, it is a sub-location whose parent has this ID. x-applicableTo: SUB"},"ports":{"type":"array","items":{"type":"integer"},"description":"IP ports that are associated with the location."},"profile":{"type":"string","description":"Profile tag that specifies the location traffic type. If not specified, this tag defaults to `Unassigned`."},"sslScanEnabled":{"type":"boolean","description":"Enable SSL Inspection. Set to true in order to apply your SSL Inspection policy to HTTPS traffic in the location and inspect HTTPS transactions for data leakage, malicious content, and viruses."},"state":{"type":"string","description":"IP ports that are associated with the location."},"staticLocationGroups":{"$ref":"#/types/zia:index/LocationManagementStaticLocationGroups:LocationManagementStaticLocationGroups","description":"Name-ID pairs of locations for which rule must be applied"},"subLocAccIds":{"type":"array","items":{"type":"string"}},"subLocScope":{"type":"string","description":"Defines a scope for the sublocation from the available types to segregate workload traffic from a single sublocation to apply different Cloud Connector and ZIA security policies."},"subLocScopeValues":{"type":"array","items":{"type":"string"}},"surrogateIp":{"type":"boolean","description":"Enable Surrogate IP. When set to true, users are mapped to internal device IP addresses."},"surrogateIpEnforcedForKnownBrowsers":{"type":"boolean","description":"Enforce Surrogate IP for Known Browsers. When set to true, IP Surrogate is enforced for all known browsers."},"surrogateRefreshTimeInMinutes":{"type":"integer","description":"Refresh Time for re-validation of Surrogacy. The surrogate refresh time (in minutes) to re-validate the IP surrogates."},"surrogateRefreshTimeUnit":{"type":"string","description":"Display Refresh Time Unit. The time unit to display for refresh time for re-validation of surrogacy."},"tz":{"type":"string","description":"Timezone of the location. If not specified, it defaults to GMT."},"upBandwidth":{"type":"integer","description":"Upload bandwidth in bytes. The value 0 implies no Bandwidth Control enforcement."},"vpnCredentials":{"type":"array","items":{"$ref":"#/types/zia:index/LocationManagementVpnCredential:LocationManagementVpnCredential"}},"xffForwardEnabled":{"type":"boolean","description":"Enable XFF Forwarding. When set to true, traffic is passed to Zscaler Cloud via the X-Forwarded-For (XFF) header."},"zappSslScanEnabled":{"type":"boolean","description":"Enable Zscaler App SSL Setting. When set to true, the Zscaler App SSL Scan Setting will take effect, irrespective of the SSL policy that is configured for the location."}},"required":["aupBlockInternetUntilAccepted","aupEnabled","aupForceSslInspection","authRequired","basicAuthEnabled","cautionEnabled","cookiesAndProxy","country","defaultExtranetDns","defaultExtranetTsPool","digestAuthEnabled","iotDiscoveryEnabled","iotEnforcePolicySet","ipsControl","locationId","name","ofwEnabled","profile","sslScanEnabled","state","surrogateIp","surrogateIpEnforcedForKnownBrowsers","tz","xffForwardEnabled","zappSslScanEnabled"],"inputProperties":{"aupBlockInternetUntilAccepted":{"type":"boolean","description":"For First Time AUP Behavior, Block Internet Access. When set, all internet access (including non-HTTP traffic) is disabled until the user accepts the AUP."},"aupEnabled":{"type":"boolean","description":"Enable AUP. When set to true, AUP is enabled for the location."},"aupForceSslInspection":{"type":"boolean","description":"For First Time AUP Behavior, Force SSL Inspection. When set, Zscaler will force SSL Inspection in order to enforce AUP for HTTPS traffic."},"aupTimeoutInDays":{"type":"integer","description":"Custom AUP Frequency. Refresh time (in days) to re-validate the AUP."},"authRequired":{"type":"boolean","description":"Enforce Authentication. Required when ports are enabled, IP Surrogate is enabled, or Kerberos Authentication is enabled."},"basicAuthEnabled":{"type":"boolean","description":"Enable Basic Authentication at the location"},"cautionEnabled":{"type":"boolean","description":"Enable Caution. When set to true, a caution notifcation is enabled for the location."},"cookiesAndProxy":{"type":"boolean"},"country":{"type":"string","description":"Supported Countries"},"defaultExtranetDns":{"type":"boolean","description":"Indicates that the DNS server configuration used in the extranet is the designated default DNS server"},"defaultExtranetTsPool":{"type":"boolean","description":"Indicates that the traffic selector specified in the extranet is the designated default traffic selector"},"description":{"type":"string","description":"Additional notes or information regarding the location or sub-location. The description cannot exceed 1024 characters."},"digestAuthEnabled":{"type":"boolean","description":"Enable Digest Authentication at the location"},"displayTimeUnit":{"type":"string","description":"Display Time Unit. The time unit to display for IP Surrogate idle time to disassociation."},"dnBandwidth":{"type":"integer","description":"Download bandwidth in bytes. The value 0 implies no Bandwidth Control enforcement."},"excludeFromDynamicGroups":{"type":"boolean"},"excludeFromManualGroups":{"type":"boolean"},"extranetDns":{"type":"array","items":{"$ref":"#/types/zia:index/LocationManagementExtranetDn:LocationManagementExtranetDn"},"description":"The ID of the DNS server configuration used in the extranet"},"extranetIpPools":{"type":"array","items":{"$ref":"#/types/zia:index/LocationManagementExtranetIpPool:LocationManagementExtranetIpPool"},"description":"The ID of the traffic selector specified in the extranet"},"extranets":{"type":"array","items":{"$ref":"#/types/zia:index/LocationManagementExtranet:LocationManagementExtranet"},"description":"The ID of the extranet resource that must be assigned to the location"},"idleTimeInMinutes":{"type":"integer","description":"Idle Time to Disassociation. The user mapping idle time (in minutes) is required if a Surrogate IP is enabled."},"iotDiscoveryEnabled":{"type":"boolean","description":"Enable IOT Discovery at the location"},"iotEnforcePolicySet":{"type":"boolean"},"ipAddresses":{"type":"array","items":{"type":"string"},"description":"For locations: IP addresses of the egress points that are provisioned in the Zscaler Cloud. Each entry is a single IP address (e.g., 238.10.33.9)."},"ipsControl":{"type":"boolean","description":"Enable IPS Control. When set to true, IPS Control is enabled for the location if Firewall is enabled."},"ipv6Dns64prefix":{"type":"boolean","description":"(Optional) Name-ID pair of the NAT64 prefix configured as the DNS64 prefix for the location. If specified, the DNS64 prefix is used for the IP addresses that reside in this location. If not specified, a prefix is selected from the set of supported prefixes."},"ipv6Enabled":{"type":"boolean","description":"If set to true, IPv6 is enabled for the location and IPv6 traffic from the location can be forwarded to the Zscaler service to enforce security policies."},"kerberosAuth":{"type":"boolean","description":"Enable Kerberos Authentication at the location"},"name":{"type":"string","description":"Location Name."},"ofwEnabled":{"type":"boolean","description":"Enable Firewall. When set to true, Firewall is enabled for the location."},"other6SubLocation":{"type":"boolean","description":"If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv6 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other6 and it can be renamed, if required. This field is applicable only if ipv6Enabled is set is true."},"otherSubLocation":{"type":"boolean","description":"If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv4 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other and it can be renamed, if required."},"parentId":{"type":"integer","description":"Parent Location ID. If this ID does not exist or is 0, it is implied that it is a parent location. Otherwise, it is a sub-location whose parent has this ID. x-applicableTo: SUB"},"ports":{"type":"array","items":{"type":"integer"},"description":"IP ports that are associated with the location."},"profile":{"type":"string","description":"Profile tag that specifies the location traffic type. If not specified, this tag defaults to `Unassigned`."},"sslScanEnabled":{"type":"boolean","description":"Enable SSL Inspection. Set to true in order to apply your SSL Inspection policy to HTTPS traffic in the location and inspect HTTPS transactions for data leakage, malicious content, and viruses."},"state":{"type":"string","description":"IP ports that are associated with the location."},"staticLocationGroups":{"$ref":"#/types/zia:index/LocationManagementStaticLocationGroups:LocationManagementStaticLocationGroups","description":"Name-ID pairs of locations for which rule must be applied"},"subLocAccIds":{"type":"array","items":{"type":"string"}},"subLocScope":{"type":"string","description":"Defines a scope for the sublocation from the available types to segregate workload traffic from a single sublocation to apply different Cloud Connector and ZIA security policies."},"subLocScopeValues":{"type":"array","items":{"type":"string"}},"surrogateIp":{"type":"boolean","description":"Enable Surrogate IP. When set to true, users are mapped to internal device IP addresses."},"surrogateIpEnforcedForKnownBrowsers":{"type":"boolean","description":"Enforce Surrogate IP for Known Browsers. When set to true, IP Surrogate is enforced for all known browsers."},"surrogateRefreshTimeInMinutes":{"type":"integer","description":"Refresh Time for re-validation of Surrogacy. The surrogate refresh time (in minutes) to re-validate the IP surrogates."},"surrogateRefreshTimeUnit":{"type":"string","description":"Display Refresh Time Unit. The time unit to display for refresh time for re-validation of surrogacy."},"tz":{"type":"string","description":"Timezone of the location. If not specified, it defaults to GMT."},"upBandwidth":{"type":"integer","description":"Upload bandwidth in bytes. The value 0 implies no Bandwidth Control enforcement."},"vpnCredentials":{"type":"array","items":{"$ref":"#/types/zia:index/LocationManagementVpnCredential:LocationManagementVpnCredential"}},"xffForwardEnabled":{"type":"boolean","description":"Enable XFF Forwarding. When set to true, traffic is passed to Zscaler Cloud via the X-Forwarded-For (XFF) header."},"zappSslScanEnabled":{"type":"boolean","description":"Enable Zscaler App SSL Setting. When set to true, the Zscaler App SSL Scan Setting will take effect, irrespective of the SSL policy that is configured for the location."}},"stateInputs":{"description":"Input properties used for looking up and filtering LocationManagement resources.\n","properties":{"aupBlockInternetUntilAccepted":{"type":"boolean","description":"For First Time AUP Behavior, Block Internet Access. When set, all internet access (including non-HTTP traffic) is disabled until the user accepts the AUP."},"aupEnabled":{"type":"boolean","description":"Enable AUP. When set to true, AUP is enabled for the location."},"aupForceSslInspection":{"type":"boolean","description":"For First Time AUP Behavior, Force SSL Inspection. When set, Zscaler will force SSL Inspection in order to enforce AUP for HTTPS traffic."},"aupTimeoutInDays":{"type":"integer","description":"Custom AUP Frequency. Refresh time (in days) to re-validate the AUP."},"authRequired":{"type":"boolean","description":"Enforce Authentication. Required when ports are enabled, IP Surrogate is enabled, or Kerberos Authentication is enabled."},"basicAuthEnabled":{"type":"boolean","description":"Enable Basic Authentication at the location"},"cautionEnabled":{"type":"boolean","description":"Enable Caution. When set to true, a caution notifcation is enabled for the location."},"cookiesAndProxy":{"type":"boolean"},"country":{"type":"string","description":"Supported Countries"},"defaultExtranetDns":{"type":"boolean","description":"Indicates that the DNS server configuration used in the extranet is the designated default DNS server"},"defaultExtranetTsPool":{"type":"boolean","description":"Indicates that the traffic selector specified in the extranet is the designated default traffic selector"},"description":{"type":"string","description":"Additional notes or information regarding the location or sub-location. The description cannot exceed 1024 characters."},"digestAuthEnabled":{"type":"boolean","description":"Enable Digest Authentication at the location"},"displayTimeUnit":{"type":"string","description":"Display Time Unit. The time unit to display for IP Surrogate idle time to disassociation."},"dnBandwidth":{"type":"integer","description":"Download bandwidth in bytes. The value 0 implies no Bandwidth Control enforcement."},"excludeFromDynamicGroups":{"type":"boolean"},"excludeFromManualGroups":{"type":"boolean"},"extranetDns":{"type":"array","items":{"$ref":"#/types/zia:index/LocationManagementExtranetDn:LocationManagementExtranetDn"},"description":"The ID of the DNS server configuration used in the extranet"},"extranetIpPools":{"type":"array","items":{"$ref":"#/types/zia:index/LocationManagementExtranetIpPool:LocationManagementExtranetIpPool"},"description":"The ID of the traffic selector specified in the extranet"},"extranets":{"type":"array","items":{"$ref":"#/types/zia:index/LocationManagementExtranet:LocationManagementExtranet"},"description":"The ID of the extranet resource that must be assigned to the location"},"idleTimeInMinutes":{"type":"integer","description":"Idle Time to Disassociation. The user mapping idle time (in minutes) is required if a Surrogate IP is enabled."},"iotDiscoveryEnabled":{"type":"boolean","description":"Enable IOT Discovery at the location"},"iotEnforcePolicySet":{"type":"boolean"},"ipAddresses":{"type":"array","items":{"type":"string"},"description":"For locations: IP addresses of the egress points that are provisioned in the Zscaler Cloud. Each entry is a single IP address (e.g., 238.10.33.9)."},"ipsControl":{"type":"boolean","description":"Enable IPS Control. When set to true, IPS Control is enabled for the location if Firewall is enabled."},"ipv6Dns64prefix":{"type":"boolean","description":"(Optional) Name-ID pair of the NAT64 prefix configured as the DNS64 prefix for the location. If specified, the DNS64 prefix is used for the IP addresses that reside in this location. If not specified, a prefix is selected from the set of supported prefixes."},"ipv6Enabled":{"type":"boolean","description":"If set to true, IPv6 is enabled for the location and IPv6 traffic from the location can be forwarded to the Zscaler service to enforce security policies."},"kerberosAuth":{"type":"boolean","description":"Enable Kerberos Authentication at the location"},"locationId":{"type":"integer"},"name":{"type":"string","description":"Location Name."},"ofwEnabled":{"type":"boolean","description":"Enable Firewall. When set to true, Firewall is enabled for the location."},"other6SubLocation":{"type":"boolean","description":"If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv6 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other6 and it can be renamed, if required. This field is applicable only if ipv6Enabled is set is true."},"otherSubLocation":{"type":"boolean","description":"If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv4 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other and it can be renamed, if required."},"parentId":{"type":"integer","description":"Parent Location ID. If this ID does not exist or is 0, it is implied that it is a parent location. Otherwise, it is a sub-location whose parent has this ID. x-applicableTo: SUB"},"ports":{"type":"array","items":{"type":"integer"},"description":"IP ports that are associated with the location."},"profile":{"type":"string","description":"Profile tag that specifies the location traffic type. If not specified, this tag defaults to `Unassigned`."},"sslScanEnabled":{"type":"boolean","description":"Enable SSL Inspection. Set to true in order to apply your SSL Inspection policy to HTTPS traffic in the location and inspect HTTPS transactions for data leakage, malicious content, and viruses."},"state":{"type":"string","description":"IP ports that are associated with the location."},"staticLocationGroups":{"$ref":"#/types/zia:index/LocationManagementStaticLocationGroups:LocationManagementStaticLocationGroups","description":"Name-ID pairs of locations for which rule must be applied"},"subLocAccIds":{"type":"array","items":{"type":"string"}},"subLocScope":{"type":"string","description":"Defines a scope for the sublocation from the available types to segregate workload traffic from a single sublocation to apply different Cloud Connector and ZIA security policies."},"subLocScopeValues":{"type":"array","items":{"type":"string"}},"surrogateIp":{"type":"boolean","description":"Enable Surrogate IP. When set to true, users are mapped to internal device IP addresses."},"surrogateIpEnforcedForKnownBrowsers":{"type":"boolean","description":"Enforce Surrogate IP for Known Browsers. When set to true, IP Surrogate is enforced for all known browsers."},"surrogateRefreshTimeInMinutes":{"type":"integer","description":"Refresh Time for re-validation of Surrogacy. The surrogate refresh time (in minutes) to re-validate the IP surrogates."},"surrogateRefreshTimeUnit":{"type":"string","description":"Display Refresh Time Unit. The time unit to display for refresh time for re-validation of surrogacy."},"tz":{"type":"string","description":"Timezone of the location. If not specified, it defaults to GMT."},"upBandwidth":{"type":"integer","description":"Upload bandwidth in bytes. The value 0 implies no Bandwidth Control enforcement."},"vpnCredentials":{"type":"array","items":{"$ref":"#/types/zia:index/LocationManagementVpnCredential:LocationManagementVpnCredential"}},"xffForwardEnabled":{"type":"boolean","description":"Enable XFF Forwarding. When set to true, traffic is passed to Zscaler Cloud via the X-Forwarded-For (XFF) header."},"zappSslScanEnabled":{"type":"boolean","description":"Enable Zscaler App SSL Setting. When set to true, the Zscaler App SSL Scan Setting will take effect, irrespective of the SSL policy that is configured for the location."}},"type":"object"}},"zia:index/mobileMalwareProtectionPolicy:MobileMalwareProtectionPolicy":{"description":"* [Official documentation](https://help.zscaler.com/zia/configuring-mobile-malware-protection-policy)\n* [API documentation](https://help.zscaler.com/zia/mobile-malware-protection-policy#/mobileAdvanceThreatSettings-put)\n\nThe **zia_mobile_malware_protection_policy** resource allows you to update Mobile Malware Protection policy. To learn more see [Configuring the Mobile Malware Protection Policy](https://help.zscaler.com/zia/configuring-mobile-malware-protection-policy)\n\n## Example Usage\n\n```hcl\nresource \"zia_mobile_malware_protection_policy\" \"this\" {\n    block_apps_with_malicious_activity = true\n    block_apps_with_known_vulnerabilities = true\n    block_apps_sending_unencrypted_user_credentials = true\n    block_apps_sending_location_info = true\n    block_apps_sending_personally_identifiable_info = true\n    block_apps_sending_device_identifier = true\n    block_apps_communicating_with_ad_websites = true\n    block_apps_communicating_with_remote_unknown_servers = true\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_mobile_malware_protection_policy** can be imported by using \u003cspan pulumi-lang-nodejs=\"`mobileSettings`\" pulumi-lang-dotnet=\"`MobileSettings`\" pulumi-lang-go=\"`mobileSettings`\" pulumi-lang-python=\"`mobile_settings`\" pulumi-lang-yaml=\"`mobileSettings`\" pulumi-lang-java=\"`mobileSettings`\"\u003e`mobile_settings`\u003c/span\u003e as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/mobileMalwareProtectionPolicy:MobileMalwareProtectionPolicy this \"mobile_settings\"\n```\n\n","properties":{"blockAppsCommunicatingWithAdWebsites":{"type":"boolean","description":"Blocks an application from communicating with unknown servers (i.e., servers not normally or historically associated with the application)"},"blockAppsCommunicatingWithRemoteUnknownServers":{"type":"boolean"},"blockAppsSendingDeviceIdentifier":{"type":"boolean","description":"Blocks an application from communicating with known advertisement websites"},"blockAppsSendingLocationInfo":{"type":"boolean","description":"Blocks an application from leaking a user's personally identifiable information (PII) via communication in an unencrypted format or for an unknown purpose"},"blockAppsSendingPersonallyIdentifiableInfo":{"type":"boolean","description":"Blocks an application from leaking device identifiers via communication in an unencrypted format or for an unknown purpose"},"blockAppsSendingUnencryptedUserCredentials":{"type":"boolean","description":"Blocks an application from leaking device location details via communication in an unencrypted format or for an unknown purpose"},"blockAppsWithKnownVulnerabilities":{"type":"boolean","description":"Blocks an application from leaking a user's credentials in an unencrypted format"},"blockAppsWithMaliciousActivity":{"type":"boolean","description":"Blocks applications that contain vulnerabilities or that use insecure features, modules, or protocols"}},"inputProperties":{"blockAppsCommunicatingWithAdWebsites":{"type":"boolean","description":"Blocks an application from communicating with unknown servers (i.e., servers not normally or historically associated with the application)"},"blockAppsCommunicatingWithRemoteUnknownServers":{"type":"boolean"},"blockAppsSendingDeviceIdentifier":{"type":"boolean","description":"Blocks an application from communicating with known advertisement websites"},"blockAppsSendingLocationInfo":{"type":"boolean","description":"Blocks an application from leaking a user's personally identifiable information (PII) via communication in an unencrypted format or for an unknown purpose"},"blockAppsSendingPersonallyIdentifiableInfo":{"type":"boolean","description":"Blocks an application from leaking device identifiers via communication in an unencrypted format or for an unknown purpose"},"blockAppsSendingUnencryptedUserCredentials":{"type":"boolean","description":"Blocks an application from leaking device location details via communication in an unencrypted format or for an unknown purpose"},"blockAppsWithKnownVulnerabilities":{"type":"boolean","description":"Blocks an application from leaking a user's credentials in an unencrypted format"},"blockAppsWithMaliciousActivity":{"type":"boolean","description":"Blocks applications that contain vulnerabilities or that use insecure features, modules, or protocols"}},"stateInputs":{"description":"Input properties used for looking up and filtering MobileMalwareProtectionPolicy resources.\n","properties":{"blockAppsCommunicatingWithAdWebsites":{"type":"boolean","description":"Blocks an application from communicating with unknown servers (i.e., servers not normally or historically associated with the application)"},"blockAppsCommunicatingWithRemoteUnknownServers":{"type":"boolean"},"blockAppsSendingDeviceIdentifier":{"type":"boolean","description":"Blocks an application from communicating with known advertisement websites"},"blockAppsSendingLocationInfo":{"type":"boolean","description":"Blocks an application from leaking a user's personally identifiable information (PII) via communication in an unencrypted format or for an unknown purpose"},"blockAppsSendingPersonallyIdentifiableInfo":{"type":"boolean","description":"Blocks an application from leaking device identifiers via communication in an unencrypted format or for an unknown purpose"},"blockAppsSendingUnencryptedUserCredentials":{"type":"boolean","description":"Blocks an application from leaking device location details via communication in an unencrypted format or for an unknown purpose"},"blockAppsWithKnownVulnerabilities":{"type":"boolean","description":"Blocks an application from leaking a user's credentials in an unencrypted format"},"blockAppsWithMaliciousActivity":{"type":"boolean","description":"Blocks applications that contain vulnerabilities or that use insecure features, modules, or protocols"}},"type":"object"}},"zia:index/natControlRules:NatControlRules":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-nat-control)\n* [API documentation](https://help.zscaler.com/zia/nat-control-policy#/dnatRules-get)\n\nThe **zia_nat_control_rules** resource allows the creation and management of NAT Control rules in the Zscaler Internet Access.\n\n## Example Usage\n\n```hcl\nresource \"zia_nat_control_rules\" \"this\" {\n    name = \"DNAT_02\"\n    description = \"DNAT_02\"\n    order=1\n    rank=7\n    state = \"ENABLED\"\n    redirect_port=\"2000\"\n    redirect_ip=\"1.1.1.1\"\n    src_ips=[\"192.168.100.0/24\", \"192.168.200.1\"]\n    dest_addresses=[\"3.217.228.0-3.217.231.255\", \"3.235.112.0-3.235.119.255\", \"35.80.88.0-35.80.95.255\", \"server1.acme.com\", \"*.acme.com\"]\n    dest_countries=[\"BR\", \"CA\", \"GB\"]\n  departments {\n    id = [8061246]\n  }\n  dest_ip_groups {\n    id = [-4]\n  }\n  dest_ipv6_groups {\n    id = [-5]\n  }\n  src_ip_groups {\n    id = [18448894]\n  }\n  src_ipv6_groups {\n    id = [-3]\n  }\n  time_windows {\n    id = [485]\n  }\n  nw_services {\n    id = [462370, 17472664]\n  }\n  locations {\n    id = [256000852, -3]\n  }\n  location_groups {\n    id = [8061257, 8061256]\n  }\n  labels {\n    id = [1416803]\n  }\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_nat_control_rules** can be imported by using `\u003cRULE ID\u003e` or `\u003cRULE NAME\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/natControlRules:NatControlRules example \u003crule_id\u003e\n```\n\nor\n\n```sh\n$ pulumi import zia:index/natControlRules:NatControlRules example \u003crule_name\u003e\n```\n\n","properties":{"defaultRule":{"type":"boolean","description":"If set to true, the default rule is applied"},"departments":{"$ref":"#/types/zia:index/NatControlRulesDepartments:NatControlRulesDepartments","description":"list of departments for which rule must be applied"},"description":{"type":"string","description":"Additional information about the rule"},"destAddresses":{"type":"array","items":{"type":"string"},"description":"Destination addresses. Supports IPv4, FQDNs, or wildcard FQDNs"},"destCountries":{"type":"array","items":{"type":"string"},"description":"Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries."},"destIpCategories":{"type":"array","items":{"type":"string"}},"destIpGroups":{"$ref":"#/types/zia:index/NatControlRulesDestIpGroups:NatControlRulesDestIpGroups","description":"list of destination ip groups"},"destIpv6Groups":{"$ref":"#/types/zia:index/NatControlRulesDestIpv6Groups:NatControlRulesDestIpv6Groups","description":"list of destination ipv6 groups"},"deviceGroups":{"$ref":"#/types/zia:index/NatControlRulesDeviceGroups:NatControlRulesDeviceGroups","description":"This field is applicable for devices that are managed using Zscaler Client Connector."},"devices":{"$ref":"#/types/zia:index/NatControlRulesDevices:NatControlRulesDevices","description":"Name-ID pairs of devices for which rule must be applied."},"enableFullLogging":{"type":"boolean"},"groups":{"$ref":"#/types/zia:index/NatControlRulesGroups:NatControlRulesGroups","description":"list of groups for which rule must be applied"},"labels":{"$ref":"#/types/zia:index/NatControlRulesLabels:NatControlRulesLabels","description":"list of Labels that are applicable to the rule."},"locationGroups":{"$ref":"#/types/zia:index/NatControlRulesLocationGroups:NatControlRulesLocationGroups","description":"list of locations groups"},"locations":{"$ref":"#/types/zia:index/NatControlRulesLocations:NatControlRulesLocations","description":"list of locations for which rule must be applied"},"name":{"type":"string","description":"Name of the nat control policy rule"},"nwServiceGroups":{"$ref":"#/types/zia:index/NatControlRulesNwServiceGroups:NatControlRulesNwServiceGroups","description":"list of nw service groups"},"nwServices":{"$ref":"#/types/zia:index/NatControlRulesNwServices:NatControlRulesNwServices","description":"list of nw services"},"order":{"type":"integer","description":"Rule order number. If omitted, the rule will be added to the end of the rule set."},"predefined":{"type":"boolean","description":"If set to true, a predefined rule is applied"},"rank":{"type":"integer","description":"Admin rank of the nat control policy rule"},"redirectFqdn":{"type":"string","description":"The action the nat control policy rule takes when packets match the rule"},"redirectIp":{"type":"string","description":"The action the nat control policy rule takes when packets match the rule"},"redirectPort":{"type":"integer","description":"The action the nat control policy rule takes when packets match the rule"},"resCategories":{"type":"array","items":{"type":"string"},"description":"List of destination domain categories to which the rule applies"},"ruleId":{"type":"integer"},"srcIpGroups":{"$ref":"#/types/zia:index/NatControlRulesSrcIpGroups:NatControlRulesSrcIpGroups","description":"list of source ip groups"},"srcIps":{"type":"array","items":{"type":"string"},"description":"User-defined source IP addresses for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address."},"srcIpv6Groups":{"$ref":"#/types/zia:index/NatControlRulesSrcIpv6Groups:NatControlRulesSrcIpv6Groups","description":"list of source ipv6 groups"},"state":{"type":"string","description":"Determines whether the nat control policy rule is enabled or disabled"},"timeWindows":{"$ref":"#/types/zia:index/NatControlRulesTimeWindows:NatControlRulesTimeWindows","description":"The time interval in which the nat control policy rule applies"},"users":{"$ref":"#/types/zia:index/NatControlRulesUsers:NatControlRulesUsers","description":"list of users for which rule must be applied"}},"required":["destCountries","name","order","ruleId"],"inputProperties":{"defaultRule":{"type":"boolean","description":"If set to true, the default rule is applied"},"departments":{"$ref":"#/types/zia:index/NatControlRulesDepartments:NatControlRulesDepartments","description":"list of departments for which rule must be applied"},"description":{"type":"string","description":"Additional information about the rule"},"destAddresses":{"type":"array","items":{"type":"string"},"description":"Destination addresses. Supports IPv4, FQDNs, or wildcard FQDNs"},"destCountries":{"type":"array","items":{"type":"string"},"description":"Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries."},"destIpCategories":{"type":"array","items":{"type":"string"}},"destIpGroups":{"$ref":"#/types/zia:index/NatControlRulesDestIpGroups:NatControlRulesDestIpGroups","description":"list of destination ip groups"},"destIpv6Groups":{"$ref":"#/types/zia:index/NatControlRulesDestIpv6Groups:NatControlRulesDestIpv6Groups","description":"list of destination ipv6 groups"},"deviceGroups":{"$ref":"#/types/zia:index/NatControlRulesDeviceGroups:NatControlRulesDeviceGroups","description":"This field is applicable for devices that are managed using Zscaler Client Connector."},"devices":{"$ref":"#/types/zia:index/NatControlRulesDevices:NatControlRulesDevices","description":"Name-ID pairs of devices for which rule must be applied."},"enableFullLogging":{"type":"boolean"},"groups":{"$ref":"#/types/zia:index/NatControlRulesGroups:NatControlRulesGroups","description":"list of groups for which rule must be applied"},"labels":{"$ref":"#/types/zia:index/NatControlRulesLabels:NatControlRulesLabels","description":"list of Labels that are applicable to the rule."},"locationGroups":{"$ref":"#/types/zia:index/NatControlRulesLocationGroups:NatControlRulesLocationGroups","description":"list of locations groups"},"locations":{"$ref":"#/types/zia:index/NatControlRulesLocations:NatControlRulesLocations","description":"list of locations for which rule must be applied"},"name":{"type":"string","description":"Name of the nat control policy rule"},"nwServiceGroups":{"$ref":"#/types/zia:index/NatControlRulesNwServiceGroups:NatControlRulesNwServiceGroups","description":"list of nw service groups"},"nwServices":{"$ref":"#/types/zia:index/NatControlRulesNwServices:NatControlRulesNwServices","description":"list of nw services"},"order":{"type":"integer","description":"Rule order number. If omitted, the rule will be added to the end of the rule set."},"predefined":{"type":"boolean","description":"If set to true, a predefined rule is applied"},"rank":{"type":"integer","description":"Admin rank of the nat control policy rule"},"redirectFqdn":{"type":"string","description":"The action the nat control policy rule takes when packets match the rule"},"redirectIp":{"type":"string","description":"The action the nat control policy rule takes when packets match the rule"},"redirectPort":{"type":"integer","description":"The action the nat control policy rule takes when packets match the rule"},"resCategories":{"type":"array","items":{"type":"string"},"description":"List of destination domain categories to which the rule applies"},"srcIpGroups":{"$ref":"#/types/zia:index/NatControlRulesSrcIpGroups:NatControlRulesSrcIpGroups","description":"list of source ip groups"},"srcIps":{"type":"array","items":{"type":"string"},"description":"User-defined source IP addresses for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address."},"srcIpv6Groups":{"$ref":"#/types/zia:index/NatControlRulesSrcIpv6Groups:NatControlRulesSrcIpv6Groups","description":"list of source ipv6 groups"},"state":{"type":"string","description":"Determines whether the nat control policy rule is enabled or disabled"},"timeWindows":{"$ref":"#/types/zia:index/NatControlRulesTimeWindows:NatControlRulesTimeWindows","description":"The time interval in which the nat control policy rule applies"},"users":{"$ref":"#/types/zia:index/NatControlRulesUsers:NatControlRulesUsers","description":"list of users for which rule must be applied"}},"requiredInputs":["order"],"stateInputs":{"description":"Input properties used for looking up and filtering NatControlRules resources.\n","properties":{"defaultRule":{"type":"boolean","description":"If set to true, the default rule is applied"},"departments":{"$ref":"#/types/zia:index/NatControlRulesDepartments:NatControlRulesDepartments","description":"list of departments for which rule must be applied"},"description":{"type":"string","description":"Additional information about the rule"},"destAddresses":{"type":"array","items":{"type":"string"},"description":"Destination addresses. Supports IPv4, FQDNs, or wildcard FQDNs"},"destCountries":{"type":"array","items":{"type":"string"},"description":"Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries."},"destIpCategories":{"type":"array","items":{"type":"string"}},"destIpGroups":{"$ref":"#/types/zia:index/NatControlRulesDestIpGroups:NatControlRulesDestIpGroups","description":"list of destination ip groups"},"destIpv6Groups":{"$ref":"#/types/zia:index/NatControlRulesDestIpv6Groups:NatControlRulesDestIpv6Groups","description":"list of destination ipv6 groups"},"deviceGroups":{"$ref":"#/types/zia:index/NatControlRulesDeviceGroups:NatControlRulesDeviceGroups","description":"This field is applicable for devices that are managed using Zscaler Client Connector."},"devices":{"$ref":"#/types/zia:index/NatControlRulesDevices:NatControlRulesDevices","description":"Name-ID pairs of devices for which rule must be applied."},"enableFullLogging":{"type":"boolean"},"groups":{"$ref":"#/types/zia:index/NatControlRulesGroups:NatControlRulesGroups","description":"list of groups for which rule must be applied"},"labels":{"$ref":"#/types/zia:index/NatControlRulesLabels:NatControlRulesLabels","description":"list of Labels that are applicable to the rule."},"locationGroups":{"$ref":"#/types/zia:index/NatControlRulesLocationGroups:NatControlRulesLocationGroups","description":"list of locations groups"},"locations":{"$ref":"#/types/zia:index/NatControlRulesLocations:NatControlRulesLocations","description":"list of locations for which rule must be applied"},"name":{"type":"string","description":"Name of the nat control policy rule"},"nwServiceGroups":{"$ref":"#/types/zia:index/NatControlRulesNwServiceGroups:NatControlRulesNwServiceGroups","description":"list of nw service groups"},"nwServices":{"$ref":"#/types/zia:index/NatControlRulesNwServices:NatControlRulesNwServices","description":"list of nw services"},"order":{"type":"integer","description":"Rule order number. If omitted, the rule will be added to the end of the rule set."},"predefined":{"type":"boolean","description":"If set to true, a predefined rule is applied"},"rank":{"type":"integer","description":"Admin rank of the nat control policy rule"},"redirectFqdn":{"type":"string","description":"The action the nat control policy rule takes when packets match the rule"},"redirectIp":{"type":"string","description":"The action the nat control policy rule takes when packets match the rule"},"redirectPort":{"type":"integer","description":"The action the nat control policy rule takes when packets match the rule"},"resCategories":{"type":"array","items":{"type":"string"},"description":"List of destination domain categories to which the rule applies"},"ruleId":{"type":"integer"},"srcIpGroups":{"$ref":"#/types/zia:index/NatControlRulesSrcIpGroups:NatControlRulesSrcIpGroups","description":"list of source ip groups"},"srcIps":{"type":"array","items":{"type":"string"},"description":"User-defined source IP addresses for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address."},"srcIpv6Groups":{"$ref":"#/types/zia:index/NatControlRulesSrcIpv6Groups:NatControlRulesSrcIpv6Groups","description":"list of source ipv6 groups"},"state":{"type":"string","description":"Determines whether the nat control policy rule is enabled or disabled"},"timeWindows":{"$ref":"#/types/zia:index/NatControlRulesTimeWindows:NatControlRulesTimeWindows","description":"The time interval in which the nat control policy rule applies"},"users":{"$ref":"#/types/zia:index/NatControlRulesUsers:NatControlRulesUsers","description":"list of users for which rule must be applied"}},"type":"object"}},"zia:index/nssServer:NssServer":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-nss-servers)\n* [API documentation](https://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssServers-get)\n\nThe **zia_nss_server** resource allows the creation and management of NSS Server Objects in the Zscaler Internet Access cloud or via the API.\nSee [Adding NSS Servers](https://help.zscaler.com/zia/adding-nss-servers) for more details.\n\n## Example Usage\n\n### Type NSS_FOR_FIREWALL\n\n```hcl\nresource \"zia_nss_server\" \"this\" {\n    name = \"NSSServer01\"\n    status = \"ENABLED\"\n    type = \"NSS_FOR_FIREWALL\"\n}\n```\n\n### Type NSS_FOR_WEB\n\nresource \u003cspan pulumi-lang-nodejs=\"\"zia.NssServer\"\" pulumi-lang-dotnet=\"\"zia.NssServer\"\" pulumi-lang-go=\"\"NssServer\"\" pulumi-lang-python=\"\"NssServer\"\" pulumi-lang-yaml=\"\"zia.NssServer\"\" pulumi-lang-java=\"\"zia.NssServer\"\"\u003e\"zia.NssServer\"\u003c/span\u003e \"this\" {\n    name = \"NSSServer01\"\n    status = \"ENABLED\"\n    type = \"NSS_FOR_WEB\"\n}\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_nss_server** can be imported by using `\u003cNSS_ID\u003e` or `\u003cNSS_NAME\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/nssServer:NssServer example \u003cnss_id\u003e\n```\n\nor\n\n```sh\n$ pulumi import zia:index/nssServer:NssServer example \u003cnss_name\u003e\n```\n\n","properties":{"icapSvrId":{"type":"integer","description":"The ICAP server ID"},"name":{"type":"string","description":"The name of the devices to be created.\n"},"nssId":{"type":"integer"},"status":{"type":"string","description":"Enables or disables the status of the NSS server"},"type":{"type":"string","description":"Whether you are creating an NSS for web logs or firewall logs. Returned Values:  `NSS_FOR_WEB`, `NSS_FOR_FIREWALL`\n"}},"required":["name","nssId"],"inputProperties":{"icapSvrId":{"type":"integer","description":"The ICAP server ID"},"name":{"type":"string","description":"The name of the devices to be created.\n"},"status":{"type":"string","description":"Enables or disables the status of the NSS server"},"type":{"type":"string","description":"Whether you are creating an NSS for web logs or firewall logs. Returned Values:  `NSS_FOR_WEB`, `NSS_FOR_FIREWALL`\n"}},"stateInputs":{"description":"Input properties used for looking up and filtering NssServer resources.\n","properties":{"icapSvrId":{"type":"integer","description":"The ICAP server ID"},"name":{"type":"string","description":"The name of the devices to be created.\n"},"nssId":{"type":"integer"},"status":{"type":"string","description":"Enables or disables the status of the NSS server"},"type":{"type":"string","description":"Whether you are creating an NSS for web logs or firewall logs. Returned Values:  `NSS_FOR_WEB`, `NSS_FOR_FIREWALL`\n"}},"type":"object"}},"zia:index/riskProfiles:RiskProfiles":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-cloud-application-risk-profile)\n* [API documentation](https://help.zscaler.com/zia/cloud-applications#/riskProfiles-get)\n\nUse the **zia_risk_profiles** resource allows the creation and management of cloud application risk profile in the Zscaler Internet Access cloud or via the API.\nSee [About Cloud Application Risk Profile](https://help.zscaler.com/zia/about-cloud-application-risk-profile) for more details.\n\n## Example Usage\n\n### Create A Risk Profile\n\n```hcl\nresource \"zia_risk_profiles\" \"this\" {\n    profile_name = \"RiskProfile_12346\"\n    status=\"SANCTIONED\"\n    risk_index=[1, 2, 3, 4, 5]\n    certifications=[\"AICPA\", \"CCPA\", \"CISP\"]\n    password_strength=\"GOOD\"\n    poor_items_of_service=\"YES\"\n    admin_audit_logs=\"YES\"\n    data_breach=\"YES\"\n    source_ip_restrictions=\"YES\"\n    file_sharing=\"YES\"\n    mfa_support=\"YES\"\n    ssl_pinned=\"YES\"\n    data_encryption_in_transit=[\n        \"SSLV2\", \"SSLV3\", \"TLSV1_0\", \"TLSV1_1\", \"TLSV1_2\", \"TLSV1_3\", \"UN_KNOWN\"\n    ]\n    http_security_headers=\"YES\"\n    evasive=\"YES\"\n    dns_caa_policy=\"YES\"\n    ssl_cert_validity=\"YES\"\n    weak_cipher_support=\"YES\"\n    vulnerability=\"YES\"\n    vulnerable_to_heart_bleed=\"YES\"\n    ssl_cert_key_size=\"BITS_2048\"\n    vulnerable_to_poodle=\"YES\"\n    support_for_waf=\"YES\"\n    vulnerability_disclosure=\"YES\"\n    domain_keys_identified_mail=\"YES\"\n    malware_scanning_for_content=\"YES\"\n    domain_based_message_auth=\"YES\"\n    sender_policy_framework=\"YES\"\n    remote_screen_sharing=\"YES\"\n    vulnerable_to_log_jam=\"YES\"\n    profile_type=\"CLOUD_APPLICATIONS\"\n    custom_tags {\n        id = [1, 2]\n    }\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_risk_profiles** can be imported by using `\u003cPROFILE_ID\u003e` or `\u003cPROFILE_NAME\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/riskProfiles:RiskProfiles example \u003cprofile_id\u003e\n```\n\nor\n\n```sh\n$ pulumi import zia:index/riskProfiles:RiskProfiles example \u003cprofile_name\u003e\n```\n\n","properties":{"adminAuditLogs":{"type":"string","description":"(String) Filters based on support for administrative logging. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"certifications":{"type":"array","items":{"type":"string"},"description":"(Optional) Filters based on supported certifications.\n"},"customTags":{"$ref":"#/types/zia:index/RiskProfilesCustomTags:RiskProfilesCustomTags","description":"(Set) List of custom tags to be included or excluded for the profile.\n"},"dataBreach":{"type":"string","description":"(String) Filters based on history of data breaches. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"dataEncryptionInTransits":{"type":"array","items":{"type":"string"},"description":"(Optional) Filters based on encryption of data in transit.\n"},"dnsCaaPolicy":{"type":"string","description":"(String) Filters based on DNS CAA policy implementation.\n"},"domainBasedMessageAuth":{"type":"string","description":"(String) Filters based on DMARC support. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"domainKeysIdentifiedMail":{"type":"string","description":"(String) Filters based on DKIM authentication support. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"evasive":{"type":"string","description":"(String) Filters based on anonymous access support. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"excludeCertificates":{"type":"integer","description":"(Int) Indicates if the certificates are included or not.\n"},"fileSharing":{"type":"string","description":"(String) Filters based on file sharing capability. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"httpSecurityHeaders":{"type":"string","description":"(String) Filters based on HTTP security headers support. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"malwareScanningForContent":{"type":"string","description":"(String) Filters based on content malware scanning. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"mfaSupport":{"type":"string","description":"(String) Filters based on multi-factor authentication support. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"passwordStrength":{"type":"string","description":"(String) Filters based on password strength policy. Supported values: `ANY`, `GOOD`, `POOR`, `UN_KNOWN`.\n"},"poorItemsOfService":{"type":"string","description":"(String) Filters applications based on questionable legal terms. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"profileId":{"type":"integer","description":"Unique identifier for the risk profile."},"profileName":{"type":"string","description":"Cloud application risk profile name.\n"},"profileType":{"type":"string","description":"(String) Risk profile type. Supported value: `CLOUD_APPLICATIONS`. Default is `CLOUD_APPLICATIONS`.\n"},"remoteScreenSharing":{"type":"string","description":"(String) Filters based on remote screen sharing support. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"riskIndices":{"type":"array","items":{"type":"integer"},"description":"(Optional) Filters based on risk index thresholds.\n"},"senderPolicyFramework":{"type":"string","description":"(String) Filters based on SPF authentication support. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"sourceIpRestrictions":{"type":"string","description":"(String) Filters based on IP restriction support. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"sslCertKeySize":{"type":"string","description":"(String) Filters based on SSL certificate key size. Supported values: `ANY`, `UN_KNOWN`, `BITS_1024`, `BITS_2048`, `BITS_256`, `BITS_3072`, `BITS_384`, `BITS_4096`, `BITS_8192`.\n"},"sslCertValidity":{"type":"string","description":"(String) Filters based on SSL certificate validity period. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"sslPinned":{"type":"string","description":"(String) Filters based on use of pinned SSL certificates. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"status":{"type":"string","description":"(String) Status of the applications. Supported values: `UN_SANCTIONED`, `SANCTIONED`, `ANY`.\n"},"supportForWaf":{"type":"string","description":"(String) Filters based on Web Application Firewall (WAF) support. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"vulnerability":{"type":"string","description":"(String) Filters based on published CVE vulnerabilities. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"vulnerabilityDisclosure":{"type":"string","description":"(String) Filters based on vulnerability disclosure policy. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"vulnerableToHeartBleed":{"type":"string","description":"(String) Filters based on Heartbleed vulnerability. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"vulnerableToLogJam":{"type":"string","description":"(String) Filters based on Logjam vulnerability. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"vulnerableToPoodle":{"type":"string","description":"(String) Filters based on POODLE vulnerability. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"weakCipherSupport":{"type":"string","description":"(String) Filters based on weak cipher usage. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"}},"required":["profileId","profileName"],"inputProperties":{"adminAuditLogs":{"type":"string","description":"(String) Filters based on support for administrative logging. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"certifications":{"type":"array","items":{"type":"string"},"description":"(Optional) Filters based on supported certifications.\n"},"customTags":{"$ref":"#/types/zia:index/RiskProfilesCustomTags:RiskProfilesCustomTags","description":"(Set) List of custom tags to be included or excluded for the profile.\n"},"dataBreach":{"type":"string","description":"(String) Filters based on history of data breaches. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"dataEncryptionInTransits":{"type":"array","items":{"type":"string"},"description":"(Optional) Filters based on encryption of data in transit.\n"},"dnsCaaPolicy":{"type":"string","description":"(String) Filters based on DNS CAA policy implementation.\n"},"domainBasedMessageAuth":{"type":"string","description":"(String) Filters based on DMARC support. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"domainKeysIdentifiedMail":{"type":"string","description":"(String) Filters based on DKIM authentication support. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"evasive":{"type":"string","description":"(String) Filters based on anonymous access support. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"excludeCertificates":{"type":"integer","description":"(Int) Indicates if the certificates are included or not.\n"},"fileSharing":{"type":"string","description":"(String) Filters based on file sharing capability. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"httpSecurityHeaders":{"type":"string","description":"(String) Filters based on HTTP security headers support. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"malwareScanningForContent":{"type":"string","description":"(String) Filters based on content malware scanning. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"mfaSupport":{"type":"string","description":"(String) Filters based on multi-factor authentication support. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"passwordStrength":{"type":"string","description":"(String) Filters based on password strength policy. Supported values: `ANY`, `GOOD`, `POOR`, `UN_KNOWN`.\n"},"poorItemsOfService":{"type":"string","description":"(String) Filters applications based on questionable legal terms. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"profileName":{"type":"string","description":"Cloud application risk profile name.\n"},"profileType":{"type":"string","description":"(String) Risk profile type. Supported value: `CLOUD_APPLICATIONS`. Default is `CLOUD_APPLICATIONS`.\n"},"remoteScreenSharing":{"type":"string","description":"(String) Filters based on remote screen sharing support. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"riskIndices":{"type":"array","items":{"type":"integer"},"description":"(Optional) Filters based on risk index thresholds.\n"},"senderPolicyFramework":{"type":"string","description":"(String) Filters based on SPF authentication support. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"sourceIpRestrictions":{"type":"string","description":"(String) Filters based on IP restriction support. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"sslCertKeySize":{"type":"string","description":"(String) Filters based on SSL certificate key size. Supported values: `ANY`, `UN_KNOWN`, `BITS_1024`, `BITS_2048`, `BITS_256`, `BITS_3072`, `BITS_384`, `BITS_4096`, `BITS_8192`.\n"},"sslCertValidity":{"type":"string","description":"(String) Filters based on SSL certificate validity period. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"sslPinned":{"type":"string","description":"(String) Filters based on use of pinned SSL certificates. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"status":{"type":"string","description":"(String) Status of the applications. Supported values: `UN_SANCTIONED`, `SANCTIONED`, `ANY`.\n"},"supportForWaf":{"type":"string","description":"(String) Filters based on Web Application Firewall (WAF) support. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"vulnerability":{"type":"string","description":"(String) Filters based on published CVE vulnerabilities. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"vulnerabilityDisclosure":{"type":"string","description":"(String) Filters based on vulnerability disclosure policy. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"vulnerableToHeartBleed":{"type":"string","description":"(String) Filters based on Heartbleed vulnerability. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"vulnerableToLogJam":{"type":"string","description":"(String) Filters based on Logjam vulnerability. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"vulnerableToPoodle":{"type":"string","description":"(String) Filters based on POODLE vulnerability. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"weakCipherSupport":{"type":"string","description":"(String) Filters based on weak cipher usage. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"}},"requiredInputs":["profileName"],"stateInputs":{"description":"Input properties used for looking up and filtering RiskProfiles resources.\n","properties":{"adminAuditLogs":{"type":"string","description":"(String) Filters based on support for administrative logging. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"certifications":{"type":"array","items":{"type":"string"},"description":"(Optional) Filters based on supported certifications.\n"},"customTags":{"$ref":"#/types/zia:index/RiskProfilesCustomTags:RiskProfilesCustomTags","description":"(Set) List of custom tags to be included or excluded for the profile.\n"},"dataBreach":{"type":"string","description":"(String) Filters based on history of data breaches. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"dataEncryptionInTransits":{"type":"array","items":{"type":"string"},"description":"(Optional) Filters based on encryption of data in transit.\n"},"dnsCaaPolicy":{"type":"string","description":"(String) Filters based on DNS CAA policy implementation.\n"},"domainBasedMessageAuth":{"type":"string","description":"(String) Filters based on DMARC support. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"domainKeysIdentifiedMail":{"type":"string","description":"(String) Filters based on DKIM authentication support. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"evasive":{"type":"string","description":"(String) Filters based on anonymous access support. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"excludeCertificates":{"type":"integer","description":"(Int) Indicates if the certificates are included or not.\n"},"fileSharing":{"type":"string","description":"(String) Filters based on file sharing capability. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"httpSecurityHeaders":{"type":"string","description":"(String) Filters based on HTTP security headers support. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"malwareScanningForContent":{"type":"string","description":"(String) Filters based on content malware scanning. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"mfaSupport":{"type":"string","description":"(String) Filters based on multi-factor authentication support. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"passwordStrength":{"type":"string","description":"(String) Filters based on password strength policy. Supported values: `ANY`, `GOOD`, `POOR`, `UN_KNOWN`.\n"},"poorItemsOfService":{"type":"string","description":"(String) Filters applications based on questionable legal terms. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"profileId":{"type":"integer","description":"Unique identifier for the risk profile."},"profileName":{"type":"string","description":"Cloud application risk profile name.\n"},"profileType":{"type":"string","description":"(String) Risk profile type. Supported value: `CLOUD_APPLICATIONS`. Default is `CLOUD_APPLICATIONS`.\n"},"remoteScreenSharing":{"type":"string","description":"(String) Filters based on remote screen sharing support. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"riskIndices":{"type":"array","items":{"type":"integer"},"description":"(Optional) Filters based on risk index thresholds.\n"},"senderPolicyFramework":{"type":"string","description":"(String) Filters based on SPF authentication support. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"sourceIpRestrictions":{"type":"string","description":"(String) Filters based on IP restriction support. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"sslCertKeySize":{"type":"string","description":"(String) Filters based on SSL certificate key size. Supported values: `ANY`, `UN_KNOWN`, `BITS_1024`, `BITS_2048`, `BITS_256`, `BITS_3072`, `BITS_384`, `BITS_4096`, `BITS_8192`.\n"},"sslCertValidity":{"type":"string","description":"(String) Filters based on SSL certificate validity period. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"sslPinned":{"type":"string","description":"(String) Filters based on use of pinned SSL certificates. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"status":{"type":"string","description":"(String) Status of the applications. Supported values: `UN_SANCTIONED`, `SANCTIONED`, `ANY`.\n"},"supportForWaf":{"type":"string","description":"(String) Filters based on Web Application Firewall (WAF) support. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"vulnerability":{"type":"string","description":"(String) Filters based on published CVE vulnerabilities. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"vulnerabilityDisclosure":{"type":"string","description":"(String) Filters based on vulnerability disclosure policy. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"vulnerableToHeartBleed":{"type":"string","description":"(String) Filters based on Heartbleed vulnerability. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"vulnerableToLogJam":{"type":"string","description":"(String) Filters based on Logjam vulnerability. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"vulnerableToPoodle":{"type":"string","description":"(String) Filters based on POODLE vulnerability. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"},"weakCipherSupport":{"type":"string","description":"(String) Filters based on weak cipher usage. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n"}},"type":"object"}},"zia:index/ruleLabels:RuleLabels":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-rule-labels)\n* [API documentation](https://help.zscaler.com/zia/rule-labels#/ruleLabels-get)\n\nThe **zia_rule_labels** resource allows the creation and management of rule labels in the Zscaler Internet Access cloud or via the API. This resource can then be associated with resources such as: Firewall Rules and URL filtering rules\n\n## Example Usage\n\n```hcl\n# ZIA Rule Labels Resource\nresource \"zia_rule_labels\" \"example\" {\n    name        = \"Example\"\n    description = \"Example\"\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_rule_labels** can be imported by using `\u003cLABEL_ID\u003e` or `\u003cLABEL_NAME\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/ruleLabels:RuleLabels example \u003clabel_id\u003e\n```\n\nor\n\n```sh\n$ pulumi import zia:index/ruleLabels:RuleLabels example \u003clabel_name\u003e\n```\n\n","properties":{"description":{"type":"string"},"name":{"type":"string","description":"The name of the devices to be created.\n"},"ruleLabelId":{"type":"integer"}},"required":["name","ruleLabelId"],"inputProperties":{"description":{"type":"string"},"name":{"type":"string","description":"The name of the devices to be created.\n"}},"stateInputs":{"description":"Input properties used for looking up and filtering RuleLabels resources.\n","properties":{"description":{"type":"string"},"name":{"type":"string","description":"The name of the devices to be created.\n"},"ruleLabelId":{"type":"integer"}},"type":"object"}},"zia:index/sSLInspectionRules:SSLInspectionRules":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-ssl-inspection-policy)\n* [API documentation](https://help.zscaler.com/zia/ssl-inspection-policy#/sslInspectionRules-get)\n\nThe **zia_ssl_inspection_rules** resource allows the creation and management of SSL Inspection rules in the Zscaler Internet Access.\n\n**NOTE 1** Zscaler SSL Inspection rules contain default and predefined rules which cannot be deleted. The provider **automatically handles predefined rules** during rule ordering. You can simply use sequential order values (1, 2, 3...) and the provider will:\n- Automatically place new rules at the correct position\n- Handle reordering around predefined rules\n- Avoid configuration drift\n\nExample: If there are 2 predefined rules in your tenant, you can still configure your rules starting at `order = 1`. The provider will automatically handle the reordering to place your rules in the correct position relative to predefined rules.\n\n**NOTE 2** Certain attributes on \u003cspan pulumi-lang-nodejs=\"`predefined`\" pulumi-lang-dotnet=\"`Predefined`\" pulumi-lang-go=\"`predefined`\" pulumi-lang-python=\"`predefined`\" pulumi-lang-yaml=\"`predefined`\" pulumi-lang-java=\"`predefined`\"\u003e`predefined`\u003c/span\u003e rules can still be managed or updated via Terraform such as:\n\n* \u003cspan pulumi-lang-nodejs=\"`description`\" pulumi-lang-dotnet=\"`Description`\" pulumi-lang-go=\"`description`\" pulumi-lang-python=\"`description`\" pulumi-lang-yaml=\"`description`\" pulumi-lang-java=\"`description`\"\u003e`description`\u003c/span\u003e - (Optional) Enter additional notes or information. The description cannot exceed 10,240 characters.\n* \u003cspan pulumi-lang-nodejs=\"`state`\" pulumi-lang-dotnet=\"`State`\" pulumi-lang-go=\"`state`\" pulumi-lang-python=\"`state`\" pulumi-lang-yaml=\"`state`\" pulumi-lang-java=\"`state`\"\u003e`state`\u003c/span\u003e - (Optional) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to\n* \u003cspan pulumi-lang-nodejs=\"`labels`\" pulumi-lang-dotnet=\"`Labels`\" pulumi-lang-go=\"`labels`\" pulumi-lang-python=\"`labels`\" pulumi-lang-yaml=\"`labels`\" pulumi-lang-java=\"`labels`\"\u003e`labels`\u003c/span\u003e (list) - Labels that are applicable to the rule.\n      - \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e - (Integer) Identifier that uniquely identifies an entity\n\n**NOTE 3** The import of \u003cspan pulumi-lang-nodejs=\"`predefined`\" pulumi-lang-dotnet=\"`Predefined`\" pulumi-lang-go=\"`predefined`\" pulumi-lang-python=\"`predefined`\" pulumi-lang-yaml=\"`predefined`\" pulumi-lang-java=\"`predefined`\"\u003e`predefined`\u003c/span\u003e rules is still possible in case you want o have them under the Terraform management; however, remember that these rules cannot be deleted. That means, the provider will fail when executing `terraform destroy`; hence, you must remove the rules you want to delete, and re-run `pulumi up` instead.\n\n## Example Usage\n\n### Action - DECRYPT\n\n```hcl\n\ndata \"zia_group_management\" \"this\" {\n    name = \"A000\"\n}\n\nresource \"zia_ssl_inspection_rules\" \"this\" {\n  name                         = \"SSL_Inspection_Rule_Decrypt\"\n  description                  = \"SSL_Inspection_Rule_Decrypt\"\n  state                        = \"ENABLED\"\n  order                        = 1\n  rank                         = 7\n  road_warrior_for_kerberos    = true\n  cloud_applications           = [\"CHATGPT_AI\", \"ANDI\"]\n  platforms                    = [\"SCAN_IOS\", \"SCAN_ANDROID\", \"SCAN_MACOS\", \"SCAN_WINDOWS\", \"NO_CLIENT_CONNECTOR\", \"SCAN_LINUX\"]\n\n  action {\n    type                         = \"DECRYPT\"\n    # show_eun                   = false\n    # show_eunatp                = false\n    override_default_certificate = false\n\n    ssl_interception_cert {\n      id                  = 1\n      name                = \"Zscaler Intermediate CA Certificate\"\n      default_certificate = true\n    }\n\n    decrypt_sub_actions {\n      server_certificates                   = \"ALLOW\"\n      ocsp_check                            = true\n      block_ssl_traffic_with_no_sni_enabled = true\n      min_client_tls_version                = \"CLIENT_TLS_1_0\"\n      min_server_tls_version                = \"SERVER_TLS_1_0\"\n      block_undecrypt                       = true\n      http2_enabled                         = false\n    }\n  }\n  groups {\n        id = [ data.zia_group_management.this.id ]\n    }\n}\n```\n\n### Action - DO_NOT_DECRYPT - Bypass Rule (False)\n\n```hcl\n\ndata \"zia_group_management\" \"this\" {\n    name = \"A000\"\n}\n\nresource \"zia_ssl_inspection_rules\" \"this\" {\n  name                         = \"SSL_Rule_Do_Not_Decrypt\"\n  description                  = \"SSL_Rule_Do_Not_Decrypt\"\n  state                        = \"ENABLED\"\n  order                        = 1\n  rank                         = 7\n  road_warrior_for_kerberos    = true\n  cloud_applications           = [\"CHATGPT_AI\", \"ANDI\"]\n  platforms                    = [\"SCAN_IOS\", \"SCAN_ANDROID\", \"SCAN_MACOS\", \"SCAN_WINDOWS\", \"NO_CLIENT_CONNECTOR\", \"SCAN_LINUX\"]\n\n  action {\n    type                                    = \"DO_NOT_DECRYPT\"\n    do_not_decrypt_sub_actions {\n      bypass_other_policies                 = false\n      server_certificates                   = \"ALLOW\"\n      ocsp_check                            = true\n      block_ssl_traffic_with_no_sni_enabled = true\n      min_tls_version                       = \"SERVER_TLS_1_0\"\n    }\n  }\n  groups {\n        id = [ data.zia_group_management.this.id ]\n    }\n}\n```\n\n### Action - DO_NOT_DECRYPT - Bypass Rule (True)\n\n```hcl\n\ndata \"zia_group_management\" \"this\" {\n    name = \"A000\"\n}\n\nresource \"zia_ssl_inspection_rules\" \"this\" {\n  name                         = \"SSL_Rule_Bypass_Rule\"\n  description                  = \"SSL_Rule_Bypass_Rule\"\n  state                        = \"ENABLED\"\n  order                        = 1\n  rank                         = 7\n  road_warrior_for_kerberos    = true\n  cloud_applications           = [\"CHATGPT_AI\", \"ANDI\"]\n  platforms                    = [\"SCAN_IOS\", \"SCAN_ANDROID\", \"SCAN_MACOS\", \"SCAN_WINDOWS\", \"NO_CLIENT_CONNECTOR\", \"SCAN_LINUX\"]\n\n  action {\n    type                                    = \"DO_NOT_DECRYPT\"\n    do_not_decrypt_sub_actions {\n      bypass_other_policies                 = true\n      block_ssl_traffic_with_no_sni_enabled = true\n    }\n  }\n  groups {\n        id = [ data.zia_group_management.this.id ]\n    }\n}\n```\n\n### Action - BLOCK\n\n```hcl\n\ndata \"zia_group_management\" \"this\" {\n    name = \"A000\"\n}\n\nresource \"zia_ssl_inspection_rules\" \"this\" {\n  name                         = \"SSL_Rule_BLOCK\"\n  description                  = \"SSL_Rule_BLOCK\"\n  state                        = \"ENABLED\"\n  order                        = 1\n  rank                         = 7\n  road_warrior_for_kerberos    = true\n  cloud_applications           = [\"CHATGPT_AI\", \"ANDI\"]\n  platforms                    = [\"SCAN_IOS\", \"SCAN_ANDROID\", \"SCAN_MACOS\", \"SCAN_WINDOWS\", \"NO_CLIENT_CONNECTOR\", \"SCAN_LINUX\"]\n\n  action {\n    type                                    = \"BLOCK\"\n    ssl_interception_cert {\n      id                                    = 1\n    }\n  }\n  groups {\n        id = [ data.zia_group_management.this.id ]\n    }\n}\n```\n","properties":{"actions":{"type":"array","items":{"$ref":"#/types/zia:index/SSLInspectionRulesAction:SSLInspectionRulesAction"},"description":"(Block List) - Action taken when the traffic matches policy\n"},"cloudApplications":{"type":"array","items":{"type":"string"},"description":"(List of Strings) The list of cloud applications to which the File Type Control policy rule must be applied. To retrieve the list of cloud applications, use the data source: \u003cspan pulumi-lang-nodejs=\"`zia.getCloudApplications`\" pulumi-lang-dotnet=\"`zia.getCloudApplications`\" pulumi-lang-go=\"`getCloudApplications`\" pulumi-lang-python=\"`get_cloud_applications`\" pulumi-lang-yaml=\"`zia.getCloudApplications`\" pulumi-lang-java=\"`zia.getCloudApplications`\"\u003e`zia.getCloudApplications`\u003c/span\u003e. For the complete list of supported file types refer to the  [ZIA API documentation](https://help.zscaler.com/zia/data-loss-prevention#/webDlpRules-post). To retrieve the list of cloud applications, use the data source: \u003cspan pulumi-lang-nodejs=\"`zia.getCloudApplications`\" pulumi-lang-dotnet=\"`zia.getCloudApplications`\" pulumi-lang-go=\"`getCloudApplications`\" pulumi-lang-python=\"`get_cloud_applications`\" pulumi-lang-yaml=\"`zia.getCloudApplications`\" pulumi-lang-java=\"`zia.getCloudApplications`\"\u003e`zia.getCloudApplications`\u003c/span\u003e\n"},"departments":{"$ref":"#/types/zia:index/SSLInspectionRulesDepartments:SSLInspectionRulesDepartments","description":"(Block List) - ID pairs of departments for which the rule is applied.\n"},"description":{"type":"string","description":"(String) -  Enter additional notes or information. The description cannot exceed 10,240 characters.\n"},"destIpGroups":{"$ref":"#/types/zia:index/SSLInspectionRulesDestIpGroups:SSLInspectionRulesDestIpGroups","description":"(Block List) - ID pairs of destination IP address groups for which the rule is applied.\n"},"deviceGroups":{"$ref":"#/types/zia:index/SSLInspectionRulesDeviceGroups:SSLInspectionRulesDeviceGroups","description":"(Block List) - ID pairs of device groups for which the rule is applied.\n"},"deviceTrustLevels":{"type":"array","items":{"type":"string"},"description":"(Set of String)  - List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation. Supported values: `ANY`, `UNKNOWN_DEVICETRUSTLEVEL`, `LOW_TRUST`, `MEDIUM_TRUST`, `HIGH_TRUST`\n"},"devices":{"$ref":"#/types/zia:index/SSLInspectionRulesDevices:SSLInspectionRulesDevices","description":"(Block List) - ID pairs of devices for which the rule is applied\n"},"groups":{"$ref":"#/types/zia:index/SSLInspectionRulesGroups:SSLInspectionRulesGroups","description":"(Block List) - ID pairs of groups for which the rule is applied. If not set, rule is applied for all groups.\n"},"labels":{"$ref":"#/types/zia:index/SSLInspectionRulesLabels:SSLInspectionRulesLabels","description":"(Block List) - ID pairs of labels associated with the rule.\n"},"locationGroups":{"$ref":"#/types/zia:index/SSLInspectionRulesLocationGroups:SSLInspectionRulesLocationGroups","description":"(Block List) - ID pairs of location groups to which the rule is applied. When empty, it implies applying to all location groups.\n"},"locations":{"$ref":"#/types/zia:index/SSLInspectionRulesLocations:SSLInspectionRulesLocations","description":"(Block List) - ID pairs of locations to which the rule is applied. When empty, it implies applying to all locations.\n"},"name":{"type":"string","description":"The name of the SSL Inspection rule"},"order":{"type":"integer","description":"(String) -  Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.\n"},"platforms":{"type":"array","items":{"type":"string"},"description":"(Set of String) -  Zscaler Client Connector device platforms for which this rule is applied. Supported Values: `SCAN_IOS`, `SCAN_ANDROID`, `SCAN_MACOS`, `SCAN_WINDOWS`, `NO_CLIENT_CONNECTOR`, `SCAN_LINUX`\n"},"proxyGateways":{"$ref":"#/types/zia:index/SSLInspectionRulesProxyGateways:SSLInspectionRulesProxyGateways","description":"(Block List) - When using ZPA Gateway forwarding, name-ID pairs of ZPA Application Segments for which the rule is applicable.\n"},"rank":{"type":"integer","description":"(Integer) - The admin rank specified for the rule based on your assigned admin rank. Admin rank determines the rule order that can be specified for the rule. Admin rank can be configured if it is enabled in the Advanced Settings.\n"},"roadWarriorForKerberos":{"type":"boolean","description":"(Boolean) - Indicates whether this rule is applied to remote users that use PAC with Kerberos authentication.\n"},"ruleId":{"type":"integer"},"sourceIpGroups":{"$ref":"#/types/zia:index/SSLInspectionRulesSourceIpGroups:SSLInspectionRulesSourceIpGroups","description":"(Block List) - ID pairs of source IP address groups for which the rule is applied.\n"},"state":{"type":"string","description":"(String) - The state of the rule indicating whether it is enabled or disabled. Supported values: `ENABLED` or `DISABLED`\n"},"timeWindows":{"$ref":"#/types/zia:index/SSLInspectionRulesTimeWindows:SSLInspectionRulesTimeWindows","description":"(Block List) - The time intervals during which the rule applies\n"},"urlCategories":{"type":"array","items":{"type":"string"},"description":"(List of Strings) The list of URL categories to which the SSL Inspection rule must be applied. See the [URL Categories API](https://help.zscaler.com/zia/url-categories#/urlCategories-get) for the list of available categories or use the data source \u003cspan pulumi-lang-nodejs=\"`zia.URLCategories`\" pulumi-lang-dotnet=\"`zia.URLCategories`\" pulumi-lang-go=\"`URLCategories`\" pulumi-lang-python=\"`URLCategories`\" pulumi-lang-yaml=\"`zia.URLCategories`\" pulumi-lang-java=\"`zia.URLCategories`\"\u003e`zia.URLCategories`\u003c/span\u003e to retrieve the list of URL categories.\n"},"userAgentTypes":{"type":"array","items":{"type":"string"},"description":"(Set of String) -  A list of user agent types the rule applies to.\n"},"users":{"$ref":"#/types/zia:index/SSLInspectionRulesUsers:SSLInspectionRulesUsers","description":"(Block List) - The list of preconfigured workload groups to which the policy must be applied.\n"},"workloadGroups":{"type":"array","items":{"$ref":"#/types/zia:index/SSLInspectionRulesWorkloadGroup:SSLInspectionRulesWorkloadGroup"},"description":"(Block List) - The list of preconfigured workload groups to which the policy must be applied.\n"},"zpaAppSegments":{"type":"array","items":{"$ref":"#/types/zia:index/SSLInspectionRulesZpaAppSegment:SSLInspectionRulesZpaAppSegment"},"description":"(Block List) - The list of ZPA Application Segments for which this rule is applicable (applicable only for ZPA Gateway forwarding).\n"}},"required":["name","order","ruleId","workloadGroups","zpaAppSegments"],"inputProperties":{"actions":{"type":"array","items":{"$ref":"#/types/zia:index/SSLInspectionRulesAction:SSLInspectionRulesAction"},"description":"(Block List) - Action taken when the traffic matches policy\n"},"cloudApplications":{"type":"array","items":{"type":"string"},"description":"(List of Strings) The list of cloud applications to which the File Type Control policy rule must be applied. To retrieve the list of cloud applications, use the data source: \u003cspan pulumi-lang-nodejs=\"`zia.getCloudApplications`\" pulumi-lang-dotnet=\"`zia.getCloudApplications`\" pulumi-lang-go=\"`getCloudApplications`\" pulumi-lang-python=\"`get_cloud_applications`\" pulumi-lang-yaml=\"`zia.getCloudApplications`\" pulumi-lang-java=\"`zia.getCloudApplications`\"\u003e`zia.getCloudApplications`\u003c/span\u003e. For the complete list of supported file types refer to the  [ZIA API documentation](https://help.zscaler.com/zia/data-loss-prevention#/webDlpRules-post). To retrieve the list of cloud applications, use the data source: \u003cspan pulumi-lang-nodejs=\"`zia.getCloudApplications`\" pulumi-lang-dotnet=\"`zia.getCloudApplications`\" pulumi-lang-go=\"`getCloudApplications`\" pulumi-lang-python=\"`get_cloud_applications`\" pulumi-lang-yaml=\"`zia.getCloudApplications`\" pulumi-lang-java=\"`zia.getCloudApplications`\"\u003e`zia.getCloudApplications`\u003c/span\u003e\n"},"departments":{"$ref":"#/types/zia:index/SSLInspectionRulesDepartments:SSLInspectionRulesDepartments","description":"(Block List) - ID pairs of departments for which the rule is applied.\n"},"description":{"type":"string","description":"(String) -  Enter additional notes or information. The description cannot exceed 10,240 characters.\n"},"destIpGroups":{"$ref":"#/types/zia:index/SSLInspectionRulesDestIpGroups:SSLInspectionRulesDestIpGroups","description":"(Block List) - ID pairs of destination IP address groups for which the rule is applied.\n"},"deviceGroups":{"$ref":"#/types/zia:index/SSLInspectionRulesDeviceGroups:SSLInspectionRulesDeviceGroups","description":"(Block List) - ID pairs of device groups for which the rule is applied.\n"},"deviceTrustLevels":{"type":"array","items":{"type":"string"},"description":"(Set of String)  - List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation. Supported values: `ANY`, `UNKNOWN_DEVICETRUSTLEVEL`, `LOW_TRUST`, `MEDIUM_TRUST`, `HIGH_TRUST`\n"},"devices":{"$ref":"#/types/zia:index/SSLInspectionRulesDevices:SSLInspectionRulesDevices","description":"(Block List) - ID pairs of devices for which the rule is applied\n"},"groups":{"$ref":"#/types/zia:index/SSLInspectionRulesGroups:SSLInspectionRulesGroups","description":"(Block List) - ID pairs of groups for which the rule is applied. If not set, rule is applied for all groups.\n"},"labels":{"$ref":"#/types/zia:index/SSLInspectionRulesLabels:SSLInspectionRulesLabels","description":"(Block List) - ID pairs of labels associated with the rule.\n"},"locationGroups":{"$ref":"#/types/zia:index/SSLInspectionRulesLocationGroups:SSLInspectionRulesLocationGroups","description":"(Block List) - ID pairs of location groups to which the rule is applied. When empty, it implies applying to all location groups.\n"},"locations":{"$ref":"#/types/zia:index/SSLInspectionRulesLocations:SSLInspectionRulesLocations","description":"(Block List) - ID pairs of locations to which the rule is applied. When empty, it implies applying to all locations.\n"},"name":{"type":"string","description":"The name of the SSL Inspection rule"},"order":{"type":"integer","description":"(String) -  Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.\n"},"platforms":{"type":"array","items":{"type":"string"},"description":"(Set of String) -  Zscaler Client Connector device platforms for which this rule is applied. Supported Values: `SCAN_IOS`, `SCAN_ANDROID`, `SCAN_MACOS`, `SCAN_WINDOWS`, `NO_CLIENT_CONNECTOR`, `SCAN_LINUX`\n"},"proxyGateways":{"$ref":"#/types/zia:index/SSLInspectionRulesProxyGateways:SSLInspectionRulesProxyGateways","description":"(Block List) - When using ZPA Gateway forwarding, name-ID pairs of ZPA Application Segments for which the rule is applicable.\n"},"rank":{"type":"integer","description":"(Integer) - The admin rank specified for the rule based on your assigned admin rank. Admin rank determines the rule order that can be specified for the rule. Admin rank can be configured if it is enabled in the Advanced Settings.\n"},"roadWarriorForKerberos":{"type":"boolean","description":"(Boolean) - Indicates whether this rule is applied to remote users that use PAC with Kerberos authentication.\n"},"sourceIpGroups":{"$ref":"#/types/zia:index/SSLInspectionRulesSourceIpGroups:SSLInspectionRulesSourceIpGroups","description":"(Block List) - ID pairs of source IP address groups for which the rule is applied.\n"},"state":{"type":"string","description":"(String) - The state of the rule indicating whether it is enabled or disabled. Supported values: `ENABLED` or `DISABLED`\n"},"timeWindows":{"$ref":"#/types/zia:index/SSLInspectionRulesTimeWindows:SSLInspectionRulesTimeWindows","description":"(Block List) - The time intervals during which the rule applies\n"},"urlCategories":{"type":"array","items":{"type":"string"},"description":"(List of Strings) The list of URL categories to which the SSL Inspection rule must be applied. See the [URL Categories API](https://help.zscaler.com/zia/url-categories#/urlCategories-get) for the list of available categories or use the data source \u003cspan pulumi-lang-nodejs=\"`zia.URLCategories`\" pulumi-lang-dotnet=\"`zia.URLCategories`\" pulumi-lang-go=\"`URLCategories`\" pulumi-lang-python=\"`URLCategories`\" pulumi-lang-yaml=\"`zia.URLCategories`\" pulumi-lang-java=\"`zia.URLCategories`\"\u003e`zia.URLCategories`\u003c/span\u003e to retrieve the list of URL categories.\n"},"userAgentTypes":{"type":"array","items":{"type":"string"},"description":"(Set of String) -  A list of user agent types the rule applies to.\n"},"users":{"$ref":"#/types/zia:index/SSLInspectionRulesUsers:SSLInspectionRulesUsers","description":"(Block List) - The list of preconfigured workload groups to which the policy must be applied.\n"},"workloadGroups":{"type":"array","items":{"$ref":"#/types/zia:index/SSLInspectionRulesWorkloadGroup:SSLInspectionRulesWorkloadGroup"},"description":"(Block List) - The list of preconfigured workload groups to which the policy must be applied.\n"},"zpaAppSegments":{"type":"array","items":{"$ref":"#/types/zia:index/SSLInspectionRulesZpaAppSegment:SSLInspectionRulesZpaAppSegment"},"description":"(Block List) - The list of ZPA Application Segments for which this rule is applicable (applicable only for ZPA Gateway forwarding).\n"}},"requiredInputs":["order"],"stateInputs":{"description":"Input properties used for looking up and filtering SSLInspectionRules resources.\n","properties":{"actions":{"type":"array","items":{"$ref":"#/types/zia:index/SSLInspectionRulesAction:SSLInspectionRulesAction"},"description":"(Block List) - Action taken when the traffic matches policy\n"},"cloudApplications":{"type":"array","items":{"type":"string"},"description":"(List of Strings) The list of cloud applications to which the File Type Control policy rule must be applied. To retrieve the list of cloud applications, use the data source: \u003cspan pulumi-lang-nodejs=\"`zia.getCloudApplications`\" pulumi-lang-dotnet=\"`zia.getCloudApplications`\" pulumi-lang-go=\"`getCloudApplications`\" pulumi-lang-python=\"`get_cloud_applications`\" pulumi-lang-yaml=\"`zia.getCloudApplications`\" pulumi-lang-java=\"`zia.getCloudApplications`\"\u003e`zia.getCloudApplications`\u003c/span\u003e. For the complete list of supported file types refer to the  [ZIA API documentation](https://help.zscaler.com/zia/data-loss-prevention#/webDlpRules-post). To retrieve the list of cloud applications, use the data source: \u003cspan pulumi-lang-nodejs=\"`zia.getCloudApplications`\" pulumi-lang-dotnet=\"`zia.getCloudApplications`\" pulumi-lang-go=\"`getCloudApplications`\" pulumi-lang-python=\"`get_cloud_applications`\" pulumi-lang-yaml=\"`zia.getCloudApplications`\" pulumi-lang-java=\"`zia.getCloudApplications`\"\u003e`zia.getCloudApplications`\u003c/span\u003e\n"},"departments":{"$ref":"#/types/zia:index/SSLInspectionRulesDepartments:SSLInspectionRulesDepartments","description":"(Block List) - ID pairs of departments for which the rule is applied.\n"},"description":{"type":"string","description":"(String) -  Enter additional notes or information. The description cannot exceed 10,240 characters.\n"},"destIpGroups":{"$ref":"#/types/zia:index/SSLInspectionRulesDestIpGroups:SSLInspectionRulesDestIpGroups","description":"(Block List) - ID pairs of destination IP address groups for which the rule is applied.\n"},"deviceGroups":{"$ref":"#/types/zia:index/SSLInspectionRulesDeviceGroups:SSLInspectionRulesDeviceGroups","description":"(Block List) - ID pairs of device groups for which the rule is applied.\n"},"deviceTrustLevels":{"type":"array","items":{"type":"string"},"description":"(Set of String)  - List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation. Supported values: `ANY`, `UNKNOWN_DEVICETRUSTLEVEL`, `LOW_TRUST`, `MEDIUM_TRUST`, `HIGH_TRUST`\n"},"devices":{"$ref":"#/types/zia:index/SSLInspectionRulesDevices:SSLInspectionRulesDevices","description":"(Block List) - ID pairs of devices for which the rule is applied\n"},"groups":{"$ref":"#/types/zia:index/SSLInspectionRulesGroups:SSLInspectionRulesGroups","description":"(Block List) - ID pairs of groups for which the rule is applied. If not set, rule is applied for all groups.\n"},"labels":{"$ref":"#/types/zia:index/SSLInspectionRulesLabels:SSLInspectionRulesLabels","description":"(Block List) - ID pairs of labels associated with the rule.\n"},"locationGroups":{"$ref":"#/types/zia:index/SSLInspectionRulesLocationGroups:SSLInspectionRulesLocationGroups","description":"(Block List) - ID pairs of location groups to which the rule is applied. When empty, it implies applying to all location groups.\n"},"locations":{"$ref":"#/types/zia:index/SSLInspectionRulesLocations:SSLInspectionRulesLocations","description":"(Block List) - ID pairs of locations to which the rule is applied. When empty, it implies applying to all locations.\n"},"name":{"type":"string","description":"The name of the SSL Inspection rule"},"order":{"type":"integer","description":"(String) -  Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.\n"},"platforms":{"type":"array","items":{"type":"string"},"description":"(Set of String) -  Zscaler Client Connector device platforms for which this rule is applied. Supported Values: `SCAN_IOS`, `SCAN_ANDROID`, `SCAN_MACOS`, `SCAN_WINDOWS`, `NO_CLIENT_CONNECTOR`, `SCAN_LINUX`\n"},"proxyGateways":{"$ref":"#/types/zia:index/SSLInspectionRulesProxyGateways:SSLInspectionRulesProxyGateways","description":"(Block List) - When using ZPA Gateway forwarding, name-ID pairs of ZPA Application Segments for which the rule is applicable.\n"},"rank":{"type":"integer","description":"(Integer) - The admin rank specified for the rule based on your assigned admin rank. Admin rank determines the rule order that can be specified for the rule. Admin rank can be configured if it is enabled in the Advanced Settings.\n"},"roadWarriorForKerberos":{"type":"boolean","description":"(Boolean) - Indicates whether this rule is applied to remote users that use PAC with Kerberos authentication.\n"},"ruleId":{"type":"integer"},"sourceIpGroups":{"$ref":"#/types/zia:index/SSLInspectionRulesSourceIpGroups:SSLInspectionRulesSourceIpGroups","description":"(Block List) - ID pairs of source IP address groups for which the rule is applied.\n"},"state":{"type":"string","description":"(String) - The state of the rule indicating whether it is enabled or disabled. Supported values: `ENABLED` or `DISABLED`\n"},"timeWindows":{"$ref":"#/types/zia:index/SSLInspectionRulesTimeWindows:SSLInspectionRulesTimeWindows","description":"(Block List) - The time intervals during which the rule applies\n"},"urlCategories":{"type":"array","items":{"type":"string"},"description":"(List of Strings) The list of URL categories to which the SSL Inspection rule must be applied. See the [URL Categories API](https://help.zscaler.com/zia/url-categories#/urlCategories-get) for the list of available categories or use the data source \u003cspan pulumi-lang-nodejs=\"`zia.URLCategories`\" pulumi-lang-dotnet=\"`zia.URLCategories`\" pulumi-lang-go=\"`URLCategories`\" pulumi-lang-python=\"`URLCategories`\" pulumi-lang-yaml=\"`zia.URLCategories`\" pulumi-lang-java=\"`zia.URLCategories`\"\u003e`zia.URLCategories`\u003c/span\u003e to retrieve the list of URL categories.\n"},"userAgentTypes":{"type":"array","items":{"type":"string"},"description":"(Set of String) -  A list of user agent types the rule applies to.\n"},"users":{"$ref":"#/types/zia:index/SSLInspectionRulesUsers:SSLInspectionRulesUsers","description":"(Block List) - The list of preconfigured workload groups to which the policy must be applied.\n"},"workloadGroups":{"type":"array","items":{"$ref":"#/types/zia:index/SSLInspectionRulesWorkloadGroup:SSLInspectionRulesWorkloadGroup"},"description":"(Block List) - The list of preconfigured workload groups to which the policy must be applied.\n"},"zpaAppSegments":{"type":"array","items":{"$ref":"#/types/zia:index/SSLInspectionRulesZpaAppSegment:SSLInspectionRulesZpaAppSegment"},"description":"(Block List) - The list of ZPA Application Segments for which this rule is applicable (applicable only for ZPA Gateway forwarding).\n"}},"type":"object"}},"zia:index/sandboxBehavioralAnalysis:SandboxBehavioralAnalysis":{"description":"* [Official documentation](https://help.zscaler.com/zia/sandbox-policy-settings#/behavioralAnalysisAdvancedSettings-get)\n* [API documentation](https://help.zscaler.com/zia/sandbox-policy-settings#/behavioralAnalysisAdvancedSettings-get)\n\nThe **zia_sandbox_behavioral_analysis** resource updates the custom list of MD5 file hashes that are blocked by Sandbox. This overwrites a previously generated blocklist. If you need to completely erase the blocklist, submit an empty list.\n\n**Note**: Only the file types that are supported by Sandbox analysis can be blocked using MD5 hashes.\n\n## Example Usage\n\n### Add MD5 Hashes To Sandbox\n\n```hcl\n# Add MD5 Hashes to Sandbox\nresource \"zia_sandbox_behavioral_analysis\" \"this\" {\n  file_hashes_to_be_blocked = [\n        \"42914d6d213a20a2684064be5c80ffa9\",\n        \"c0202cf6aeab8437c638533d14563d35\",\n  ]\n}\n```\n\n### Remove All MD5 Hashes To Sandbox\n\n```hcl\n# Remove All MD5 Hashes to Sandbox\nresource \"zia_sandbox_behavioral_analysis\" \"this\" {\n  file_hashes_to_be_blocked = []\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_sandbox_behavioral_analysis** can be imported by using \u003cspan pulumi-lang-nodejs=\"`sandboxSettings`\" pulumi-lang-dotnet=\"`SandboxSettings`\" pulumi-lang-go=\"`sandboxSettings`\" pulumi-lang-python=\"`sandbox_settings`\" pulumi-lang-yaml=\"`sandboxSettings`\" pulumi-lang-java=\"`sandboxSettings`\"\u003e`sandbox_settings`\u003c/span\u003e as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/sandboxBehavioralAnalysis:SandboxBehavioralAnalysis example sandbox_settings\n```\n\n","properties":{"fileHashesToBeBlockeds":{"type":"array","items":{"type":"string"},"description":"A custom list of unique MD5 file hashes that must be blocked by Sandbox. A maximum of 10000 MD5 file hashes can be blocked"}},"inputProperties":{"fileHashesToBeBlockeds":{"type":"array","items":{"type":"string"},"description":"A custom list of unique MD5 file hashes that must be blocked by Sandbox. A maximum of 10000 MD5 file hashes can be blocked"}},"stateInputs":{"description":"Input properties used for looking up and filtering SandboxBehavioralAnalysis resources.\n","properties":{"fileHashesToBeBlockeds":{"type":"array","items":{"type":"string"},"description":"A custom list of unique MD5 file hashes that must be blocked by Sandbox. A maximum of 10000 MD5 file hashes can be blocked"}},"type":"object"}},"zia:index/sandboxFileSubmission:SandboxFileSubmission":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-sandbox)\n* [API documentation](https://help.zscaler.com/zia/sandbox-submission-api#/zscsb/submit-post)\n\nThe **zia_sandbox_file_submission** resource submits raw or archive files (e.g., ZIP) to Zscaler's Sandbox for analysis. You can submit up to 100 files per day and it supports all file types that are currently supported by Sandbox. The resource also allows the submissions of raw or archive files to the Zscaler service for out-of-band file inspection to generate real-time verdicts for known and unknown files. It leverages capabilities such as Malware Prevention, Advanced Threat Prevention, Sandbox cloud effect, AI/ML-driven file analysis, and integrated third-party threat intelligence feeds to inspect files and classify them as benign or malicious instantaneously.\n\n⚠️ **WARNING 1:**: Zscaler Cloud Sandbox is a subscription service and requires additional license. To learn more, contact Zscaler Support or your local account team.\n\n⚠️ **WARNING 2:**: The ZIA Terraform provider requires both the `ZIA_CLOUD` and `ZIA_SANDBOX_TOKEN` in order to authenticate to the Zscaler Cloud Sandbox environment. For details on how obtain the API Token visit the Zscaler help portal [About Sandbox API Token](https://help.zscaler.com/zia/about-sandbox-api-token)\n\n**Note 1**: After files are sent for analysis, you must use GET /sandbox/report/{md5Hash} in order to retrieve the verdict. You can get the Sandbox report 10 minutes after a file is sent for analysis.\n\n**Note 2**: All file types that are currently supported by the Malware Protection policy and Advanced Threat Protection policy are supported for inspection, and each file is limited to a size of 400 MB.\n\n## Example Usage\n\n### Submit Raw Or Archive Files\n\n```hcl\n# Submit raw EXE file to Zscaler Sandbox\nlocals {\n  files = toset([\n    \"zs-test-pe-file.exe\"\n  ])\n}\n\nresource \"zia_sandbox_file_submission\" \"this\" {\n  for_each = local.files\n  file_path     = each.key\n  submission_method = \"submit\"\n  force = true\n}\n```\n\n### Submits Raw Or Archive For Out-Of-Band File Inspection\n\n```hcl\n# Submit raw EXE file to Zscaler Sandbox\nlocals {\n  files = toset([\n    \"zs-test-pe-file.exe\"\n  ])\n}\n\nresource \"zia_sandbox_file_submission\" \"this\" {\n  for_each = local.files\n  file_path     = each.key\n  submission_method = \"discan\"\n  force = true\n}\n```\n","properties":{"code":{"type":"integer"},"filePath":{"type":"string","description":"(Required) The path where the raw or archive files for submission are located.\n"},"fileType":{"type":"string"},"force":{"type":"boolean","description":"(Optional) Submit file to sandbox even if found malicious during AV scan and a verdict already exists. Supported values are \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e\n"},"md5":{"type":"string"},"message":{"type":"string"},"sandboxSubmission":{"type":"string"},"submissionMethod":{"type":"string","description":"(Required) The submission method to be used. Supportedd values are: \u003cspan pulumi-lang-nodejs=\"`submit`\" pulumi-lang-dotnet=\"`Submit`\" pulumi-lang-go=\"`submit`\" pulumi-lang-python=\"`submit`\" pulumi-lang-yaml=\"`submit`\" pulumi-lang-java=\"`submit`\"\u003e`submit`\u003c/span\u003e and \u003cspan pulumi-lang-nodejs=\"`discan`\" pulumi-lang-dotnet=\"`Discan`\" pulumi-lang-go=\"`discan`\" pulumi-lang-python=\"`discan`\" pulumi-lang-yaml=\"`discan`\" pulumi-lang-java=\"`discan`\"\u003e`discan`\u003c/span\u003e\n"},"virusName":{"type":"string"},"virusType":{"type":"string"}},"required":["code","filePath","fileType","md5","message","sandboxSubmission","submissionMethod","virusName","virusType"],"inputProperties":{"filePath":{"type":"string","description":"(Required) The path where the raw or archive files for submission are located.\n"},"force":{"type":"boolean","description":"(Optional) Submit file to sandbox even if found malicious during AV scan and a verdict already exists. Supported values are \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e\n"},"submissionMethod":{"type":"string","description":"(Required) The submission method to be used. Supportedd values are: \u003cspan pulumi-lang-nodejs=\"`submit`\" pulumi-lang-dotnet=\"`Submit`\" pulumi-lang-go=\"`submit`\" pulumi-lang-python=\"`submit`\" pulumi-lang-yaml=\"`submit`\" pulumi-lang-java=\"`submit`\"\u003e`submit`\u003c/span\u003e and \u003cspan pulumi-lang-nodejs=\"`discan`\" pulumi-lang-dotnet=\"`Discan`\" pulumi-lang-go=\"`discan`\" pulumi-lang-python=\"`discan`\" pulumi-lang-yaml=\"`discan`\" pulumi-lang-java=\"`discan`\"\u003e`discan`\u003c/span\u003e\n"}},"requiredInputs":["filePath","submissionMethod"],"stateInputs":{"description":"Input properties used for looking up and filtering SandboxFileSubmission resources.\n","properties":{"code":{"type":"integer"},"filePath":{"type":"string","description":"(Required) The path where the raw or archive files for submission are located.\n"},"fileType":{"type":"string"},"force":{"type":"boolean","description":"(Optional) Submit file to sandbox even if found malicious during AV scan and a verdict already exists. Supported values are \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e\n"},"md5":{"type":"string"},"message":{"type":"string"},"sandboxSubmission":{"type":"string"},"submissionMethod":{"type":"string","description":"(Required) The submission method to be used. Supportedd values are: \u003cspan pulumi-lang-nodejs=\"`submit`\" pulumi-lang-dotnet=\"`Submit`\" pulumi-lang-go=\"`submit`\" pulumi-lang-python=\"`submit`\" pulumi-lang-yaml=\"`submit`\" pulumi-lang-java=\"`submit`\"\u003e`submit`\u003c/span\u003e and \u003cspan pulumi-lang-nodejs=\"`discan`\" pulumi-lang-dotnet=\"`Discan`\" pulumi-lang-go=\"`discan`\" pulumi-lang-python=\"`discan`\" pulumi-lang-yaml=\"`discan`\" pulumi-lang-java=\"`discan`\"\u003e`discan`\u003c/span\u003e\n"},"virusName":{"type":"string"},"virusType":{"type":"string"}},"type":"object"}},"zia:index/sandboxRules:SandboxRules":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-sandbox)\n* [API documentation](https://help.zscaler.com/zia/sandbox-policy-settings#/sandboxRules-get)\n\nThe **zia_sandbox_rules** resource allows the creation and management of SAndbox rules in the Zscaler Internet Access.\n\n## Example Usage\n\n```hcl\ndata \"zia_department_management\" \"engineering\" {\n name = \"Engineering\"\n}\n\ndata \"zia_group_management\" \"normal_internet\" {\n    name = \"Normal_Internet\"\n}\n\nresource \"zia_sandbox_rules\" \"this\" {\n    name                 = \"SandboxRule01\"\n    description          = \"SandboxRule01\"\n    rank                 = 7\n    order                = 1\n    first_time_enable    = true\n    ml_action_enabled    = true\n    first_time_operation = \"ALLOW_SCAN\"\n    ba_rule_action       = \"BLOCK\"\n    state                = \"ENABLED\"\n    ba_policy_categories = [\"ADWARE_BLOCK\", \"BOTMAL_BLOCK\", \"ANONYP2P_BLOCK\", \"RANSOMWARE_BLOCK\"]\n    file_types           = [\"FTCATEGORY_P7Z\",\n        \"FTCATEGORY_MS_WORD\",\n        \"FTCATEGORY_PDF_DOCUMENT\",\n        \"FTCATEGORY_TAR\",\n        \"FTCATEGORY_SCZIP\",\n        \"FTCATEGORY_WINDOWS_EXECUTABLES\",\n        \"FTCATEGORY_HTA\",\n        \"FTCATEGORY_FLASH\",\n        \"FTCATEGORY_RAR\",\n        \"FTCATEGORY_MS_EXCEL\",\n        \"FTCATEGORY_VISUAL_BASIC_SCRIPT\",\n        \"FTCATEGORY_MS_POWERPOINT\",\n        \"FTCATEGORY_WINDOWS_LIBRARY\",\n        \"FTCATEGORY_POWERSHELL\",\n        \"FTCATEGORY_APK\",\n        \"FTCATEGORY_ZIP\",\n        \"FTCATEGORY_BZIP2\",\n        \"FTCATEGORY_JAVA_APPLET\",\n        \"FTCATEGORY_MS_RTF\"]\n    protocols            = [\n        \"FOHTTP_RULE\",\n        \"FTP_RULE\",\n        \"HTTPS_RULE\",\n        \"HTTP_RULE\",\n    ]\n    departments {\n        id = [ data.zia_department_management.engineering.id ]\n    }\n    groups {\n        id = [ data.zia_group_management.normal_internet.id ]\n    }\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_sandbox_rules** can be imported by using `\u003cRULE ID\u003e` or `\u003cRULE NAME\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/sandboxRules:SandboxRules example \u003crule_id\u003e\n```\n\nor\n\n```sh\n$ pulumi import zia:index/sandboxRules:SandboxRules example \u003crule_name\u003e\n```\n\n","properties":{"baPolicyCategories":{"type":"array","items":{"type":"string"},"description":"The threat categories to which the rule applies"},"baRuleAction":{"type":"string","description":"(String) The action configured for the rule that must take place if the traffic matches the rule criteria. Supported Values: `ALLOW` or `BLOCK`\n"},"byThreatScore":{"type":"integer","description":"(Integer)\n"},"departments":{"$ref":"#/types/zia:index/SandboxRulesDepartments:SandboxRulesDepartments","description":"(List of Objects) Apply to any number of departments When not used it implies `Any` to apply the rule to all departments.\n"},"description":{"type":"string","description":"(String) Enter additional notes or information. The description cannot exceed 10,240 characters.\n"},"fileTypes":{"type":"array","items":{"type":"string"},"description":"(List of Strings) File type categories for which the policy is applied. If not set, the rule is applied across all file types.\nSee the [File Type Control API](https://help.zscaler.com/zia/file-type-control-policy#/fileTypeRules-get).\n"},"firstTimeEnable":{"type":"boolean","description":"(Boolean) A Boolean value indicating whether a First-Time Action is specifically configured for the rule. The First-Time Action takes place when users download unknown files. The action to be applied is specified using the firstTimeOperation field.\n"},"firstTimeOperation":{"type":"string","description":"(String) The action that must take place when users download unknown files for the first time. Supported Values: `ALLOW_SCAN`, `QUARANTINE`, `ALLOW_NOSCAN`, `QUARANTINE_ISOLATE`\n"},"groups":{"$ref":"#/types/zia:index/SandboxRulesGroups:SandboxRulesGroups","description":"(List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`8`\" pulumi-lang-dotnet=\"`8`\" pulumi-lang-go=\"`8`\" pulumi-lang-python=\"`8`\" pulumi-lang-yaml=\"`8`\" pulumi-lang-java=\"`8`\"\u003e`8`\u003c/span\u003e groups. When not used it implies `Any` to apply the rule to all groups.\n"},"labels":{"$ref":"#/types/zia:index/SandboxRulesLabels:SandboxRulesLabels","description":"(List of Objects) Labels that are applicable to the rule.\n"},"locationGroups":{"$ref":"#/types/zia:index/SandboxRulesLocationGroups:SandboxRulesLocationGroups","description":"(List of Objects)You can manually select up to \u003cspan pulumi-lang-nodejs=\"`32`\" pulumi-lang-dotnet=\"`32`\" pulumi-lang-go=\"`32`\" pulumi-lang-python=\"`32`\" pulumi-lang-yaml=\"`32`\" pulumi-lang-java=\"`32`\"\u003e`32`\u003c/span\u003e location groups. When not used it implies `Any` to apply the rule to all location groups.\n"},"locations":{"$ref":"#/types/zia:index/SandboxRulesLocations:SandboxRulesLocations","description":"(List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`8`\" pulumi-lang-dotnet=\"`8`\" pulumi-lang-go=\"`8`\" pulumi-lang-python=\"`8`\" pulumi-lang-yaml=\"`8`\" pulumi-lang-java=\"`8`\"\u003e`8`\u003c/span\u003e locations. When not used it implies `Any` to apply the rule to all groups.\n"},"mlActionEnabled":{"type":"boolean","description":"(Boolean) A Boolean value indicating whether to enable or disable the AI Instant Verdict option to have the Zscaler service use AI analysis to instantly assign threat scores to unknown files. This option is available to use only with specific rule actions such as Quarantine and Allow and Scan for First-Time Action.\n"},"name":{"type":"string","description":"The File Type Control policy rule name."},"order":{"type":"integer","description":"(Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.\n"},"protocols":{"type":"array","items":{"type":"string"},"description":"Protocol for the given rule. This field is not applicable to the Lite API."},"rank":{"type":"integer","description":"(Integer) The admin rank specified for the rule based on your assigned admin rank. Admin rank determines the rule order that can be specified for the rule. Admin rank can be configured if it is enabled in the Advanced Settings.\n"},"ruleId":{"type":"integer"},"state":{"type":"string","description":"(String) The state of the rule indicating whether it is enabled or disabled. Supported values: `ENABLED` or `DISABLED`\n"},"urlCategories":{"type":"array","items":{"type":"string"},"description":"(List of Strings) The list of URL categories to which the Sandbox rule must be applied. See the [URL Categories API](https://help.zscaler.com/zia/url-categories#/urlCategories-get) for the list of available categories or use the data source \u003cspan pulumi-lang-nodejs=\"`zia.URLCategories`\" pulumi-lang-dotnet=\"`zia.URLCategories`\" pulumi-lang-go=\"`URLCategories`\" pulumi-lang-python=\"`URLCategories`\" pulumi-lang-yaml=\"`zia.URLCategories`\" pulumi-lang-java=\"`zia.URLCategories`\"\u003e`zia.URLCategories`\u003c/span\u003e to retrieve the list of URL categories.\n"},"users":{"$ref":"#/types/zia:index/SandboxRulesUsers:SandboxRulesUsers","description":"(List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`4`\" pulumi-lang-dotnet=\"`4`\" pulumi-lang-go=\"`4`\" pulumi-lang-python=\"`4`\" pulumi-lang-yaml=\"`4`\" pulumi-lang-java=\"`4`\"\u003e`4`\u003c/span\u003e general and/or special users. When not used it implies `Any` to apply the rule to all users.\n"},"zpaAppSegments":{"type":"array","items":{"$ref":"#/types/zia:index/SandboxRulesZpaAppSegment:SandboxRulesZpaAppSegment"},"description":"(List of Objects) The ZPA application segments to which the rule applies\n"}},"required":["baRuleAction","byThreatScore","fileTypes","firstTimeEnable","firstTimeOperation","mlActionEnabled","name","order","protocols","rank","ruleId","state","zpaAppSegments"],"inputProperties":{"baPolicyCategories":{"type":"array","items":{"type":"string"},"description":"The threat categories to which the rule applies"},"baRuleAction":{"type":"string","description":"(String) The action configured for the rule that must take place if the traffic matches the rule criteria. Supported Values: `ALLOW` or `BLOCK`\n"},"byThreatScore":{"type":"integer","description":"(Integer)\n"},"departments":{"$ref":"#/types/zia:index/SandboxRulesDepartments:SandboxRulesDepartments","description":"(List of Objects) Apply to any number of departments When not used it implies `Any` to apply the rule to all departments.\n"},"description":{"type":"string","description":"(String) Enter additional notes or information. The description cannot exceed 10,240 characters.\n"},"fileTypes":{"type":"array","items":{"type":"string"},"description":"(List of Strings) File type categories for which the policy is applied. If not set, the rule is applied across all file types.\nSee the [File Type Control API](https://help.zscaler.com/zia/file-type-control-policy#/fileTypeRules-get).\n"},"firstTimeEnable":{"type":"boolean","description":"(Boolean) A Boolean value indicating whether a First-Time Action is specifically configured for the rule. The First-Time Action takes place when users download unknown files. The action to be applied is specified using the firstTimeOperation field.\n"},"firstTimeOperation":{"type":"string","description":"(String) The action that must take place when users download unknown files for the first time. Supported Values: `ALLOW_SCAN`, `QUARANTINE`, `ALLOW_NOSCAN`, `QUARANTINE_ISOLATE`\n"},"groups":{"$ref":"#/types/zia:index/SandboxRulesGroups:SandboxRulesGroups","description":"(List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`8`\" pulumi-lang-dotnet=\"`8`\" pulumi-lang-go=\"`8`\" pulumi-lang-python=\"`8`\" pulumi-lang-yaml=\"`8`\" pulumi-lang-java=\"`8`\"\u003e`8`\u003c/span\u003e groups. When not used it implies `Any` to apply the rule to all groups.\n"},"labels":{"$ref":"#/types/zia:index/SandboxRulesLabels:SandboxRulesLabels","description":"(List of Objects) Labels that are applicable to the rule.\n"},"locationGroups":{"$ref":"#/types/zia:index/SandboxRulesLocationGroups:SandboxRulesLocationGroups","description":"(List of Objects)You can manually select up to \u003cspan pulumi-lang-nodejs=\"`32`\" pulumi-lang-dotnet=\"`32`\" pulumi-lang-go=\"`32`\" pulumi-lang-python=\"`32`\" pulumi-lang-yaml=\"`32`\" pulumi-lang-java=\"`32`\"\u003e`32`\u003c/span\u003e location groups. When not used it implies `Any` to apply the rule to all location groups.\n"},"locations":{"$ref":"#/types/zia:index/SandboxRulesLocations:SandboxRulesLocations","description":"(List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`8`\" pulumi-lang-dotnet=\"`8`\" pulumi-lang-go=\"`8`\" pulumi-lang-python=\"`8`\" pulumi-lang-yaml=\"`8`\" pulumi-lang-java=\"`8`\"\u003e`8`\u003c/span\u003e locations. When not used it implies `Any` to apply the rule to all groups.\n"},"mlActionEnabled":{"type":"boolean","description":"(Boolean) A Boolean value indicating whether to enable or disable the AI Instant Verdict option to have the Zscaler service use AI analysis to instantly assign threat scores to unknown files. This option is available to use only with specific rule actions such as Quarantine and Allow and Scan for First-Time Action.\n"},"name":{"type":"string","description":"The File Type Control policy rule name."},"order":{"type":"integer","description":"(Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.\n"},"protocols":{"type":"array","items":{"type":"string"},"description":"Protocol for the given rule. This field is not applicable to the Lite API."},"rank":{"type":"integer","description":"(Integer) The admin rank specified for the rule based on your assigned admin rank. Admin rank determines the rule order that can be specified for the rule. Admin rank can be configured if it is enabled in the Advanced Settings.\n"},"state":{"type":"string","description":"(String) The state of the rule indicating whether it is enabled or disabled. Supported values: `ENABLED` or `DISABLED`\n"},"urlCategories":{"type":"array","items":{"type":"string"},"description":"(List of Strings) The list of URL categories to which the Sandbox rule must be applied. See the [URL Categories API](https://help.zscaler.com/zia/url-categories#/urlCategories-get) for the list of available categories or use the data source \u003cspan pulumi-lang-nodejs=\"`zia.URLCategories`\" pulumi-lang-dotnet=\"`zia.URLCategories`\" pulumi-lang-go=\"`URLCategories`\" pulumi-lang-python=\"`URLCategories`\" pulumi-lang-yaml=\"`zia.URLCategories`\" pulumi-lang-java=\"`zia.URLCategories`\"\u003e`zia.URLCategories`\u003c/span\u003e to retrieve the list of URL categories.\n"},"users":{"$ref":"#/types/zia:index/SandboxRulesUsers:SandboxRulesUsers","description":"(List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`4`\" pulumi-lang-dotnet=\"`4`\" pulumi-lang-go=\"`4`\" pulumi-lang-python=\"`4`\" pulumi-lang-yaml=\"`4`\" pulumi-lang-java=\"`4`\"\u003e`4`\u003c/span\u003e general and/or special users. When not used it implies `Any` to apply the rule to all users.\n"},"zpaAppSegments":{"type":"array","items":{"$ref":"#/types/zia:index/SandboxRulesZpaAppSegment:SandboxRulesZpaAppSegment"},"description":"(List of Objects) The ZPA application segments to which the rule applies\n"}},"requiredInputs":["fileTypes","order","protocols"],"stateInputs":{"description":"Input properties used for looking up and filtering SandboxRules resources.\n","properties":{"baPolicyCategories":{"type":"array","items":{"type":"string"},"description":"The threat categories to which the rule applies"},"baRuleAction":{"type":"string","description":"(String) The action configured for the rule that must take place if the traffic matches the rule criteria. Supported Values: `ALLOW` or `BLOCK`\n"},"byThreatScore":{"type":"integer","description":"(Integer)\n"},"departments":{"$ref":"#/types/zia:index/SandboxRulesDepartments:SandboxRulesDepartments","description":"(List of Objects) Apply to any number of departments When not used it implies `Any` to apply the rule to all departments.\n"},"description":{"type":"string","description":"(String) Enter additional notes or information. The description cannot exceed 10,240 characters.\n"},"fileTypes":{"type":"array","items":{"type":"string"},"description":"(List of Strings) File type categories for which the policy is applied. If not set, the rule is applied across all file types.\nSee the [File Type Control API](https://help.zscaler.com/zia/file-type-control-policy#/fileTypeRules-get).\n"},"firstTimeEnable":{"type":"boolean","description":"(Boolean) A Boolean value indicating whether a First-Time Action is specifically configured for the rule. The First-Time Action takes place when users download unknown files. The action to be applied is specified using the firstTimeOperation field.\n"},"firstTimeOperation":{"type":"string","description":"(String) The action that must take place when users download unknown files for the first time. Supported Values: `ALLOW_SCAN`, `QUARANTINE`, `ALLOW_NOSCAN`, `QUARANTINE_ISOLATE`\n"},"groups":{"$ref":"#/types/zia:index/SandboxRulesGroups:SandboxRulesGroups","description":"(List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`8`\" pulumi-lang-dotnet=\"`8`\" pulumi-lang-go=\"`8`\" pulumi-lang-python=\"`8`\" pulumi-lang-yaml=\"`8`\" pulumi-lang-java=\"`8`\"\u003e`8`\u003c/span\u003e groups. When not used it implies `Any` to apply the rule to all groups.\n"},"labels":{"$ref":"#/types/zia:index/SandboxRulesLabels:SandboxRulesLabels","description":"(List of Objects) Labels that are applicable to the rule.\n"},"locationGroups":{"$ref":"#/types/zia:index/SandboxRulesLocationGroups:SandboxRulesLocationGroups","description":"(List of Objects)You can manually select up to \u003cspan pulumi-lang-nodejs=\"`32`\" pulumi-lang-dotnet=\"`32`\" pulumi-lang-go=\"`32`\" pulumi-lang-python=\"`32`\" pulumi-lang-yaml=\"`32`\" pulumi-lang-java=\"`32`\"\u003e`32`\u003c/span\u003e location groups. When not used it implies `Any` to apply the rule to all location groups.\n"},"locations":{"$ref":"#/types/zia:index/SandboxRulesLocations:SandboxRulesLocations","description":"(List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`8`\" pulumi-lang-dotnet=\"`8`\" pulumi-lang-go=\"`8`\" pulumi-lang-python=\"`8`\" pulumi-lang-yaml=\"`8`\" pulumi-lang-java=\"`8`\"\u003e`8`\u003c/span\u003e locations. When not used it implies `Any` to apply the rule to all groups.\n"},"mlActionEnabled":{"type":"boolean","description":"(Boolean) A Boolean value indicating whether to enable or disable the AI Instant Verdict option to have the Zscaler service use AI analysis to instantly assign threat scores to unknown files. This option is available to use only with specific rule actions such as Quarantine and Allow and Scan for First-Time Action.\n"},"name":{"type":"string","description":"The File Type Control policy rule name."},"order":{"type":"integer","description":"(Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.\n"},"protocols":{"type":"array","items":{"type":"string"},"description":"Protocol for the given rule. This field is not applicable to the Lite API."},"rank":{"type":"integer","description":"(Integer) The admin rank specified for the rule based on your assigned admin rank. Admin rank determines the rule order that can be specified for the rule. Admin rank can be configured if it is enabled in the Advanced Settings.\n"},"ruleId":{"type":"integer"},"state":{"type":"string","description":"(String) The state of the rule indicating whether it is enabled or disabled. Supported values: `ENABLED` or `DISABLED`\n"},"urlCategories":{"type":"array","items":{"type":"string"},"description":"(List of Strings) The list of URL categories to which the Sandbox rule must be applied. See the [URL Categories API](https://help.zscaler.com/zia/url-categories#/urlCategories-get) for the list of available categories or use the data source \u003cspan pulumi-lang-nodejs=\"`zia.URLCategories`\" pulumi-lang-dotnet=\"`zia.URLCategories`\" pulumi-lang-go=\"`URLCategories`\" pulumi-lang-python=\"`URLCategories`\" pulumi-lang-yaml=\"`zia.URLCategories`\" pulumi-lang-java=\"`zia.URLCategories`\"\u003e`zia.URLCategories`\u003c/span\u003e to retrieve the list of URL categories.\n"},"users":{"$ref":"#/types/zia:index/SandboxRulesUsers:SandboxRulesUsers","description":"(List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`4`\" pulumi-lang-dotnet=\"`4`\" pulumi-lang-go=\"`4`\" pulumi-lang-python=\"`4`\" pulumi-lang-yaml=\"`4`\" pulumi-lang-java=\"`4`\"\u003e`4`\u003c/span\u003e general and/or special users. When not used it implies `Any` to apply the rule to all users.\n"},"zpaAppSegments":{"type":"array","items":{"$ref":"#/types/zia:index/SandboxRulesZpaAppSegment:SandboxRulesZpaAppSegment"},"description":"(List of Objects) The ZPA application segments to which the rule applies\n"}},"type":"object"}},"zia:index/securitySettings:SecuritySettings":{"description":"* [Official documentation](https://help.zscaler.com/zia/security-policy-settings#/security-put)\n* [API documentation](https://help.zscaler.com/zia/security-policy-settings#/security-put)\n\nThe **zia_security_settings** resource alows you to add or remove a URL to the allow and denylist under the Advanced Threat Protection policy in the Zscaler Internet Access cloud or via the API.\n\n## Example Usage\n\n```hcl\n# Add URLs to ZIA Whitelist - Malware Protection\nresource \"zia_security_settings\" \"this\" {\n  whitelist_urls = [\n    \"resource5.acme.net\",\n    \"resource6.acme.net\",\n    \"resource7.acme.net\",\n    \"resource8.acme.net\",\n  ]\n}\n```\n\n```hcl\n# Add URLs to ZIA Blacklist - Advanced Threat Protection\nresource \"zia_security_settings\" \"this\" {\n  blacklist_urls = [\n    \"resource1.acme.net\",\n    \"resource2.acme.net\",\n    \"resource3.acme.net\",\n    \"resource4.acme.net\",\n  ]\n}\n```\n\n```hcl\n# Add URLs to both Whitelist and Blacklist\n# Advanced Threat Protection \u0026 Malware Protection\nresource \"zia_security_settings\" \"this\" {\n  whitelist_urls = [\n    \"resource5.acme.net\",\n    \"resource6.acme.net\",\n    \"resource7.acme.net\",\n    \"resource8.acme.net\",\n  ]\n  blacklist_urls = [\n    \"resource1.acme.net\",\n    \"resource2.acme.net\",\n    \"resource3.acme.net\",\n    \"resource4.acme.net\",\n  ]\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_security_settings** can be imported by using \u003cspan pulumi-lang-nodejs=\"`allUrls`\" pulumi-lang-dotnet=\"`AllUrls`\" pulumi-lang-go=\"`allUrls`\" pulumi-lang-python=\"`all_urls`\" pulumi-lang-yaml=\"`allUrls`\" pulumi-lang-java=\"`allUrls`\"\u003e`all_urls`\u003c/span\u003e as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/securitySettings:SecuritySettings example all_urls\n```\n\n","properties":{"blacklistUrls":{"type":"array","items":{"type":"string"},"description":"URLs on the denylist for your organization. Allow up to 275000 URLs."},"whitelistUrls":{"type":"array","items":{"type":"string"},"description":"Allowlist URLs whose contents will not be scanned. Allows up to 255 URLs."}},"required":["blacklistUrls","whitelistUrls"],"inputProperties":{"blacklistUrls":{"type":"array","items":{"type":"string"},"description":"URLs on the denylist for your organization. Allow up to 275000 URLs."},"whitelistUrls":{"type":"array","items":{"type":"string"},"description":"Allowlist URLs whose contents will not be scanned. Allows up to 255 URLs."}},"stateInputs":{"description":"Input properties used for looking up and filtering SecuritySettings resources.\n","properties":{"blacklistUrls":{"type":"array","items":{"type":"string"},"description":"URLs on the denylist for your organization. Allow up to 275000 URLs."},"whitelistUrls":{"type":"array","items":{"type":"string"},"description":"Allowlist URLs whose contents will not be scanned. Allows up to 255 URLs."}},"type":"object"}},"zia:index/subCloud:SubCloud":{"description":"* [Official documentation](https://help.zscaler.com/zia/understanding-subclouds)\n* [API documentation](https://help.zscaler.com/legacy-apis/traffic-forwarding-0#/subclouds-get)\n\nUse the **zia_sub_cloud** resource to update the subcloud and excluded data centers based on the specified ID.\n\n\u003e NOTE: This an Early Access feature.\n\n## Example Usage\n\n```hcl\ndata \"zia_sub_cloud\" \"lookup\" {\n    name = \"BIZDevZSThree01\"\n}\n\ndata \"zia_datacenters\" \"this\" {\n    name = \"YVR1\"\n}\n\ndata \"zia_datacenters\" \"this1\" {\n    name = \"SEA1\"\n}\n\nresource \"zia_sub_cloud\" \"this\" {\n    cloud_id = data.zia_sub_cloud.lookup.id\n    name     = \"BIZDevZSThree01\"\n\n    # Using Unix timestamps\n    exclusions {\n        datacenter {\n            id   = data.zia_datacenters.this.datacenters[0].id\n            name = data.zia_datacenters.this.datacenters[0].name\n        }\n        country    = \"CANADA\"\n        end_time   = 1770422399\n    }\n\n    # Using human-readable UTC date/time (same as UI \"Data Center Disabled Until\")\n    exclusions {\n        datacenter {\n            id   = data.zia_datacenters.this1.datacenters[0].id\n            name = data.zia_datacenters.this1.datacenters[0].name\n        }\n        country      = \"UNITED_STATES\"\n        end_time_utc = \"02/19/2026 11:59:00 pm\"\n    }\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_sub_cloud** can be imported by using `\u003cSUB_CLOUD ID\u003e` or `\u003cSUB_CLOUD NAME\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/subCloud:SubCloud example \u003csub_cloud_id\u003e\n```\n\nor\n\n```sh\n$ pulumi import zia:index/subCloud:SubCloud example \u003csub_cloud_name\u003e\n```\n\n","properties":{"cloudId":{"type":"integer","description":"(Integer) Unique identifier for the subcloud as an integer.\n"},"dcs":{"type":"array","items":{"$ref":"#/types/zia:index/SubCloudDc:SubCloudDc"},"description":"Set of data centers associated with the subcloud (read-only)."},"exclusions":{"type":"array","items":{"$ref":"#/types/zia:index/SubCloudExclusion:SubCloudExclusion"},"description":"(List) List of data centers excluded from the subcloud.\n"},"name":{"type":"string","description":"(String) Datacenter name.\n"}},"required":["cloudId","dcs","name"],"inputProperties":{"cloudId":{"type":"integer","description":"(Integer) Unique identifier for the subcloud as an integer.\n"},"exclusions":{"type":"array","items":{"$ref":"#/types/zia:index/SubCloudExclusion:SubCloudExclusion"},"description":"(List) List of data centers excluded from the subcloud.\n"},"name":{"type":"string","description":"(String) Datacenter name.\n"}},"requiredInputs":["cloudId"],"stateInputs":{"description":"Input properties used for looking up and filtering SubCloud resources.\n","properties":{"cloudId":{"type":"integer","description":"(Integer) Unique identifier for the subcloud as an integer.\n"},"dcs":{"type":"array","items":{"$ref":"#/types/zia:index/SubCloudDc:SubCloudDc"},"description":"Set of data centers associated with the subcloud (read-only)."},"exclusions":{"type":"array","items":{"$ref":"#/types/zia:index/SubCloudExclusion:SubCloudExclusion"},"description":"(List) List of data centers excluded from the subcloud.\n"},"name":{"type":"string","description":"(String) Datacenter name.\n"}},"type":"object"}},"zia:index/subscriptionAlert:SubscriptionAlert":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-alert-subscriptions)\n* [API documentation](https://help.zscaler.com/zia/alerts#/alertSubscriptions-get)\n\nUse the **zia_subscription_alert** resource allows the creation and management of Alert Subscriptions in the Zscaler Internet Access.\n\n## Example Usage\n\n```hcl\nresource \"zia_subscription_alert\" \"this\" {\n  email  = \"alert@acme.com\"\n  description = \"Terraform Alert\"\n  pt0_severities = [\"CRITICAL\"]\n  secure_severities = [\"CRITICAL\", \"MAJOR\", \"MINOR\", \"INFO\", \"DEBUG\"]\n  manage_severities = [\"CRITICAL\", \"MAJOR\", \"MINOR\", \"INFO\", \"DEBUG\"]\n  comply_severities = [\"CRITICAL\", \"MAJOR\", \"MINOR\", \"INFO\", \"DEBUG\"]\n  system_severities = [\"CRITICAL\", \"MAJOR\", \"MINOR\", \"INFO\", \"DEBUG\"]\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_subscription_alert** can be imported by using `\u003cALERT_ID\u003e` or `\u003cALERT_EMAIL\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/subscriptionAlert:SubscriptionAlert example \u003calert_id\u003e\n```\n\nor\n\n```sh\n$ pulumi import zia:index/subscriptionAlert:SubscriptionAlert example \u003calert_email\u003e\n```\n\n","properties":{"alertId":{"type":"integer","description":"System-generated identifier for the alert subscription"},"complySeverities":{"type":"array","items":{"type":"string"},"description":"(List of String) Lists the severity levels of the Comply Severity Alert class information that the recipient receives. Supported Values: `CRITICAL`, `MAJOR`, `MINOR`, `INFO`, `DEBUG`\n"},"description":{"type":"string","description":"(String) Additional comments or information about the alert subscription\n"},"email":{"type":"string","description":"The email address of the alert recipient\n"},"manageSeverities":{"type":"array","items":{"type":"string"},"description":"(List of String) Lists the severity levels of the Manage Severity Alert class information that the recipient receives. Supported Values: `CRITICAL`, `MAJOR`, `MINOR`, `INFO`, `DEBUG`\n"},"pt0Severities":{"type":"array","items":{"type":"string"},"description":"(List of String) Lists the severity levels of the Patient 0 Severity Alert class information that the recipient receives. Supported Values: `CRITICAL`, `MAJOR`, `MINOR`, `INFO`, `DEBUG`\n"},"secureSeverities":{"type":"array","items":{"type":"string"},"description":"(List of String) Lists the severity levels of the Secure Severity Alert class information that the recipient receives. Supported Values: `CRITICAL`, `MAJOR`, `MINOR`, `INFO`, `DEBUG`\n"},"systemSeverities":{"type":"array","items":{"type":"string"},"description":"(List of String) Lists the severity levels of the System Severity Alert class information that the recipient receives. Supported Values: `CRITICAL`, `MAJOR`, `MINOR`, `INFO`, `DEBUG`\n"}},"required":["alertId"],"inputProperties":{"complySeverities":{"type":"array","items":{"type":"string"},"description":"(List of String) Lists the severity levels of the Comply Severity Alert class information that the recipient receives. Supported Values: `CRITICAL`, `MAJOR`, `MINOR`, `INFO`, `DEBUG`\n"},"description":{"type":"string","description":"(String) Additional comments or information about the alert subscription\n"},"email":{"type":"string","description":"The email address of the alert recipient\n"},"manageSeverities":{"type":"array","items":{"type":"string"},"description":"(List of String) Lists the severity levels of the Manage Severity Alert class information that the recipient receives. Supported Values: `CRITICAL`, `MAJOR`, `MINOR`, `INFO`, `DEBUG`\n"},"pt0Severities":{"type":"array","items":{"type":"string"},"description":"(List of String) Lists the severity levels of the Patient 0 Severity Alert class information that the recipient receives. Supported Values: `CRITICAL`, `MAJOR`, `MINOR`, `INFO`, `DEBUG`\n"},"secureSeverities":{"type":"array","items":{"type":"string"},"description":"(List of String) Lists the severity levels of the Secure Severity Alert class information that the recipient receives. Supported Values: `CRITICAL`, `MAJOR`, `MINOR`, `INFO`, `DEBUG`\n"},"systemSeverities":{"type":"array","items":{"type":"string"},"description":"(List of String) Lists the severity levels of the System Severity Alert class information that the recipient receives. Supported Values: `CRITICAL`, `MAJOR`, `MINOR`, `INFO`, `DEBUG`\n"}},"stateInputs":{"description":"Input properties used for looking up and filtering SubscriptionAlert resources.\n","properties":{"alertId":{"type":"integer","description":"System-generated identifier for the alert subscription"},"complySeverities":{"type":"array","items":{"type":"string"},"description":"(List of String) Lists the severity levels of the Comply Severity Alert class information that the recipient receives. Supported Values: `CRITICAL`, `MAJOR`, `MINOR`, `INFO`, `DEBUG`\n"},"description":{"type":"string","description":"(String) Additional comments or information about the alert subscription\n"},"email":{"type":"string","description":"The email address of the alert recipient\n"},"manageSeverities":{"type":"array","items":{"type":"string"},"description":"(List of String) Lists the severity levels of the Manage Severity Alert class information that the recipient receives. Supported Values: `CRITICAL`, `MAJOR`, `MINOR`, `INFO`, `DEBUG`\n"},"pt0Severities":{"type":"array","items":{"type":"string"},"description":"(List of String) Lists the severity levels of the Patient 0 Severity Alert class information that the recipient receives. Supported Values: `CRITICAL`, `MAJOR`, `MINOR`, `INFO`, `DEBUG`\n"},"secureSeverities":{"type":"array","items":{"type":"string"},"description":"(List of String) Lists the severity levels of the Secure Severity Alert class information that the recipient receives. Supported Values: `CRITICAL`, `MAJOR`, `MINOR`, `INFO`, `DEBUG`\n"},"systemSeverities":{"type":"array","items":{"type":"string"},"description":"(List of String) Lists the severity levels of the System Severity Alert class information that the recipient receives. Supported Values: `CRITICAL`, `MAJOR`, `MINOR`, `INFO`, `DEBUG`\n"}},"type":"object"}},"zia:index/tenantRestrictionProfile:TenantRestrictionProfile":{"description":"* [Official documentation](https://help.zscaler.com/zia/adding-tenant-profiles)\n* [API documentation](https://help.zscaler.com/zia/cloud-app-control-policy#/tenancyRestrictionProfile-post)\n\nUse the **zia_tenant_restriction_profile** resource creates and manages tenant retriction profiles in the Zscaler Internet Access cloud.\n\n## Example Usage\n\n### Create O365 Tenant Restriction Profile\n\n```hcl\nresource \"zia_tenant_restriction_profile\" \"this\" {\n  name = \"ACME_MSFT_CA\"\n  description = \"ACME_MSFT_CA\"\n  restrict_personal_o365_domains = true\n  app_type = \"MSLOGINSERVICES\"\n  item_data_primary = [\"11111111-1111-1111-1111-111111111111\"]\n  item_data_secondary = [\"acme.com\"]\n  item_type_primary = \"TENANT_RESTRICTION_TENANT_DIRECTORY\"\n  item_type_secondary = \"TENANT_RESTRICTION_TENANT_NAME\"\n}\n```\n\n### Create O365 V2 Tenant Restriction Profile\n\n```hcl\nresource \"zia_tenant_restriction_profile\" \"this2\" {\n  name = \"ACME_MSFT_CA_v2\"\n  description = \"ACME_MSFT_CA_v2\"\n  ms_login_services_tr_v2 = true\n  app_type = \"MSLOGINSERVICES\"\n  item_data_primary = [\"11111111-1111-1111-1111-111111111111:quadsj\"]\n  item_type_primary = \"TENANT_RESTRICTION_TENANT_POLICY_ID\"\n}\n```\n\n### Create YouTube Tenant Restriction Profile\n\n```hcl\nresource \"zia_tenant_restriction_profile\" \"this3\" {\n  name = \"YouTube01_Profile\"\n  description = \"YouTube01_Profile\"\n  app_type = \"YOUTUBE\"\n  item_value = [\"TENANT_RESTRICTION_ACTION_OR_ADVENTURE\"]\n  item_type_primary = \"TENANT_RESTRICTION_CATEGORY_ID\"\n}\n```\n\n### Create Dropbox Tenant Restriction Profile\n\n```hcl\nresource \"zia_tenant_restriction_profile\" \"this4\" {\n  name = \"Dropbox_Profile\"\n  description = \"Dropbox_Profile\"\n  app_type = \"DROPBOX\"\n  item_data_primary = [139732608]\n  item_type_primary = \"TENANT_RESTRICTION_TEAM_ID\"\n}\n```\n\n### Create Google Tenant Restriction Profile\n\n```hcl\nresource \"zia_tenant_restriction_profile\" \"this5\" {\n  name = \"Google_Profile01\"\n  description = \"Google_Profile01\"\n  allow_google_consumers = false\n  allow_google_visitors = false\n  app_type = \"GOOGLE\"\n  item_data_primary = [\"acme.com\"]\n  item_type_primary = \"TENANT_RESTRICTION_DOMAIN\"\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_tenant_restriction_profile** can be imported by using `\u003cPROFILE ID\u003e` or `\u003cPROFILE NAME\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/tenantRestrictionProfile:TenantRestrictionProfile example \u003cprofile_id\u003e\n```\n\nor\n\n```sh\n$ pulumi import zia:index/tenantRestrictionProfile:TenantRestrictionProfile example \u003cprofile_name\u003e\n```\n\n","properties":{"allowGcpCloudStorageRead":{"type":"boolean","description":"Flag to allow or disallow cloud storage resources for GCP"},"allowGoogleConsumers":{"type":"boolean","description":"Flag to allow Google consumers"},"allowGoogleVisitors":{"type":"boolean","description":"Flag to allow Google visitors"},"appType":{"type":"string","description":"Restricted tenant profile application type.\n\t\t\t\tSee the Tenancy Restriction Profile API for the list of available application types:\n\t\t\t\thttps://help.zscaler.com/zia/cloud-app-control-policy#/tenancyRestrictionProfile-get"},"description":{"type":"string","description":"Additional information about the profile"},"itemDataPrimaries":{"type":"array","items":{"type":"string"},"description":"Tenant profile primary item data"},"itemDataSecondaries":{"type":"array","items":{"type":"string"},"description":"List of certifications to be included or excluded for the profile."},"itemTypePrimary":{"type":"string","description":"Tenant profile primary item type.\n\t\t\t\tSee the Tenancy Restriction Profile API for the list of available items:\n\t\t\t\thttps://help.zscaler.com/zia/cloud-app-control-policy#/tenancyRestrictionProfile-get"},"itemTypeSecondary":{"type":"string","description":"Tenant profile secondary item type.\n\t\t\t\tSee the Tenancy Restriction Profile API for the list of available items:\n\t\t\t\thttps://help.zscaler.com/zia/cloud-app-control-policy#/tenancyRestrictionProfile-get"},"itemValues":{"type":"array","items":{"type":"string"},"description":"Tenant profile item value for YouTube category.\n\t\t\t\tSee the Tenancy Restriction Profile API for the list of available item values:\n\t\t\t\thttps://help.zscaler.com/zia/cloud-app-control-policy#/tenancyRestrictionProfile-get"},"msLoginServicesTrV2":{"type":"boolean","description":"Flag to decide between v1 and v2 for tenant restriction on MSLOGINSERVICES"},"name":{"type":"string","description":"The tenant restriction profile name"},"profileId":{"type":"integer","description":"System-generated tenant profile ID"},"restrictPersonalO365Domains":{"type":"boolean","description":"Flag to restrict personal domains for Office 365"}},"required":["name","profileId"],"inputProperties":{"allowGcpCloudStorageRead":{"type":"boolean","description":"Flag to allow or disallow cloud storage resources for GCP"},"allowGoogleConsumers":{"type":"boolean","description":"Flag to allow Google consumers"},"allowGoogleVisitors":{"type":"boolean","description":"Flag to allow Google visitors"},"appType":{"type":"string","description":"Restricted tenant profile application type.\n\t\t\t\tSee the Tenancy Restriction Profile API for the list of available application types:\n\t\t\t\thttps://help.zscaler.com/zia/cloud-app-control-policy#/tenancyRestrictionProfile-get"},"description":{"type":"string","description":"Additional information about the profile"},"itemDataPrimaries":{"type":"array","items":{"type":"string"},"description":"Tenant profile primary item data"},"itemDataSecondaries":{"type":"array","items":{"type":"string"},"description":"List of certifications to be included or excluded for the profile."},"itemTypePrimary":{"type":"string","description":"Tenant profile primary item type.\n\t\t\t\tSee the Tenancy Restriction Profile API for the list of available items:\n\t\t\t\thttps://help.zscaler.com/zia/cloud-app-control-policy#/tenancyRestrictionProfile-get"},"itemTypeSecondary":{"type":"string","description":"Tenant profile secondary item type.\n\t\t\t\tSee the Tenancy Restriction Profile API for the list of available items:\n\t\t\t\thttps://help.zscaler.com/zia/cloud-app-control-policy#/tenancyRestrictionProfile-get"},"itemValues":{"type":"array","items":{"type":"string"},"description":"Tenant profile item value for YouTube category.\n\t\t\t\tSee the Tenancy Restriction Profile API for the list of available item values:\n\t\t\t\thttps://help.zscaler.com/zia/cloud-app-control-policy#/tenancyRestrictionProfile-get"},"msLoginServicesTrV2":{"type":"boolean","description":"Flag to decide between v1 and v2 for tenant restriction on MSLOGINSERVICES"},"name":{"type":"string","description":"The tenant restriction profile name"},"restrictPersonalO365Domains":{"type":"boolean","description":"Flag to restrict personal domains for Office 365"}},"stateInputs":{"description":"Input properties used for looking up and filtering TenantRestrictionProfile resources.\n","properties":{"allowGcpCloudStorageRead":{"type":"boolean","description":"Flag to allow or disallow cloud storage resources for GCP"},"allowGoogleConsumers":{"type":"boolean","description":"Flag to allow Google consumers"},"allowGoogleVisitors":{"type":"boolean","description":"Flag to allow Google visitors"},"appType":{"type":"string","description":"Restricted tenant profile application type.\n\t\t\t\tSee the Tenancy Restriction Profile API for the list of available application types:\n\t\t\t\thttps://help.zscaler.com/zia/cloud-app-control-policy#/tenancyRestrictionProfile-get"},"description":{"type":"string","description":"Additional information about the profile"},"itemDataPrimaries":{"type":"array","items":{"type":"string"},"description":"Tenant profile primary item data"},"itemDataSecondaries":{"type":"array","items":{"type":"string"},"description":"List of certifications to be included or excluded for the profile."},"itemTypePrimary":{"type":"string","description":"Tenant profile primary item type.\n\t\t\t\tSee the Tenancy Restriction Profile API for the list of available items:\n\t\t\t\thttps://help.zscaler.com/zia/cloud-app-control-policy#/tenancyRestrictionProfile-get"},"itemTypeSecondary":{"type":"string","description":"Tenant profile secondary item type.\n\t\t\t\tSee the Tenancy Restriction Profile API for the list of available items:\n\t\t\t\thttps://help.zscaler.com/zia/cloud-app-control-policy#/tenancyRestrictionProfile-get"},"itemValues":{"type":"array","items":{"type":"string"},"description":"Tenant profile item value for YouTube category.\n\t\t\t\tSee the Tenancy Restriction Profile API for the list of available item values:\n\t\t\t\thttps://help.zscaler.com/zia/cloud-app-control-policy#/tenancyRestrictionProfile-get"},"msLoginServicesTrV2":{"type":"boolean","description":"Flag to decide between v1 and v2 for tenant restriction on MSLOGINSERVICES"},"name":{"type":"string","description":"The tenant restriction profile name"},"profileId":{"type":"integer","description":"System-generated tenant profile ID"},"restrictPersonalO365Domains":{"type":"boolean","description":"Flag to restrict personal domains for Office 365"}},"type":"object"}},"zia:index/trafficCaptureRules:TrafficCaptureRules":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-traffic-capture-policy)\n* [API documentation](https://help.zscaler.com/zia/traffic-capture-policy#/trafficCaptureRules-get)\n\nThe **zia_traffic_capture_rules** resource allows the creation and management of ZIA traffic capture rules in the Zscaler Internet Access.\n\n## Example Usage\n\n```hcl\ndata \"zia_firewall_filtering_network_service\" \"zscaler_proxy_nw_services\" {\n    name = \"ZSCALER_PROXY_NW_SERVICES\"\n}\n\ndata \"zia_department_management\" \"engineering\" {\n name = \"Engineering\"\n}\n\ndata \"zia_group_management\" \"normal_internet\" {\n    name = \"Normal_Internet\"\n}\n\ndata \"zia_firewall_filtering_time_window\" \"work_hours\" {\n    name = \"Work hours\"\n}\n\nresource \"zia_traffic_capture_rules\" \"example\" {\n    name                = \"Example Traffic Capture Rule\"\n    description         = \"Example traffic capture rule for engineering department\"\n    action              = \"ALLOW\"\n    state               = \"ENABLED\"\n    order               = 1\n    enable_full_logging = true\n    txn_size_limit      = \"UNLIMITED\"\n    txn_sampling        = \"HUNDRED_PERCENT\"\n    nw_services {\n        id = [ data.zia_firewall_filtering_network_service.zscaler_proxy_nw_services.id ]\n    }\n    departments {\n        id = [ data.zia_department_management.engineering.id ]\n    }\n    groups {\n        id = [ data.zia_group_management.normal_internet.id ]\n    }\n    time_windows {\n        id = [ data.zia_firewall_filtering_time_window.work_hours.id ]\n    }\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_traffic_capture_rules** can be imported by using `\u003cRULE ID\u003e` or `\u003cRULE NAME\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/trafficCaptureRules:TrafficCaptureRules example \u003crule_id\u003e\n```\n\nor\n\n```sh\n$ pulumi import zia:index/trafficCaptureRules:TrafficCaptureRules example \u003crule_name\u003e\n```\n\n","properties":{"action":{"type":"string","description":"The action to be enforced when the traffic matches the rule criteria"},"appServiceGroups":{"$ref":"#/types/zia:index/TrafficCaptureRulesAppServiceGroups:TrafficCaptureRulesAppServiceGroups","description":"list of application service groups"},"defaultRule":{"type":"boolean","description":"If set to true, the default rule is applied"},"departments":{"$ref":"#/types/zia:index/TrafficCaptureRulesDepartments:TrafficCaptureRulesDepartments","description":"list of departments for which rule must be applied"},"description":{"type":"string","description":"Additional information about the rule"},"destAddresses":{"type":"array","items":{"type":"string"},"description":"Destination addresses. Supports IPv4, FQDNs, or wildcard FQDNs"},"destCountries":{"type":"array","items":{"type":"string"},"description":"Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries."},"destIpCategories":{"type":"array","items":{"type":"string"}},"destIpGroups":{"$ref":"#/types/zia:index/TrafficCaptureRulesDestIpGroups:TrafficCaptureRulesDestIpGroups","description":"list of destination ip groups"},"deviceGroups":{"$ref":"#/types/zia:index/TrafficCaptureRulesDeviceGroups:TrafficCaptureRulesDeviceGroups","description":"This field is applicable for devices that are managed using Zscaler Client Connector."},"deviceTrustLevels":{"type":"array","items":{"type":"string"},"description":"List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation."},"devices":{"$ref":"#/types/zia:index/TrafficCaptureRulesDevices:TrafficCaptureRulesDevices","description":"Name-ID pairs of devices for which rule must be applied."},"groups":{"$ref":"#/types/zia:index/TrafficCaptureRulesGroups:TrafficCaptureRulesGroups","description":"list of groups for which rule must be applied"},"labels":{"$ref":"#/types/zia:index/TrafficCaptureRulesLabels:TrafficCaptureRulesLabels","description":"list of Labels that are applicable to the rule."},"locationGroups":{"$ref":"#/types/zia:index/TrafficCaptureRulesLocationGroups:TrafficCaptureRulesLocationGroups","description":"list of locations groups"},"locations":{"$ref":"#/types/zia:index/TrafficCaptureRulesLocations:TrafficCaptureRulesLocations","description":"list of locations for which rule must be applied"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule"},"nwApplicationGroups":{"$ref":"#/types/zia:index/TrafficCaptureRulesNwApplicationGroups:TrafficCaptureRulesNwApplicationGroups","description":"list of nw application groups"},"nwApplications":{"type":"array","items":{"type":"string"}},"nwServiceGroups":{"$ref":"#/types/zia:index/TrafficCaptureRulesNwServiceGroups:TrafficCaptureRulesNwServiceGroups","description":"list of nw service groups"},"nwServices":{"$ref":"#/types/zia:index/TrafficCaptureRulesNwServices:TrafficCaptureRulesNwServices","description":"list of nw services"},"order":{"type":"integer","description":"Rule order number. If omitted, the rule will be added to the end of the rule set."},"predefined":{"type":"boolean","description":"If set to true, a predefined rule is applied"},"rank":{"type":"integer","description":"Admin rank of the Firewall Filtering policy rule"},"ruleId":{"type":"integer"},"sourceCountries":{"type":"array","items":{"type":"string"},"description":"Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries."},"srcIpGroups":{"$ref":"#/types/zia:index/TrafficCaptureRulesSrcIpGroups:TrafficCaptureRulesSrcIpGroups","description":"list of source ip groups"},"srcIps":{"type":"array","items":{"type":"string"},"description":"User-defined source IP addresses for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address."},"state":{"type":"string","description":"Determines whether the Firewall Filtering policy rule is enabled or disabled"},"timeWindows":{"$ref":"#/types/zia:index/TrafficCaptureRulesTimeWindows:TrafficCaptureRulesTimeWindows","description":"The time interval in which the Firewall Filtering policy rule applies"},"txnSampling":{"type":"string","description":"The percentage of connections sampled for capturing each time the rule is triggered"},"txnSizeLimit":{"type":"string","description":"The maximum size of traffic to capture per connection"},"users":{"$ref":"#/types/zia:index/TrafficCaptureRulesUsers:TrafficCaptureRulesUsers","description":"list of users for which rule must be applied"},"workloadGroups":{"type":"array","items":{"$ref":"#/types/zia:index/TrafficCaptureRulesWorkloadGroup:TrafficCaptureRulesWorkloadGroup"},"description":"The list of preconfigured workload groups to which the policy must be applied"}},"required":["destCountries","name","order","ruleId","sourceCountries","workloadGroups"],"inputProperties":{"action":{"type":"string","description":"The action to be enforced when the traffic matches the rule criteria"},"appServiceGroups":{"$ref":"#/types/zia:index/TrafficCaptureRulesAppServiceGroups:TrafficCaptureRulesAppServiceGroups","description":"list of application service groups"},"defaultRule":{"type":"boolean","description":"If set to true, the default rule is applied"},"departments":{"$ref":"#/types/zia:index/TrafficCaptureRulesDepartments:TrafficCaptureRulesDepartments","description":"list of departments for which rule must be applied"},"description":{"type":"string","description":"Additional information about the rule"},"destAddresses":{"type":"array","items":{"type":"string"},"description":"Destination addresses. Supports IPv4, FQDNs, or wildcard FQDNs"},"destCountries":{"type":"array","items":{"type":"string"},"description":"Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries."},"destIpCategories":{"type":"array","items":{"type":"string"}},"destIpGroups":{"$ref":"#/types/zia:index/TrafficCaptureRulesDestIpGroups:TrafficCaptureRulesDestIpGroups","description":"list of destination ip groups"},"deviceGroups":{"$ref":"#/types/zia:index/TrafficCaptureRulesDeviceGroups:TrafficCaptureRulesDeviceGroups","description":"This field is applicable for devices that are managed using Zscaler Client Connector."},"deviceTrustLevels":{"type":"array","items":{"type":"string"},"description":"List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation."},"devices":{"$ref":"#/types/zia:index/TrafficCaptureRulesDevices:TrafficCaptureRulesDevices","description":"Name-ID pairs of devices for which rule must be applied."},"groups":{"$ref":"#/types/zia:index/TrafficCaptureRulesGroups:TrafficCaptureRulesGroups","description":"list of groups for which rule must be applied"},"labels":{"$ref":"#/types/zia:index/TrafficCaptureRulesLabels:TrafficCaptureRulesLabels","description":"list of Labels that are applicable to the rule."},"locationGroups":{"$ref":"#/types/zia:index/TrafficCaptureRulesLocationGroups:TrafficCaptureRulesLocationGroups","description":"list of locations groups"},"locations":{"$ref":"#/types/zia:index/TrafficCaptureRulesLocations:TrafficCaptureRulesLocations","description":"list of locations for which rule must be applied"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule"},"nwApplicationGroups":{"$ref":"#/types/zia:index/TrafficCaptureRulesNwApplicationGroups:TrafficCaptureRulesNwApplicationGroups","description":"list of nw application groups"},"nwApplications":{"type":"array","items":{"type":"string"}},"nwServiceGroups":{"$ref":"#/types/zia:index/TrafficCaptureRulesNwServiceGroups:TrafficCaptureRulesNwServiceGroups","description":"list of nw service groups"},"nwServices":{"$ref":"#/types/zia:index/TrafficCaptureRulesNwServices:TrafficCaptureRulesNwServices","description":"list of nw services"},"order":{"type":"integer","description":"Rule order number. If omitted, the rule will be added to the end of the rule set."},"predefined":{"type":"boolean","description":"If set to true, a predefined rule is applied"},"rank":{"type":"integer","description":"Admin rank of the Firewall Filtering policy rule"},"sourceCountries":{"type":"array","items":{"type":"string"},"description":"Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries."},"srcIpGroups":{"$ref":"#/types/zia:index/TrafficCaptureRulesSrcIpGroups:TrafficCaptureRulesSrcIpGroups","description":"list of source ip groups"},"srcIps":{"type":"array","items":{"type":"string"},"description":"User-defined source IP addresses for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address."},"state":{"type":"string","description":"Determines whether the Firewall Filtering policy rule is enabled or disabled"},"timeWindows":{"$ref":"#/types/zia:index/TrafficCaptureRulesTimeWindows:TrafficCaptureRulesTimeWindows","description":"The time interval in which the Firewall Filtering policy rule applies"},"txnSampling":{"type":"string","description":"The percentage of connections sampled for capturing each time the rule is triggered"},"txnSizeLimit":{"type":"string","description":"The maximum size of traffic to capture per connection"},"users":{"$ref":"#/types/zia:index/TrafficCaptureRulesUsers:TrafficCaptureRulesUsers","description":"list of users for which rule must be applied"},"workloadGroups":{"type":"array","items":{"$ref":"#/types/zia:index/TrafficCaptureRulesWorkloadGroup:TrafficCaptureRulesWorkloadGroup"},"description":"The list of preconfigured workload groups to which the policy must be applied"}},"requiredInputs":["order"],"stateInputs":{"description":"Input properties used for looking up and filtering TrafficCaptureRules resources.\n","properties":{"action":{"type":"string","description":"The action to be enforced when the traffic matches the rule criteria"},"appServiceGroups":{"$ref":"#/types/zia:index/TrafficCaptureRulesAppServiceGroups:TrafficCaptureRulesAppServiceGroups","description":"list of application service groups"},"defaultRule":{"type":"boolean","description":"If set to true, the default rule is applied"},"departments":{"$ref":"#/types/zia:index/TrafficCaptureRulesDepartments:TrafficCaptureRulesDepartments","description":"list of departments for which rule must be applied"},"description":{"type":"string","description":"Additional information about the rule"},"destAddresses":{"type":"array","items":{"type":"string"},"description":"Destination addresses. Supports IPv4, FQDNs, or wildcard FQDNs"},"destCountries":{"type":"array","items":{"type":"string"},"description":"Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries."},"destIpCategories":{"type":"array","items":{"type":"string"}},"destIpGroups":{"$ref":"#/types/zia:index/TrafficCaptureRulesDestIpGroups:TrafficCaptureRulesDestIpGroups","description":"list of destination ip groups"},"deviceGroups":{"$ref":"#/types/zia:index/TrafficCaptureRulesDeviceGroups:TrafficCaptureRulesDeviceGroups","description":"This field is applicable for devices that are managed using Zscaler Client Connector."},"deviceTrustLevels":{"type":"array","items":{"type":"string"},"description":"List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation."},"devices":{"$ref":"#/types/zia:index/TrafficCaptureRulesDevices:TrafficCaptureRulesDevices","description":"Name-ID pairs of devices for which rule must be applied."},"groups":{"$ref":"#/types/zia:index/TrafficCaptureRulesGroups:TrafficCaptureRulesGroups","description":"list of groups for which rule must be applied"},"labels":{"$ref":"#/types/zia:index/TrafficCaptureRulesLabels:TrafficCaptureRulesLabels","description":"list of Labels that are applicable to the rule."},"locationGroups":{"$ref":"#/types/zia:index/TrafficCaptureRulesLocationGroups:TrafficCaptureRulesLocationGroups","description":"list of locations groups"},"locations":{"$ref":"#/types/zia:index/TrafficCaptureRulesLocations:TrafficCaptureRulesLocations","description":"list of locations for which rule must be applied"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule"},"nwApplicationGroups":{"$ref":"#/types/zia:index/TrafficCaptureRulesNwApplicationGroups:TrafficCaptureRulesNwApplicationGroups","description":"list of nw application groups"},"nwApplications":{"type":"array","items":{"type":"string"}},"nwServiceGroups":{"$ref":"#/types/zia:index/TrafficCaptureRulesNwServiceGroups:TrafficCaptureRulesNwServiceGroups","description":"list of nw service groups"},"nwServices":{"$ref":"#/types/zia:index/TrafficCaptureRulesNwServices:TrafficCaptureRulesNwServices","description":"list of nw services"},"order":{"type":"integer","description":"Rule order number. If omitted, the rule will be added to the end of the rule set."},"predefined":{"type":"boolean","description":"If set to true, a predefined rule is applied"},"rank":{"type":"integer","description":"Admin rank of the Firewall Filtering policy rule"},"ruleId":{"type":"integer"},"sourceCountries":{"type":"array","items":{"type":"string"},"description":"Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries."},"srcIpGroups":{"$ref":"#/types/zia:index/TrafficCaptureRulesSrcIpGroups:TrafficCaptureRulesSrcIpGroups","description":"list of source ip groups"},"srcIps":{"type":"array","items":{"type":"string"},"description":"User-defined source IP addresses for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address."},"state":{"type":"string","description":"Determines whether the Firewall Filtering policy rule is enabled or disabled"},"timeWindows":{"$ref":"#/types/zia:index/TrafficCaptureRulesTimeWindows:TrafficCaptureRulesTimeWindows","description":"The time interval in which the Firewall Filtering policy rule applies"},"txnSampling":{"type":"string","description":"The percentage of connections sampled for capturing each time the rule is triggered"},"txnSizeLimit":{"type":"string","description":"The maximum size of traffic to capture per connection"},"users":{"$ref":"#/types/zia:index/TrafficCaptureRulesUsers:TrafficCaptureRulesUsers","description":"list of users for which rule must be applied"},"workloadGroups":{"type":"array","items":{"$ref":"#/types/zia:index/TrafficCaptureRulesWorkloadGroup:TrafficCaptureRulesWorkloadGroup"},"description":"The list of preconfigured workload groups to which the policy must be applied"}},"type":"object"}},"zia:index/trafficForwardingGRETunnel:TrafficForwardingGRETunnel":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-gre-tunnels)\n* [API documentation](https://help.zscaler.com/zia/traffic-forwarding-0#/greTunnels-post)\n\nThe **zia_traffic_forwarding_gre_tunnel** resource allows the creation and management of GRE tunnel configuration in the Zscaler Internet Access (ZIA) portal.\n\n\u003e **Note:** The provider automatically query the Zscaler cloud for the primary and secondary destination datacenter and virtual IP address (VIP) of the GRE tunnel. The attribute can be overriden if needed by setting the parameters: \u003cspan pulumi-lang-nodejs=\"`primaryDestVip`\" pulumi-lang-dotnet=\"`PrimaryDestVip`\" pulumi-lang-go=\"`primaryDestVip`\" pulumi-lang-python=\"`primary_dest_vip`\" pulumi-lang-yaml=\"`primaryDestVip`\" pulumi-lang-java=\"`primaryDestVip`\"\u003e`primary_dest_vip`\u003c/span\u003e and \u003cspan pulumi-lang-nodejs=\"`secondaryDestVip`\" pulumi-lang-dotnet=\"`SecondaryDestVip`\" pulumi-lang-go=\"`secondaryDestVip`\" pulumi-lang-python=\"`secondary_dest_vip`\" pulumi-lang-yaml=\"`secondaryDestVip`\" pulumi-lang-java=\"`secondaryDestVip`\"\u003e`secondary_dest_vip`\u003c/span\u003e.\n\n## Example Usage\n\n### Unnumbered\n\n```hcl\n# Creates a numbered GRE Tunnel\nresource \"zia_traffic_forwarding_gre_tunnel\" \"example\" {\n  source_ip         = zia_traffic_forwarding_static_ip.example.ip_address\n  comment           = \"Example\"\n  within_country    = true\n  country_code      = \"US\"\n  ip_unnumbered     = true\n  depends_on        = [ zia_traffic_forwarding_static_ip.example ]\n}\n\n# ZIA Traffic Forwarding - Static IP\nresource \"zia_traffic_forwarding_static_ip\" \"example\"{\n    ip_address      =  \"1.1.1.1\"\n    routable_ip     = true\n    comment         = \"Example\"\n    geo_override    = true\n    latitude        = 37.418171\n    longitude       = -121.953140\n}\n```\n\n```hcl\ndata \"zia_traffic_forwarding_gre_vip_recommended_list\" \"this\"{\n    source_ip = zia_traffic_forwarding_static_ip.this.ip_address\n    required_count = 2\n}\n\ndata \"zia_gre_internal_ip_range_list\" \"this\"{\n    required_count = 10\n}\n\nresource \"zia_traffic_forwarding_static_ip\" \"this\"{\n    ip_address =  \"50.98.112.169\"\n    routable_ip = true\n    comment = \"Created with Terraform\"\n    geo_override = true\n    latitude = 49.0526\n    longitude = -122.8291\n}\n\nresource \"zia_traffic_forwarding_gre_tunnel\" \"this\" {\n  source_ip      = zia_traffic_forwarding_static_ip.this.ip_address\n  comment        = \"GRE Tunnel Created with Terraform\"\n  within_country = false\n  country_code   = \"US\"\n  ip_unnumbered  = true\n  primary_dest_vip {\n    datacenter = data.zia_traffic_forwarding_gre_vip_recommended_list.this.list[0].id\n    virtual_ip = data.zia_traffic_forwarding_gre_vip_recommended_list.this.list[0].virtual_ip\n  }\n  secondary_dest_vip {\n    datacenter = data.zia_traffic_forwarding_gre_vip_recommended_list.this.list[1].id\n    virtual_ip = data.zia_traffic_forwarding_gre_vip_recommended_list.this.list[1].virtual_ip\n  }\n  lifecycle {\n    ignore_changes = [\n      internal_ip_range,\n    ]\n  }\n  depends_on     = [zia_traffic_forwarding_static_ip.this]\n}\n```\n\n\u003e **Note:** Although the example shows 2 valid attributes defined (datacenter, virtual_ip) within the\u003cspan pulumi-lang-nodejs=\" primaryDestVip \" pulumi-lang-dotnet=\" PrimaryDestVip \" pulumi-lang-go=\" primaryDestVip \" pulumi-lang-python=\" primary_dest_vip \" pulumi-lang-yaml=\" primaryDestVip \" pulumi-lang-java=\" primaryDestVip \"\u003e primary_dest_vip \u003c/span\u003eand secondary_dest_vip, only one attribute is required. If setting the datacenter name as the attribute i.e YVR1. The provider will automatically select the available VIP.\n\n\u003e **Note:** To obtain the datacenter codes and/or virtual_ips, refer to the following [Zscaler Portal](https://config.zscaler.com/zscloud.net/cenr) and choose your cloud tenant.\n\n\u003e **Note:** The provider will automatically query and set the Zscaler cloud for the next available `/29` internal IP range to be used in a numbered GRE tunnel.\n\n### Numbered\n\n```hcl\ndata \"zia_gre_internal_ip_range_list\" \"this\"{\n    required_count = 1\n}\n\n# ZIA Traffic Forwarding - Static IP\nresource \"zia_traffic_forwarding_static_ip\" \"this\"{\n    ip_address      =  \"1.1.1.1\"\n    routable_ip     = true\n    comment         = \"Example\"\n    geo_override    = true\n    latitude        = 37.418171\n    longitude       = -121.953140\n}\n\n# Creates a Numbered GRE Tunnel\nresource \"zia_traffic_forwarding_gre_tunnel\" \"this\" {\n  source_ip       = zia_traffic_forwarding_static_ip.this.ip_address\n  comment         = \"Example\"\n  internal_ip_range = data.zia_gre_internal_ip_range_list.this.list[0].start_ip_address\n  within_country  = true\n  country_code    = \"US\"\n  ip_unnumbered   = true\n  depends_on      = [ zia_traffic_forwarding_static_ip.this ]\n\n  lifecycle {\n    ignore_changes = [\n      internal_ip_range,\n    ]\n  }\n}\n```\n\n\u003e **Note:** When configuring a numbered GRE Tunnel where the attribute \u003cspan pulumi-lang-nodejs=\"`internalIpRange`\" pulumi-lang-dotnet=\"`InternalIpRange`\" pulumi-lang-go=\"`internalIpRange`\" pulumi-lang-python=\"`internal_ip_range`\" pulumi-lang-yaml=\"`internalIpRange`\" pulumi-lang-java=\"`internalIpRange`\"\u003e`internal_ip_range`\u003c/span\u003e is defined, we must set the lifecycle block to ignore changes to the `\u003cspan pulumi-lang-nodejs=\"`internalIpRange`\" pulumi-lang-dotnet=\"`InternalIpRange`\" pulumi-lang-go=\"`internalIpRange`\" pulumi-lang-python=\"`internal_ip_range`\" pulumi-lang-yaml=\"`internalIpRange`\" pulumi-lang-java=\"`internalIpRange`\"\u003e`internal_ip_range`\u003c/span\u003e` attribute unless it is explicitly changed in the Terraform configuration.\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_traffic_forwarding_gre_tunnel** can be imported by using `\u003cTUNNEL_ID\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/trafficForwardingGRETunnel:TrafficForwardingGRETunnel example \u003ctunnel_id\u003e\n```\n\nor\n\n```sh\n$ pulumi import zia:index/trafficForwardingGRETunnel:TrafficForwardingGRETunnel example \u003cengine_name\u003e\n```\n\n","properties":{"comment":{"type":"string","description":"Additional information about this GRE tunnel"},"countryCode":{"type":"string","description":"When\u003cspan pulumi-lang-nodejs=\" withinCountry \" pulumi-lang-dotnet=\" WithinCountry \" pulumi-lang-go=\" withinCountry \" pulumi-lang-python=\" within_country \" pulumi-lang-yaml=\" withinCountry \" pulumi-lang-java=\" withinCountry \"\u003e within_country \u003c/span\u003eis enabled, you must set this to the country code."},"internalIpRange":{"type":"string","description":"The start of the internal IP address in /29 CIDR range"},"ipUnnumbered":{"type":"boolean","description":"This is required to support the automated SD-WAN provisioning of GRE tunnels, when set to true\u003cspan pulumi-lang-nodejs=\" greTunIp \" pulumi-lang-dotnet=\" GreTunIp \" pulumi-lang-go=\" greTunIp \" pulumi-lang-python=\" gre_tun_ip \" pulumi-lang-yaml=\" greTunIp \" pulumi-lang-java=\" greTunIp \"\u003e gre_tun_ip \u003c/span\u003eand\u003cspan pulumi-lang-nodejs=\" greTunId \" pulumi-lang-dotnet=\" GreTunId \" pulumi-lang-go=\" greTunId \" pulumi-lang-python=\" gre_tun_id \" pulumi-lang-yaml=\" greTunId \" pulumi-lang-java=\" greTunId \"\u003e gre_tun_id \u003c/span\u003eare set to null"},"primaryDestVips":{"type":"array","items":{"$ref":"#/types/zia:index/TrafficForwardingGRETunnelPrimaryDestVip:TrafficForwardingGRETunnelPrimaryDestVip"},"description":"The primary destination data center and virtual IP address (VIP) of the GRE tunnel"},"secondaryDestVips":{"type":"array","items":{"$ref":"#/types/zia:index/TrafficForwardingGRETunnelSecondaryDestVip:TrafficForwardingGRETunnelSecondaryDestVip"},"description":"The secondary destination data center and virtual IP address (VIP) of the GRE tunnel"},"sourceIp":{"type":"string","description":"The source IP address of the GRE tunnel. This is typically a static IP address in the organization or SD-WAN."},"tunnelId":{"type":"integer","description":"The ID of the GRE tunnel."},"withinCountry":{"type":"boolean","description":"Restrict the data center virtual IP addresses (VIPs) only to those within the same country as the source IP address"}},"required":["countryCode","ipUnnumbered","primaryDestVips","secondaryDestVips","sourceIp","tunnelId","withinCountry"],"inputProperties":{"comment":{"type":"string","description":"Additional information about this GRE tunnel"},"countryCode":{"type":"string","description":"When\u003cspan pulumi-lang-nodejs=\" withinCountry \" pulumi-lang-dotnet=\" WithinCountry \" pulumi-lang-go=\" withinCountry \" pulumi-lang-python=\" within_country \" pulumi-lang-yaml=\" withinCountry \" pulumi-lang-java=\" withinCountry \"\u003e within_country \u003c/span\u003eis enabled, you must set this to the country code."},"internalIpRange":{"type":"string","description":"The start of the internal IP address in /29 CIDR range"},"ipUnnumbered":{"type":"boolean","description":"This is required to support the automated SD-WAN provisioning of GRE tunnels, when set to true\u003cspan pulumi-lang-nodejs=\" greTunIp \" pulumi-lang-dotnet=\" GreTunIp \" pulumi-lang-go=\" greTunIp \" pulumi-lang-python=\" gre_tun_ip \" pulumi-lang-yaml=\" greTunIp \" pulumi-lang-java=\" greTunIp \"\u003e gre_tun_ip \u003c/span\u003eand\u003cspan pulumi-lang-nodejs=\" greTunId \" pulumi-lang-dotnet=\" GreTunId \" pulumi-lang-go=\" greTunId \" pulumi-lang-python=\" gre_tun_id \" pulumi-lang-yaml=\" greTunId \" pulumi-lang-java=\" greTunId \"\u003e gre_tun_id \u003c/span\u003eare set to null"},"primaryDestVips":{"type":"array","items":{"$ref":"#/types/zia:index/TrafficForwardingGRETunnelPrimaryDestVip:TrafficForwardingGRETunnelPrimaryDestVip"},"description":"The primary destination data center and virtual IP address (VIP) of the GRE tunnel"},"secondaryDestVips":{"type":"array","items":{"$ref":"#/types/zia:index/TrafficForwardingGRETunnelSecondaryDestVip:TrafficForwardingGRETunnelSecondaryDestVip"},"description":"The secondary destination data center and virtual IP address (VIP) of the GRE tunnel"},"sourceIp":{"type":"string","description":"The source IP address of the GRE tunnel. This is typically a static IP address in the organization or SD-WAN."},"withinCountry":{"type":"boolean","description":"Restrict the data center virtual IP addresses (VIPs) only to those within the same country as the source IP address"}},"requiredInputs":["sourceIp"],"stateInputs":{"description":"Input properties used for looking up and filtering TrafficForwardingGRETunnel resources.\n","properties":{"comment":{"type":"string","description":"Additional information about this GRE tunnel"},"countryCode":{"type":"string","description":"When\u003cspan pulumi-lang-nodejs=\" withinCountry \" pulumi-lang-dotnet=\" WithinCountry \" pulumi-lang-go=\" withinCountry \" pulumi-lang-python=\" within_country \" pulumi-lang-yaml=\" withinCountry \" pulumi-lang-java=\" withinCountry \"\u003e within_country \u003c/span\u003eis enabled, you must set this to the country code."},"internalIpRange":{"type":"string","description":"The start of the internal IP address in /29 CIDR range"},"ipUnnumbered":{"type":"boolean","description":"This is required to support the automated SD-WAN provisioning of GRE tunnels, when set to true\u003cspan pulumi-lang-nodejs=\" greTunIp \" pulumi-lang-dotnet=\" GreTunIp \" pulumi-lang-go=\" greTunIp \" pulumi-lang-python=\" gre_tun_ip \" pulumi-lang-yaml=\" greTunIp \" pulumi-lang-java=\" greTunIp \"\u003e gre_tun_ip \u003c/span\u003eand\u003cspan pulumi-lang-nodejs=\" greTunId \" pulumi-lang-dotnet=\" GreTunId \" pulumi-lang-go=\" greTunId \" pulumi-lang-python=\" gre_tun_id \" pulumi-lang-yaml=\" greTunId \" pulumi-lang-java=\" greTunId \"\u003e gre_tun_id \u003c/span\u003eare set to null"},"primaryDestVips":{"type":"array","items":{"$ref":"#/types/zia:index/TrafficForwardingGRETunnelPrimaryDestVip:TrafficForwardingGRETunnelPrimaryDestVip"},"description":"The primary destination data center and virtual IP address (VIP) of the GRE tunnel"},"secondaryDestVips":{"type":"array","items":{"$ref":"#/types/zia:index/TrafficForwardingGRETunnelSecondaryDestVip:TrafficForwardingGRETunnelSecondaryDestVip"},"description":"The secondary destination data center and virtual IP address (VIP) of the GRE tunnel"},"sourceIp":{"type":"string","description":"The source IP address of the GRE tunnel. This is typically a static IP address in the organization or SD-WAN."},"tunnelId":{"type":"integer","description":"The ID of the GRE tunnel."},"withinCountry":{"type":"boolean","description":"Restrict the data center virtual IP addresses (VIPs) only to those within the same country as the source IP address"}},"type":"object"}},"zia:index/trafficForwardingStaticIP:TrafficForwardingStaticIP":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-static-ip)\n* [API documentation](https://help.zscaler.com/zia/traffic-forwarding-0#/staticIP-get)\n\nThe **zia_traffic_forwarding_static_ip** resource allows the creation and management of static IP addresses in the Zscaler Internet Access cloud. The resource can then be associated with other resources such as:\n\n* VPN Credentials of type `IP`\n* Location Management\n* GRE Tunnel\n\n## 🎯 Automatic Coordinate Determination (v4.6.2+)\n\nStarting with **version 4.6.2**, the provider automatically determines latitude and longitude coordinates from the IP address, even when \u003cspan pulumi-lang-nodejs=\"`geoOverride \" pulumi-lang-dotnet=\"`GeoOverride \" pulumi-lang-go=\"`geoOverride \" pulumi-lang-python=\"`geo_override \" pulumi-lang-yaml=\"`geoOverride \" pulumi-lang-java=\"`geoOverride \"\u003e`geo_override \u003c/span\u003e= true`. This means:\n\n* ✅ **No manual coordinate lookups** - Provider handles it automatically\n* ✅ **No drift issues** - State always contains exact API values\n* ✅ **Simpler configuration** - Omit \u003cspan pulumi-lang-nodejs=\"`latitude`\" pulumi-lang-dotnet=\"`Latitude`\" pulumi-lang-go=\"`latitude`\" pulumi-lang-python=\"`latitude`\" pulumi-lang-yaml=\"`latitude`\" pulumi-lang-java=\"`latitude`\"\u003e`latitude`\u003c/span\u003e and \u003cspan pulumi-lang-nodejs=\"`longitude`\" pulumi-lang-dotnet=\"`Longitude`\" pulumi-lang-go=\"`longitude`\" pulumi-lang-python=\"`longitude`\" pulumi-lang-yaml=\"`longitude`\" pulumi-lang-java=\"`longitude`\"\u003e`longitude`\u003c/span\u003e for automatic determination\n* ✅ **Fully backward compatible** - Explicit coordinates still work if provided\n\n**In short:** You can now use \u003cspan pulumi-lang-nodejs=\"`geoOverride \" pulumi-lang-dotnet=\"`GeoOverride \" pulumi-lang-go=\"`geoOverride \" pulumi-lang-python=\"`geo_override \" pulumi-lang-yaml=\"`geoOverride \" pulumi-lang-java=\"`geoOverride \"\u003e`geo_override \u003c/span\u003e= true` without specifying coordinates! See examples below.\n\n## Example Usage\n\n### Example 1: Auto-Determined Coordinates (Recommended)\n\n```hcl\n# ZIA Traffic Forwarding - Static IP\n# The provider automatically determines latitude and longitude from the IP address\nresource \"zia_traffic_forwarding_static_ip\" \"example\"{\n    ip_address   = \"122.164.82.249\"\n    routable_ip  = true\n    comment      = \"Static IP with auto-determined coordinates\"\n    geo_override = true\n    # latitude and longitude are omitted - provider will auto-determine them\n    # State will be populated with exact API values (e.g., latitude=13.0895, longitude=80.2739)\n}\n```\n\n### Example 2: User-Specified Coordinates (Optional)\n\n```hcl\n# You can still explicitly provide coordinates if needed\nresource \"zia_traffic_forwarding_static_ip\" \"custom_location\"{\n    ip_address   = \"1.1.1.1\"\n    routable_ip  = true\n    comment      = \"Static IP with custom coordinates\"\n    geo_override = true\n    latitude     = -36.848461\n    longitude    = 174.763336\n}\n```\n\n### Example 3: Automatic Geolocation (geo_override = false)\n\n```hcl\n# When geo_override is false or omitted, all geo information is auto-determined\nresource \"zia_traffic_forwarding_static_ip\" \"auto_geo\"{\n    ip_address  = \"8.8.8.8\"\n    routable_ip = true\n    comment     = \"Fully automatic geolocation\"\n    # geo_override defaults to false\n    # latitude and longitude auto-determined and populated in state\n}\n```\n\n## How Latitude and Longitude Are Determined\n\nThe provider handles coordinates intelligently based on your configuration:\n\n### When \u003cspan pulumi-lang-nodejs=\"`geoOverride \" pulumi-lang-dotnet=\"`GeoOverride \" pulumi-lang-go=\"`geoOverride \" pulumi-lang-python=\"`geo_override \" pulumi-lang-yaml=\"`geoOverride \" pulumi-lang-java=\"`geoOverride \"\u003e`geo_override \u003c/span\u003e= false` (or omitted)\n* ✅ **Provider behavior**: Latitude and longitude are automatically determined by the ZIA API based on the IP address\n* ✅ **State file**: Will contain the API-determined coordinates\n* ✅ **User action**: None required - fully automatic\n\n### When \u003cspan pulumi-lang-nodejs=\"`geoOverride \" pulumi-lang-dotnet=\"`GeoOverride \" pulumi-lang-go=\"`geoOverride \" pulumi-lang-python=\"`geo_override \" pulumi-lang-yaml=\"`geoOverride \" pulumi-lang-java=\"`geoOverride \"\u003e`geo_override \u003c/span\u003e= true` WITHOUT coordinates\n* ✅ **Provider behavior**:\n  1. Creates the static IP with \u003cspan pulumi-lang-nodejs=\"`geoOverride \" pulumi-lang-dotnet=\"`GeoOverride \" pulumi-lang-go=\"`geoOverride \" pulumi-lang-python=\"`geo_override \" pulumi-lang-yaml=\"`geoOverride \" pulumi-lang-java=\"`geoOverride \"\u003e`geo_override \u003c/span\u003e= false` first\n  2. Retrieves the auto-determined coordinates from the API\n  3. Updates the static IP with \u003cspan pulumi-lang-nodejs=\"`geoOverride \" pulumi-lang-dotnet=\"`GeoOverride \" pulumi-lang-go=\"`geoOverride \" pulumi-lang-python=\"`geo_override \" pulumi-lang-yaml=\"`geoOverride \" pulumi-lang-java=\"`geoOverride \"\u003e`geo_override \u003c/span\u003e= true` using those coordinates\n* ✅ **State file**: Will contain the auto-determined coordinates\n* ✅ **User action**: None required - provider handles it automatically\n* ✅ **Result**: You get \u003cspan pulumi-lang-nodejs=\"`geoOverride \" pulumi-lang-dotnet=\"`GeoOverride \" pulumi-lang-go=\"`geoOverride \" pulumi-lang-python=\"`geo_override \" pulumi-lang-yaml=\"`geoOverride \" pulumi-lang-java=\"`geoOverride \"\u003e`geo_override \u003c/span\u003e= true` without manually looking up coordinates\n\n### When \u003cspan pulumi-lang-nodejs=\"`geoOverride \" pulumi-lang-dotnet=\"`GeoOverride \" pulumi-lang-go=\"`geoOverride \" pulumi-lang-python=\"`geo_override \" pulumi-lang-yaml=\"`geoOverride \" pulumi-lang-java=\"`geoOverride \"\u003e`geo_override \u003c/span\u003e= true` WITH coordinates\n* ✅ **Provider behavior**: Uses your specified coordinates\n* ✅ **State file**: Will contain the exact values returned by the API (may have minor precision adjustments)\n* ✅ **User action**: Provide \u003cspan pulumi-lang-nodejs=\"`latitude`\" pulumi-lang-dotnet=\"`Latitude`\" pulumi-lang-go=\"`latitude`\" pulumi-lang-python=\"`latitude`\" pulumi-lang-yaml=\"`latitude`\" pulumi-lang-java=\"`latitude`\"\u003e`latitude`\u003c/span\u003e and \u003cspan pulumi-lang-nodejs=\"`longitude`\" pulumi-lang-dotnet=\"`Longitude`\" pulumi-lang-go=\"`longitude`\" pulumi-lang-python=\"`longitude`\" pulumi-lang-yaml=\"`longitude`\" pulumi-lang-java=\"`longitude`\"\u003e`longitude`\u003c/span\u003e values\n* ✅ **Result**: Your custom coordinates are used\n\n### Key Benefits\n* 🎯 **No drift issues** - State always contains exact API values\n* 🎯 **No manual lookups** - API determines accurate coordinates from IP\n* 🎯 **Flexible** - Can override coordinates when needed\n* 🎯 **Always accurate** - Coordinates match the IP address geolocation\n\n## Common Use Cases\n\n### Use Case 1: GRE Tunnel with Auto-Determined Coordinates\n\n```hcl\n# Create static IP without specifying coordinates\nresource \"zia_traffic_forwarding_static_ip\" \"gre_endpoint\" {\n    ip_address   = \"203.0.113.10\"\n    routable_ip  = true\n    comment      = \"GRE tunnel endpoint\"\n    geo_override = true\n}\n\n# Use the static IP with GRE VIP recommendation\ndata \"zia_traffic_forwarding_gre_vip_recommended_list\" \"vips\" {\n    source_ip      = zia_traffic_forwarding_static_ip.gre_endpoint.ip_address\n    required_count = 2\n}\n\n# Create GRE tunnel\nresource \"zia_traffic_forwarding_gre_tunnel\" \"main\" {\n    source_ip      = zia_traffic_forwarding_static_ip.gre_endpoint.ip_address\n    comment        = \"Main GRE tunnel\"\n    within_country = false\n    ip_unnumbered  = false\n\n    primary_dest_vip {\n        datacenter = data.zia_traffic_forwarding_gre_vip_recommended_list.vips.list[0].datacenter\n        id         = data.zia_traffic_forwarding_gre_vip_recommended_list.vips.list[0].id\n        virtual_ip = data.zia_traffic_forwarding_gre_vip_recommended_list.vips.list[0].virtual_ip\n    }\n\n    secondary_dest_vip {\n        datacenter = data.zia_traffic_forwarding_gre_vip_recommended_list.vips.list[1].datacenter\n        id         = data.zia_traffic_forwarding_gre_vip_recommended_list.vips.list[1].id\n        virtual_ip = data.zia_traffic_forwarding_gre_vip_recommended_list.vips.list[1].virtual_ip\n    }\n}\n\n# Output showing auto-determined coordinates\noutput \"static_ip_coordinates\" {\n    value = {\n        ip        = zia_traffic_forwarding_static_ip.gre_endpoint.ip_address\n        latitude  = zia_traffic_forwarding_static_ip.gre_endpoint.latitude\n        longitude = zia_traffic_forwarding_static_ip.gre_endpoint.longitude\n    }\n}\n```\n\n### Use Case 2: Multiple Static IPs with\u003cspan pulumi-lang-nodejs=\" forEach\n\" pulumi-lang-dotnet=\" ForEach\n\" pulumi-lang-go=\" forEach\n\" pulumi-lang-python=\" for_each\n\" pulumi-lang-yaml=\" forEach\n\" pulumi-lang-java=\" forEach\n\"\u003e for_each\n\u003c/span\u003e\n```hcl\nlocals {\n    office_ips = {\n        mumbai     = \"103.21.244.1\"\n        chennai    = \"122.164.82.249\"\n        singapore  = \"203.0.113.50\"\n        tokyo      = \"203.0.113.100\"\n    }\n}\n\n# Create multiple static IPs without specifying coordinates\nresource \"zia_traffic_forwarding_static_ip\" \"offices\" {\n    for_each = local.office_ips\n\n    ip_address   = each.value\n    routable_ip  = true\n    comment      = \"Office in ${each.key}\"\n    geo_override = true\n    # No coordinates specified for any of them!\n    # Provider auto-determines all coordinates\n}\n\n# Output all coordinates\noutput \"office_coordinates\" {\n    value = {\n        for name, ip in zia_traffic_forwarding_static_ip.offices :\n        name =\u003e {\n            ip_address = ip.ip_address\n            latitude   = ip.latitude\n            longitude  = ip.longitude\n        }\n    }\n}\n```\n\n### Use Case 3: VPN Credentials Integration\n\n```hcl\n# Static IP with auto-determined coordinates\nresource \"zia_traffic_forwarding_static_ip\" \"vpn_endpoint\" {\n    ip_address   = \"198.51.100.25\"\n    routable_ip  = true\n    comment      = \"VPN endpoint\"\n    geo_override = true\n}\n\n# VPN credentials using the static IP\nresource \"zia_traffic_forwarding_vpn_credentials\" \"branch_office\" {\n    type        = \"IP\"\n    ip_address  = zia_traffic_forwarding_static_ip.vpn_endpoint.ip_address\n    comments    = \"Branch office VPN\"\n}\n```\n\n## Frequently Asked Questions (FAQ)\n\n### Q: Do I need to specify latitude and longitude when using\u003cspan pulumi-lang-nodejs=\" geoOverride \" pulumi-lang-dotnet=\" GeoOverride \" pulumi-lang-go=\" geoOverride \" pulumi-lang-python=\" geo_override \" pulumi-lang-yaml=\" geoOverride \" pulumi-lang-java=\" geoOverride \"\u003e geo_override \u003c/span\u003e= true?\n\n**A:** No! The provider will automatically determine coordinates from the IP address if you don't provide them. This is the **recommended approach** to avoid drift issues.\n\n### Q: What if I want to use specific coordinates?\n\n**A:** You can still provide \u003cspan pulumi-lang-nodejs=\"`latitude`\" pulumi-lang-dotnet=\"`Latitude`\" pulumi-lang-go=\"`latitude`\" pulumi-lang-python=\"`latitude`\" pulumi-lang-yaml=\"`latitude`\" pulumi-lang-java=\"`latitude`\"\u003e`latitude`\u003c/span\u003e and \u003cspan pulumi-lang-nodejs=\"`longitude`\" pulumi-lang-dotnet=\"`Longitude`\" pulumi-lang-go=\"`longitude`\" pulumi-lang-python=\"`longitude`\" pulumi-lang-yaml=\"`longitude`\" pulumi-lang-java=\"`longitude`\"\u003e`longitude`\u003c/span\u003e explicitly. The provider will use your values if provided.\n\n### Q: Will there be drift if I don't specify coordinates?\n\n**A:** No! The state file will contain the exact coordinates returned by the ZIA API. Subsequent `pulumi preview` commands will show no changes.\n\n### Q: What happens if I provide coordinates that don't match the IP location?\n\n**A:** The API will accept your coordinates, but they may be adjusted for precision. The state file will always reflect the actual API response values.\n\n### Q: Can I change from auto-determined to custom coordinates later?\n\n**A:** Yes! Simply add \u003cspan pulumi-lang-nodejs=\"`latitude`\" pulumi-lang-dotnet=\"`Latitude`\" pulumi-lang-go=\"`latitude`\" pulumi-lang-python=\"`latitude`\" pulumi-lang-yaml=\"`latitude`\" pulumi-lang-java=\"`latitude`\"\u003e`latitude`\u003c/span\u003e and \u003cspan pulumi-lang-nodejs=\"`longitude`\" pulumi-lang-dotnet=\"`Longitude`\" pulumi-lang-go=\"`longitude`\" pulumi-lang-python=\"`longitude`\" pulumi-lang-yaml=\"`longitude`\" pulumi-lang-java=\"`longitude`\"\u003e`longitude`\u003c/span\u003e to your configuration and run `pulumi up`. The provider will update the static IP with your custom coordinates.\n\n### Q: What precision does the API use for coordinates?\n\n**A:** The API typically returns 4-7 decimal places depending on the IP location. The provider stores these exact values without rounding.\n\n### Q: Why does my state show\u003cspan pulumi-lang-nodejs=\" geoOverride \" pulumi-lang-dotnet=\" GeoOverride \" pulumi-lang-go=\" geoOverride \" pulumi-lang-python=\" geo_override \" pulumi-lang-yaml=\" geoOverride \" pulumi-lang-java=\" geoOverride \"\u003e geo_override \u003c/span\u003e= true but I didn't set it?\n\n**A:** The \u003cspan pulumi-lang-nodejs=\"`geoOverride`\" pulumi-lang-dotnet=\"`GeoOverride`\" pulumi-lang-go=\"`geoOverride`\" pulumi-lang-python=\"`geo_override`\" pulumi-lang-yaml=\"`geoOverride`\" pulumi-lang-java=\"`geoOverride`\"\u003e`geo_override`\u003c/span\u003e attribute has `Computed: true`, meaning it's populated from the API response. The API may set it based on other factors.\n\n## Troubleshooting\n\n### Error: \"Missing geo Coordinates\"\n\nThis error should no longer occur with the updated provider. If you still see it:\n\n1. Ensure you're using provider version 4.6.2 or later\n2. Check if coordinates are being populated: `terraform state show zia_traffic_forwarding_static_ip.\u003cname\u003e`\n3. Enable debug logging: `export TF_LOG=DEBUG` and check for auto-population messages\n\n### Unexpected Drift Detected\n\nIf `pulumi preview` shows coordinate changes:\n\n1. **Solution**: Remove explicit \u003cspan pulumi-lang-nodejs=\"`latitude`\" pulumi-lang-dotnet=\"`Latitude`\" pulumi-lang-go=\"`latitude`\" pulumi-lang-python=\"`latitude`\" pulumi-lang-yaml=\"`latitude`\" pulumi-lang-java=\"`latitude`\"\u003e`latitude`\u003c/span\u003e and \u003cspan pulumi-lang-nodejs=\"`longitude`\" pulumi-lang-dotnet=\"`Longitude`\" pulumi-lang-go=\"`longitude`\" pulumi-lang-python=\"`longitude`\" pulumi-lang-yaml=\"`longitude`\" pulumi-lang-java=\"`longitude`\"\u003e`longitude`\u003c/span\u003e from your configuration\n2. **Reason**: API values may differ slightly from user-provided values due to precision\n3. **After removal**: Run `pulumi up` once - state will sync with API values\n4. **Future plans**: Will show no changes\n\n### Coordinates Not in Expected Location\n\nThe coordinates reflect the IP address's actual geolocation as determined by Zscaler's geolocation database. If you need different coordinates:\n\n1. Set \u003cspan pulumi-lang-nodejs=\"`geoOverride \" pulumi-lang-dotnet=\"`GeoOverride \" pulumi-lang-go=\"`geoOverride \" pulumi-lang-python=\"`geo_override \" pulumi-lang-yaml=\"`geoOverride \" pulumi-lang-java=\"`geoOverride \"\u003e`geo_override \u003c/span\u003e= true`\n2. Provide your desired \u003cspan pulumi-lang-nodejs=\"`latitude`\" pulumi-lang-dotnet=\"`Latitude`\" pulumi-lang-go=\"`latitude`\" pulumi-lang-python=\"`latitude`\" pulumi-lang-yaml=\"`latitude`\" pulumi-lang-java=\"`latitude`\"\u003e`latitude`\u003c/span\u003e and \u003cspan pulumi-lang-nodejs=\"`longitude`\" pulumi-lang-dotnet=\"`Longitude`\" pulumi-lang-go=\"`longitude`\" pulumi-lang-python=\"`longitude`\" pulumi-lang-yaml=\"`longitude`\" pulumi-lang-java=\"`longitude`\"\u003e`longitude`\u003c/span\u003e explicitly\n3. The API will use your values\n\n## Best Practices\n\n### ✅ Recommended: Let the Provider Auto-Determine Coordinates\n\n```hcl\nresource \"zia_traffic_forwarding_static_ip\" \"best_practice\" {\n    ip_address   = \"203.0.113.10\"\n    routable_ip  = true\n    comment      = \"Production endpoint\"\n    geo_override = true\n    # Omit latitude and longitude\n    # Provider will auto-determine accurate coordinates\n    # No drift, no manual lookups, always accurate\n}\n```\n\n**Why this is recommended:**\n\n* ✅ No manual coordinate lookups required\n* ✅ Zero drift - state always matches API\n* ✅ Accurate - API knows the correct geolocation for each IP\n* ✅ Maintainable - no hardcoded coordinates to update\n\n### ⚠️ Use Custom Coordinates Only When Necessary\n\nOnly provide explicit coordinates if you have a specific requirement:\n\n```hcl\nresource \"zia_traffic_forwarding_static_ip\" \"custom\" {\n    ip_address   = \"203.0.113.10\"\n    routable_ip  = true\n    comment      = \"Custom location for testing\"\n    geo_override = true\n    latitude     = 40.7128   # Only if you need specific coordinates\n    longitude    = -74.0060  # Only if you need specific coordinates\n}\n```\n\n**When to use custom coordinates:**\n\n* Testing with specific geographic locations\n* Compliance requirements for specific geo-coordinates\n* Override API's geolocation database for special cases\n\n## Migration Guide for Existing Users\n\nIf you're upgrading from an older provider version (\u003c 4.6.2), you may have configurations like this:\n\n### Old Configuration (Still Works, But Not Recommended)\n\n```hcl\nresource \"zia_traffic_forwarding_static_ip\" \"old_style\" {\n    ip_address   = \"122.164.82.249\"\n    routable_ip  = true\n    comment      = \"Old configuration\"\n    geo_override = true\n    latitude     = 13.0895   # Manually specified\n    longitude    = 80.2739   # Manually specified\n}\n```\n\n### Migrating to New Approach (Recommended)\n\n**Step 1:** Remove \u003cspan pulumi-lang-nodejs=\"`latitude`\" pulumi-lang-dotnet=\"`Latitude`\" pulumi-lang-go=\"`latitude`\" pulumi-lang-python=\"`latitude`\" pulumi-lang-yaml=\"`latitude`\" pulumi-lang-java=\"`latitude`\"\u003e`latitude`\u003c/span\u003e and \u003cspan pulumi-lang-nodejs=\"`longitude`\" pulumi-lang-dotnet=\"`Longitude`\" pulumi-lang-go=\"`longitude`\" pulumi-lang-python=\"`longitude`\" pulumi-lang-yaml=\"`longitude`\" pulumi-lang-java=\"`longitude`\"\u003e`longitude`\u003c/span\u003e from your configuration\n\n```hcl\nresource \"zia_traffic_forwarding_static_ip\" \"old_style\" {\n    ip_address   = \"122.164.82.249\"\n    routable_ip  = true\n    comment      = \"Migrated configuration\"\n    geo_override = true\n    # Removed: latitude and longitude\n}\n```\n\n**Step 2:** Run `pulumi preview`\n\n```bash\npulumi preview\n```\n\nYou'll see Terraform wants to update the resource (to remove explicitly set coordinates from state).\n\n**Step 3:** Apply the changes\n\n```bash\npulumi up\n```\n\nThe provider will:\n\n* Keep the same static IP (no destruction)\n* Auto-determine coordinates from the IP\n* Update state with API values\n* No infrastructure change - just cleaner config!\n\n**Step 4:** Verify no drift\n\n```bash\npulumi preview\n# Expected: No changes. Your infrastructure matches the configuration.\n```\n\n### Migration Example: Full Before/After\n\n**Before Migration:**\n\n```hcl\n# ❌ Old way - manual coordinates required\nresource \"zia_traffic_forwarding_static_ip\" \"chennai\" {\n    ip_address   = \"122.164.82.249\"\n    routable_ip  = true\n    comment      = \"Chennai office\"\n    geo_override = true\n    latitude     = 13.0895   # Had to look this up\n    longitude    = 80.2739   # Had to look this up\n}\n\nresource \"zia_traffic_forwarding_static_ip\" \"mumbai\" {\n    ip_address   = \"103.21.244.1\"\n    routable_ip  = true\n    comment      = \"Mumbai office\"\n    geo_override = true\n    latitude     = 19.0760   # Had to look this up\n    longitude    = 72.8777   # Had to look this up\n}\n```\n\n**After Migration:**\n\n```hcl\n# ✅ New way - auto-determined coordinates\nresource \"zia_traffic_forwarding_static_ip\" \"chennai\" {\n    ip_address   = \"122.164.82.249\"\n    routable_ip  = true\n    comment      = \"Chennai office\"\n    geo_override = true\n    # No coordinates needed!\n}\n\nresource \"zia_traffic_forwarding_static_ip\" \"mumbai\" {\n    ip_address   = \"103.21.244.1\"\n    routable_ip  = true\n    comment      = \"Mumbai office\"\n    geo_override = true\n    # No coordinates needed!\n}\n```\n\n**Migration Impact:**\n\n* Configuration: 8 lines removed (cleaner)\n* API calls: No additional overhead after migration\n* Drift: Eliminated\n* Maintenance: Easier\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\nStatic IP resources can be imported by using `\u003cSTATIC IP ID\u003e` or `\u003cIP ADDRESS\u003e` as the import ID.\n\n### Import by Static IP ID\n\n```sh\n$ pulumi import zia:index/trafficForwardingStaticIP:TrafficForwardingStaticIP example \u003cstatic_ip_id\u003e\n```\n\nExample:\n\n```sh\n$ pulumi import zia:index/trafficForwardingStaticIP:TrafficForwardingStaticIP chennai 3030759\n```\n\n### Import by IP Address\n\n```sh\n$ pulumi import zia:index/trafficForwardingStaticIP:TrafficForwardingStaticIP example \u003cip_address\u003e\n```\n\nExample:\n\n```sh\n$ pulumi import zia:index/trafficForwardingStaticIP:TrafficForwardingStaticIP chennai 122.164.82.249\n```\n\n**After Import:**\n\n* The state will include all attributes including latitude and longitude\n* You can omit coordinates from your configuration - state will remain accurate\n* Run `pulumi preview` to see what configuration should look like\n\n","properties":{"comment":{"type":"string","description":"Additional information about this static IP address"},"geoOverride":{"type":"boolean","description":"If not set, geographic coordinates and city are automatically determined from the IP address. Otherwise, the latitude and longitude coordinates must be provided."},"ipAddress":{"type":"string","description":"The static IP address"},"latitude":{"type":"number","description":"Latitude with 7 digit precision after decimal point, ranges between -90 and 90 degrees. If not provided, the API will automatically determine it from the IP address."},"longitude":{"type":"number","description":"Longitude with 7 digit precision after decimal point, ranges between -180 and 180 degrees. If not provided, the API will automatically determine it from the IP address."},"routableIp":{"type":"boolean","description":"Indicates whether a non-RFC 1918 IP address is publicly routable. This attribute is ignored if there is no ZIA Private Service Edge associated to the organization."},"staticIpId":{"type":"integer","description":"The ID of the Static IP."}},"required":["geoOverride","ipAddress","latitude","longitude","routableIp","staticIpId"],"inputProperties":{"comment":{"type":"string","description":"Additional information about this static IP address"},"geoOverride":{"type":"boolean","description":"If not set, geographic coordinates and city are automatically determined from the IP address. Otherwise, the latitude and longitude coordinates must be provided."},"ipAddress":{"type":"string","description":"The static IP address","willReplaceOnChanges":true},"latitude":{"type":"number","description":"Latitude with 7 digit precision after decimal point, ranges between -90 and 90 degrees. If not provided, the API will automatically determine it from the IP address."},"longitude":{"type":"number","description":"Longitude with 7 digit precision after decimal point, ranges between -180 and 180 degrees. If not provided, the API will automatically determine it from the IP address."},"routableIp":{"type":"boolean","description":"Indicates whether a non-RFC 1918 IP address is publicly routable. This attribute is ignored if there is no ZIA Private Service Edge associated to the organization."}},"requiredInputs":["ipAddress"],"stateInputs":{"description":"Input properties used for looking up and filtering TrafficForwardingStaticIP resources.\n","properties":{"comment":{"type":"string","description":"Additional information about this static IP address"},"geoOverride":{"type":"boolean","description":"If not set, geographic coordinates and city are automatically determined from the IP address. Otherwise, the latitude and longitude coordinates must be provided."},"ipAddress":{"type":"string","description":"The static IP address","willReplaceOnChanges":true},"latitude":{"type":"number","description":"Latitude with 7 digit precision after decimal point, ranges between -90 and 90 degrees. If not provided, the API will automatically determine it from the IP address."},"longitude":{"type":"number","description":"Longitude with 7 digit precision after decimal point, ranges between -180 and 180 degrees. If not provided, the API will automatically determine it from the IP address."},"routableIp":{"type":"boolean","description":"Indicates whether a non-RFC 1918 IP address is publicly routable. This attribute is ignored if there is no ZIA Private Service Edge associated to the organization."},"staticIpId":{"type":"integer","description":"The ID of the Static IP."}},"type":"object"}},"zia:index/trafficForwardingVPNCredentials:TrafficForwardingVPNCredentials":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-vpn-credentials)\n* [API documentation](https://help.zscaler.com/zia/traffic-forwarding-0#/vpnCredentials-get)\n\nThe **zia_traffic_forwarding_vpn_credentials** creates and manages VPN credentials that can be associated to locations. VPN is one way to route traffic from customer locations to the cloud. Site-to-site IPSec VPN credentials can be identified by the cloud through one of the following methods:\n\n* Common Name (CN) of IPSec Certificate\n* VPN User FQDN - requires VPN_SITE_TO_SITE subscription\n* VPN IP Address - requires VPN_SITE_TO_SITE subscription\n* Extended Authentication (XAUTH) or hosted mobile UserID - requires VPN_MOBILE subscription\n\n## Example Usage\n\n```hcl\n######### PASSWORDS IN THIS FILE ARE FAKE AND NOT USED IN PRODUCTION SYSTEMS #########\n# ZIA Traffic Forwarding - VPN Credentials (UFQDN)\nresource \"zia_traffic_forwarding_vpn_credentials\" \"example\"{\n    type            = \"UFQDN\"\n    fqdn            = \"sjc-1-37@acme.com\"\n    comments        = \"Example\"\n    pre_shared_key = \"*********************\"\n}\n```\n\n```hcl\n# ZIA Traffic Forwarding - VPN Credentials (IP)\n######### PASSWORDS IN THIS FILE ARE FAKE AND NOT USED IN PRODUCTION SYSTEMS #########\nresource \"zia_traffic_forwarding_vpn_credentials\" \"example\"{\n    type            = \"IP\"\n    ip_address      = zia_traffic_forwarding_static_ip.example.ip_address\n    comments        = \"Example\"\n    pre_shared_key  = \"*********************\"\n    depends_on = [ zia_traffic_forwarding_static_ip.example ]\n}\n\nresource \"zia_traffic_forwarding_static_ip\" \"example\"{\n    ip_address      =  \"1.1.1.1\"\n    routable_ip     = true\n    comment         = \"Example\"\n    geo_override    = true\n    latitude        = -36.848461\n    longitude       = 174.763336\n}\n```\n\n\u003e **NOTE** For VPN Credentials of Type `IP` a static IP resource must be created first.\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_traffic_forwarding_vpn_credentials** can be imported by using one of the following prefixes as the import ID:\n\n* `'IP'` - Imports all VPN Credentials of type IP\n\n```sh\n$ pulumi import zia:index/trafficForwardingVPNCredentials:TrafficForwardingVPNCredentials example 'IP'\n```\n\n* `'UFQDN'` - Imports all VPN Credentials of type UFQDN\n\n```sh\n$ pulumi import zia:index/trafficForwardingVPNCredentials:TrafficForwardingVPNCredentials this 'UFQDN'\n```\n\n* `UFQDN'` - Imports a VPN Credentials of type UFQDN containing a specific UFQDN address\n\n```sh\n$ pulumi import zia:index/trafficForwardingVPNCredentials:TrafficForwardingVPNCredentials example 'testvpn@example.com'\n```\n\n* `IP Address'` - Imports a VPN Credentials of type IP containing a specific IP address\n\n```sh\n$ pulumi import zia:index/trafficForwardingVPNCredentials:TrafficForwardingVPNCredentials example '1.1.1.1'\n```\n\n","properties":{"comments":{"type":"string"},"fqdn":{"type":"string","description":"Fully Qualified Domain Name. Applicable only to `UFQDN` or `XAUTH` (or `HOSTED_MOBILE_USERS`) auth type.\n"},"ipAddress":{"type":"string"},"preSharedKey":{"type":"string","description":"Pre-shared key. This is a required field for UFQDN and IP auth type.\n","secret":true},"type":{"type":"string","description":"VPN authentication type (i.e., how the VPN credential is sent to the server). It is not modifiable after VpnCredential is created. The supported values are: `UFQDN` and `IP`\n"},"vpnId":{"type":"integer"}},"required":["vpnId"],"inputProperties":{"comments":{"type":"string"},"fqdn":{"type":"string","description":"Fully Qualified Domain Name. Applicable only to `UFQDN` or `XAUTH` (or `HOSTED_MOBILE_USERS`) auth type.\n","willReplaceOnChanges":true},"ipAddress":{"type":"string","willReplaceOnChanges":true},"preSharedKey":{"type":"string","description":"Pre-shared key. This is a required field for UFQDN and IP auth type.\n","secret":true,"willReplaceOnChanges":true},"type":{"type":"string","description":"VPN authentication type (i.e., how the VPN credential is sent to the server). It is not modifiable after VpnCredential is created. The supported values are: `UFQDN` and `IP`\n","willReplaceOnChanges":true}},"stateInputs":{"description":"Input properties used for looking up and filtering TrafficForwardingVPNCredentials resources.\n","properties":{"comments":{"type":"string"},"fqdn":{"type":"string","description":"Fully Qualified Domain Name. Applicable only to `UFQDN` or `XAUTH` (or `HOSTED_MOBILE_USERS`) auth type.\n","willReplaceOnChanges":true},"ipAddress":{"type":"string","willReplaceOnChanges":true},"preSharedKey":{"type":"string","description":"Pre-shared key. This is a required field for UFQDN and IP auth type.\n","secret":true,"willReplaceOnChanges":true},"type":{"type":"string","description":"VPN authentication type (i.e., how the VPN credential is sent to the server). It is not modifiable after VpnCredential is created. The supported values are: `UFQDN` and `IP`\n","willReplaceOnChanges":true},"vpnId":{"type":"integer"}},"type":"object"}},"zia:index/uRLCategories:URLCategories":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-url-categories)\n* [API documentation](https://help.zscaler.com/zia/url-categories#/urlCategories-get)\n\nThe **zia_url_categories** resource creates and manages a new custom URL category. If keywords are included within the request, they will be added to the new category.\n\n## Example Usage\n\n```hcl\nresource \"zia_url_categories\" \"example\" {\n  super_category      = \"USER_DEFINED\"\n  configured_name     = \"MCAS Unsanctioned Apps\"\n  description         = \"MCAS Unsanctioned Apps\"\n  keywords            = [\"microsoft\"]\n  custom_category     = true\n  type                = \"URL_CATEGORY\"\n  scopes {\n    type = \"LOCATION\"\n    scope_entities {\n      id = [ data.zia_location_management.nyc_site.id ]\n    }\n    scope_group_member_entities {\n      id = [ data.zia_group_management.engineering.id ]\n    }\n  }\n  urls = [\n    \".coupons.com\",\n    \".resource.alaskaair.net\",\n    \".techrepublic.com\",\n    \".dailymotion.com\",\n    \".osiriscomm.com\",\n    \".uefa.com\",\n    \".Logz.io\",\n    \".alexa.com\",\n    \".baidu.com\",\n    \".cnn.com\",\n    \".level3.com\",\n  ]\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_url_categories** can be imported by using `\u003cCATEGORY_ID\u003e` or `\u003cCATEGORY_NAME\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/uRLCategories:URLCategories example \u003ccategory_id\u003e\n```\n\nor\n\n```sh\n$ pulumi import zia:index/uRLCategories:URLCategories example \u003ccategory_name\u003e\n```\n\n⚠️ **NOTE :**:  This provider only supports the importing of custom URL categories. The importing of built-in categories is not supported.\n\n","properties":{"categoryId":{"type":"string"},"configuredName":{"type":"string","description":"Name of the URL category. This is only required for custom URL categories.\n"},"customCategory":{"type":"boolean"},"customIpRangesCount":{"type":"integer"},"customUrlsCount":{"type":"integer"},"dbCategorizedUrls":{"type":"array","items":{"type":"string"}},"description":{"type":"string"},"editable":{"type":"boolean"},"ipRanges":{"type":"array","items":{"type":"string"}},"ipRangesRetainingParentCategories":{"type":"array","items":{"type":"string"}},"ipRangesRetainingParentCategoryCount":{"type":"integer"},"keywords":{"type":"array","items":{"type":"string"}},"keywordsRetainingParentCategories":{"type":"array","items":{"type":"string"}},"regexPatterns":{"type":"array","items":{"type":"string"}},"regexPatternsRetainingParentCategories":{"type":"array","items":{"type":"string"}},"scopes":{"type":"array","items":{"$ref":"#/types/zia:index/URLCategoriesScope:URLCategoriesScope"}},"superCategory":{"type":"string","description":"Super Category of the URL category. This field is required when creating custom URL categories. See the [URL Categories API](https://help.zscaler.com/zia/url-categories#/urlCategories-get) for the list of available super categories\n"},"type":{"type":"string"},"urlKeywordCounts":{"$ref":"#/types/zia:index/URLCategoriesUrlKeywordCounts:URLCategoriesUrlKeywordCounts"},"urlType":{"type":"string"},"urls":{"type":"array","items":{"type":"string"}},"urlsRetainingParentCategoryCount":{"type":"integer"},"val":{"type":"integer","description":"The unique ID for the URL category."}},"required":["categoryId","customIpRangesCount","customUrlsCount","editable","ipRangesRetainingParentCategoryCount","superCategory","urlKeywordCounts","urlType","urlsRetainingParentCategoryCount","val"],"inputProperties":{"configuredName":{"type":"string","description":"Name of the URL category. This is only required for custom URL categories.\n"},"customCategory":{"type":"boolean"},"customIpRangesCount":{"type":"integer"},"customUrlsCount":{"type":"integer"},"dbCategorizedUrls":{"type":"array","items":{"type":"string"}},"description":{"type":"string"},"editable":{"type":"boolean"},"ipRanges":{"type":"array","items":{"type":"string"}},"ipRangesRetainingParentCategories":{"type":"array","items":{"type":"string"}},"ipRangesRetainingParentCategoryCount":{"type":"integer"},"keywords":{"type":"array","items":{"type":"string"}},"keywordsRetainingParentCategories":{"type":"array","items":{"type":"string"}},"regexPatterns":{"type":"array","items":{"type":"string"}},"regexPatternsRetainingParentCategories":{"type":"array","items":{"type":"string"}},"scopes":{"type":"array","items":{"$ref":"#/types/zia:index/URLCategoriesScope:URLCategoriesScope"}},"superCategory":{"type":"string","description":"Super Category of the URL category. This field is required when creating custom URL categories. See the [URL Categories API](https://help.zscaler.com/zia/url-categories#/urlCategories-get) for the list of available super categories\n"},"type":{"type":"string"},"urlKeywordCounts":{"$ref":"#/types/zia:index/URLCategoriesUrlKeywordCounts:URLCategoriesUrlKeywordCounts"},"urlType":{"type":"string"},"urls":{"type":"array","items":{"type":"string"}},"urlsRetainingParentCategoryCount":{"type":"integer"}},"stateInputs":{"description":"Input properties used for looking up and filtering URLCategories resources.\n","properties":{"categoryId":{"type":"string"},"configuredName":{"type":"string","description":"Name of the URL category. This is only required for custom URL categories.\n"},"customCategory":{"type":"boolean"},"customIpRangesCount":{"type":"integer"},"customUrlsCount":{"type":"integer"},"dbCategorizedUrls":{"type":"array","items":{"type":"string"}},"description":{"type":"string"},"editable":{"type":"boolean"},"ipRanges":{"type":"array","items":{"type":"string"}},"ipRangesRetainingParentCategories":{"type":"array","items":{"type":"string"}},"ipRangesRetainingParentCategoryCount":{"type":"integer"},"keywords":{"type":"array","items":{"type":"string"}},"keywordsRetainingParentCategories":{"type":"array","items":{"type":"string"}},"regexPatterns":{"type":"array","items":{"type":"string"}},"regexPatternsRetainingParentCategories":{"type":"array","items":{"type":"string"}},"scopes":{"type":"array","items":{"$ref":"#/types/zia:index/URLCategoriesScope:URLCategoriesScope"}},"superCategory":{"type":"string","description":"Super Category of the URL category. This field is required when creating custom URL categories. See the [URL Categories API](https://help.zscaler.com/zia/url-categories#/urlCategories-get) for the list of available super categories\n"},"type":{"type":"string"},"urlKeywordCounts":{"$ref":"#/types/zia:index/URLCategoriesUrlKeywordCounts:URLCategoriesUrlKeywordCounts"},"urlType":{"type":"string"},"urls":{"type":"array","items":{"type":"string"}},"urlsRetainingParentCategoryCount":{"type":"integer"},"val":{"type":"integer","description":"The unique ID for the URL category."}},"type":"object"}},"zia:index/uRLCategoriesPredefined:URLCategoriesPredefined":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-url-categories)\n* [API documentation](https://help.zscaler.com/zia/url-categories#/urlCategories-get)\n\nThe **zia_url_categories_predefined** resource allows you to manage mutable fields of existing predefined URL categories. Predefined URL categories are built-in to the Zscaler platform and cannot be created or deleted — only specific fields can be updated.\n\n\u003e NOTE: This an Early Access feature.\n\nThis resource is designed for use cases where you need to add custom URLs, keywords, or IP ranges to a predefined category such as `FINANCE`, `CORPORATE_MARKETING`, etc.\n\n\u003e For managing **custom** URL categories (full CRUD lifecycle), use the \u003cspan pulumi-lang-nodejs=\"`zia.URLCategories`\" pulumi-lang-dotnet=\"`zia.URLCategories`\" pulumi-lang-go=\"`URLCategories`\" pulumi-lang-python=\"`URLCategories`\" pulumi-lang-yaml=\"`zia.URLCategories`\" pulumi-lang-java=\"`zia.URLCategories`\"\u003e`zia.URLCategories`\u003c/span\u003e resource instead.\n\n## How This Resource Works\n\nUnlike standard Terraform resources, predefined URL categories have a unique lifecycle:\n\n* **No creation** — The predefined category already exists on the Zscaler platform. The `Create` operation issues a PUT to update the category's mutable fields.\n* **No deletion** — Predefined categories cannot be removed. Running `terraform destroy` simply removes the resource from state without making any API calls.\n* **Incremental updates** — The provider uses incremental `ADD_TO_LIST` and `REMOVE_FROM_LIST` API operations for all list fields (\u003cspan pulumi-lang-nodejs=\"`urls`\" pulumi-lang-dotnet=\"`Urls`\" pulumi-lang-go=\"`urls`\" pulumi-lang-python=\"`urls`\" pulumi-lang-yaml=\"`urls`\" pulumi-lang-java=\"`urls`\"\u003e`urls`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ipRanges`\" pulumi-lang-dotnet=\"`IpRanges`\" pulumi-lang-go=\"`ipRanges`\" pulumi-lang-python=\"`ip_ranges`\" pulumi-lang-yaml=\"`ipRanges`\" pulumi-lang-java=\"`ipRanges`\"\u003e`ip_ranges`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`keywords`\" pulumi-lang-dotnet=\"`Keywords`\" pulumi-lang-go=\"`keywords`\" pulumi-lang-python=\"`keywords`\" pulumi-lang-yaml=\"`keywords`\" pulumi-lang-java=\"`keywords`\"\u003e`keywords`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`keywordsRetainingParentCategory`\" pulumi-lang-dotnet=\"`KeywordsRetainingParentCategory`\" pulumi-lang-go=\"`keywordsRetainingParentCategory`\" pulumi-lang-python=\"`keywords_retaining_parent_category`\" pulumi-lang-yaml=\"`keywordsRetainingParentCategory`\" pulumi-lang-java=\"`keywordsRetainingParentCategory`\"\u003e`keywords_retaining_parent_category`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ipRangesRetainingParentCategory`\" pulumi-lang-dotnet=\"`IpRangesRetainingParentCategory`\" pulumi-lang-go=\"`ipRangesRetainingParentCategory`\" pulumi-lang-python=\"`ip_ranges_retaining_parent_category`\" pulumi-lang-yaml=\"`ipRangesRetainingParentCategory`\" pulumi-lang-java=\"`ipRangesRetainingParentCategory`\"\u003e`ip_ranges_retaining_parent_category`\u003c/span\u003e). This means the provider compares the current API state against the desired Terraform configuration and issues targeted add/remove calls rather than a full replacement.\n\n⚠️ **IMPORTANT**: The \u003cspan pulumi-lang-nodejs=\"`description`\" pulumi-lang-dotnet=\"`Description`\" pulumi-lang-go=\"`description`\" pulumi-lang-python=\"`description`\" pulumi-lang-yaml=\"`description`\" pulumi-lang-java=\"`description`\"\u003e`description`\u003c/span\u003e attribute is **not** supported by this resource. Although the API accepts a description in the PUT payload, the value is not returned in the GET response for predefined categories, which would cause persistent state drift. If you need to set a description on a predefined category, use the ZIA Admin Portal directly.\n\n## Example Usage\n\n### Adding Custom URLs\n\n```hcl\nresource \"zia_url_categories_predefined\" \"education\" {\n  name = \"EDUCATION\"\n  urls = [\n    \".internal-learning.example.com\",\n    \".corporate-training.example.com\",\n  ]\n}\n```\n\n### Adding Keywords And IP Ranges\n\n```hcl\nresource \"zia_url_categories_predefined\" \"finance\" {\n  name = \"FINANCE\"\n  keywords = [\n    \"internal-trading\",\n    \"corporate-finance\",\n  ]\n  ip_ranges = [\n    \"10.0.0.0/8\",\n    \"172.16.0.0/12\",\n  ]\n}\n```\n\n### URLs Retaining Parent Category\n\n```hcl\nresource \"zia_url_categories_predefined\" \"corporate_marketing\" {\n  name = \"CORPORATE_MARKETING\"\n  urls = [\n    \".marketing-internal.example.com\",\n  ]\n  urls_retaining_parent_category = [\n    \".brand-portal.example.com\",\n  ]\n  keywords_retaining_parent_category = [\n    \"brand-assets\",\n  ]\n}\n```\n\n## Destroy Behavior\n\n⚠️ **This resource does not support deletion.** Predefined URL categories are built-in to the Zscaler platform and cannot be removed.\n\nWhen you run `terraform destroy` or remove this resource from your configuration:\n\n1. The resource is removed from the Terraform state file.\n2. **No API call is made** — the predefined category remains unchanged on the Zscaler platform.\n3. Any custom URLs, keywords, or IP ranges that were added will **persist** on the predefined category.\n\nIf you need to remove custom URLs, keywords, or IP ranges from a predefined category, update the resource to set the fields to empty **before** destroying:\n\n```hcl\nresource \"zia_url_categories_predefined\" \"education\" {\n  name      = \"EDUCATION\"\n  urls      = []\n  keywords  = []\n  ip_ranges = []\n}\n```\n\nThen run `pulumi up` to clear the items, followed by `terraform destroy` to remove from state.\n\n## Import\n\nPredefined URL categories can be imported by using the predefined category ID or display name as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/uRLCategoriesPredefined:URLCategoriesPredefined example EDUCATION\n```\n\nor\n\n```sh\n$ pulumi import zia:index/uRLCategoriesPredefined:URLCategoriesPredefined example FINANCE\n```\n\n⚠️ **NOTE**: This resource only supports importing **predefined** URL categories. For custom URL categories, use the \u003cspan pulumi-lang-nodejs=\"`zia.URLCategories`\" pulumi-lang-dotnet=\"`zia.URLCategories`\" pulumi-lang-go=\"`URLCategories`\" pulumi-lang-python=\"`URLCategories`\" pulumi-lang-yaml=\"`zia.URLCategories`\" pulumi-lang-java=\"`zia.URLCategories`\"\u003e`zia.URLCategories`\u003c/span\u003e resource.\n\n### Important Import Considerations\n\nWhen importing a predefined category that already has custom URLs, keywords, or IP ranges configured (e.g., via the ZIA Admin Portal), those existing items will be captured in the Terraform state. If your HCL configuration does not include those items, the **next** `pulumi up` will attempt to **remove** them to match the desired state defined in your configuration.\n\nTo avoid unintended removals after import, ensure your HCL includes all existing custom items that should be retained, or review the plan output carefully before applying.\n\n","properties":{"categoryId":{"type":"string","description":"The canonical predefined URL category identifier resolved by the provider.\n"},"configuredName":{"type":"string","description":"The display name of the predefined URL category. Read-only.\n"},"customIpRangesCount":{"type":"integer","description":"The number of custom IP address ranges associated to the URL category. Read-only.\n"},"customUrlsCount":{"type":"integer","description":"The number of custom URLs associated to the URL category. Read-only.\n"},"dbCategorizedUrls":{"type":"array","items":{"type":"string"},"description":"URLs categorized by the Zscaler database. Read-only.\n"},"editable":{"type":"boolean","description":"(Boolean) Whether the category is editable.\n"},"ipRanges":{"type":"array","items":{"type":"string"},"description":"Custom IP address ranges associated to the URL category."},"ipRangesRetainingParentCategories":{"type":"array","items":{"type":"string"},"description":"Retaining parent custom IP address ranges associated to the URL category."},"ipRangesRetainingParentCategoryCount":{"type":"integer","description":"The number of IP ranges retaining the parent category. Read-only.\n"},"keywords":{"type":"array","items":{"type":"string"},"description":"Custom keywords associated to the URL category."},"keywordsRetainingParentCategories":{"type":"array","items":{"type":"string"},"description":"Retained custom keywords from the parent URL category."},"name":{"type":"string","description":"The predefined URL category ID or display name (e.g., `FINANCE` or `Finance`). The provider resolves this to the canonical category ID."},"superCategory":{"type":"string","description":"The super category of the predefined URL category. Read-only.\n"},"type":{"type":"string","description":"The type of the URL category. Read-only.\n"},"urlKeywordCounts":{"type":"array","items":{"$ref":"#/types/zia:index/URLCategoriesPredefinedUrlKeywordCount:URLCategoriesPredefinedUrlKeywordCount"},"description":"URL and keyword counts for the URL category. Read-only.\n"},"urlType":{"type":"string","description":"The URL type (e.g., `EXACT`). Read-only.\n"},"urls":{"type":"array","items":{"type":"string"},"description":"Custom URLs to add to the predefined URL category."},"urlsRetainingParentCategories":{"type":"array","items":{"type":"string"},"description":"URLs that are also retained under the original parent URL category."},"urlsRetainingParentCategoryCount":{"type":"integer","description":"The number of URLs retaining the parent category. Read-only.\n"},"val":{"type":"integer","description":"(Number) The numeric identifier for the URL category.\n"}},"required":["categoryId","configuredName","customIpRangesCount","customUrlsCount","dbCategorizedUrls","editable","ipRangesRetainingParentCategoryCount","name","superCategory","type","urlKeywordCounts","urlType","urlsRetainingParentCategoryCount","val"],"inputProperties":{"ipRanges":{"type":"array","items":{"type":"string"},"description":"Custom IP address ranges associated to the URL category."},"ipRangesRetainingParentCategories":{"type":"array","items":{"type":"string"},"description":"Retaining parent custom IP address ranges associated to the URL category."},"keywords":{"type":"array","items":{"type":"string"},"description":"Custom keywords associated to the URL category."},"keywordsRetainingParentCategories":{"type":"array","items":{"type":"string"},"description":"Retained custom keywords from the parent URL category."},"name":{"type":"string","description":"The predefined URL category ID or display name (e.g., `FINANCE` or `Finance`). The provider resolves this to the canonical category ID."},"urls":{"type":"array","items":{"type":"string"},"description":"Custom URLs to add to the predefined URL category."},"urlsRetainingParentCategories":{"type":"array","items":{"type":"string"},"description":"URLs that are also retained under the original parent URL category."}},"stateInputs":{"description":"Input properties used for looking up and filtering URLCategoriesPredefined resources.\n","properties":{"categoryId":{"type":"string","description":"The canonical predefined URL category identifier resolved by the provider.\n"},"configuredName":{"type":"string","description":"The display name of the predefined URL category. Read-only.\n"},"customIpRangesCount":{"type":"integer","description":"The number of custom IP address ranges associated to the URL category. Read-only.\n"},"customUrlsCount":{"type":"integer","description":"The number of custom URLs associated to the URL category. Read-only.\n"},"dbCategorizedUrls":{"type":"array","items":{"type":"string"},"description":"URLs categorized by the Zscaler database. Read-only.\n"},"editable":{"type":"boolean","description":"(Boolean) Whether the category is editable.\n"},"ipRanges":{"type":"array","items":{"type":"string"},"description":"Custom IP address ranges associated to the URL category."},"ipRangesRetainingParentCategories":{"type":"array","items":{"type":"string"},"description":"Retaining parent custom IP address ranges associated to the URL category."},"ipRangesRetainingParentCategoryCount":{"type":"integer","description":"The number of IP ranges retaining the parent category. Read-only.\n"},"keywords":{"type":"array","items":{"type":"string"},"description":"Custom keywords associated to the URL category."},"keywordsRetainingParentCategories":{"type":"array","items":{"type":"string"},"description":"Retained custom keywords from the parent URL category."},"name":{"type":"string","description":"The predefined URL category ID or display name (e.g., `FINANCE` or `Finance`). The provider resolves this to the canonical category ID."},"superCategory":{"type":"string","description":"The super category of the predefined URL category. Read-only.\n"},"type":{"type":"string","description":"The type of the URL category. Read-only.\n"},"urlKeywordCounts":{"type":"array","items":{"$ref":"#/types/zia:index/URLCategoriesPredefinedUrlKeywordCount:URLCategoriesPredefinedUrlKeywordCount"},"description":"URL and keyword counts for the URL category. Read-only.\n"},"urlType":{"type":"string","description":"The URL type (e.g., `EXACT`). Read-only.\n"},"urls":{"type":"array","items":{"type":"string"},"description":"Custom URLs to add to the predefined URL category."},"urlsRetainingParentCategories":{"type":"array","items":{"type":"string"},"description":"URLs that are also retained under the original parent URL category."},"urlsRetainingParentCategoryCount":{"type":"integer","description":"The number of URLs retaining the parent category. Read-only.\n"},"val":{"type":"integer","description":"(Number) The numeric identifier for the URL category.\n"}},"type":"object"}},"zia:index/uRLFilteringCloudAppSettings:URLFilteringCloudAppSettings":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-url-categories)\n* [API documentation](https://help.zscaler.com/zia/url-categories#/urlCategories-get)\n\nThe **zia_url_filtering_and_cloud_app_settings** resource allows you to updates the the URL and Cloud App Control advanced policy settings To learn more see [Configuring Advanced Policy Settings](https://help.zscaler.com/unified/configuring-advanced-policy-settings)\n\n## Example Usage\n\n```hcl\nresource \"zia_url_filtering_and_cloud_app_settings\" \"this\" {\n    block_skype                             = true\n    consider_embedded_sites                 = false\n    enable_block_override_for_non_auth_user = false\n    enable_chatgpt_prompt                   = false\n    enable_cipa_compliance                  = false\n    enable_dynamic_content_cat              = true\n    enable_gemini_prompt                    = false\n    enable_meta_prompt                      = false\n    enable_microsoft_copilot_prompt         = false\n    enable_msft_o365                        = false\n    enable_newly_registered_domains         = false\n    enable_office365                        = true\n    enable_per_plexity_prompt               = false\n    enable_poep_prompt                      = false\n    enable_ucaas_logmein                    = false\n    enable_ucaas_ring_central               = false\n    enable_ucaas_talkdesk                   = false\n    enable_ucaas_webex                      = false\n    enable_ucaas_zoom                       = false\n    enforce_safe_search                     = false\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_url_filtering_and_cloud_app_settings** can be imported by using \u003cspan pulumi-lang-nodejs=\"`appSetting`\" pulumi-lang-dotnet=\"`AppSetting`\" pulumi-lang-go=\"`appSetting`\" pulumi-lang-python=\"`app_setting`\" pulumi-lang-yaml=\"`appSetting`\" pulumi-lang-java=\"`appSetting`\"\u003e`app_setting`\u003c/span\u003e as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/uRLFilteringCloudAppSettings:URLFilteringCloudAppSettings this \"app_setting\"\n```\n\n","properties":{"blockSkype":{"type":"boolean","description":"A Boolean value indicating whether access to Skype is blocked or not."},"considerEmbeddedSites":{"type":"boolean","description":"A Boolean value that indicates if URL filtering rules must be applied to sites that are translated using translation services or not."},"enableBlockOverrideForNonAuthUser":{"type":"boolean","description":"A Boolean value indicating if authorized users can temporarily override block action on websites by providing their authentication information"},"enableChatgptPrompt":{"type":"boolean","description":"A Boolean value indicating if the use of generative AI prompts with ChatGPT by users should be categorized and logged"},"enableCipaCompliance":{"type":"boolean","description":"A Boolean value indicating if the predefined CIPA Compliance Rule is enabled or not."},"enableDynamicContentCat":{"type":"boolean","description":"A Boolean value that indicates if dynamic categorization of URLs by analyzing content of uncategorized websites using AI/ML tools is enabled or not."},"enableGeminiPrompt":{"type":"boolean","description":"A Boolean value indicating if the use of generative AI prompts with Google Gemini by users should be categorized and logged"},"enableMetaPrompt":{"type":"boolean","description":"A Boolean value indicating if the use of generative AI prompts with Meta AI by users should be categorized and logged"},"enableMicrosoftCopilotPrompt":{"type":"boolean","description":"A Boolean value indicating if the use of generative AI prompts with Microsoft Copilot by users should be categorized and logged"},"enableMsftO365":{"type":"boolean","description":"A Boolean value indicating if the Zscaler service is allowed to permit secure local breakout for Office 365 traffic automatically without any manual configuration needed."},"enableNewlyRegisteredDomains":{"type":"boolean","description":"A Boolean value indicating whether newly registered and observed domains that are identified within hours of going live are allowed or blocked"},"enableOffice365":{"type":"boolean","description":"A Boolean value that enables or disables Microsoft Office 365 configuration."},"enablePerPlexityPrompt":{"type":"boolean","description":"A Boolean value indicating if the use of generative AI prompts with Perplexity by users should be categorized and logged"},"enablePoepPrompt":{"type":"boolean","description":"A Boolean value indicating if the use of generative AI prompts with Poe by users should be categorized and logged"},"enableUcaasLogmein":{"type":"boolean","description":"A Boolean value indicating if the Zscaler service is allowed to automatically permit secure local breakout for GoTo traffic, without any manual configuration needed."},"enableUcaasRingCentral":{"type":"boolean","description":"A Boolean value indicating if the Zscaler service is allowed to automatically permit secure local breakout for RingCentral traffic, without any manual configuration needed."},"enableUcaasTalkdesk":{"type":"boolean","description":"A Boolean value indicating if the Zscaler service is allowed to automatically permit secure local breakout for Talkdesk traffic, with minimal or no manual configuration needed."},"enableUcaasWebex":{"type":"boolean","description":"A Boolean value indicating if the Zscaler service is allowed to automatically permit secure local breakout for Webex traffic, without any manual configuration needed."},"enableUcaasZoom":{"type":"boolean","description":"A Boolean value indicating if the Zscaler service is allowed to automatically permit secure local breakout for Zoom traffic, without any manual configuration needed."},"enforceSafeSearch":{"type":"boolean","description":"A Boolean value that indicates whether only safe content must be returned for web, image, and video search."},"safeSearchApps":{"type":"array","items":{"type":"string"},"description":"A list of applications for which the SafeSearch enforcement applies. You cannot modify this field when the enforceSafeSearch field is disabled.\n\t\t\t\tSee the URL \u0026 Cloud App Control Policy Settings for the list of available apps:\n\t\t\t\thttps://help.zscaler.com/zia/url-cloud-app-control-policy-settings#/advancedUrlFilterAndCloudAppSettings-get"}},"required":["blockSkype","considerEmbeddedSites","enableBlockOverrideForNonAuthUser","enableChatgptPrompt","enableCipaCompliance","enableDynamicContentCat","enableGeminiPrompt","enableMetaPrompt","enableMicrosoftCopilotPrompt","enableNewlyRegisteredDomains","enablePerPlexityPrompt","enablePoepPrompt","enableUcaasLogmein","enableUcaasRingCentral","enableUcaasTalkdesk","enableUcaasWebex","enableUcaasZoom"],"inputProperties":{"blockSkype":{"type":"boolean","description":"A Boolean value indicating whether access to Skype is blocked or not."},"considerEmbeddedSites":{"type":"boolean","description":"A Boolean value that indicates if URL filtering rules must be applied to sites that are translated using translation services or not."},"enableBlockOverrideForNonAuthUser":{"type":"boolean","description":"A Boolean value indicating if authorized users can temporarily override block action on websites by providing their authentication information"},"enableChatgptPrompt":{"type":"boolean","description":"A Boolean value indicating if the use of generative AI prompts with ChatGPT by users should be categorized and logged"},"enableCipaCompliance":{"type":"boolean","description":"A Boolean value indicating if the predefined CIPA Compliance Rule is enabled or not."},"enableDynamicContentCat":{"type":"boolean","description":"A Boolean value that indicates if dynamic categorization of URLs by analyzing content of uncategorized websites using AI/ML tools is enabled or not."},"enableGeminiPrompt":{"type":"boolean","description":"A Boolean value indicating if the use of generative AI prompts with Google Gemini by users should be categorized and logged"},"enableMetaPrompt":{"type":"boolean","description":"A Boolean value indicating if the use of generative AI prompts with Meta AI by users should be categorized and logged"},"enableMicrosoftCopilotPrompt":{"type":"boolean","description":"A Boolean value indicating if the use of generative AI prompts with Microsoft Copilot by users should be categorized and logged"},"enableMsftO365":{"type":"boolean","description":"A Boolean value indicating if the Zscaler service is allowed to permit secure local breakout for Office 365 traffic automatically without any manual configuration needed."},"enableNewlyRegisteredDomains":{"type":"boolean","description":"A Boolean value indicating whether newly registered and observed domains that are identified within hours of going live are allowed or blocked"},"enableOffice365":{"type":"boolean","description":"A Boolean value that enables or disables Microsoft Office 365 configuration."},"enablePerPlexityPrompt":{"type":"boolean","description":"A Boolean value indicating if the use of generative AI prompts with Perplexity by users should be categorized and logged"},"enablePoepPrompt":{"type":"boolean","description":"A Boolean value indicating if the use of generative AI prompts with Poe by users should be categorized and logged"},"enableUcaasLogmein":{"type":"boolean","description":"A Boolean value indicating if the Zscaler service is allowed to automatically permit secure local breakout for GoTo traffic, without any manual configuration needed."},"enableUcaasRingCentral":{"type":"boolean","description":"A Boolean value indicating if the Zscaler service is allowed to automatically permit secure local breakout for RingCentral traffic, without any manual configuration needed."},"enableUcaasTalkdesk":{"type":"boolean","description":"A Boolean value indicating if the Zscaler service is allowed to automatically permit secure local breakout for Talkdesk traffic, with minimal or no manual configuration needed."},"enableUcaasWebex":{"type":"boolean","description":"A Boolean value indicating if the Zscaler service is allowed to automatically permit secure local breakout for Webex traffic, without any manual configuration needed."},"enableUcaasZoom":{"type":"boolean","description":"A Boolean value indicating if the Zscaler service is allowed to automatically permit secure local breakout for Zoom traffic, without any manual configuration needed."},"enforceSafeSearch":{"type":"boolean","description":"A Boolean value that indicates whether only safe content must be returned for web, image, and video search."},"safeSearchApps":{"type":"array","items":{"type":"string"},"description":"A list of applications for which the SafeSearch enforcement applies. You cannot modify this field when the enforceSafeSearch field is disabled.\n\t\t\t\tSee the URL \u0026 Cloud App Control Policy Settings for the list of available apps:\n\t\t\t\thttps://help.zscaler.com/zia/url-cloud-app-control-policy-settings#/advancedUrlFilterAndCloudAppSettings-get"}},"stateInputs":{"description":"Input properties used for looking up and filtering URLFilteringCloudAppSettings resources.\n","properties":{"blockSkype":{"type":"boolean","description":"A Boolean value indicating whether access to Skype is blocked or not."},"considerEmbeddedSites":{"type":"boolean","description":"A Boolean value that indicates if URL filtering rules must be applied to sites that are translated using translation services or not."},"enableBlockOverrideForNonAuthUser":{"type":"boolean","description":"A Boolean value indicating if authorized users can temporarily override block action on websites by providing their authentication information"},"enableChatgptPrompt":{"type":"boolean","description":"A Boolean value indicating if the use of generative AI prompts with ChatGPT by users should be categorized and logged"},"enableCipaCompliance":{"type":"boolean","description":"A Boolean value indicating if the predefined CIPA Compliance Rule is enabled or not."},"enableDynamicContentCat":{"type":"boolean","description":"A Boolean value that indicates if dynamic categorization of URLs by analyzing content of uncategorized websites using AI/ML tools is enabled or not."},"enableGeminiPrompt":{"type":"boolean","description":"A Boolean value indicating if the use of generative AI prompts with Google Gemini by users should be categorized and logged"},"enableMetaPrompt":{"type":"boolean","description":"A Boolean value indicating if the use of generative AI prompts with Meta AI by users should be categorized and logged"},"enableMicrosoftCopilotPrompt":{"type":"boolean","description":"A Boolean value indicating if the use of generative AI prompts with Microsoft Copilot by users should be categorized and logged"},"enableMsftO365":{"type":"boolean","description":"A Boolean value indicating if the Zscaler service is allowed to permit secure local breakout for Office 365 traffic automatically without any manual configuration needed."},"enableNewlyRegisteredDomains":{"type":"boolean","description":"A Boolean value indicating whether newly registered and observed domains that are identified within hours of going live are allowed or blocked"},"enableOffice365":{"type":"boolean","description":"A Boolean value that enables or disables Microsoft Office 365 configuration."},"enablePerPlexityPrompt":{"type":"boolean","description":"A Boolean value indicating if the use of generative AI prompts with Perplexity by users should be categorized and logged"},"enablePoepPrompt":{"type":"boolean","description":"A Boolean value indicating if the use of generative AI prompts with Poe by users should be categorized and logged"},"enableUcaasLogmein":{"type":"boolean","description":"A Boolean value indicating if the Zscaler service is allowed to automatically permit secure local breakout for GoTo traffic, without any manual configuration needed."},"enableUcaasRingCentral":{"type":"boolean","description":"A Boolean value indicating if the Zscaler service is allowed to automatically permit secure local breakout for RingCentral traffic, without any manual configuration needed."},"enableUcaasTalkdesk":{"type":"boolean","description":"A Boolean value indicating if the Zscaler service is allowed to automatically permit secure local breakout for Talkdesk traffic, with minimal or no manual configuration needed."},"enableUcaasWebex":{"type":"boolean","description":"A Boolean value indicating if the Zscaler service is allowed to automatically permit secure local breakout for Webex traffic, without any manual configuration needed."},"enableUcaasZoom":{"type":"boolean","description":"A Boolean value indicating if the Zscaler service is allowed to automatically permit secure local breakout for Zoom traffic, without any manual configuration needed."},"enforceSafeSearch":{"type":"boolean","description":"A Boolean value that indicates whether only safe content must be returned for web, image, and video search."},"safeSearchApps":{"type":"array","items":{"type":"string"},"description":"A list of applications for which the SafeSearch enforcement applies. You cannot modify this field when the enforceSafeSearch field is disabled.\n\t\t\t\tSee the URL \u0026 Cloud App Control Policy Settings for the list of available apps:\n\t\t\t\thttps://help.zscaler.com/zia/url-cloud-app-control-policy-settings#/advancedUrlFilterAndCloudAppSettings-get"}},"type":"object"}},"zia:index/uRLFilteringRules:URLFilteringRules":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-url-filtering)\n* [API documentation](https://help.zscaler.com/zia/url-filtering-policy#/urlFilteringRules-post)\n\nThe **zia_url_filtering_rules** resource creates and manages a URL filtering rules within the Zscaler Internet Access cloud.\n\n## Example Usage\n\n### ALLOW ACTION\n\n```hcl\nresource \"zia_url_filtering_rules\" \"this\" {\n    name                  = \"Example\"\n    description           = \"Example\"\n    state                 = \"ENABLED\"\n    action                = \"ALLOW\"\n    order                 = 1\n    enforce_time_validity = true\n    validity_start_time   = \"Mon, 17 Jun 2024 23:30:00 UTC\"\n    validity_end_time     = \"Tue, 17 Jun 2025 23:00:00 UTC\"\n    validity_time_zone_id = \"US/Pacific\"\n    time_quota            = 15\n    size_quota            = 10\n    url_categories        = [\"ANY\"]\n    device_trust_levels   = [\"UNKNOWN_DEVICETRUSTLEVEL\", \"LOW_TRUST\", \"MEDIUM_TRUST\", \"HIGH_TRUST\"]\n    protocols             = [\"ANY_RULE\"]\n    request_methods       = [ \"CONNECT\", \"DELETE\", \"GET\", \"HEAD\", \"OPTIONS\", \"OTHER\", \"POST\", \"PUT\", \"TRACE\"]\n    user_agent_types      = [\"OPERA\", \"FIREFOX\", \"MSIE\", \"MSEDGE\", \"CHROME\", \"SAFARI\", \"MSCHREDGE\"]\n}\n```\n\n### BLOCK ACTION\n\n```hcl\nresource \"zia_url_filtering_rules\" \"this\" {\n    name                  = \"Example\"\n    description           = \"Example\"\n    state                 = \"ENABLED\"\n    action                = \"BLOCK\"\n    order                 = 1\n    enforce_time_validity = true\n    validity_start_time   = \"Mon, 17 Jun 2024 23:30:00 UTC\"\n    validity_end_time     = \"Tue, 17 Jun 2025 23:00:00 UTC\"\n    validity_time_zone_id = \"US/Pacific\"\n    time_quota = 15\n    size_quota = 10\n    url_categories        = [\"ANY\"]\n    device_trust_levels   = [\"UNKNOWN_DEVICETRUSTLEVEL\", \"LOW_TRUST\", \"MEDIUM_TRUST\", \"HIGH_TRUST\"]\n    protocols             = [\"ANY_RULE\"]\n    request_methods       = [ \"CONNECT\", \"DELETE\", \"GET\", \"HEAD\", \"OPTIONS\", \"OTHER\", \"POST\", \"PUT\", \"TRACE\"]\n    user_agent_types      = [\"OPERA\", \"FIREFOX\", \"MSIE\", \"MSEDGE\", \"CHROME\", \"SAFARI\", \"MSCHREDGE\"]\n    block_override        = true\n    override_users {\n      id = [ 45513075 ]\n    }\n    override_groups {\n      id = [ 76662385 ]\n    }\n}\n```\n\n### CAUTION ACTION\n\n```hcl\nresource \"zia_url_filtering_rules\" \"this\" {\n    name                  = \"Example\"\n    description           = \"Example\"\n    state                 = \"ENABLED\"\n    action                = \"CAUTION\"\n    order                 = 1\n    enforce_time_validity = true\n    validity_start_time   = \"Mon, 17 Jun 2024 23:30:00 UTC\"\n    validity_end_time     = \"Tue, 17 Jun 2025 23:00:00 UTC\"\n    validity_time_zone_id = \"US/Pacific\"\n    time_quota            = 15\n    size_quota            = 10\n    url_categories        = [\"ANY\"]\n    device_trust_levels   = [\"UNKNOWN_DEVICETRUSTLEVEL\", \"LOW_TRUST\", \"MEDIUM_TRUST\", \"HIGH_TRUST\"]\n    protocols             = [\"ANY_RULE\"]\n    request_methods       = [ \"CONNECT\", \"DELETE\", \"GET\", \"HEAD\", \"OPTIONS\", \"OTHER\", \"POST\", \"PUT\", \"TRACE\"]\n    user_agent_types      = [\"OPERA\", \"FIREFOX\", \"MSIE\", \"MSEDGE\", \"CHROME\", \"SAFARI\", \"MSCHREDGE\"]\n    end_user_notification_url = \"https://caution.acme.com\"\n}\n```\n\n### ISOLATE ACTION\n\n⚠️ **WARNING 1:**: Creating a URL Filtering rule with the action of `ISOLATE` requires the Cloud Browser Isolation subscription. To learn more, contact Zscaler Support or your local account team.\n\n```hcl\ndata \"zia_cloud_browser_isolation_profile\" \"this\" {\n    name = \"BD_SA_Profile1_ZIA\"\n}\n\nresource \"zia_url_filtering_rules\" \"this\" {\n    name                  = \"Example\"\n    description           = \"Example\"\n    state                 = \"ENABLED\"\n    action                = \"ISOLATE\"\n    order                 = 1\n    enforce_time_validity = true\n    validity_start_time   = \"Mon, 17 Jun 2024 23:30:00 UTC\"\n    validity_end_time     = \"Tue, 17 Jun 2025 23:00:00 UTC\"\n    validity_time_zone_id = \"US/Pacific\"\n    time_quota            = 15\n    size_quota            = 10\n    url_categories        = [\"ANY\"]\n    device_trust_levels   = [\"UNKNOWN_DEVICETRUSTLEVEL\", \"LOW_TRUST\", \"MEDIUM_TRUST\", \"HIGH_TRUST\"]\n    protocols             = [ \"HTTPS_RULE\", \"HTTP_RULE\" ]\n    request_methods       = [ \"CONNECT\", \"DELETE\", \"GET\", \"HEAD\", \"OPTIONS\", \"OTHER\", \"POST\", \"PUT\", \"TRACE\" ]\n    cbi_profile {\n        id = data.zia_cloud_browser_isolation_profile.this.id\n        name = data.zia_cloud_browser_isolation_profile.this.name\n        url = data.zia_cloud_browser_isolation_profile.this.url\n    }\n    user_agent_types = [ \"OPERA\", \"FIREFOX\", \"MSIE\", \"MSEDGE\", \"CHROME\", \"SAFARI\", \"MSCHREDGE\" ]\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_url_filtering_rules** can be imported by using `\u003cRULE_ID\u003e` or `\u003cRULE_NAME\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/uRLFilteringRules:URLFilteringRules example \u003crule_id\u003e\n```\n\nor\n\n```sh\n$ pulumi import zia:index/uRLFilteringRules:URLFilteringRules example \u003crule_name\u003e\n```\n\n","properties":{"action":{"type":"string","description":"Action taken when traffic matches rule criteria"},"blockOverride":{"type":"boolean"},"browserEunTemplateId":{"type":"integer"},"cbiProfiles":{"type":"array","items":{"$ref":"#/types/zia:index/URLFilteringRulesCbiProfile:URLFilteringRulesCbiProfile"}},"ciparule":{"type":"boolean","description":"If set to true, the CIPA Compliance rule is enabled"},"departments":{"$ref":"#/types/zia:index/URLFilteringRulesDepartments:URLFilteringRulesDepartments","description":"Name-ID pairs of departments for which rule must be applied"},"description":{"type":"string","description":"Additional information about the URL Filtering rule"},"deviceGroups":{"$ref":"#/types/zia:index/URLFilteringRulesDeviceGroups:URLFilteringRulesDeviceGroups","description":"This field is applicable for devices that are managed using Zscaler Client Connector."},"deviceTrustLevels":{"type":"array","items":{"type":"string"},"description":"List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation."},"devices":{"$ref":"#/types/zia:index/URLFilteringRulesDevices:URLFilteringRulesDevices","description":"Name-ID pairs of devices for which rule must be applied."},"endUserNotificationUrl":{"type":"string","description":"URL of end user notification page to be displayed when the rule is matched. Not applicable if either 'overrideUsers' or 'overrideGroups' is specified."},"enforceTimeValidity":{"type":"boolean","description":"Enforce a set a validity time period for the URL Filtering rule."},"groups":{"$ref":"#/types/zia:index/URLFilteringRulesGroups:URLFilteringRulesGroups","description":"Name-ID pairs of groups for which rule must be applied"},"labels":{"$ref":"#/types/zia:index/URLFilteringRulesLabels:URLFilteringRulesLabels","description":"The URL Filtering rule's label."},"locationGroups":{"$ref":"#/types/zia:index/URLFilteringRulesLocationGroups:URLFilteringRulesLocationGroups","description":"Name-ID pairs of the location groups to which the rule must be applied."},"locations":{"$ref":"#/types/zia:index/URLFilteringRulesLocations:URLFilteringRulesLocations","description":"Name-ID pairs of locations for which rule must be applied"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"},"order":{"type":"integer","description":"Order of execution of rule with respect to other URL Filtering rules\n"},"overrideGroups":{"$ref":"#/types/zia:index/URLFilteringRulesOverrideGroups:URLFilteringRulesOverrideGroups","description":"Name-ID pairs of groups for which this rule can be overridden."},"overrideUsers":{"$ref":"#/types/zia:index/URLFilteringRulesOverrideUsers:URLFilteringRulesOverrideUsers","description":"Name-ID pairs of users for which this rule can be overridden."},"protocols":{"type":"array","items":{"type":"string"},"description":"Protocol criteria. Supported values: `SMRULEF_ZPA_BROKERS_RULE`, `ANY_RULE`, `TCP_RULE`, `UDP_RULE`, `DOHTTPS_RULE`, `TUNNELSSL_RULE`, `HTTP_PROXY`, `FOHTTP_RULE`, `FTP_RULE`, `HTTPS_RULE`, `HTTP_RULE`, `SSL_RULE`, `TUNNEL_RULE`, `WEBSOCKETSSL_RULE`, `WEBSOCKET_RULE`,\n"},"rank":{"type":"integer","description":"Admin rank of the Firewall Filtering policy rule"},"requestMethods":{"type":"array","items":{"type":"string"},"description":"Request method for which the rule must be applied. If not set, rule will be applied to all methods"},"ruleId":{"type":"integer","description":"URL Filtering Rule ID"},"sizeQuota":{"type":"integer","description":"Size quota in KB beyond which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to 'BLOCK', this field is not applicable."},"sourceCountries":{"type":"array","items":{"type":"string"},"description":"Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries."},"sourceIpGroups":{"$ref":"#/types/zia:index/URLFilteringRulesSourceIpGroups:URLFilteringRulesSourceIpGroups","description":"list of source ip groups"},"state":{"type":"string"},"timeQuota":{"type":"integer","description":"Time quota in minutes, after which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to 'BLOCK', this field is not applicable."},"timeWindows":{"$ref":"#/types/zia:index/URLFilteringRulesTimeWindows:URLFilteringRulesTimeWindows","description":"Name-ID pairs of time interval during which rule must be enforced."},"urlCategories":{"type":"array","items":{"type":"string"},"description":"The list of URL Categories to which the SSL inspection rule must be applied.\n\t\t\t\tSee the URL Categories API for the list of available categories:\n\t\t\t\thttps://help.zscaler.com/zia/url-categories#/urlCategories-get"},"userAgentTypes":{"type":"array","items":{"type":"string"},"description":"Supported User Agent Types"},"userRiskScoreLevels":{"type":"array","items":{"type":"string"}},"users":{"$ref":"#/types/zia:index/URLFilteringRulesUsers:URLFilteringRulesUsers","description":"Name-ID pairs of users for which rule must be applied"},"validityEndTime":{"type":"string","description":"If enforceTimeValidity is set to true, the URL Filtering rule ceases to be valid on this end date and time."},"validityStartTime":{"type":"string","description":"If enforceTimeValidity is set to true, the URL Filtering rule is valid starting on this date and time."},"validityTimeZoneId":{"type":"string","description":"If enforceTimeValidity is set to true, the URL Filtering rule date and time is valid based on this time zone ID.\n\t\t\t\tUse IANA Format TimeZone. Visit https://nodatime.org/TimeZones for the complete IANA timezone list"},"workloadGroups":{"type":"array","items":{"$ref":"#/types/zia:index/URLFilteringRulesWorkloadGroup:URLFilteringRulesWorkloadGroup"},"description":"The list of preconfigured workload groups to which the policy must be applied"}},"required":["cbiProfiles","name","order","protocols","ruleId","sourceCountries","workloadGroups"],"inputProperties":{"action":{"type":"string","description":"Action taken when traffic matches rule criteria"},"blockOverride":{"type":"boolean"},"browserEunTemplateId":{"type":"integer"},"cbiProfiles":{"type":"array","items":{"$ref":"#/types/zia:index/URLFilteringRulesCbiProfile:URLFilteringRulesCbiProfile"}},"ciparule":{"type":"boolean","description":"If set to true, the CIPA Compliance rule is enabled"},"departments":{"$ref":"#/types/zia:index/URLFilteringRulesDepartments:URLFilteringRulesDepartments","description":"Name-ID pairs of departments for which rule must be applied"},"description":{"type":"string","description":"Additional information about the URL Filtering rule"},"deviceGroups":{"$ref":"#/types/zia:index/URLFilteringRulesDeviceGroups:URLFilteringRulesDeviceGroups","description":"This field is applicable for devices that are managed using Zscaler Client Connector."},"deviceTrustLevels":{"type":"array","items":{"type":"string"},"description":"List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation."},"devices":{"$ref":"#/types/zia:index/URLFilteringRulesDevices:URLFilteringRulesDevices","description":"Name-ID pairs of devices for which rule must be applied."},"endUserNotificationUrl":{"type":"string","description":"URL of end user notification page to be displayed when the rule is matched. Not applicable if either 'overrideUsers' or 'overrideGroups' is specified."},"enforceTimeValidity":{"type":"boolean","description":"Enforce a set a validity time period for the URL Filtering rule."},"groups":{"$ref":"#/types/zia:index/URLFilteringRulesGroups:URLFilteringRulesGroups","description":"Name-ID pairs of groups for which rule must be applied"},"labels":{"$ref":"#/types/zia:index/URLFilteringRulesLabels:URLFilteringRulesLabels","description":"The URL Filtering rule's label."},"locationGroups":{"$ref":"#/types/zia:index/URLFilteringRulesLocationGroups:URLFilteringRulesLocationGroups","description":"Name-ID pairs of the location groups to which the rule must be applied."},"locations":{"$ref":"#/types/zia:index/URLFilteringRulesLocations:URLFilteringRulesLocations","description":"Name-ID pairs of locations for which rule must be applied"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"},"order":{"type":"integer","description":"Order of execution of rule with respect to other URL Filtering rules\n"},"overrideGroups":{"$ref":"#/types/zia:index/URLFilteringRulesOverrideGroups:URLFilteringRulesOverrideGroups","description":"Name-ID pairs of groups for which this rule can be overridden."},"overrideUsers":{"$ref":"#/types/zia:index/URLFilteringRulesOverrideUsers:URLFilteringRulesOverrideUsers","description":"Name-ID pairs of users for which this rule can be overridden."},"protocols":{"type":"array","items":{"type":"string"},"description":"Protocol criteria. Supported values: `SMRULEF_ZPA_BROKERS_RULE`, `ANY_RULE`, `TCP_RULE`, `UDP_RULE`, `DOHTTPS_RULE`, `TUNNELSSL_RULE`, `HTTP_PROXY`, `FOHTTP_RULE`, `FTP_RULE`, `HTTPS_RULE`, `HTTP_RULE`, `SSL_RULE`, `TUNNEL_RULE`, `WEBSOCKETSSL_RULE`, `WEBSOCKET_RULE`,\n"},"rank":{"type":"integer","description":"Admin rank of the Firewall Filtering policy rule"},"requestMethods":{"type":"array","items":{"type":"string"},"description":"Request method for which the rule must be applied. If not set, rule will be applied to all methods"},"sizeQuota":{"type":"integer","description":"Size quota in KB beyond which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to 'BLOCK', this field is not applicable."},"sourceCountries":{"type":"array","items":{"type":"string"},"description":"Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries."},"sourceIpGroups":{"$ref":"#/types/zia:index/URLFilteringRulesSourceIpGroups:URLFilteringRulesSourceIpGroups","description":"list of source ip groups"},"state":{"type":"string"},"timeQuota":{"type":"integer","description":"Time quota in minutes, after which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to 'BLOCK', this field is not applicable."},"timeWindows":{"$ref":"#/types/zia:index/URLFilteringRulesTimeWindows:URLFilteringRulesTimeWindows","description":"Name-ID pairs of time interval during which rule must be enforced."},"urlCategories":{"type":"array","items":{"type":"string"},"description":"The list of URL Categories to which the SSL inspection rule must be applied.\n\t\t\t\tSee the URL Categories API for the list of available categories:\n\t\t\t\thttps://help.zscaler.com/zia/url-categories#/urlCategories-get"},"userAgentTypes":{"type":"array","items":{"type":"string"},"description":"Supported User Agent Types"},"userRiskScoreLevels":{"type":"array","items":{"type":"string"}},"users":{"$ref":"#/types/zia:index/URLFilteringRulesUsers:URLFilteringRulesUsers","description":"Name-ID pairs of users for which rule must be applied"},"validityEndTime":{"type":"string","description":"If enforceTimeValidity is set to true, the URL Filtering rule ceases to be valid on this end date and time."},"validityStartTime":{"type":"string","description":"If enforceTimeValidity is set to true, the URL Filtering rule is valid starting on this date and time."},"validityTimeZoneId":{"type":"string","description":"If enforceTimeValidity is set to true, the URL Filtering rule date and time is valid based on this time zone ID.\n\t\t\t\tUse IANA Format TimeZone. Visit https://nodatime.org/TimeZones for the complete IANA timezone list"},"workloadGroups":{"type":"array","items":{"$ref":"#/types/zia:index/URLFilteringRulesWorkloadGroup:URLFilteringRulesWorkloadGroup"},"description":"The list of preconfigured workload groups to which the policy must be applied"}},"requiredInputs":["order","protocols"],"stateInputs":{"description":"Input properties used for looking up and filtering URLFilteringRules resources.\n","properties":{"action":{"type":"string","description":"Action taken when traffic matches rule criteria"},"blockOverride":{"type":"boolean"},"browserEunTemplateId":{"type":"integer"},"cbiProfiles":{"type":"array","items":{"$ref":"#/types/zia:index/URLFilteringRulesCbiProfile:URLFilteringRulesCbiProfile"}},"ciparule":{"type":"boolean","description":"If set to true, the CIPA Compliance rule is enabled"},"departments":{"$ref":"#/types/zia:index/URLFilteringRulesDepartments:URLFilteringRulesDepartments","description":"Name-ID pairs of departments for which rule must be applied"},"description":{"type":"string","description":"Additional information about the URL Filtering rule"},"deviceGroups":{"$ref":"#/types/zia:index/URLFilteringRulesDeviceGroups:URLFilteringRulesDeviceGroups","description":"This field is applicable for devices that are managed using Zscaler Client Connector."},"deviceTrustLevels":{"type":"array","items":{"type":"string"},"description":"List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation."},"devices":{"$ref":"#/types/zia:index/URLFilteringRulesDevices:URLFilteringRulesDevices","description":"Name-ID pairs of devices for which rule must be applied."},"endUserNotificationUrl":{"type":"string","description":"URL of end user notification page to be displayed when the rule is matched. Not applicable if either 'overrideUsers' or 'overrideGroups' is specified."},"enforceTimeValidity":{"type":"boolean","description":"Enforce a set a validity time period for the URL Filtering rule."},"groups":{"$ref":"#/types/zia:index/URLFilteringRulesGroups:URLFilteringRulesGroups","description":"Name-ID pairs of groups for which rule must be applied"},"labels":{"$ref":"#/types/zia:index/URLFilteringRulesLabels:URLFilteringRulesLabels","description":"The URL Filtering rule's label."},"locationGroups":{"$ref":"#/types/zia:index/URLFilteringRulesLocationGroups:URLFilteringRulesLocationGroups","description":"Name-ID pairs of the location groups to which the rule must be applied."},"locations":{"$ref":"#/types/zia:index/URLFilteringRulesLocations:URLFilteringRulesLocations","description":"Name-ID pairs of locations for which rule must be applied"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"},"order":{"type":"integer","description":"Order of execution of rule with respect to other URL Filtering rules\n"},"overrideGroups":{"$ref":"#/types/zia:index/URLFilteringRulesOverrideGroups:URLFilteringRulesOverrideGroups","description":"Name-ID pairs of groups for which this rule can be overridden."},"overrideUsers":{"$ref":"#/types/zia:index/URLFilteringRulesOverrideUsers:URLFilteringRulesOverrideUsers","description":"Name-ID pairs of users for which this rule can be overridden."},"protocols":{"type":"array","items":{"type":"string"},"description":"Protocol criteria. Supported values: `SMRULEF_ZPA_BROKERS_RULE`, `ANY_RULE`, `TCP_RULE`, `UDP_RULE`, `DOHTTPS_RULE`, `TUNNELSSL_RULE`, `HTTP_PROXY`, `FOHTTP_RULE`, `FTP_RULE`, `HTTPS_RULE`, `HTTP_RULE`, `SSL_RULE`, `TUNNEL_RULE`, `WEBSOCKETSSL_RULE`, `WEBSOCKET_RULE`,\n"},"rank":{"type":"integer","description":"Admin rank of the Firewall Filtering policy rule"},"requestMethods":{"type":"array","items":{"type":"string"},"description":"Request method for which the rule must be applied. If not set, rule will be applied to all methods"},"ruleId":{"type":"integer","description":"URL Filtering Rule ID"},"sizeQuota":{"type":"integer","description":"Size quota in KB beyond which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to 'BLOCK', this field is not applicable."},"sourceCountries":{"type":"array","items":{"type":"string"},"description":"Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries."},"sourceIpGroups":{"$ref":"#/types/zia:index/URLFilteringRulesSourceIpGroups:URLFilteringRulesSourceIpGroups","description":"list of source ip groups"},"state":{"type":"string"},"timeQuota":{"type":"integer","description":"Time quota in minutes, after which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to 'BLOCK', this field is not applicable."},"timeWindows":{"$ref":"#/types/zia:index/URLFilteringRulesTimeWindows:URLFilteringRulesTimeWindows","description":"Name-ID pairs of time interval during which rule must be enforced."},"urlCategories":{"type":"array","items":{"type":"string"},"description":"The list of URL Categories to which the SSL inspection rule must be applied.\n\t\t\t\tSee the URL Categories API for the list of available categories:\n\t\t\t\thttps://help.zscaler.com/zia/url-categories#/urlCategories-get"},"userAgentTypes":{"type":"array","items":{"type":"string"},"description":"Supported User Agent Types"},"userRiskScoreLevels":{"type":"array","items":{"type":"string"}},"users":{"$ref":"#/types/zia:index/URLFilteringRulesUsers:URLFilteringRulesUsers","description":"Name-ID pairs of users for which rule must be applied"},"validityEndTime":{"type":"string","description":"If enforceTimeValidity is set to true, the URL Filtering rule ceases to be valid on this end date and time."},"validityStartTime":{"type":"string","description":"If enforceTimeValidity is set to true, the URL Filtering rule is valid starting on this date and time."},"validityTimeZoneId":{"type":"string","description":"If enforceTimeValidity is set to true, the URL Filtering rule date and time is valid based on this time zone ID.\n\t\t\t\tUse IANA Format TimeZone. Visit https://nodatime.org/TimeZones for the complete IANA timezone list"},"workloadGroups":{"type":"array","items":{"$ref":"#/types/zia:index/URLFilteringRulesWorkloadGroup:URLFilteringRulesWorkloadGroup"},"description":"The list of preconfigured workload groups to which the policy must be applied"}},"type":"object"}},"zia:index/userManagement:UserManagement":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-url-filtering)\n* [API documentation](https://help.zscaler.com/zia/url-filtering-policy#/urlFilteringRules-post)\n\nThe **zia_user_management** resource allows the creation and management of local user account in the Zscaler Internet Access cloud. The user account resource can then be associated with several different types of resource within the ZIA tenant.\n\n## Example Usage\n\n```hcl\n\ndata \"zia_group_management\" \"normal_internet\" {\n name = \"Normal_Internet\"\n}\n\ndata \"zia_department_management\" \"engineering\" {\n name = \"Engineering\"\n}\n\n# ZIA Local User Account\n######### PASSWORDS IN THIS FILE ARE FAKE AND NOT USED IN PRODUCTION SYSTEMS #########\nresource \"zia_user_management\" \"john_ashcroft\" {\n name         = \"John Ashcroft\"\n email        = \"john.ashcroft@acme.com\"\n password     = \"*********************\"\n auth_methods = [\"BASIC\"]\n groups {\n  id = data.zia_group_management.normal_internet.id\n  }\n department {\n  id = data.zia_department_management.engineering.id\n  }\n}\n```\n\n## Optional\n\nThe following attributes are supported:\n\n* \u003cspan pulumi-lang-nodejs=\"`comments`\" pulumi-lang-dotnet=\"`Comments`\" pulumi-lang-go=\"`comments`\" pulumi-lang-python=\"`comments`\" pulumi-lang-yaml=\"`comments`\" pulumi-lang-java=\"`comments`\"\u003e`comments`\u003c/span\u003e - (Optional) Additional information about this user.\n* \u003cspan pulumi-lang-nodejs=\"`tempAuthEmail`\" pulumi-lang-dotnet=\"`TempAuthEmail`\" pulumi-lang-go=\"`tempAuthEmail`\" pulumi-lang-python=\"`temp_auth_email`\" pulumi-lang-yaml=\"`tempAuthEmail`\" pulumi-lang-java=\"`tempAuthEmail`\"\u003e`temp_auth_email`\u003c/span\u003e - (Optional) Temporary Authentication Email. If you enabled one-time tokens or links, enter the email address to which the Zscaler service sends the tokens or links. If this is empty, the service will send the email to the User email.\n* \u003cspan pulumi-lang-nodejs=\"`authMethods`\" pulumi-lang-dotnet=\"`AuthMethods`\" pulumi-lang-go=\"`authMethods`\" pulumi-lang-python=\"`auth_methods`\" pulumi-lang-yaml=\"`authMethods`\" pulumi-lang-java=\"`authMethods`\"\u003e`auth_methods`\u003c/span\u003e - (Optional) Type of authentication method to be enabled. Supported values is: ``BASIC``\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_user_management** can be imported by using `\u003cUSER_ID\u003e` or `\u003cUSERNAME\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/userManagement:UserManagement example \u003cuser_id\u003e\n```\n\nor\n\n```sh\n$ pulumi import zia:index/userManagement:UserManagement example \u003cname\u003e\n```\n\n⚠️ **NOTE :**:  This provider do not import the password attribute value during the importing process.\n\n","properties":{"authMethods":{"type":"array","items":{"type":"string"},"description":"Accepted Authentication Methods"},"comments":{"type":"string","description":"Additional information about this user."},"department":{"$ref":"#/types/zia:index/UserManagementDepartment:UserManagementDepartment","description":"Department a user belongs to\n"},"email":{"type":"string","description":"User email consists of a user name and domain name. It does not have to be a valid email address, but it must be unique and its domain must belong to the organization.\n"},"groups":{"$ref":"#/types/zia:index/UserManagementGroups:UserManagementGroups","description":"List of Groups a user belongs to. Groups are used in policies.\n"},"name":{"type":"string","description":"User name. This appears when choosing users for policies.\n"},"password":{"type":"string","description":"User's password. Applicable only when authentication type is Hosted DB. Password strength must follow what is defined in the auth settings.\n","secret":true},"tempAuthEmail":{"type":"string","description":"Temporary Authentication Email. If you enabled one-time tokens or links, enter the email address to which the Zscaler service sends the tokens or links. If this is empty, the service will send the email to the User email."},"userId":{"type":"integer"}},"required":["department","email","name","password","userId"],"inputProperties":{"authMethods":{"type":"array","items":{"type":"string"},"description":"Accepted Authentication Methods"},"comments":{"type":"string","description":"Additional information about this user."},"department":{"$ref":"#/types/zia:index/UserManagementDepartment:UserManagementDepartment","description":"Department a user belongs to\n"},"email":{"type":"string","description":"User email consists of a user name and domain name. It does not have to be a valid email address, but it must be unique and its domain must belong to the organization.\n"},"groups":{"$ref":"#/types/zia:index/UserManagementGroups:UserManagementGroups","description":"List of Groups a user belongs to. Groups are used in policies.\n"},"name":{"type":"string","description":"User name. This appears when choosing users for policies.\n"},"password":{"type":"string","description":"User's password. Applicable only when authentication type is Hosted DB. Password strength must follow what is defined in the auth settings.\n","secret":true},"tempAuthEmail":{"type":"string","description":"Temporary Authentication Email. If you enabled one-time tokens or links, enter the email address to which the Zscaler service sends the tokens or links. If this is empty, the service will send the email to the User email."}},"requiredInputs":["department","email","password"],"stateInputs":{"description":"Input properties used for looking up and filtering UserManagement resources.\n","properties":{"authMethods":{"type":"array","items":{"type":"string"},"description":"Accepted Authentication Methods"},"comments":{"type":"string","description":"Additional information about this user."},"department":{"$ref":"#/types/zia:index/UserManagementDepartment:UserManagementDepartment","description":"Department a user belongs to\n"},"email":{"type":"string","description":"User email consists of a user name and domain name. It does not have to be a valid email address, but it must be unique and its domain must belong to the organization.\n"},"groups":{"$ref":"#/types/zia:index/UserManagementGroups:UserManagementGroups","description":"List of Groups a user belongs to. Groups are used in policies.\n"},"name":{"type":"string","description":"User name. This appears when choosing users for policies.\n"},"password":{"type":"string","description":"User's password. Applicable only when authentication type is Hosted DB. Password strength must follow what is defined in the auth settings.\n","secret":true},"tempAuthEmail":{"type":"string","description":"Temporary Authentication Email. If you enabled one-time tokens or links, enter the email address to which the Zscaler service sends the tokens or links. If this is empty, the service will send the email to the User email."},"userId":{"type":"integer"}},"type":"object"}},"zia:index/virtualServiceEdgeCluster:VirtualServiceEdgeCluster":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-virtual-service-edge-clusters)\n* [API documentation](https://help.zscaler.com/zia/service-edges#/virtualZenClusters-get)\n\nUse the **zia_virtual_service_edge_cluster** resource allows the creation and management of Service Edge Cluster objects in the Zscaler Internet Access.\n\n## Example Usage\n\n```hcl\nresource \"zia_virtual_service_edge_cluster\" \"this\" {\n  name  = \"VSECluster01\"\n  status = \"ENABLED\"\n  type = \"VIP\"\n  ip_address = \"10.0.0.2\"\n  subnet_mask = \"255.255.255.0\"\n  default_gateway = \"10.0.0.3\"\n  ip_sec_enabled = true\n  virtual_zen_nodes {\n    id = [9368]\n  }\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_virtual_service_edge_cluster** can be imported by using `\u003cCLUSTER_ID\u003e` or `\u003cCLUSTER_NAME\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/virtualServiceEdgeCluster:VirtualServiceEdgeCluster example \u003ccluster_id\u003e\n```\n\nor\n\n```sh\n$ pulumi import zia:index/virtualServiceEdgeCluster:VirtualServiceEdgeCluster example \u003ccluster_name\u003e\n```\n\n","properties":{"clusterId":{"type":"integer"},"defaultGateway":{"type":"string","description":"The IP address of the default gateway to the internet\n"},"ipAddress":{"type":"string","description":"The Virtual Service Edge cluster IP address\n"},"ipSecEnabled":{"type":"boolean","description":"A Boolean value that specifies whether to terminate IPSec traffic from the client at selected Virtual Service Edge instances for the Virtual Service Edge cluster\n"},"name":{"type":"string","description":"Name of the Virtual Service Edge cluster\n"},"status":{"type":"string","description":"Specifies the status of the Virtual Service Edge cluster. The status is set to ENABLED by default\n"},"subnetMask":{"type":"string","description":"The Virtual Service Edge cluster subnet mask\n"},"type":{"type":"string","description":"The Virtual Service Edge cluster type. Supported values: `ANY`, `NONE`, `SME`, `SMSM`, `SMCA`, `SMUI`, `SMCDS`, `SMDNSD`, `SMAA`, `SMTP`, `SMQTN`, `VIP`, `UIZ`, `UIAE`, `SITEREVIEW`, `PAC`, `S_RELAY`, `M_RELAY`, `H_MON`, `SMIKE`, `NSS`, `SMEZA`, `SMLB`, `SMFCCLT`, `SMBA`, `SMBAC`, `SMESXI`, `SMBAUI`, `VZEN`, `ZSCMCLT`, `SMDLP`, `ZSQUERY`, `ADP`, `SMCDSDLP`, `SMSCIM`, `ZSAPI`, `ZSCMCDSSCLT`, `LOCAL_MTS`, `SVPN`, `SMCASB`, `SMFALCONUI`, `MOBILEAPP_REG`, `SMRESTSVR`, `FALCONCA`, `MOBILEAPP_NF`, `ZIRSVR`, `SMEDGEUI`, `ALERTEVAL`, `ALERTNOTIF`, `SMPARTNERUI`, `CQM`, `DATAKEEPER`, `SMBAM`, `ZWACLT`\n"},"virtualZenNodes":{"$ref":"#/types/zia:index/VirtualServiceEdgeClusterVirtualZenNodes:VirtualServiceEdgeClusterVirtualZenNodes","description":"List of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ECZPA forwarding method (used for Zscaler Cloud Connector)\n"}},"required":["clusterId","name"],"inputProperties":{"defaultGateway":{"type":"string","description":"The IP address of the default gateway to the internet\n"},"ipAddress":{"type":"string","description":"The Virtual Service Edge cluster IP address\n"},"ipSecEnabled":{"type":"boolean","description":"A Boolean value that specifies whether to terminate IPSec traffic from the client at selected Virtual Service Edge instances for the Virtual Service Edge cluster\n"},"name":{"type":"string","description":"Name of the Virtual Service Edge cluster\n"},"status":{"type":"string","description":"Specifies the status of the Virtual Service Edge cluster. The status is set to ENABLED by default\n"},"subnetMask":{"type":"string","description":"The Virtual Service Edge cluster subnet mask\n"},"type":{"type":"string","description":"The Virtual Service Edge cluster type. Supported values: `ANY`, `NONE`, `SME`, `SMSM`, `SMCA`, `SMUI`, `SMCDS`, `SMDNSD`, `SMAA`, `SMTP`, `SMQTN`, `VIP`, `UIZ`, `UIAE`, `SITEREVIEW`, `PAC`, `S_RELAY`, `M_RELAY`, `H_MON`, `SMIKE`, `NSS`, `SMEZA`, `SMLB`, `SMFCCLT`, `SMBA`, `SMBAC`, `SMESXI`, `SMBAUI`, `VZEN`, `ZSCMCLT`, `SMDLP`, `ZSQUERY`, `ADP`, `SMCDSDLP`, `SMSCIM`, `ZSAPI`, `ZSCMCDSSCLT`, `LOCAL_MTS`, `SVPN`, `SMCASB`, `SMFALCONUI`, `MOBILEAPP_REG`, `SMRESTSVR`, `FALCONCA`, `MOBILEAPP_NF`, `ZIRSVR`, `SMEDGEUI`, `ALERTEVAL`, `ALERTNOTIF`, `SMPARTNERUI`, `CQM`, `DATAKEEPER`, `SMBAM`, `ZWACLT`\n"},"virtualZenNodes":{"$ref":"#/types/zia:index/VirtualServiceEdgeClusterVirtualZenNodes:VirtualServiceEdgeClusterVirtualZenNodes","description":"List of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ECZPA forwarding method (used for Zscaler Cloud Connector)\n"}},"stateInputs":{"description":"Input properties used for looking up and filtering VirtualServiceEdgeCluster resources.\n","properties":{"clusterId":{"type":"integer"},"defaultGateway":{"type":"string","description":"The IP address of the default gateway to the internet\n"},"ipAddress":{"type":"string","description":"The Virtual Service Edge cluster IP address\n"},"ipSecEnabled":{"type":"boolean","description":"A Boolean value that specifies whether to terminate IPSec traffic from the client at selected Virtual Service Edge instances for the Virtual Service Edge cluster\n"},"name":{"type":"string","description":"Name of the Virtual Service Edge cluster\n"},"status":{"type":"string","description":"Specifies the status of the Virtual Service Edge cluster. The status is set to ENABLED by default\n"},"subnetMask":{"type":"string","description":"The Virtual Service Edge cluster subnet mask\n"},"type":{"type":"string","description":"The Virtual Service Edge cluster type. Supported values: `ANY`, `NONE`, `SME`, `SMSM`, `SMCA`, `SMUI`, `SMCDS`, `SMDNSD`, `SMAA`, `SMTP`, `SMQTN`, `VIP`, `UIZ`, `UIAE`, `SITEREVIEW`, `PAC`, `S_RELAY`, `M_RELAY`, `H_MON`, `SMIKE`, `NSS`, `SMEZA`, `SMLB`, `SMFCCLT`, `SMBA`, `SMBAC`, `SMESXI`, `SMBAUI`, `VZEN`, `ZSCMCLT`, `SMDLP`, `ZSQUERY`, `ADP`, `SMCDSDLP`, `SMSCIM`, `ZSAPI`, `ZSCMCDSSCLT`, `LOCAL_MTS`, `SVPN`, `SMCASB`, `SMFALCONUI`, `MOBILEAPP_REG`, `SMRESTSVR`, `FALCONCA`, `MOBILEAPP_NF`, `ZIRSVR`, `SMEDGEUI`, `ALERTEVAL`, `ALERTNOTIF`, `SMPARTNERUI`, `CQM`, `DATAKEEPER`, `SMBAM`, `ZWACLT`\n"},"virtualZenNodes":{"$ref":"#/types/zia:index/VirtualServiceEdgeClusterVirtualZenNodes:VirtualServiceEdgeClusterVirtualZenNodes","description":"List of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ECZPA forwarding method (used for Zscaler Cloud Connector)\n"}},"type":"object"}},"zia:index/virtualServiceEdgeNode:VirtualServiceEdgeNode":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-virtual-service-edges)\n* [API documentation](https://help.zscaler.com/zia/service-edges#/virtualZenNodes-post)\n\nUse the **zia_virtual_service_edge_node** resource allows the creation and management of Service Edge Node objects in the Zscaler Internet Access.\nThis resource can then be referenced within a \u003cspan pulumi-lang-nodejs=\"`zia.VirtualServiceEdgeCluster`\" pulumi-lang-dotnet=\"`zia.VirtualServiceEdgeCluster`\" pulumi-lang-go=\"`VirtualServiceEdgeCluster`\" pulumi-lang-python=\"`VirtualServiceEdgeCluster`\" pulumi-lang-yaml=\"`zia.VirtualServiceEdgeCluster`\" pulumi-lang-java=\"`zia.VirtualServiceEdgeCluster`\"\u003e`zia.VirtualServiceEdgeCluster`\u003c/span\u003e resource to create a cluster of Virtual Service Edge nodes.\n\n## Example Usage\n\n```hcl\nresource \"zia_virtual_service_edge_node\" \"this\" {\n  name                              = \"VSENode01\"\n  status                            = \"ENABLED\"\n  type                              = \"VZEN\"\n  ip_address                        = \"10.0.0.10\"\n  subnet_mask                       = \"255.255.255.0\"\n  default_gateway                   = \"10.0.0.1\"\n  zgateway_id                       = 12345\n  in_production                     = true\n  load_balancer_ip_address          = \"10.0.0.20\"\n  deployment_mode                   = \"STANDALONE\"\n  vzen_sku_type                     = \"MEDIUM\"\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_virtual_service_edge_node** can be imported by using `\u003cNODE_ID\u003e` or `\u003cNODE_NAME\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/virtualServiceEdgeNode:VirtualServiceEdgeNode example \u003cnode_id\u003e\n```\n\nor\n\n```sh\n$ pulumi import zia:index/virtualServiceEdgeNode:VirtualServiceEdgeNode example \u003cnode_name\u003e\n```\n\n","properties":{"clusterName":{"type":"string","description":"Virtual Service Edge cluster name"},"defaultGateway":{"type":"string","description":"The IP address of the default gateway to the internet. **Note**: Only IPv4 addresses are supported\n"},"deploymentMode":{"type":"string","description":"Specifies the deployment mode. Select either `STANDALONE` or `CLUSTER` if you have the VMware ESXi platform. Otherwise, select only STANDALONE\n"},"establishSupportTunnelEnabled":{"type":"boolean","description":"A Boolean value that indicates whether or not a support tunnel for Zscaler Support is enabled\n"},"inProduction":{"type":"boolean","description":"Represents the Virtual Service Edge instances deployed for production purposes\n"},"ipAddress":{"type":"string","description":"The Virtual Service Edge cluster IP address. **Note**: Only IPv4 addresses are supported\n"},"ipSecEnabled":{"type":"boolean","description":"A Boolean value that specifies whether to terminate IPSec traffic from the client at selected Virtual Service Edge instances for the Virtual Service Edge cluster\n"},"loadBalancerIpAddress":{"type":"string","description":"The IP address of the load balancer. This field is applicable only when the 'deploymentMode' field is set to `CLUSTER`. **Note**: Only IPv4 addresses are supported\n"},"name":{"type":"string","description":"Name of the Virtual Service Edge node\n"},"nodeId":{"type":"integer"},"onDemandSupportTunnelEnabled":{"type":"boolean","description":"A Boolean value that indicates whether or not the On-Demand Support Tunnel is enabled\n"},"status":{"type":"string","description":"Specifies the status of the Virtual Service Edge cluster. The status is set to ENABLED by default\n"},"subnetMask":{"type":"string","description":"The Virtual Service Edge cluster subnet mask i.e `255.255.255.0`\n"},"type":{"type":"string","description":"The Virtual Service Edge cluster type. For the complete list of supported types refer to the  [ZIA API documentation](https://help.zscaler.com/zia/service-edges#/virtualZenNodes-post).\n"},"vzenSkuType":{"type":"string","description":"The Virtual Service Edge SKU type. Supported Values: `SMALL`, `MEDIUM`, `LARGE`\n"}},"required":["name","nodeId"],"inputProperties":{"clusterName":{"type":"string","description":"Virtual Service Edge cluster name"},"defaultGateway":{"type":"string","description":"The IP address of the default gateway to the internet. **Note**: Only IPv4 addresses are supported\n"},"deploymentMode":{"type":"string","description":"Specifies the deployment mode. Select either `STANDALONE` or `CLUSTER` if you have the VMware ESXi platform. Otherwise, select only STANDALONE\n"},"establishSupportTunnelEnabled":{"type":"boolean","description":"A Boolean value that indicates whether or not a support tunnel for Zscaler Support is enabled\n"},"inProduction":{"type":"boolean","description":"Represents the Virtual Service Edge instances deployed for production purposes\n"},"ipAddress":{"type":"string","description":"The Virtual Service Edge cluster IP address. **Note**: Only IPv4 addresses are supported\n"},"ipSecEnabled":{"type":"boolean","description":"A Boolean value that specifies whether to terminate IPSec traffic from the client at selected Virtual Service Edge instances for the Virtual Service Edge cluster\n"},"loadBalancerIpAddress":{"type":"string","description":"The IP address of the load balancer. This field is applicable only when the 'deploymentMode' field is set to `CLUSTER`. **Note**: Only IPv4 addresses are supported\n"},"name":{"type":"string","description":"Name of the Virtual Service Edge node\n"},"onDemandSupportTunnelEnabled":{"type":"boolean","description":"A Boolean value that indicates whether or not the On-Demand Support Tunnel is enabled\n"},"status":{"type":"string","description":"Specifies the status of the Virtual Service Edge cluster. The status is set to ENABLED by default\n"},"subnetMask":{"type":"string","description":"The Virtual Service Edge cluster subnet mask i.e `255.255.255.0`\n"},"type":{"type":"string","description":"The Virtual Service Edge cluster type. For the complete list of supported types refer to the  [ZIA API documentation](https://help.zscaler.com/zia/service-edges#/virtualZenNodes-post).\n"},"vzenSkuType":{"type":"string","description":"The Virtual Service Edge SKU type. Supported Values: `SMALL`, `MEDIUM`, `LARGE`\n"}},"stateInputs":{"description":"Input properties used for looking up and filtering VirtualServiceEdgeNode resources.\n","properties":{"clusterName":{"type":"string","description":"Virtual Service Edge cluster name"},"defaultGateway":{"type":"string","description":"The IP address of the default gateway to the internet. **Note**: Only IPv4 addresses are supported\n"},"deploymentMode":{"type":"string","description":"Specifies the deployment mode. Select either `STANDALONE` or `CLUSTER` if you have the VMware ESXi platform. Otherwise, select only STANDALONE\n"},"establishSupportTunnelEnabled":{"type":"boolean","description":"A Boolean value that indicates whether or not a support tunnel for Zscaler Support is enabled\n"},"inProduction":{"type":"boolean","description":"Represents the Virtual Service Edge instances deployed for production purposes\n"},"ipAddress":{"type":"string","description":"The Virtual Service Edge cluster IP address. **Note**: Only IPv4 addresses are supported\n"},"ipSecEnabled":{"type":"boolean","description":"A Boolean value that specifies whether to terminate IPSec traffic from the client at selected Virtual Service Edge instances for the Virtual Service Edge cluster\n"},"loadBalancerIpAddress":{"type":"string","description":"The IP address of the load balancer. This field is applicable only when the 'deploymentMode' field is set to `CLUSTER`. **Note**: Only IPv4 addresses are supported\n"},"name":{"type":"string","description":"Name of the Virtual Service Edge node\n"},"nodeId":{"type":"integer"},"onDemandSupportTunnelEnabled":{"type":"boolean","description":"A Boolean value that indicates whether or not the On-Demand Support Tunnel is enabled\n"},"status":{"type":"string","description":"Specifies the status of the Virtual Service Edge cluster. The status is set to ENABLED by default\n"},"subnetMask":{"type":"string","description":"The Virtual Service Edge cluster subnet mask i.e `255.255.255.0`\n"},"type":{"type":"string","description":"The Virtual Service Edge cluster type. For the complete list of supported types refer to the  [ZIA API documentation](https://help.zscaler.com/zia/service-edges#/virtualZenNodes-post).\n"},"vzenSkuType":{"type":"string","description":"The Virtual Service Edge SKU type. Supported Values: `SMALL`, `MEDIUM`, `LARGE`\n"}},"type":"object"}},"zia:index/workloadGroups:WorkloadGroups":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-workload-groups)\n* [API documentation](https://help.zscaler.com/zia/workload-groups#/workloadGroups-get)\n\nUse the **zia_workload_groups** resource allows the creation and management of Workload Group objects in the Zscaler Internet Access. This resource can then be used as a criterion in ZIA policies such as, Firewall Filtering, URL Filtering, and Data Loss Prevention (DLP) to apply security policies to the workload traffic.\n\n## Example Usage\n\n```hcl\nresource \"zia_workload_groups\" \"example\" {\n  name = \"Test Group\"\n  description = \"Test Group\"\n\n  expression_json {\n    expression_containers {\n      tag_type = \"ATTR\"\n      operator = \"AND\"\n\n      tag_container {\n        operator = \"AND\"\n\n        tags {\n          key   = \"GroupName\"\n          value = \"example\"\n        }\n      }\n    }\n\n    expression_containers {\n      tag_type = \"ENI\"\n      operator = \"AND\"\n\n      tag_container {\n        operator = \"AND\"\n\n        tags {\n          key   = \"GroupId\"\n          value = \"123456789\"\n        }\n      }\n    }\n\n    expression_containers {\n      tag_type = \"VPC\"\n      operator = \"AND\"\n\n      tag_container {\n        operator = \"AND\"\n\n        tags {\n          key   = \"Vpc-id\"\n          value = \"vpcid12344\"\n        }\n      }\n    }\n\n    expression_containers {\n      tag_type = \"VM\"\n      operator = \"AND\"\n\n      tag_container {\n        operator = \"AND\"\n\n        tags {\n          key   = \"IamInstanceProfile-Arn\"\n          value = \"test01\"\n        }\n      }\n    }\n  }\n}\n```\n\n## Import\n\nZscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.\nVisit\n\n**zia_workload_groups** can be imported by using `\u003cGROUP_ID\u003e` or `\u003cGROUP_NAME\u003e` as the import ID.\n\nFor example:\n\n```sh\n$ pulumi import zia:index/workloadGroups:WorkloadGroups example \u003cgroup_id\u003e\n```\n\nor\n\n```sh\n$ pulumi import zia:index/workloadGroups:WorkloadGroups example \u003cgroup_name\u003e\n```\n\n","properties":{"description":{"type":"string","description":"(String) The description of the workload group.\n"},"expressionJsons":{"type":"array","items":{"$ref":"#/types/zia:index/WorkloadGroupsExpressionJson:WorkloadGroupsExpressionJson"},"description":"(List) The workload group expression containing tag types, tags, and their relationships represented in a JSON format.\n"},"groupId":{"type":"integer","description":"(Number) A unique identifier assigned to the workload group.\n"},"name":{"type":"string","description":"(String) The name of the workload group.\n"}},"required":["groupId","name"],"inputProperties":{"description":{"type":"string","description":"(String) The description of the workload group.\n"},"expressionJsons":{"type":"array","items":{"$ref":"#/types/zia:index/WorkloadGroupsExpressionJson:WorkloadGroupsExpressionJson"},"description":"(List) The workload group expression containing tag types, tags, and their relationships represented in a JSON format.\n"},"name":{"type":"string","description":"(String) The name of the workload group.\n"}},"stateInputs":{"description":"Input properties used for looking up and filtering WorkloadGroups resources.\n","properties":{"description":{"type":"string","description":"(String) The description of the workload group.\n"},"expressionJsons":{"type":"array","items":{"$ref":"#/types/zia:index/WorkloadGroupsExpressionJson:WorkloadGroupsExpressionJson"},"description":"(List) The workload group expression containing tag types, tags, and their relationships represented in a JSON format.\n"},"groupId":{"type":"integer","description":"(Number) A unique identifier assigned to the workload group.\n"},"name":{"type":"string","description":"(String) The name of the workload group.\n"}},"type":"object"}}},"functions":{"pulumi:providers:zia/terraformConfig":{"description":"This function returns a Terraform config object with terraform-namecased keys,to be used with the Terraform Module Provider.","inputs":{"properties":{"__self__":{"type":"ref","$ref":"#/provider"}},"type":"pulumi:providers:zia/terraformConfig","required":["__self__"]},"outputs":{"properties":{"result":{"additionalProperties":{"$ref":"pulumi.json#/Any"},"type":"object"}},"required":["result"],"type":"object"}},"zia:index/getATPMaliciousURLs:getATPMaliciousURLs":{"description":"* [Official documentation](https://help.zscaler.com/zia/configuring-advanced-threat-protection-policy)\n* [API documentation](https://help.zscaler.com/zia/advanced-threat-protection-policy#/)\n\nUse the **zia_atp_malicious_urls** data source to Retrieves the malicious URLs added to the denylist in the Advanced Threat Protection (ATP) policy. To learn more see [Advanced Threat Protection](https://help.zscaler.com/unified/configuring-security-exceptions-advanced-threat-protection-policy)\n\n## Example Usage\n\n```hcl\ndata \"zia_atp_malicious_urls\" \"this\" {}\n```\n","outputs":{"description":"A collection of values returned by getATPMaliciousURLs.\n","properties":{"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"maliciousUrls":{"items":{"type":"string"},"type":"array"}},"required":["maliciousUrls","id"],"type":"object"}},"zia:index/getATPSecurityExceptions:getATPSecurityExceptions":{"description":"Use the **zia_atp_security_exceptions** data source to retrieve information about the security exceptions configured for the ATP policy. To learn more see [Advanced Threat Protection](https://help.zscaler.com/unified/configuring-security-exceptions-advanced-threat-protection-policy)\n\n## Example Usage\n\n```hcl\ndata \"zia_atp_security_exceptions\" \"this\" {}\n```\n","outputs":{"description":"A collection of values returned by getATPSecurityExceptions.\n","properties":{"bypassUrls":{"items":{"type":"string"},"type":"array"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"}},"required":["bypassUrls","id"],"type":"object"}},"zia:index/getActivationStatus:getActivationStatus":{"description":"* [Official documentation](https://help.zscaler.com/zia/saving-and-activating-changes-zia-admin-portal)\n* [API documentation](https://help.zscaler.com/zia/activation#/status-get)\n\nThe **zia_activation_status** data source allows to get information about the activation status of ZIA configurations.\n\n\u003e As of right now, Terraform does not provide native support for commits or post-activation configuration, so configuration and policy activations are handled out-of-band. In order to handle the activation as part of the provider, a separate source code have been developed to generate a CLI binary.\n\n## Example Usage\n\n```hcl\ndata \"zia_activation_status\" \"activation\" {}\n\n```\n","outputs":{"description":"A collection of values returned by getActivationStatus.\n","properties":{"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"status":{"type":"string"}},"required":["status","id"],"type":"object"}},"zia:index/getAdminRoles:getAdminRoles":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-role-management)\n* [API documentation](https://help.zscaler.com/zia/admin-role-management#/adminRoles-get)\n\nUse the **zia_admin_roles** data source to get information about an admin role created in the Zscaler Internet Access cloud or via the API. This data source can then be associated with a ZIA administrator account.\n\n## Example Usage\n\n```hcl\n# ZIA Admin Roles Data Source\ndata \"zia_admin_roles\" \"example\" {\n  name = \"Super Admin\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getAdminRoles.\n","properties":{"id":{"type":"integer","description":"The ID of the admin role to be exported.\n"},"name":{"type":"string","description":"The name of the Admin role to be exported.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getAdminRoles.\n","properties":{"adminAcctAccess":{"description":"(String)\n","type":"string"},"alertingAccess":{"type":"string"},"analysisAccess":{"description":"(String)\n","type":"string"},"dashboardAccess":{"description":"(String) Dashboard access permission. Supported values are: `NONE`, `READ_ONLY`\n","type":"string"},"deviceInfoAccess":{"type":"string"},"extFeaturePermissions":{"additionalProperties":{"type":"string"},"type":"object"},"featurePermissions":{"additionalProperties":{"type":"string"},"type":"object"},"id":{"type":"integer"},"isAuditor":{"description":"(Boolean) Indicates whether this is an auditor role.\n","type":"boolean"},"isNonEditable":{"description":"(Boolean) Indicates whether or not this admin user is editable/deletable.\n","type":"boolean"},"logsLimit":{"description":"(String) Log range limit. Returned values are: `UNRESTRICTED`, `MONTH_1`, `MONTH_2`, `MONTH_3`, `MONTH_4`, `MONTH_5`, `MONTH_6`\n","type":"string"},"name":{"type":"string"},"permissions":{"description":"(List of String) List of functional areas to which this role has access. This attribute is subject to change.\n","items":{"type":"string"},"type":"array"},"policyAccess":{"description":"(String) Policy access permission. Returned values are: `NONE`, `READ_ONLY`,`READ_WRITE`\n","type":"string"},"rank":{"description":"(Number) Admin rank of this admin role. This is applicable only when admin rank is enabled in the advanced settings. Default value is 7 (the lowest rank). The assigned admin rank determines the roles or admin users this user can manage, and which rule orders this admin can access.\n","type":"integer"},"reportAccess":{"description":"(String) Report access permission. Returned values are: `NONE`, `READ_ONLY`,`READ_WRITE`\n","type":"string"},"reportTimeDuration":{"type":"integer"},"roleType":{"description":"(String) The admin role type. ()This attribute is subject to change.) Supported values are:  `ORG_ADMIN`, `EXEC_INSIGHT`, `EXEC_INSIGHT_AND_ORG_ADMIN`, `SDWAN`\n","type":"string"},"usernameAccess":{"description":"(String) Username access permission. When set to NONE, the username will be obfuscated. Supported values are: `NONE|READ_ONLY`\n","type":"string"}},"required":["adminAcctAccess","alertingAccess","analysisAccess","dashboardAccess","deviceInfoAccess","extFeaturePermissions","featurePermissions","id","isAuditor","isNonEditable","logsLimit","permissions","policyAccess","rank","reportAccess","reportTimeDuration","roleType","usernameAccess"],"type":"object"}},"zia:index/getAdminUsers:getAdminUsers":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-administrators)\n* [API documentation](https://help.zscaler.com/zia/admin-role-management#/adminUsers-get)\n\nUse the **zia_admin_users** data source to get information about an admin user account created in the Zscaler Internet Access cloud or via the API. This data source can then be associated with a ZIA administrator role.\n\n## Example Usage\n\n```hcl\n# ZIA Admin User Data Source by login_name\ndata \"zia_admin_users\" \"john_doe\" {\n  login_name = \"john.doe@example.com\"\n}\n```\n\n```hcl\n# ZIA Admin User Data Source by username\ndata \"zia_admin_users\" \"john_doe\" {\n  username = \"John Doe\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getAdminUsers.\n","properties":{"id":{"type":"integer","description":"The ID of the admin user to be exported.\n"},"loginName":{"type":"string","description":"The email address of the admin user to be exported.\n"},"username":{"type":"string","description":"The username of the admin user to be exported.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getAdminUsers.\n","properties":{"adminScopes":{"description":"(Set of Object) The admin's scope. Only applicable for the LOCATION_GROUP admin scope type, in which case this attribute gives the list of ID/name pairs of locations within the location group.\n","items":{"$ref":"#/types/zia:index/getAdminUsersAdminScope:getAdminUsersAdminScope"},"type":"array"},"comments":{"description":"(String) Additional information about the admin or auditor.\n","type":"string"},"disabled":{"description":"(Boolean) Indicates whether or not the admin account is disabled.\n","type":"boolean"},"email":{"description":"(String) Admin or auditor's email address.\n","type":"string"},"execMobileAppTokens":{"description":"(List of Object)\n","items":{"$ref":"#/types/zia:index/getAdminUsersExecMobileAppToken:getAdminUsersExecMobileAppToken"},"type":"array"},"id":{"description":"(Number) Identifier that uniquely identifies an entity\n","type":"integer"},"isAuditor":{"description":"(Boolean) Indicates whether the user is an auditor. This attribute is subject to change.\n","type":"boolean"},"isExecMobileAppEnabled":{"description":"(Boolean) Indicates whether or not Executive Insights App access is enabled for the admin.\n","type":"boolean"},"isNonEditable":{"description":"(Boolean) Indicates whether or not the admin can be edited or deleted.\n","type":"boolean"},"isPasswordExpired":{"description":"(Boolean) Indicates whether or not an admin's password has expired.\n","type":"boolean"},"isPasswordLoginAllowed":{"description":"(Boolean) The default is true when SAML Authentication is disabled. When SAML Authentication is enabled, this can be set to false in order to force the admin to login via SSO only.\n","type":"boolean"},"isProductUpdateCommEnabled":{"description":"(Boolean) Communication setting for Product Update.\n","type":"boolean"},"isSecurityReportCommEnabled":{"description":"(Boolean) Communication for Security Report is enabled.\n","type":"boolean"},"isServiceUpdateCommEnabled":{"description":"(Boolean) Communication setting for Service Update.\n","type":"boolean"},"loginName":{"type":"string"},"pwdLastModifiedTime":{"type":"integer"},"roles":{"description":"(Set of Object) Role of the admin. This is not required for an auditor.\n","items":{"$ref":"#/types/zia:index/getAdminUsersRole:getAdminUsersRole"},"type":"array"},"username":{"type":"string"}},"required":["adminScopes","comments","disabled","email","execMobileAppTokens","id","isAuditor","isExecMobileAppEnabled","isNonEditable","isPasswordExpired","isPasswordLoginAllowed","isProductUpdateCommEnabled","isSecurityReportCommEnabled","isServiceUpdateCommEnabled","loginName","pwdLastModifiedTime","roles","username"],"type":"object"}},"zia:index/getAdvancedSettings:getAdvancedSettings":{"description":"* [Official documentation](https://help.zscaler.com/zia/configuring-advanced-settings)\n* [API documentation](https://help.zscaler.com/zia/advanced-settings#/advancedSettings-get)\n\nThe **zia_advanced_settings** Retrieves information about the advanced settings configured in the ZIA Admin Portal. To learn more see [Configuring Advanced Settings](https://help.zscaler.com/zia/configuring-advanced-settings)\n\n## Example Usage\n\n```hcl\ndata \"zia_advanced_settings\" \"this\" {}\n```\n","outputs":{"description":"A collection of values returned by getAdvancedSettings.\n","properties":{"authBypassApps":{"items":{"type":"string"},"type":"array"},"authBypassUrlCategories":{"items":{"type":"string"},"type":"array"},"authBypassUrls":{"items":{"type":"string"},"type":"array"},"basicBypassApps":{"items":{"type":"string"},"type":"array"},"basicBypassUrlCategories":{"items":{"type":"string"},"type":"array"},"blockConnectHostSniMismatch":{"type":"boolean"},"blockDomainFrontingApps":{"items":{"type":"string"},"type":"array"},"blockDomainFrontingOnHostHeader":{"type":"boolean"},"blockHttpTunnelOnNonHttpPorts":{"type":"boolean"},"blockNonCompliantHttpRequestOnHttpPorts":{"type":"boolean"},"blockNonHttpOnHttpPortEnabled":{"type":"boolean"},"cascadeUrlFiltering":{"type":"boolean"},"digestAuthBypassApps":{"items":{"type":"string"},"type":"array"},"digestAuthBypassUrlCategories":{"items":{"type":"string"},"type":"array"},"digestAuthBypassUrls":{"items":{"type":"string"},"type":"array"},"dnsResolutionOnTransparentProxyApps":{"items":{"type":"string"},"type":"array"},"dnsResolutionOnTransparentProxyExemptApps":{"items":{"type":"string"},"type":"array"},"dnsResolutionOnTransparentProxyExemptUrlCategories":{"items":{"type":"string"},"type":"array"},"dnsResolutionOnTransparentProxyExemptUrls":{"items":{"type":"string"},"type":"array"},"dnsResolutionOnTransparentProxyIpv6Apps":{"items":{"type":"string"},"type":"array"},"dnsResolutionOnTransparentProxyIpv6ExemptApps":{"items":{"type":"string"},"type":"array"},"dnsResolutionOnTransparentProxyIpv6ExemptUrlCategories":{"items":{"type":"string"},"type":"array"},"dnsResolutionOnTransparentProxyIpv6UrlCategories":{"items":{"type":"string"},"type":"array"},"dnsResolutionOnTransparentProxyUrlCategories":{"items":{"type":"string"},"type":"array"},"dnsResolutionOnTransparentProxyUrls":{"items":{"type":"string"},"type":"array"},"domainFrontingBypassUrlCategories":{"items":{"type":"string"},"type":"array"},"dynamicUserRiskEnabled":{"type":"boolean"},"ecsForAllEnabled":{"type":"boolean"},"enableAdminRankAccess":{"type":"boolean"},"enableDnsResolutionOnTransparentProxy":{"type":"boolean"},"enableEvaluatePolicyOnGlobalSslBypass":{"type":"boolean"},"enableIpv6DnsOptimizationOnAllTransparentProxy":{"type":"boolean"},"enableIpv6DnsResolutionOnTransparentProxy":{"type":"boolean"},"enableOffice365":{"type":"boolean"},"enablePolicyForUnauthenticatedTraffic":{"type":"boolean"},"enforceSurrogateIpForWindowsApp":{"type":"boolean"},"http2NonbrowserTrafficEnabled":{"type":"boolean"},"httpRangeHeaderRemoveUrlCategories":{"items":{"type":"string"},"type":"array"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"kerberosBypassApps":{"items":{"type":"string"},"type":"array"},"kerberosBypassUrlCategories":{"items":{"type":"string"},"type":"array"},"kerberosBypassUrls":{"items":{"type":"string"},"type":"array"},"logInternalIp":{"type":"boolean"},"preferSniOverConnHost":{"type":"boolean"},"preferSniOverConnHostApps":{"items":{"type":"string"},"type":"array"},"sipaXffHeaderEnabled":{"type":"boolean"},"sniDnsOptimizationBypassUrlCategories":{"items":{"type":"string"},"type":"array"},"trackHttpTunnelOnHttpPorts":{"type":"boolean"},"uiSessionTimeout":{"type":"integer"},"zscalerClientConnector1AndPacRoadWarriorInFirewall":{"type":"boolean"}},"required":["authBypassApps","authBypassUrlCategories","authBypassUrls","basicBypassApps","basicBypassUrlCategories","blockConnectHostSniMismatch","blockDomainFrontingApps","blockDomainFrontingOnHostHeader","blockHttpTunnelOnNonHttpPorts","blockNonCompliantHttpRequestOnHttpPorts","blockNonHttpOnHttpPortEnabled","cascadeUrlFiltering","digestAuthBypassApps","digestAuthBypassUrlCategories","digestAuthBypassUrls","dnsResolutionOnTransparentProxyApps","dnsResolutionOnTransparentProxyExemptApps","dnsResolutionOnTransparentProxyExemptUrlCategories","dnsResolutionOnTransparentProxyExemptUrls","dnsResolutionOnTransparentProxyIpv6Apps","dnsResolutionOnTransparentProxyIpv6ExemptApps","dnsResolutionOnTransparentProxyIpv6ExemptUrlCategories","dnsResolutionOnTransparentProxyIpv6UrlCategories","dnsResolutionOnTransparentProxyUrlCategories","dnsResolutionOnTransparentProxyUrls","domainFrontingBypassUrlCategories","dynamicUserRiskEnabled","ecsForAllEnabled","enableAdminRankAccess","enableDnsResolutionOnTransparentProxy","enableEvaluatePolicyOnGlobalSslBypass","enableIpv6DnsOptimizationOnAllTransparentProxy","enableIpv6DnsResolutionOnTransparentProxy","enableOffice365","enablePolicyForUnauthenticatedTraffic","enforceSurrogateIpForWindowsApp","http2NonbrowserTrafficEnabled","httpRangeHeaderRemoveUrlCategories","kerberosBypassApps","kerberosBypassUrlCategories","kerberosBypassUrls","logInternalIp","preferSniOverConnHost","preferSniOverConnHostApps","sipaXffHeaderEnabled","sniDnsOptimizationBypassUrlCategories","trackHttpTunnelOnHttpPorts","uiSessionTimeout","zscalerClientConnector1AndPacRoadWarriorInFirewall","id"],"type":"object"}},"zia:index/getAdvancedThreatSettings:getAdvancedThreatSettings":{"description":"* [Official documentation](https://help.zscaler.com/zia/configuring-advanced-threat-protection-policy)\n* [API documentation](https://help.zscaler.com/zia/advanced-threat-protection-policy#/)\n\nUse the **zia_advanced_threat_settings** data source to retrieve the advanced threat configuration settings in the ZIA Admin Portal. To learn more see [Advanced Threat Protection](https://help.zscaler.com/unified/configuring-security-exceptions-advanced-threat-protection-policy)\n\n## Example Usage\n\n```hcl\ndata \"zia_advanced_threat_settings\" \"this\" {}\n```\n","outputs":{"description":"A collection of values returned by getAdvancedThreatSettings.\n","properties":{"activexBlocked":{"type":"boolean"},"activexCapture":{"type":"boolean"},"adSpywareSitesBlocked":{"type":"boolean"},"adSpywareSitesCapture":{"type":"boolean"},"alertForUnknownSuspiciousC2Traffic":{"type":"boolean"},"anonymizerBlocked":{"type":"boolean"},"anonymizerCapture":{"type":"boolean"},"bitTorrentBlocked":{"type":"boolean"},"bitTorrentCapture":{"type":"boolean"},"blockCountriesCapture":{"type":"boolean"},"blockedCountries":{"items":{"type":"string"},"type":"array"},"browserExploitsBlocked":{"type":"boolean"},"browserExploitsCapture":{"type":"boolean"},"cmdCtlServerBlocked":{"type":"boolean"},"cmdCtlServerCapture":{"type":"boolean"},"cmdCtlTrafficBlocked":{"type":"boolean"},"cmdCtlTrafficCapture":{"type":"boolean"},"cookieStealingBlocked":{"type":"boolean"},"cookieStealingPcapEnabled":{"type":"boolean"},"cryptoMiningBlocked":{"type":"boolean"},"cryptoMiningCapture":{"type":"boolean"},"dgaDomainsBlocked":{"type":"boolean"},"dgaDomainsCapture":{"type":"boolean"},"fileFormatVunerabilitesBlocked":{"type":"boolean"},"fileFormatVunerabilitesCapture":{"type":"boolean"},"googleTalkBlocked":{"type":"boolean"},"googleTalkCapture":{"type":"boolean"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"ircTunnellingBlocked":{"type":"boolean"},"ircTunnellingCapture":{"type":"boolean"},"knownPhishingSitesBlocked":{"type":"boolean"},"knownPhishingSitesCapture":{"type":"boolean"},"maliciousUrlsCapture":{"type":"boolean"},"malwareSitesBlocked":{"type":"boolean"},"malwareSitesCapture":{"type":"boolean"},"potentialMaliciousRequestsBlocked":{"type":"boolean"},"potentialMaliciousRequestsCapture":{"type":"boolean"},"riskTolerance":{"type":"integer"},"riskToleranceCapture":{"type":"boolean"},"sshTunnellingBlocked":{"type":"boolean"},"sshTunnellingCapture":{"type":"boolean"},"suspectAdwareSpywareSitesBlocked":{"type":"boolean"},"suspectAdwareSpywareSitesCapture":{"type":"boolean"},"suspectedPhishingSitesBlocked":{"type":"boolean"},"suspectedPhishingSitesCapture":{"type":"boolean"},"torBlocked":{"type":"boolean"},"torCapture":{"type":"boolean"},"webSpamBlocked":{"type":"boolean"},"webSpamCapture":{"type":"boolean"}},"required":["activexBlocked","activexCapture","adSpywareSitesBlocked","adSpywareSitesCapture","alertForUnknownSuspiciousC2Traffic","anonymizerBlocked","anonymizerCapture","bitTorrentBlocked","bitTorrentCapture","blockCountriesCapture","blockedCountries","browserExploitsBlocked","browserExploitsCapture","cmdCtlServerBlocked","cmdCtlServerCapture","cmdCtlTrafficBlocked","cmdCtlTrafficCapture","cookieStealingBlocked","cookieStealingPcapEnabled","cryptoMiningBlocked","cryptoMiningCapture","dgaDomainsBlocked","dgaDomainsCapture","fileFormatVunerabilitesBlocked","fileFormatVunerabilitesCapture","googleTalkBlocked","googleTalkCapture","ircTunnellingBlocked","ircTunnellingCapture","knownPhishingSitesBlocked","knownPhishingSitesCapture","maliciousUrlsCapture","malwareSitesBlocked","malwareSitesCapture","potentialMaliciousRequestsBlocked","potentialMaliciousRequestsCapture","riskTolerance","riskToleranceCapture","sshTunnellingBlocked","sshTunnellingCapture","suspectAdwareSpywareSitesBlocked","suspectAdwareSpywareSitesCapture","suspectedPhishingSitesBlocked","suspectedPhishingSitesCapture","torBlocked","torCapture","webSpamBlocked","webSpamCapture","id"],"type":"object"}},"zia:index/getAuthSettingsURLs:getAuthSettingsURLs":{"description":"* [Official documentation](https://help.zscaler.com/zia/url-format-guidelines)\n* [API documentation](https://help.zscaler.com/zia/user-authentication-settings#/authSettings/exemptedUrls-get)\n\nUse the **zia_auth_settings_urls** data source to get a list of URLs that were exempted from cookie authentiation and SSL Inspection in the Zscaler Internet Access cloud or via the API. To learn more see [URL Format Guidelines](https://help.zscaler.com/zia/url-format-guidelines)\n\n## Example Usage\n\n```hcl\n# ZIA User Auth Settings Data Source\ndata \"zia_auth_settings_urls\" \"foo\" {}\n```\n","outputs":{"description":"A collection of values returned by getAuthSettingsURLs.\n","properties":{"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"urls":{"items":{"type":"string"},"type":"array"}},"required":["urls","id"],"type":"object"}},"zia:index/getBandwidthClasses:getBandwidthClasses":{"description":"* [Official documentation](https://help.zscaler.com/zia/adding-bandwidth-classes)\n* [API documentation](https://help.zscaler.com/zia/bandwidth-control-classes#/bandwidthClasses-post)\n\nUse the **zia_bandwidth_classes** Retrieves all the available bandwidth control classes.\n\n## Example Usage\n\n### By Name\n\n```hcl\ndata \"zia_bandwidth_classes\" \"this\" {\n    name = \"Gen_AI_Classes\"\n}\n```\n\n### By ID\n\n```hcl\ndata \"zia_bandwidth_classes\" \"this\" {\n    id = 13\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getBandwidthClasses.\n","properties":{"fileSize":{"type":"string"},"id":{"type":"integer","description":"System-generated identifier for the bandwidth class\n"},"name":{"type":"string","description":"Name of the bandwidth class\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getBandwidthClasses.\n","properties":{"applicationServiceGroups":{"items":{"type":"string"},"type":"array"},"applications":{"items":{"type":"string"},"type":"array"},"fileSize":{"type":"string"},"id":{"type":"integer"},"isNameL10nTag":{"type":"boolean"},"name":{"type":"string"},"networkApplications":{"items":{"type":"string"},"type":"array"},"networkServices":{"items":{"type":"string"},"type":"array"},"type":{"type":"string"},"urlCategories":{"description":"(List of strings) The URL categories to add to the bandwidth class. Use the data source \u003cspan pulumi-lang-nodejs=\"`zia.URLCategories`\" pulumi-lang-dotnet=\"`zia.URLCategories`\" pulumi-lang-go=\"`URLCategories`\" pulumi-lang-python=\"`URLCategories`\" pulumi-lang-yaml=\"`zia.URLCategories`\" pulumi-lang-java=\"`zia.URLCategories`\"\u003e`zia.URLCategories`\u003c/span\u003e to retrieve the available categories or visit the [Help Portal](https://help.zscaler.com/zia/url-categories#/urlCategories-get)\n","items":{"type":"string"},"type":"array"},"urls":{"description":"(List of strings) The URLs included in the bandwidth class. You can include multiple entries.\n","items":{"type":"string"},"type":"array"},"webApplications":{"description":"(List of strings) The web conferencing applications included in the bandwidth class. Use the data source \u003cspan pulumi-lang-nodejs=\"`zia.getCloudApplications`\" pulumi-lang-dotnet=\"`zia.getCloudApplications`\" pulumi-lang-go=\"`getCloudApplications`\" pulumi-lang-python=\"`get_cloud_applications`\" pulumi-lang-yaml=\"`zia.getCloudApplications`\" pulumi-lang-java=\"`zia.getCloudApplications`\"\u003e`zia.getCloudApplications`\u003c/span\u003e to retrieve the available applications or visit the [Help Portal](https://help.zscaler.com/zia/cloud-applications#/cloudApplications/policy-get)\n","items":{"type":"string"},"type":"array"}},"required":["applicationServiceGroups","applications","id","isNameL10nTag","name","networkApplications","networkServices","type","urlCategories","urls","webApplications"],"type":"object"}},"zia:index/getBandwidthControlRule:getBandwidthControlRule":{"description":"* [Official documentation](https://help.zscaler.com/zia/adding-rules-bandwidth-control-policy)\n* [API documentation](https://help.zscaler.com/zia/bandwidth-control-classes#/bandwidthControlRules-get)\n\nUse the **zia_bandwidth_control_rule** Retrieves all the rules in the Bandwidth Control policy.\n\n**NOTE**: Bandwidth control rule resource is only supported via Zscaler OneAPI.\n\n## Example Usage\n\n### By Name\n\n```hcl\n\ndata \"zia_bandwidth_control_rule\" \"this\" {\n    name = \"Streaming Media Bandwidth\"\n}\n```\n\n### By ID\n\n```hcl\n\ndata \"zia_bandwidth_control_rule\" \"this\" {\n  id = 154658\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getBandwidthControlRule.\n","properties":{"id":{"type":"integer","description":"System-generated identifier for bandwidth control rule\n"},"name":{"type":"string","description":"Rule name.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getBandwidthControlRule.\n","properties":{"accessControl":{"type":"string"},"bandwidthClasses":{"items":{"$ref":"#/types/zia:index/getBandwidthControlRuleBandwidthClass:getBandwidthControlRuleBandwidthClass"},"type":"array"},"description":{"description":"(string) Additional information about the rule\n","type":"string"},"id":{"description":"(Number) Identifier that uniquely identifies an entity\n","type":"integer"},"labels":{"items":{"$ref":"#/types/zia:index/getBandwidthControlRuleLabel:getBandwidthControlRuleLabel"},"type":"array"},"lastModifiedBies":{"items":{"$ref":"#/types/zia:index/getBandwidthControlRuleLastModifiedBy:getBandwidthControlRuleLastModifiedBy"},"type":"array"},"lastModifiedTime":{"type":"integer"},"locationGroups":{"items":{"$ref":"#/types/zia:index/getBandwidthControlRuleLocationGroup:getBandwidthControlRuleLocationGroup"},"type":"array"},"locations":{"items":{"$ref":"#/types/zia:index/getBandwidthControlRuleLocation:getBandwidthControlRuleLocation"},"type":"array"},"maxBandwidth":{"description":"(int) The maximum percentage of a location's bandwidth to be guaranteed for each selected bandwidth class. This percentage includes bandwidth for uploads and downloads.\n","type":"integer"},"minBandwidth":{"description":"(int) The minimum percentage of a location's bandwidth you want to be guaranteed for each selected bandwidth class. This percentage includes bandwidth for uploads and downloads.\n","type":"integer"},"name":{"type":"string"},"order":{"type":"integer"},"protocols":{"description":"(List of string) Protocol criteria. Supported values: `WEBSOCKETSSL_RULE`, `WEBSOCKET_RULE`, `DOHTTPS_RULE`, `TUNNELSSL_RULE`, `HTTP_PROXY`, `FOHTTP_RULE`, `FTP_RULE`, `HTTPS_RULE`, `HTTP_RULE`, `SSL_RULE`, `SSL_RULE`, `TUNNEL_RULE`\n","items":{"type":"string"},"type":"array"},"rank":{"description":"(int) Admin rank of the Bandwidth Control policy rule\n","type":"integer"},"state":{"description":"(string) Administrative state of the rule.\n","type":"string"},"timeWindows":{"items":{"$ref":"#/types/zia:index/getBandwidthControlRuleTimeWindow:getBandwidthControlRuleTimeWindow"},"type":"array"}},"required":["accessControl","bandwidthClasses","description","id","labels","lastModifiedBies","lastModifiedTime","locationGroups","locations","maxBandwidth","minBandwidth","name","order","protocols","rank","state","timeWindows"],"type":"object"}},"zia:index/getBrowserControlPolicy:getBrowserControlPolicy":{"deprecationMessage":"zia.index/getbrowsercontrolpolicy.getBrowserControlPolicy has been deprecated in favor of zia.index/getbrowsercontrolsettings.getBrowserControlSettings","description":"* [Official documentation](https://help.zscaler.com/zia/configuring-browser-control-policy)\n* [API documentation](https://help.zscaler.com/zia/browser-control-policy#/browserControlSettings-get)\n\nUse the **zia_browser_control_policy** data source to retrieves information about the security exceptions configured for the Malware Protection policy. To learn more see [Configuring the Browser Control Policy](https://help.zscaler.com/zia/configuring-browser-control-policy)\n\n## Example Usage\n\n```hcl\ndata \"zia_browser_control_policy\" \"this\" {}\n```\n","outputs":{"description":"A collection of values returned by getBrowserControlPolicy.\n","properties":{"allowAllBrowsers":{"description":"(Boolean) A Boolean value that specifies whether or not to allow all the browsers and their respective versions access to the internet\n","type":"boolean"},"blockedChromeVersions":{"description":"(List) Versions of Google Chrome browser that need to be blocked. If not set, all Google Chrome versions are allowed. See all [Supported values](https://help.zscaler.com/zia/browser-control-policy#/browserControlSettings-get)\n","items":{"type":"string"},"type":"array"},"blockedFirefoxVersions":{"description":"(List) Versions of Mozilla Firefox browser that need to be blocked. If not set, all Mozilla Firefox versions are allowed. See all [Supported values](https://help.zscaler.com/zia/browser-control-policy#/browserControlSettings-get)\n","items":{"type":"string"},"type":"array"},"blockedInternetExplorerVersions":{"description":"(List) Versions of Microsoft browser that need to be blocked. If not set, all Microsoft browser versions are allowed. See all [Supported values](https://help.zscaler.com/zia/browser-control-policy#/browserControlSettings-get)\n","items":{"type":"string"},"type":"array"},"blockedOperaVersions":{"description":"(List) Versions of Opera browser that need to be blocked. If not set, all Opera versions are allowed. See all [Supported values](https://help.zscaler.com/zia/browser-control-policy#/browserControlSettings-get)\n","items":{"type":"string"},"type":"array"},"blockedSafariVersions":{"description":"(List) Versions of Apple Safari browser that need to be blocked. If not set, all Apple Safari versions are allowed. See all [Supported values](https://help.zscaler.com/zia/browser-control-policy#/browserControlSettings-get)\n","items":{"type":"string"},"type":"array"},"bypassAllBrowsers":{"description":"(Boolean) If set to true, all the browsers are bypassed for warnings\n","type":"boolean"},"bypassApplications":{"description":"(List) List of applications that need to be bypassed for warnings. This attribute has effect only if the 'enableWarnings' attribute is set to true. If not set, all vulnerable applications are warned. Supported Values:\n* `ANY`\n* `NONE`\n* `OUTLOOKEXP`\n* `MSOFFICE`\n","items":{"type":"string"},"type":"array"},"bypassPlugins":{"description":"(List) List of plugins that need to be bypassed for warnings. This attribute has effect only if the 'enableWarnings' attribute is set to true. If not set, all vulnerable plugins are warned.Supported Values:\n* `ANY`\n* `NONE`\n* `ACROBAT`\n* `FLASH`\n* `SHOCKWAVE`\n* `QUICKTIME`\n* `DIVX`\n* `GOOGLEGEARS`\n* `DOTNET`\n* `SILVERLIGHT`\n* `REALPLAYER`\n* `JAVA`\n* `TOTEM`\n* `WMP`\n","items":{"type":"string"},"type":"array"},"enableSmartBrowserIsolation":{"description":"(Boolean) A Boolean value that specifies if Smart Browser Isolation is enabled\n","type":"boolean"},"enableWarnings":{"description":"(Boolean) A Boolean value that specifies if the warnings are enabled\n","type":"boolean"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"pluginCheckFrequency":{"description":"(String) Specifies how frequently the service checks browsers and relevant applications to warn users regarding outdated or vulnerable browsers, plugins, and applications. If not set, the warnings are disabled. Supported Values:\n* `DAILY`\n* `WEEKLY`\n* `MONTHLY`,\n* `EVERY_2_HOURS`\n* `EVERY_4_HOURS`\n* `EVERY_6_HOURS`\n* `EVERY_8_HOURS`\n* `EVERY_12_HOURS`\n","type":"string"},"smartIsolationProfileId":{"type":"integer"},"smartIsolationProfiles":{"description":"(Block, Max: 1) The isolation profile ID used for DLP email alerts sent to the auditor.\n","items":{"$ref":"#/types/zia:index/getBrowserControlPolicySmartIsolationProfile:getBrowserControlPolicySmartIsolationProfile"},"type":"array"}},"required":["allowAllBrowsers","blockedChromeVersions","blockedFirefoxVersions","blockedInternetExplorerVersions","blockedOperaVersions","blockedSafariVersions","bypassAllBrowsers","bypassApplications","bypassPlugins","enableSmartBrowserIsolation","enableWarnings","pluginCheckFrequency","smartIsolationProfiles","smartIsolationProfileId","id"],"type":"object"}},"zia:index/getBrowserControlSettings:getBrowserControlSettings":{"description":"* [Official documentation](https://help.zscaler.com/zia/configuring-browser-control-policy)\n* [API documentation](https://help.zscaler.com/zia/browser-control-policy#/browserControlSettings-get)\n\nUse the **zia_browser_control_policy** data source to retrieves information about the security exceptions configured for the Malware Protection policy. To learn more see [Configuring the Browser Control Policy](https://help.zscaler.com/zia/configuring-browser-control-policy)\n\n## Example Usage\n\n```hcl\ndata \"zia_browser_control_policy\" \"this\" {}\n```\n","outputs":{"description":"A collection of values returned by getBrowserControlSettings.\n","properties":{"allowAllBrowsers":{"description":"(Boolean) A Boolean value that specifies whether or not to allow all the browsers and their respective versions access to the internet\n","type":"boolean"},"blockedChromeVersions":{"description":"(List) Versions of Google Chrome browser that need to be blocked. If not set, all Google Chrome versions are allowed. See all [Supported values](https://help.zscaler.com/zia/browser-control-policy#/browserControlSettings-get)\n","items":{"type":"string"},"type":"array"},"blockedFirefoxVersions":{"description":"(List) Versions of Mozilla Firefox browser that need to be blocked. If not set, all Mozilla Firefox versions are allowed. See all [Supported values](https://help.zscaler.com/zia/browser-control-policy#/browserControlSettings-get)\n","items":{"type":"string"},"type":"array"},"blockedInternetExplorerVersions":{"description":"(List) Versions of Microsoft browser that need to be blocked. If not set, all Microsoft browser versions are allowed. See all [Supported values](https://help.zscaler.com/zia/browser-control-policy#/browserControlSettings-get)\n","items":{"type":"string"},"type":"array"},"blockedOperaVersions":{"description":"(List) Versions of Opera browser that need to be blocked. If not set, all Opera versions are allowed. See all [Supported values](https://help.zscaler.com/zia/browser-control-policy#/browserControlSettings-get)\n","items":{"type":"string"},"type":"array"},"blockedSafariVersions":{"description":"(List) Versions of Apple Safari browser that need to be blocked. If not set, all Apple Safari versions are allowed. See all [Supported values](https://help.zscaler.com/zia/browser-control-policy#/browserControlSettings-get)\n","items":{"type":"string"},"type":"array"},"bypassAllBrowsers":{"description":"(Boolean) If set to true, all the browsers are bypassed for warnings\n","type":"boolean"},"bypassApplications":{"description":"(List) List of applications that need to be bypassed for warnings. This attribute has effect only if the 'enableWarnings' attribute is set to true. If not set, all vulnerable applications are warned. Supported Values:\n* `ANY`\n* `NONE`\n* `OUTLOOKEXP`\n* `MSOFFICE`\n","items":{"type":"string"},"type":"array"},"bypassPlugins":{"description":"(List) List of plugins that need to be bypassed for warnings. This attribute has effect only if the 'enableWarnings' attribute is set to true. If not set, all vulnerable plugins are warned.Supported Values:\n* `ANY`\n* `NONE`\n* `ACROBAT`\n* `FLASH`\n* `SHOCKWAVE`\n* `QUICKTIME`\n* `DIVX`\n* `GOOGLEGEARS`\n* `DOTNET`\n* `SILVERLIGHT`\n* `REALPLAYER`\n* `JAVA`\n* `TOTEM`\n* `WMP`\n","items":{"type":"string"},"type":"array"},"enableSmartBrowserIsolation":{"description":"(Boolean) A Boolean value that specifies if Smart Browser Isolation is enabled\n","type":"boolean"},"enableWarnings":{"description":"(Boolean) A Boolean value that specifies if the warnings are enabled\n","type":"boolean"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"pluginCheckFrequency":{"description":"(String) Specifies how frequently the service checks browsers and relevant applications to warn users regarding outdated or vulnerable browsers, plugins, and applications. If not set, the warnings are disabled. Supported Values:\n* `DAILY`\n* `WEEKLY`\n* `MONTHLY`,\n* `EVERY_2_HOURS`\n* `EVERY_4_HOURS`\n* `EVERY_6_HOURS`\n* `EVERY_8_HOURS`\n* `EVERY_12_HOURS`\n","type":"string"},"smartIsolationProfileId":{"type":"integer"},"smartIsolationProfiles":{"description":"(Block, Max: 1) The isolation profile ID used for DLP email alerts sent to the auditor.\n","items":{"$ref":"#/types/zia:index/getBrowserControlSettingsSmartIsolationProfile:getBrowserControlSettingsSmartIsolationProfile"},"type":"array"}},"required":["allowAllBrowsers","blockedChromeVersions","blockedFirefoxVersions","blockedInternetExplorerVersions","blockedOperaVersions","blockedSafariVersions","bypassAllBrowsers","bypassApplications","bypassPlugins","enableSmartBrowserIsolation","enableWarnings","pluginCheckFrequency","smartIsolationProfiles","smartIsolationProfileId","id"],"type":"object"}},"zia:index/getCasbDlpRules:getCasbDlpRules":{"description":"* [Official documentation](https://help.zscaler.com/zia/configuring-data-rest-scanning-dlp-policy)\n* [API documentation](https://help.zscaler.com/zia/saas-security-api#/casbDlpRules-post)\n\nUse the **zia_casb_dlp_rules** data source to get information about SaaS Security Data at Rest Scanning Data Loss Prevention (DLP) rules based on the specified rule type.\n\n## Example Usage\n\n### By Name\n\n```hcl\n\ndata \"zia_casb_dlp_rules\" \"this\" {\n  name = \"SaaS_ITSM_App_Rule\"\n  type = \"OFLCASB_DLP_ITSM\"\n}\n```\n\n### By ID\n\n```hcl\n\ndata \"zia_casb_dlp_rules\" \"this\" {\n  id = 154658\n  type = \"OFLCASB_DLP_ITSM\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getCasbDlpRules.\n","properties":{"id":{"type":"integer","description":"System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule.\n"},"name":{"type":"string","description":"Rule name.\n"},"type":{"type":"string","description":"The type of SaaS Security Data at Rest Scanning DLP rule.\n* `OFLCASB_DLP_FILE`\n* `OFLCASB_DLP_EMAIL`\n* `OFLCASB_DLP_CRM`\n* `OFLCASB_DLP_ITSM`\n* `OFLCASB_DLP_COLLAB`\n* `OFLCASB_DLP_REPO`\n* `OFLCASB_DLP_STORAGE`\n* `OFLCASB_DLP_GENAI`\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getCasbDlpRules.\n","properties":{"accessControl":{"description":"(string) Access privilege of this rule based on the admin's RBA state.\n","type":"string"},"action":{"description":"(string) The configured action for the policy rule.\n","type":"string"},"auditorNotifications":{"items":{"$ref":"#/types/zia:index/getCasbDlpRulesAuditorNotification:getCasbDlpRulesAuditorNotification"},"type":"array"},"bucketOwner":{"description":"(string) A user who inspects their buckets for sensitive data.\n","type":"string"},"buckets":{"items":{"$ref":"#/types/zia:index/getCasbDlpRulesBucket:getCasbDlpRulesBucket"},"type":"array"},"casbEmailLabels":{"items":{"$ref":"#/types/zia:index/getCasbDlpRulesCasbEmailLabel:getCasbDlpRulesCasbEmailLabel"},"type":"array"},"casbTombstoneTemplates":{"items":{"$ref":"#/types/zia:index/getCasbDlpRulesCasbTombstoneTemplate:getCasbDlpRulesCasbTombstoneTemplate"},"type":"array"},"cloudAppTenants":{"items":{"$ref":"#/types/zia:index/getCasbDlpRulesCloudAppTenant:getCasbDlpRulesCloudAppTenant"},"type":"array"},"collaborationScopes":{"description":"(List of String) Collaboration scope for the rule.\n","items":{"type":"string"},"type":"array"},"components":{"description":"(List of String) List of components for which the rule is applied.\n","items":{"type":"string"},"type":"array"},"contentLocation":{"description":"(string) The location for the content that the Zscaler service inspects for sensitive data.\n","type":"string"},"criteriaDomainProfiles":{"items":{"$ref":"#/types/zia:index/getCasbDlpRulesCriteriaDomainProfile:getCasbDlpRulesCriteriaDomainProfile"},"type":"array"},"departments":{"items":{"$ref":"#/types/zia:index/getCasbDlpRulesDepartment:getCasbDlpRulesDepartment"},"type":"array"},"description":{"description":"(string) An admin editable text-based description of the rule.\n","type":"string"},"dlpEngines":{"items":{"$ref":"#/types/zia:index/getCasbDlpRulesDlpEngine:getCasbDlpRulesDlpEngine"},"type":"array"},"domains":{"description":"(List of String) Domain for the external organization sharing the channel.\n","items":{"type":"string"},"type":"array"},"emailRecipientProfiles":{"items":{"$ref":"#/types/zia:index/getCasbDlpRulesEmailRecipientProfile:getCasbDlpRulesEmailRecipientProfile"},"type":"array"},"entityGroups":{"items":{"$ref":"#/types/zia:index/getCasbDlpRulesEntityGroup:getCasbDlpRulesEntityGroup"},"type":"array"},"excludedDomainProfiles":{"items":{"$ref":"#/types/zia:index/getCasbDlpRulesExcludedDomainProfile:getCasbDlpRulesExcludedDomainProfile"},"type":"array"},"externalAuditorEmail":{"description":"(string) Email address of the external auditor to whom the DLP email alerts are sent.\n","type":"string"},"fileTypes":{"description":"(List of String) File types to which the rule is applied.\n","items":{"type":"string"},"type":"array"},"groups":{"items":{"$ref":"#/types/zia:index/getCasbDlpRulesGroup:getCasbDlpRulesGroup"},"type":"array"},"id":{"description":"(int) A unique identifier for the tombstone template.\n","type":"integer"},"includeCriteriaDomainProfile":{"description":"(bool) If true, `criteriaDomainProfiles` is included in the criteria.\n","type":"boolean"},"includeEmailRecipientProfile":{"description":"(bool) If true, `emailRecipientProfiles` is included in the criteria.\n","type":"boolean"},"includeEntityGroups":{"description":"(bool) If true, `entityGroups` is included in the criteria.\n","type":"boolean"},"includedDomainProfiles":{"items":{"$ref":"#/types/zia:index/getCasbDlpRulesIncludedDomainProfile:getCasbDlpRulesIncludedDomainProfile"},"type":"array"},"labels":{"items":{"$ref":"#/types/zia:index/getCasbDlpRulesLabel:getCasbDlpRulesLabel"},"type":"array"},"lastModifiedTime":{"description":"(int) Last modification time of the rule.\n","type":"integer"},"name":{"description":"(string) The configured name of the tombstone template.\n","type":"string"},"numberOfExternalCollaborators":{"description":"(string) Number of external collaborators for files shared outside of an organization.\n","type":"string"},"numberOfInternalCollaborators":{"description":"(string) Number of internal collaborators for files shared within an organization.\n","type":"string"},"objectTypes":{"items":{"$ref":"#/types/zia:index/getCasbDlpRulesObjectType:getCasbDlpRulesObjectType"},"type":"array"},"order":{"description":"(int) Order of rule execution with respect to other SaaS Security Data at Rest Scanning DLP rules.\n","type":"integer"},"quarantineLocation":{"description":"(string) Location where all quarantined files are moved for action.\n","type":"string"},"rank":{"description":"(int) Rank of the rule.\n","type":"integer"},"receivers":{"items":{"$ref":"#/types/zia:index/getCasbDlpRulesReceiver:getCasbDlpRulesReceiver"},"type":"array"},"recipient":{"description":"(string) Specifies if the email recipient is internal or external.\n","type":"string"},"redactionProfiles":{"items":{"$ref":"#/types/zia:index/getCasbDlpRulesRedactionProfile:getCasbDlpRulesRedactionProfile"},"type":"array"},"severity":{"description":"(string) The severity level of the incidents that match the policy rule.\n","type":"string"},"state":{"description":"(string) Administrative state of the rule.\n","type":"string"},"tags":{"items":{"$ref":"#/types/zia:index/getCasbDlpRulesTag:getCasbDlpRulesTag"},"type":"array"},"type":{"type":"string"},"users":{"items":{"$ref":"#/types/zia:index/getCasbDlpRulesUser:getCasbDlpRulesUser"},"type":"array"},"watermarkDeleteOldVersion":{"description":"(bool) Specifies whether to delete an old version of the watermarked file.\n","type":"boolean"},"watermarkProfiles":{"items":{"$ref":"#/types/zia:index/getCasbDlpRulesWatermarkProfile:getCasbDlpRulesWatermarkProfile"},"type":"array"},"withoutContentInspection":{"description":"(bool) If true, Content Matching is set to None.\n","type":"boolean"},"zscalerIncidentReceivers":{"items":{"$ref":"#/types/zia:index/getCasbDlpRulesZscalerIncidentReceiver:getCasbDlpRulesZscalerIncidentReceiver"},"type":"array"}},"required":["accessControl","action","auditorNotifications","bucketOwner","buckets","casbEmailLabels","casbTombstoneTemplates","cloudAppTenants","collaborationScopes","components","contentLocation","criteriaDomainProfiles","departments","description","dlpEngines","domains","emailRecipientProfiles","entityGroups","excludedDomainProfiles","externalAuditorEmail","fileTypes","groups","id","includeCriteriaDomainProfile","includeEmailRecipientProfile","includeEntityGroups","includedDomainProfiles","labels","lastModifiedTime","name","numberOfExternalCollaborators","numberOfInternalCollaborators","objectTypes","order","quarantineLocation","rank","receivers","recipient","redactionProfiles","severity","state","tags","type","users","watermarkDeleteOldVersion","watermarkProfiles","withoutContentInspection","zscalerIncidentReceivers"],"type":"object"}},"zia:index/getCasbEmailLabel:getCasbEmailLabel":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-email-labels)\n* [API documentation](https://help.zscaler.com/zia/saas-security-api#/casbEmailLabel/lite-get)\n\nUse the **zia_casb_email_label** data source to get information about email labels generated for the SaaS Security API policies in a user's email account\n\n## Example Usage\n\n### By Name\n\n```hcl\n\ndata \"zia_casb_email_label\" \"this\" {\n  name = \"EmailLabel01\"\n}\n```\n\n### By ID\n\n```hcl\n\ndata \"zia_casb_email_label\" \"this\" {\n  id = 154658\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getCasbEmailLabel.\n","properties":{"id":{"type":"integer","description":"SaaS Security API email label ID\n"},"name":{"type":"string","description":"SaaS Security API email label name\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getCasbEmailLabel.\n","properties":{"id":{"type":"integer"},"labelDeleted":{"description":"(Boolean) A Boolean value that indicates whether or not the email label is deleted\n","type":"boolean"},"name":{"type":"string"}},"required":["id","labelDeleted","name"],"type":"object"}},"zia:index/getCasbMalwareRules:getCasbMalwareRules":{"description":"* [Official documentation](https://help.zscaler.com/zia/configuring-data-rest-scanning-malware-detection-policy)\n* [API documentation](https://help.zscaler.com/zia/saas-security-api#/casbMalwareRules-post)\n\nUse the **zia_casb_malware_rules** data source to get information about SaaS Security Data at Rest Scanning Malware Detection rules based on the specified rule type\n\n## Example Usage\n\n### By Name\n\n```hcl\n\ndata \"zia_casb_malware_rules\" \"this\" {\n  name = \"SaaS_ITSM_App_Rule\"\n  type = \"OFLCASB_AVP_ITSM\"\n}\n```\n\n### By ID\n\n```hcl\n\ndata \"zia_casb_malware_rules\" \"this\" {\n  id = 154658\n  type = \"OFLCASB_AVP_ITSM\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getCasbMalwareRules.\n","properties":{"id":{"type":"integer","description":"The type of SaaS Security Data at Rest Scanning Malware ruleData at Rest Scanning DLP rule.\n"},"name":{"type":"string","description":"Rule name.\n"},"type":{"type":"string","description":"The type of SaaS Security Data at Rest Scanning Malware rule. Supported Values:\n* `ANY`,\n* `OFLCASB_AVP_FILE`\n* `OFLCASB_AVP_EMAIL`\n* `OFLCASB_AVP_CRM`\n* `OFLCASB_AVP_ITSM`\n* `OFLCASB_AVP_COLLAB`\n* `OFLCASB_AVP_REPO`\n* `OFLCASB_AVP_STORAGE`\n* `OFLCASB_AVP_GENAI`\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getCasbMalwareRules.\n","properties":{"accessControl":{"description":"(string) Access privilege of this rule based on the admin's RBA state.\n","type":"string"},"action":{"description":"(string) The configured action for the policy rule\n","type":"string"},"buckets":{"items":{"$ref":"#/types/zia:index/getCasbMalwareRulesBucket:getCasbMalwareRulesBucket"},"type":"array"},"casbEmailLabels":{"items":{"$ref":"#/types/zia:index/getCasbMalwareRulesCasbEmailLabel:getCasbMalwareRulesCasbEmailLabel"},"type":"array"},"casbTombstoneTemplates":{"items":{"$ref":"#/types/zia:index/getCasbMalwareRulesCasbTombstoneTemplate:getCasbMalwareRulesCasbTombstoneTemplate"},"type":"array"},"cloudAppTenantIds":{"items":{"$ref":"#/types/zia:index/getCasbMalwareRulesCloudAppTenantId:getCasbMalwareRulesCloudAppTenantId"},"type":"array"},"cloudAppTenants":{"items":{"$ref":"#/types/zia:index/getCasbMalwareRulesCloudAppTenant:getCasbMalwareRulesCloudAppTenant"},"type":"array"},"id":{"description":"(int) A unique identifier for the tombstone template.\n","type":"integer"},"labels":{"items":{"$ref":"#/types/zia:index/getCasbMalwareRulesLabel:getCasbMalwareRulesLabel"},"type":"array"},"lastModifiedBies":{"items":{"$ref":"#/types/zia:index/getCasbMalwareRulesLastModifiedBy:getCasbMalwareRulesLastModifiedBy"},"type":"array"},"lastModifiedTime":{"description":"(int) Last modification time of the rule.\n","type":"integer"},"name":{"description":"(string) The configured name of the tombstone template.\n","type":"string"},"order":{"description":"(int) Order of rule execution with respect to other SaaS Security Data at Rest Scanning DLP rules.\n","type":"integer"},"quarantineLocation":{"description":"(string) Location where all the quarantined files are moved and necessary actions are taken by either deleting or restoring the data\n","type":"string"},"scanInboundEmailLink":{"type":"string"},"state":{"description":"(string) Administrative state of the rule.\n","type":"string"},"type":{"type":"string"}},"required":["accessControl","action","buckets","casbEmailLabels","casbTombstoneTemplates","cloudAppTenantIds","cloudAppTenants","id","labels","lastModifiedBies","lastModifiedTime","name","order","quarantineLocation","scanInboundEmailLink","state","type"],"type":"object"}},"zia:index/getCasbTenant:getCasbTenant":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-saas-application-tenants)\n* [API documentation](https://help.zscaler.com/zia/saas-security-api#/casbTenant/lite-get)\n\nUse the **zia_casb_tenant** data source to get information about a ZIA SaaS Application Tenants in the Zscaler Internet Access cloud or via the API.\n\n## Example Usage\n\n### By Name\n\n```hcl\ndata \"zia_casb_tenant\" \"this\"{\n    tenant_name = \"Bitbucket\"\n}\n```\n\n### By ID\n\n```hcl\ndata \"zia_casb_tenant\" \"this\"{\n    tenant_id = \"11743520\"\n}\n```\n\n### Use Optional Parameters\n\n```hcl\ndata \"zia_casb_tenant\" \"this\"{\n    tenant_name = \"Bitbucket\"\n    active_only = true\n    app = \"BITBUCKET\"\n    filter_by_feature = [\"CASB\", \"SSPM\"]\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getCasbTenant.\n","properties":{"activeOnly":{"type":"boolean"},"app":{"type":"string"},"appType":{"type":"string"},"filterByFeatures":{"type":"array","items":{"type":"string"}},"includeBucketReadyS3Tenants":{"type":"boolean"},"includeDeleted":{"type":"boolean"},"scanConfigTenantsOnly":{"type":"boolean"},"tenantId":{"type":"integer"},"tenantName":{"type":"string"}},"type":"object"},"outputs":{"description":"A collection of values returned by getCasbTenant.\n","properties":{"activeOnly":{"type":"boolean"},"app":{"type":"string"},"appType":{"type":"string"},"enterpriseTenantId":{"type":"string"},"featuresSupporteds":{"items":{"type":"string"},"type":"array"},"filterByFeatures":{"items":{"type":"string"},"type":"array"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"includeBucketReadyS3Tenants":{"type":"boolean"},"includeDeleted":{"type":"boolean"},"lastTenantValidationTime":{"type":"integer"},"modifiedTime":{"type":"integer"},"reAuth":{"type":"boolean"},"saasApplication":{"type":"string"},"scanConfigTenantsOnly":{"type":"boolean"},"statuses":{"items":{"type":"string"},"type":"array"},"tenantDeleted":{"type":"boolean"},"tenantId":{"type":"integer"},"tenantName":{"type":"string"},"tenantWebhookEnabled":{"type":"boolean"},"zscalerAppTenantIds":{"items":{"$ref":"#/types/zia:index/getCasbTenantZscalerAppTenantId:getCasbTenantZscalerAppTenantId"},"type":"array"}},"required":["enterpriseTenantId","featuresSupporteds","lastTenantValidationTime","modifiedTime","reAuth","saasApplication","statuses","tenantDeleted","tenantId","tenantName","tenantWebhookEnabled","zscalerAppTenantIds","id"],"type":"object"}},"zia:index/getCasbTombstoneTemplate:getCasbTombstoneTemplate":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-quarantine-tombstone-file-templates)\n* [API documentation](https://help.zscaler.com/zia/saas-security-api#/quarantineTombstoneTemplate/lite-get)\n\nUse the **zia_casb_tombstone_template** data source to get information about templates for the tombstone file created when a file is quarantined.\n\n## Example Usage\n\n### By Name\n\n```hcl\n\ndata \"zia_casb_tombstone_template\" \"this\" {\n  name = \"TombstoneTemplate01\"\n}\n```\n\n### By ID\n\n```hcl\n\ndata \"zia_casb_tombstone_template\" \"this\" {\n  id = 154658\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getCasbTombstoneTemplate.\n","properties":{"id":{"type":"integer","description":"Tombstone file template ID\n"},"name":{"type":"string","description":"Tombstone file template name\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getCasbTombstoneTemplate.\n","properties":{"description":{"type":"string"},"id":{"type":"integer"},"name":{"type":"string"}},"required":["description","id","name"],"type":"object"}},"zia:index/getCbiProfile:getCbiProfile":{"description":"* [Official documentation](https://help.zscaler.com/zia/configuring-url-filtering-policy#Action)\n* [API documentation](https://help.zscaler.com/zia/browser-isolation#/browserIsolation/profiles-get)\n\nUse the **zia_cloud_browser_isolation_profile** data source to get information about an isolation profile in the Zscaler Internet Access cloud. This data source is required when configuring URL filtering rule where the action is set to `ISOLATE`\n\n## Example Usage\n\n```hcl\ndata \"zia_cloud_browser_isolation_profile\" \"this\" {\n    name = \"ZS_CBI_Profile1\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getCbiProfile.\n","properties":{"id":{"type":"string","description":"(string) The universally unique identifier (UUID) for the browser isolation profile.\n"},"name":{"type":"string","description":"This field defines the name of the isolation profile.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getCbiProfile.\n","properties":{"defaultProfile":{"description":"(Optional) Indicates whether this is a default browser isolation profile. Zscaler sets this field\n","type":"boolean"},"id":{"description":"(string) The universally unique identifier (UUID) for the browser isolation profile.\n","type":"string"},"name":{"type":"string"},"url":{"description":"(string) The browser isolation profile URL\n","type":"string"}},"required":["defaultProfile","url"],"type":"object"}},"zia:index/getCloudAppControlRule:getCloudAppControlRule":{"description":"* [Official documentation](https://help.zscaler.com/zia/adding-rules-cloud-app-control-policy)\n* [API documentation](https://help.zscaler.com/zia/cloud-app-control-policy#/webApplicationRules/{rule_type}-get)\n\nUse the **zia_cloud_app_control_rule** data source to get information about a ZIA Cloud Application Control Policy in the Zscaler Internet Access cloud or via the API.\n\n## Example Usage\n\n```hcl\n# Retrieve a Cloud App Control Policy by name\ndata \"zia_cloud_app_control_rule\" \"this\"{\n    name = \"Example\"\n    type = \"STREAMING_MEDIA\"\n}\n```\n\n## Cloud Application Control - Rule Types vs Actions Matrix\n\n**Note**: Refer to this matrix when configuring types vs actions for each specific rules\n\n|            Types                     |                    Actions                      |\n|:------------------------------------:|:-----------------------------------------------:|\n|--------------------------------------|-------------------------------------------------|\n|           `AI_ML`                    |          `ALLOW_AI_ML_WEB_USE`                  |\n|           `AI_ML`                    |          `CAUTION_AI_ML_WEB_USE`                |\n|           `AI_ML`                    |          `DENY_AI_ML_WEB_USE`                   |\n|           `AI_ML`                    |          `ISOLATE_AI_ML_WEB_USE`                |\n|--------------------------------------|-------------------------------------------------|\n|     `BUSINESS_PRODUCTIVITY`          |     `ALLOW_BUSINESS_PRODUCTIVITY_APPS`          |\n|     `BUSINESS_PRODUCTIVITY`          |     `BLOCK_BUSINESS_PRODUCTIVITY_APPS`          |\n|     `BUSINESS_PRODUCTIVITY`          |     `CAUTION_BUSINESS_PRODUCTIVITY_APPS`        |\n|     `BUSINESS_PRODUCTIVITY`          |     `ISOLATE_BUSINESS_PRODUCTIVITY_APPS`        |\n|--------------------------------------|-------------------------------------------------|\n|     `CONSUMER`                       |          `ALLOW_CONSUMER_APPS`                  |\n|     `CONSUMER`                       |          `BLOCK_CONSUMER_APPS`                  |\n|     `CONSUMER`                       |          `CAUTION_CONSUMER_APPS`                |\n|     `CONSUMER`                       |          `ISOLATE_CONSUMER_APPS`                |\n|--------------------------------------|-------------------------------------------------|\n|     `DNS_OVER_HTTPS`                 |          `ALLOW_DNS_OVER_HTTPS_USE`             |\n|     `DNS_OVER_HTTPS`                 |          `DENY_DNS_OVER_HTTPS_USE`              |\n|--------------------------------------|-------------------------------------------------|\n|     `ENTERPRISE_COLLABORATION`       |      `ALLOW_ENTERPRISE_COLLABORATION_APPS`      |\n|     `ENTERPRISE_COLLABORATION`       |      `BLOCK_ENTERPRISE_COLLABORATION_APPS`      |\n|     `ENTERPRISE_COLLABORATION`       |      `CAUTION_ENTERPRISE_COLLABORATION_APPS`    |\n|     `ENTERPRISE_COLLABORATION`       |      `ISOLATE_ENTERPRISE_COLLABORATION_APPS`    |\n|--------------------------------------|-------------------------------------------------|\n|     `FILE_SHARE`                     |          `ALLOW_FILE_SHARE_VIEW`                |\n|     `FILE_SHARE`                     |          `ALLOW_FILE_SHARE_UPLOAD`              |\n|     `FILE_SHARE`                     |          `CAUTION_FILE_SHARE_VIEW`              |\n|     `FILE_SHARE`                     |          `DENY_FILE_SHARE_VIEW`                 |\n|     `FILE_SHARE`                     |          `DENY_FILE_SHARE_UPLOAD`               |\n|     `FILE_SHARE`                     |          `ISOLATE_FILE_SHARE_VIEW`              |\n|--------------------------------------|-------------------------------------------------|\n|     `FINANCE`                        |          `ALLOW_FINANCE_USE`                    |\n|     `FINANCE`                        |          `CAUTION_FINANCE_USE`                  |\n|     `FINANCE`                        |          `DENY_FINANCE_USE`                     |\n|     `FINANCE`                        |          `ISOLATE_FINANCE_USE`                  |\n|--------------------------------------|-------------------------------------------------|\n|     `HEALTH_CARE`                    |          `ALLOW_HEALTH_CARE_USE`                |\n|     `HEALTH_CARE`                    |          `CAUTION_HEALTH_CARE_USE`              |\n|     `HEALTH_CARE`                    |          `DENY_HEALTH_CARE_USE`                 |\n|     `HEALTH_CARE`                    |          `ISOLATE_HEALTH_CARE_USE`              |\n|--------------------------------------|-------------------------------------------------|\n|     `HOSTING_PROVIDER`               |          `ALLOW_HOSTING_PROVIDER_USE`           |\n|     `HOSTING_PROVIDER`               |          `CAUTION_HOSTING_PROVIDER_USE`         |\n|     `HOSTING_PROVIDER`               |          `DENY_HOSTING_PROVIDER_USE`            |\n|     `HOSTING_PROVIDER`               |          `ISOLATE_HOSTING_PROVIDER_USE`         |\n|--------------------------------------|-------------------------------------------------|\n|     `HUMAN_RESOURCES`                |          `ALLOW_HUMAN_RESOURCES_USE`            |\n|     `HUMAN_RESOURCES`                |          `CAUTION_HUMAN_RESOURCES_USE`          |\n|     `HUMAN_RESOURCES`                |          `DENY_HUMAN_RESOURCES_USE`             |\n|     `HUMAN_RESOURCES`                |          `ISOLATE_HUMAN_RESOURCES_USE`          |\n|--------------------------------------|-------------------------------------------------|\n|     `INSTANT_MESSAGING`              |          `ALLOW_CHAT`                           |\n|     `INSTANT_MESSAGING`              |          `ALLOW_FILE_TRANSFER_IN_CHAT`          |\n|     `INSTANT_MESSAGING`              |          `BLOCK_CHAT`                           |\n|     `INSTANT_MESSAGING`              |          `BLOCK_FILE_TRANSFER_IN_CHAT`          |\n|     `INSTANT_MESSAGING`              |          `CAUTION_CHAT`                         |\n|     `INSTANT_MESSAGING`              |          `ISOLATE_CHAT`                         |\n|--------------------------------------|-------------------------------------------------|\n|     `IT_SERVICES`                    |          `ALLOW_IT_SERVICES_USE`                |\n|     `IT_SERVICES`                    |          `CAUTION_LEGAL_USE`                    |\n|     `IT_SERVICES`                    |          `DENY_IT_SERVICES_USE`                 |\n|     `IT_SERVICES`                    |          `ISOLATE_IT_SERVICES_USE`              |\n|--------------------------------------|-------------------------------------------------|\n|     `LEGAL`                          |          `ALLOW_LEGAL_USE`                      |\n|     `LEGAL`                          |          `DENY_DNS_OVER_HTTPS_USE`              |\n|     `LEGAL`                          |          `DENY_LEGAL_USE`                       |\n|     `LEGAL`                          |          `ISOLATE_LEGAL_USE`                    |\n|--------------------------------------|-------------------------------------------------|\n|     `SALES_AND_MARKETING`            |          `ALLOW_SALES_MARKETING_APPS`           |\n|     `SALES_AND_MARKETING`            |          `BLOCK_SALES_MARKETING_APPS`           |\n|     `SALES_AND_MARKETING`            |          `CAUTION_SALES_MARKETING_APPS`         |\n|     `SALES_AND_MARKETING`            |          `ISOLATE_SALES_MARKETING_APPS`         |\n|--------------------------------------|-------------------------------------------------|\n|     `STREAMING_MEDIA`                |          `ALLOW_STREAMING_VIEW_LISTEN`          |\n|     `STREAMING_MEDIA`                |          `ALLOW_STREAMING_UPLOAD`               |\n|     `STREAMING_MEDIA`                |          `BLOCK_STREAMING_UPLOAD`               |\n|     `STREAMING_MEDIA`                |          `CAUTION_STREAMING_VIEW_LISTEN`        |\n|     `STREAMING_MEDIA`                |          `ISOLATE_STREAMING_VIEW_LISTEN`        |\n|--------------------------------------|-------------------------------------------------|\n|     `SOCIAL_NETWORKING`              |          `ALLOW_SOCIAL_NETWORKING_VIEW`         |\n|     `SOCIAL_NETWORKING`              |          `ALLOW_SOCIAL_NETWORKING_POST`         |\n|     `SOCIAL_NETWORKING`              |          `BLOCK_SOCIAL_NETWORKING_VIEW`         |\n|     `SOCIAL_NETWORKING`              |          `BLOCK_SOCIAL_NETWORKING_POST`         |\n|     `SOCIAL_NETWORKING`              |          `CAUTION_SOCIAL_NETWORKING_VIEW`       |\n|--------------------------------------|-------------------------------------------------|\n|     `SYSTEM_AND_DEVELOPMENT`         |          `ALLOW_SYSTEM_DEVELOPMENT_APPS`        |\n|     `SYSTEM_AND_DEVELOPMENT`         |          `ALLOW_SYSTEM_DEVELOPMENT_UPLOAD`      |\n|     `SYSTEM_AND_DEVELOPMENT`         |          `BLOCK_SYSTEM_DEVELOPMENT_APPS`        |\n|     `SYSTEM_AND_DEVELOPMENT`         |          `BLOCK_SYSTEM_DEVELOPMENT_UPLOAD`      |\n|     `SYSTEM_AND_DEVELOPMENT`         |          `CAUTION_SYSTEM_DEVELOPMENT_APPS`      |\n|     `SYSTEM_AND_DEVELOPMENT`         |          `ISOLATE_SALES_MARKETING_APPS`         |\n|--------------------------------------|-------------------------------------------------|\n|     `WEBMAIL`                        |          `ALLOW_WEBMAIL_VIEW`                   |\n|     `WEBMAIL`                        |          `ALLOW_WEBMAIL_ATTACHMENT_SEND`        |\n|     `WEBMAIL`                        |          `ALLOW_WEBMAIL_SEND`                   |\n|     `WEBMAIL`                        |          `CAUTION_WEBMAIL_VIEW`                 |\n|     `WEBMAIL`                        |          `BLOCK_WEBMAIL_VIEW`                   |\n|     `WEBMAIL`                        |          `BLOCK_WEBMAIL_ATTACHMENT_SEND`        |\n|     `WEBMAIL`                        |          `BLOCK_WEBMAIL_SEND`                   |\n|     `WEBMAIL`                        |          `ISOLATE_WEBMAIL_VIEW`                 |\n|--------------------------------------|-------------------------------------------------|\n\n## Cloud Application Control - Rule Types vs Tenant Profile Support\n\n**Note**: Refer to this matrix when configuring a Cloud App Control rule with Tenant Profile\n\n[Reference](https://help.zscaler.com/zia/documentation-knowledgebase/policies/cloud-apps/cloud-app-control-policies)\n\n|               Type               |         Applications          |\u003cspan pulumi-lang-nodejs=\" tenancyProfileIds \" pulumi-lang-dotnet=\" TenancyProfileIds \" pulumi-lang-go=\" tenancyProfileIds \" pulumi-lang-python=\" tenancy_profile_ids \" pulumi-lang-yaml=\" tenancyProfileIds \" pulumi-lang-java=\" tenancyProfileIds \"\u003e tenancy_profile_ids \u003c/span\u003e|\n|:--------------------------------:|:-----------------------------:|:-------------------:|\n|----------------------------------|-------------------------------|---------------------|\n| `BUSINESS_PRODUCTIVITY`          | `\"GOOGLEANALYTICS\"`           |          ✅         |\n|----------------------------------|-------------------------------|---------------------|\n| `ENTERPRISE_COLLABORATION`       | `\"GOOGLECALENDAR\"`            |          ✅         |\n| `ENTERPRISE_COLLABORATION`       | `\"GOOGLEKEEP\"`                |          ✅         |\n| `ENTERPRISE_COLLABORATION`       | `\"GOOGLEMEET\"`                |          ✅         |\n| `ENTERPRISE_COLLABORATION`       | `\"GOOGLESITES\"`               |          ✅         |\n| `ENTERPRISE_COLLABORATION`       | `\"WEBEX\"`                     |          ✅         |\n| `ENTERPRISE_COLLABORATION`       | `\"SLACK\"`                     |          ✅         |\n| `ENTERPRISE_COLLABORATION`       | `\"WEBEX_TEAMS\"`               |          ✅         |\n| `ENTERPRISE_COLLABORATION`       | `\"ZOOM\"`                      |          ✅         |\n|----------------------------------|-------------------------------|---------------------|\n| `FILE_SHARE`                     | `\"DROPBOX\"`                   |          ✅         |\n| `FILE_SHARE`                     | `\"GDRIVE\"`                    |          ✅         |\n| `FILE_SHARE`                     | `\"GPHOTOS\"`                   |          ✅         |\n|----------------------------------|-------------------------------|---------------------|\n| `HOSTING_PROVIDER`               | `\"GCLOUDCOMPUTE\"`             |          ✅         |\n| `HOSTING_PROVIDER`               | `\"AWS\"`                       |          ✅         |\n| `HOSTING_PROVIDER`               | `\"IBMSMARTCLOUD\"`             |          ✅         |\n| `HOSTING_PROVIDER`               | `\"GAPPENGINE\"`                |          ✅         |\n| `HOSTING_PROVIDER`               | `\"GOOGLE_CLOUD_PLATFORM\"`     |          ✅         |\n|----------------------------------|-------------------------------|---------------------|\n| `IT_SERVICES`                    | `\"MSLOGINSERVICES\"`           |          ✅         |\n| `IT_SERVICES`                    | `\"GOOGLOGINSERVICE\"`          |          ✅         |\n| `IT_SERVICES`                    | `\"WEBEX_LOGIN_SERVICES\"`      |          ✅         |\n| `IT_SERVICES`                    | `\"ZOHO_LOGIN_SERVICES\"`       |          ✅         |\n|----------------------------------|-------------------------------|---------------------|\n| `SOCIAL_NETWORKING`              | `\"GOOGLE_GROUPS\"`             |          ✅         |\n| `SOCIAL_NETWORKING`              | `\"GOOGLE_PLUS\"`               |          ✅         |\n|----------------------------------|-------------------------------|---------------------|\n| `STREAMING_MEDIA`                | `\"YOUTUBE\"`                   |          ✅         |\n| `STREAMING_MEDIA`                | `\"GOOGLE_STREAMING\"`          |          ✅         |\n|----------------------------------|-------------------------------|---------------------|\n| `SYSTEM_AND_DEVELOPMENT`         | `\"GOOGLE_DEVELOPERS\"`         |          ✅         |\n| `SYSTEM_AND_DEVELOPMENT`         | `\"GOOGLEAPPMAKER\"`            |          ✅         |\n|----------------------------------|-------------------------------|---------------------|\n| `WEBMAIL`                        | `\"GOOGLE_WEBMAIL\"`            |          ✅         |\n|----------------------------------|-------------------------------|---------------------|\n","inputs":{"description":"A collection of arguments for invoking getCloudAppControlRule.\n","properties":{"id":{"type":"integer"},"name":{"type":"string"},"type":{"type":"string"}},"type":"object"},"outputs":{"description":"A collection of values returned by getCloudAppControlRule.\n","properties":{"accessControl":{"type":"string"},"actions":{"items":{"type":"string"},"type":"array"},"applications":{"items":{"type":"string"},"type":"array"},"browserEunTemplateId":{"type":"integer"},"cascadingEnabled":{"type":"boolean"},"cbiProfiles":{"items":{"$ref":"#/types/zia:index/getCloudAppControlRuleCbiProfile:getCloudAppControlRuleCbiProfile"},"type":"array"},"departments":{"items":{"$ref":"#/types/zia:index/getCloudAppControlRuleDepartment:getCloudAppControlRuleDepartment"},"type":"array"},"description":{"type":"string"},"deviceGroups":{"items":{"$ref":"#/types/zia:index/getCloudAppControlRuleDeviceGroup:getCloudAppControlRuleDeviceGroup"},"type":"array"},"deviceTrustLevels":{"items":{"type":"string"},"type":"array"},"devices":{"items":{"$ref":"#/types/zia:index/getCloudAppControlRuleDevice:getCloudAppControlRuleDevice"},"type":"array"},"enforceTimeValidity":{"type":"boolean"},"eunEnabled":{"type":"boolean"},"eunTemplateId":{"type":"integer"},"groups":{"items":{"$ref":"#/types/zia:index/getCloudAppControlRuleGroup:getCloudAppControlRuleGroup"},"type":"array"},"id":{"type":"integer"},"labels":{"items":{"$ref":"#/types/zia:index/getCloudAppControlRuleLabel:getCloudAppControlRuleLabel"},"type":"array"},"lastModifiedTime":{"type":"integer"},"locationGroups":{"items":{"$ref":"#/types/zia:index/getCloudAppControlRuleLocationGroup:getCloudAppControlRuleLocationGroup"},"type":"array"},"locations":{"items":{"$ref":"#/types/zia:index/getCloudAppControlRuleLocation:getCloudAppControlRuleLocation"},"type":"array"},"name":{"type":"string"},"numberOfApplications":{"type":"integer"},"order":{"type":"integer"},"predefined":{"type":"boolean"},"rank":{"type":"integer"},"sizeQuota":{"type":"integer"},"state":{"type":"string"},"timeQuota":{"type":"integer"},"type":{"type":"string"},"userAgentTypes":{"items":{"type":"string"},"type":"array"},"users":{"items":{"$ref":"#/types/zia:index/getCloudAppControlRuleUser:getCloudAppControlRuleUser"},"type":"array"},"validityEndTime":{"type":"integer"},"validityStartTime":{"type":"integer"},"validityTimeZoneId":{"type":"string"}},"required":["accessControl","actions","applications","browserEunTemplateId","cascadingEnabled","cbiProfiles","departments","description","deviceGroups","deviceTrustLevels","devices","enforceTimeValidity","eunEnabled","eunTemplateId","groups","labels","lastModifiedTime","locationGroups","locations","numberOfApplications","order","predefined","rank","sizeQuota","state","timeQuota","userAgentTypes","users","validityEndTime","validityStartTime","validityTimeZoneId"],"type":"object"}},"zia:index/getCloudAppControlRuleActions:getCloudAppControlRuleActions":{"description":"* [Official documentation](https://help.zscaler.com/zia/adding-rules-cloud-app-control-policy)\n* [API documentation](https://help.zscaler.com/zia/cloud-app-control-policy#/webApplicationRules/)\n\nUse the **zia_cloud_app_control_rule_actions** data source to retrieve the available actions for specific cloud applications and rule types. This data source automatically handles action intersections when multiple applications are specified, returning only actions supported by ALL applications.\n\n**NOTE**: Note that some new actions may not be returned in the API response. This is a known issue, and is being investigated via the following issue `ONEAPI-2421`. Please contact Zscaler support for an update if the action you're attempting ton configure isn't supported or returned in the response.\n\nThe data source provides multiple output attributes for different use cases:\n\n* **\u003cspan pulumi-lang-nodejs=\"`availableActionsWithoutIsolate`\" pulumi-lang-dotnet=\"`AvailableActionsWithoutIsolate`\" pulumi-lang-go=\"`availableActionsWithoutIsolate`\" pulumi-lang-python=\"`available_actions_without_isolate`\" pulumi-lang-yaml=\"`availableActionsWithoutIsolate`\" pulumi-lang-java=\"`availableActionsWithoutIsolate`\"\u003e`available_actions_without_isolate`\u003c/span\u003e** - Most common use case for standard rules\n* **\u003cspan pulumi-lang-nodejs=\"`isolateActions`\" pulumi-lang-dotnet=\"`IsolateActions`\" pulumi-lang-go=\"`isolateActions`\" pulumi-lang-python=\"`isolate_actions`\" pulumi-lang-yaml=\"`isolateActions`\" pulumi-lang-java=\"`isolateActions`\"\u003e`isolate_actions`\u003c/span\u003e** - For Cloud Browser Isolation (CBI) rules\n* **\u003cspan pulumi-lang-nodejs=\"`filteredActions`\" pulumi-lang-dotnet=\"`FilteredActions`\" pulumi-lang-go=\"`filteredActions`\" pulumi-lang-python=\"`filtered_actions`\" pulumi-lang-yaml=\"`filteredActions`\" pulumi-lang-java=\"`filteredActions`\"\u003e`filtered_actions`\u003c/span\u003e** - Custom filtering by action type (ALLOW, DENY, etc.)\n* **\u003cspan pulumi-lang-nodejs=\"`availableActions`\" pulumi-lang-dotnet=\"`AvailableActions`\" pulumi-lang-go=\"`availableActions`\" pulumi-lang-python=\"`available_actions`\" pulumi-lang-yaml=\"`availableActions`\" pulumi-lang-java=\"`availableActions`\"\u003e`available_actions`\u003c/span\u003e** - Complete list of all actions\n\n## Example Usage\n\n### Standard Rule (Most Common)\n\nUse \u003cspan pulumi-lang-nodejs=\"`availableActionsWithoutIsolate`\" pulumi-lang-dotnet=\"`AvailableActionsWithoutIsolate`\" pulumi-lang-go=\"`availableActionsWithoutIsolate`\" pulumi-lang-python=\"`available_actions_without_isolate`\" pulumi-lang-yaml=\"`availableActionsWithoutIsolate`\" pulumi-lang-java=\"`availableActionsWithoutIsolate`\"\u003e`available_actions_without_isolate`\u003c/span\u003e for standard rules that don't require Cloud Browser Isolation:\n\n```hcl\ndata \"zia_cloud_app_control_rule_actions\" \"chatgpt\" {\n  type       = \"AI_ML\"\n  cloud_apps = [\"CHATGPT_AI\"]\n}\n\nresource \"zia_cloud_app_control_rule\" \"standard\" {\n  name         = \"ChatGPT Standard Rule\"\n  type         = \"AI_ML\"\n  order        = 1\n  rank         = 7\n  state        = \"ENABLED\"\n  applications = [\"CHATGPT_AI\"]\n\n  # Use available_actions_without_isolate for standard rules\n  actions = data.zia_cloud_app_control_rule_actions.chatgpt.available_actions_without_isolate\n}\n```\n\n### Isolation Rule (CBI)\n\nUse \u003cspan pulumi-lang-nodejs=\"`isolateActions`\" pulumi-lang-dotnet=\"`IsolateActions`\" pulumi-lang-go=\"`isolateActions`\" pulumi-lang-python=\"`isolate_actions`\" pulumi-lang-yaml=\"`isolateActions`\" pulumi-lang-java=\"`isolateActions`\"\u003e`isolate_actions`\u003c/span\u003e for Cloud Browser Isolation rules:\n\n```hcl\ndata \"zia_cloud_app_control_rule_actions\" \"chatgpt\" {\n  type       = \"AI_ML\"\n  cloud_apps = [\"CHATGPT_AI\"]\n}\n\ndata \"zia_cloud_browser_isolation_profile\" \"profile\" {\n  name = \"My-CBI-Profile\"\n}\n\nresource \"zia_cloud_app_control_rule\" \"isolate\" {\n  name         = \"ChatGPT Isolation\"\n  type         = \"AI_ML\"\n  order        = 1\n  rank         = 7\n  state        = \"ENABLED\"\n  applications = [\"CHATGPT_AI\"]\n\n  # Use isolate_actions for CBI rules\n  actions = data.zia_cloud_app_control_rule_actions.chatgpt.isolate_actions\n\n  # Required when using ISOLATE actions\n  cbi_profile {\n    id   = data.zia_cloud_browser_isolation_profile.profile.id\n    name = data.zia_cloud_browser_isolation_profile.profile.name\n    url  = data.zia_cloud_browser_isolation_profile.profile.url\n  }\n}\n```\n\n### Multiple Applications (Intersection)\n\nWhen multiple applications are specified, the API automatically returns only actions supported by ALL applications:\n\n```hcl\ndata \"zia_cloud_app_control_rule_actions\" \"multi_ai\" {\n  type       = \"AI_ML\"\n  cloud_apps = [\"CHATGPT_AI\", \"GOOGLE_GEMINI\"]\n}\n\nresource \"zia_cloud_app_control_rule\" \"multi_ai\" {\n  name         = \"Multiple AI Apps\"\n  type         = \"AI_ML\"\n  order        = 1\n  rank         = 7\n  state        = \"ENABLED\"\n  applications = [\"CHATGPT_AI\", \"GOOGLE_GEMINI\"]\n\n  # Returns only actions supported by BOTH applications\n  actions = data.zia_cloud_app_control_rule_actions.multi_ai.available_actions_without_isolate\n}\n\n# View the intersection\noutput \"common_actions\" {\n  value = data.zia_cloud_app_control_rule_actions.multi_ai.available_actions_without_isolate\n}\n```\n\n### Filter By Action Type (ALLOW Only)\n\nUse \u003cspan pulumi-lang-nodejs=\"`actionPrefixes`\" pulumi-lang-dotnet=\"`ActionPrefixes`\" pulumi-lang-go=\"`actionPrefixes`\" pulumi-lang-python=\"`action_prefixes`\" pulumi-lang-yaml=\"`actionPrefixes`\" pulumi-lang-java=\"`actionPrefixes`\"\u003e`action_prefixes`\u003c/span\u003e to filter actions by type:\n\n```hcl\ndata \"zia_cloud_app_control_rule_actions\" \"allow_only\" {\n  type            = \"AI_ML\"\n  cloud_apps      = [\"CHATGPT_AI\"]\n  action_prefixes = [\"ALLOW\"]  # Filter for ALLOW actions only\n}\n\nresource \"zia_cloud_app_control_rule\" \"allow_rule\" {\n  name         = \"ChatGPT Allow Only\"\n  type         = \"AI_ML\"\n  order        = 1\n  rank         = 7\n  state        = \"ENABLED\"\n  applications = [\"CHATGPT_AI\"]\n\n  # Only ALLOW_ actions\n  actions = data.zia_cloud_app_control_rule_actions.allow_only.filtered_actions\n}\n```\n\n### Filter Multiple Action Types\n\nFilter for multiple action types simultaneously:\n\n```hcl\ndata \"zia_cloud_app_control_rule_actions\" \"allow_deny\" {\n  type            = \"AI_ML\"\n  cloud_apps      = [\"CHATGPT_AI\"]\n  action_prefixes = [\"ALLOW\", \"DENY\"]  # Get both ALLOW and DENY actions\n}\n\nresource \"zia_cloud_app_control_rule\" \"mixed_rule\" {\n  name         = \"ChatGPT Mixed Actions\"\n  type         = \"AI_ML\"\n  order        = 1\n  rank         = 7\n  state        = \"ENABLED\"\n  applications = [\"CHATGPT_AI\"]\n\n  # ALLOW_ and DENY_ actions only (excludes CAUTION, ISOLATE, ESC)\n  actions = data.zia_cloud_app_control_rule_actions.allow_deny.filtered_actions\n}\n```\n\n### File Sharing Applications\n\n```hcl\ndata \"zia_cloud_app_control_rule_actions\" \"onedrive\" {\n  type       = \"FILE_SHARE\"\n  cloud_apps = [\"ONEDRIVE\"]\n}\n\nresource \"zia_cloud_app_control_rule\" \"onedrive_rule\" {\n  name         = \"OneDrive Controls\"\n  type         = \"FILE_SHARE\"\n  order        = 1\n  rank         = 7\n  state        = \"ENABLED\"\n  applications = [\"ONEDRIVE\"]\n\n  # Get all file sharing actions except ISOLATE\n  actions = data.zia_cloud_app_control_rule_actions.onedrive.available_actions_without_isolate\n}\n```\n\n### Only DENY Actions\n\n```hcl\ndata \"zia_cloud_app_control_rule_actions\" \"deny_only\" {\n  type            = \"AI_ML\"\n  cloud_apps      = [\"CHATGPT_AI\"]\n  action_prefixes = [\"DENY\"]\n}\n\nresource \"zia_cloud_app_control_rule\" \"block_chatgpt\" {\n  name         = \"Block ChatGPT Features\"\n  type         = \"AI_ML\"\n  order        = 1\n  rank         = 7\n  state        = \"ENABLED\"\n  applications = [\"CHATGPT_AI\"]\n\n  # Only DENY_ actions (restrictive)\n  actions = data.zia_cloud_app_control_rule_actions.deny_only.filtered_actions\n}\n```\n\n## Understanding Action Types\n\n### Action Prefixes\n\nCloud App Control rules support different action types based on the application and rule type:\n\n| Prefix | Description | Example | Can Mix With |\n|--------|-------------|---------|--------------|\n| `ALLOW` | Permit specific operations | ALLOW_AI_ML_CHAT | DENY, CAUTION, ESC |\n| `DENY` | Block specific operations | DENY_AI_ML_UPLOAD | ALLOW, CAUTION, ESC |\n| `BLOCK` | Block operations (some apps) | BLOCK_FILE_SHARE_DOWNLOAD | ALLOW, CAUTION |\n| `CAUTION` | Warn before allowing | CAUTION_AI_ML_WEB_USE | ALLOW, DENY, BLOCK |\n| `ISOLATE` | Cloud Browser Isolation | ISOLATE_AI_ML_WEB_USE | **Cannot mix** |\n| `ESC` | Conditional access | AI_ML_CONDITIONAL_ACCESS | ALLOW, DENY |\n\n### Important Rules\n\n1. **ISOLATE Actions**:\n   * Cannot be mixed with any other action type\n   * Require \u003cspan pulumi-lang-nodejs=\"`cbiProfile`\" pulumi-lang-dotnet=\"`CbiProfile`\" pulumi-lang-go=\"`cbiProfile`\" pulumi-lang-python=\"`cbi_profile`\" pulumi-lang-yaml=\"`cbiProfile`\" pulumi-lang-java=\"`cbiProfile`\"\u003e`cbi_profile`\u003c/span\u003e configuration in the resource\n   * Use \u003cspan pulumi-lang-nodejs=\"`isolateActions`\" pulumi-lang-dotnet=\"`IsolateActions`\" pulumi-lang-go=\"`isolateActions`\" pulumi-lang-python=\"`isolate_actions`\" pulumi-lang-yaml=\"`isolateActions`\" pulumi-lang-java=\"`isolateActions`\"\u003e`isolate_actions`\u003c/span\u003e attribute or filter with \u003cspan pulumi-lang-nodejs=\"`actionPrefixes \" pulumi-lang-dotnet=\"`ActionPrefixes \" pulumi-lang-go=\"`actionPrefixes \" pulumi-lang-python=\"`action_prefixes \" pulumi-lang-yaml=\"`actionPrefixes \" pulumi-lang-java=\"`actionPrefixes \"\u003e`action_prefixes \u003c/span\u003e= [\"ISOLATE\"]`\n\n2. **Multiple Applications**:\n   * The API automatically returns the intersection of actions\n   * Only actions supported by ALL specified applications are returned\n   * Always query the data source with the same applications you'll use in the resource\n\n3. **Action Compatibility**:\n   * Most actions can be mixed (ALLOW + DENY, ALLOW + CAUTION, etc.)\n   * ISOLATE actions are the exception - they must be used alone\n\n## Best Practices\n\n### 1. Use Data Source Instead of Hardcoding\n\n**❌ Avoid hardcoding actions**:\n\n```hcl\nresource \"zia_cloud_app_control_rule\" \"example\" {\n  actions = [\"ALLOW_AI_ML_CHAT\", \"DENY_AI_ML_UPLOAD\"]  # May become invalid\n}\n```\n\n**✅ Use data source**:\n\n```hcl\ndata \"zia_cloud_app_control_rule_actions\" \"actions\" {\n  type       = \"AI_ML\"\n  cloud_apps = [\"CHATGPT_AI\"]\n}\n\nresource \"zia_cloud_app_control_rule\" \"example\" {\n  actions = data.zia_cloud_app_control_rule_actions.actions.available_actions_without_isolate\n}\n```\n\n### 2. Match Applications Between Data Source and Resource\n\n**❌ Mismatch (will cause validation errors)**:\n\n```hcl\ndata \"zia_cloud_app_control_rule_actions\" \"actions\" {\n  cloud_apps = [\"CHATGPT_AI\"]  # Only one app\n}\n\nresource \"zia_cloud_app_control_rule\" \"example\" {\n  applications = [\"CHATGPT_AI\", \"GOOGLE_GEMINI\"]  # Two apps\n  actions      = data.zia_cloud_app_control_rule_actions.actions.available_actions_without_isolate\n}\n```\n\n**✅ Correct match**:\n\n```hcl\ndata \"zia_cloud_app_control_rule_actions\" \"actions\" {\n  cloud_apps = [\"CHATGPT_AI\", \"GOOGLE_GEMINI\"]  # Same apps\n}\n\nresource \"zia_cloud_app_control_rule\" \"example\" {\n  applications = [\"CHATGPT_AI\", \"GOOGLE_GEMINI\"]  # Same apps\n  actions      = data.zia_cloud_app_control_rule_actions.actions.available_actions_without_isolate\n}\n```\n\n### 3. Choose the Right Output Attribute\n\n| Use Case | Attribute to Use | Example |\n|----------|------------------|---------|\n| Standard rule (no CBI) | \u003cspan pulumi-lang-nodejs=\"`availableActionsWithoutIsolate`\" pulumi-lang-dotnet=\"`AvailableActionsWithoutIsolate`\" pulumi-lang-go=\"`availableActionsWithoutIsolate`\" pulumi-lang-python=\"`available_actions_without_isolate`\" pulumi-lang-yaml=\"`availableActionsWithoutIsolate`\" pulumi-lang-java=\"`availableActionsWithoutIsolate`\"\u003e`available_actions_without_isolate`\u003c/span\u003e | Most common |\n| CBI/Isolation rule | \u003cspan pulumi-lang-nodejs=\"`isolateActions`\" pulumi-lang-dotnet=\"`IsolateActions`\" pulumi-lang-go=\"`isolateActions`\" pulumi-lang-python=\"`isolate_actions`\" pulumi-lang-yaml=\"`isolateActions`\" pulumi-lang-java=\"`isolateActions`\"\u003e`isolate_actions`\u003c/span\u003e | Requires\u003cspan pulumi-lang-nodejs=\" cbiProfile \" pulumi-lang-dotnet=\" CbiProfile \" pulumi-lang-go=\" cbiProfile \" pulumi-lang-python=\" cbi_profile \" pulumi-lang-yaml=\" cbiProfile \" pulumi-lang-java=\" cbiProfile \"\u003e cbi_profile \u003c/span\u003e|\n| Only permissive actions | \u003cspan pulumi-lang-nodejs=\"`filteredActions`\" pulumi-lang-dotnet=\"`FilteredActions`\" pulumi-lang-go=\"`filteredActions`\" pulumi-lang-python=\"`filtered_actions`\" pulumi-lang-yaml=\"`filteredActions`\" pulumi-lang-java=\"`filteredActions`\"\u003e`filtered_actions`\u003c/span\u003e with \u003cspan pulumi-lang-nodejs=\"`actionPrefixes \" pulumi-lang-dotnet=\"`ActionPrefixes \" pulumi-lang-go=\"`actionPrefixes \" pulumi-lang-python=\"`action_prefixes \" pulumi-lang-yaml=\"`actionPrefixes \" pulumi-lang-java=\"`actionPrefixes \"\u003e`action_prefixes \u003c/span\u003e= [\"ALLOW\"]` | Allow-only policy |\n| Only restrictive actions | \u003cspan pulumi-lang-nodejs=\"`filteredActions`\" pulumi-lang-dotnet=\"`FilteredActions`\" pulumi-lang-go=\"`filteredActions`\" pulumi-lang-python=\"`filtered_actions`\" pulumi-lang-yaml=\"`filteredActions`\" pulumi-lang-java=\"`filteredActions`\"\u003e`filtered_actions`\u003c/span\u003e with \u003cspan pulumi-lang-nodejs=\"`actionPrefixes \" pulumi-lang-dotnet=\"`ActionPrefixes \" pulumi-lang-go=\"`actionPrefixes \" pulumi-lang-python=\"`action_prefixes \" pulumi-lang-yaml=\"`actionPrefixes \" pulumi-lang-java=\"`actionPrefixes \"\u003e`action_prefixes \u003c/span\u003e= [\"DENY\"]` | Deny-only policy |\n| Mixed ALLOW/DENY | \u003cspan pulumi-lang-nodejs=\"`filteredActions`\" pulumi-lang-dotnet=\"`FilteredActions`\" pulumi-lang-go=\"`filteredActions`\" pulumi-lang-python=\"`filtered_actions`\" pulumi-lang-yaml=\"`filteredActions`\" pulumi-lang-java=\"`filteredActions`\"\u003e`filtered_actions`\u003c/span\u003e with \u003cspan pulumi-lang-nodejs=\"`actionPrefixes \" pulumi-lang-dotnet=\"`ActionPrefixes \" pulumi-lang-go=\"`actionPrefixes \" pulumi-lang-python=\"`action_prefixes \" pulumi-lang-yaml=\"`actionPrefixes \" pulumi-lang-java=\"`actionPrefixes \"\u003e`action_prefixes \u003c/span\u003e= [\"ALLOW\", \"DENY\"]` | Fine-grained control |\n| Full list for custom logic | \u003cspan pulumi-lang-nodejs=\"`availableActions`\" pulumi-lang-dotnet=\"`AvailableActions`\" pulumi-lang-go=\"`availableActions`\" pulumi-lang-python=\"`available_actions`\" pulumi-lang-yaml=\"`availableActions`\" pulumi-lang-java=\"`availableActions`\"\u003e`available_actions`\u003c/span\u003e | Manual filtering |\n\n## Complete Examples\n\n### Example 1: Standard Rule with Multiple Action Types\n\n```hcl\ndata \"zia_cloud_app_control_rule_actions\" \"slack\" {\n  type       = \"ENTERPRISE_COLLABORATION\"\n  cloud_apps = [\"SLACK\"]\n}\n\nresource \"zia_cloud_app_control_rule\" \"slack_controls\" {\n  name                    = \"Slack Controls\"\n  description             = \"Control Slack usage\"\n  type                    = \"ENTERPRISE_COLLABORATION\"\n  order                   = 1\n  rank                    = 7\n  state                   = \"ENABLED\"\n  applications            = [\"SLACK\"]\n  browser_eun_template_id = 5502\n\n  # Returns all actions except ISOLATE\n  actions = data.zia_cloud_app_control_rule_actions.slack.available_actions_without_isolate\n}\n```\n\n### Example 2: Permissive Rule (ALLOW Only)\n\n```hcl\ndata \"zia_cloud_app_control_rule_actions\" \"dropbox_allow\" {\n  type            = \"FILE_SHARE\"\n  cloud_apps      = [\"DROPBOX\"]\n  action_prefixes = [\"ALLOW\"]\n}\n\nresource \"zia_cloud_app_control_rule\" \"dropbox_allow\" {\n  name         = \"Dropbox Allow Operations\"\n  type         = \"FILE_SHARE\"\n  order        = 1\n  rank         = 7\n  state        = \"ENABLED\"\n  applications = [\"DROPBOX\"]\n\n  # Only permissive actions\n  actions = data.zia_cloud_app_control_rule_actions.dropbox_allow.filtered_actions\n}\n```\n\n### Example 3: Restrictive Rule (DENY Only)\n\n```hcl\ndata \"zia_cloud_app_control_rule_actions\" \"onedrive_deny\" {\n  type            = \"FILE_SHARE\"\n  cloud_apps      = [\"ONEDRIVE\"]\n  action_prefixes = [\"DENY\"]\n}\n\nresource \"zia_cloud_app_control_rule\" \"onedrive_block_upload\" {\n  name         = \"OneDrive Block Upload\"\n  type         = \"FILE_SHARE\"\n  order        = 2\n  rank         = 7\n  state        = \"ENABLED\"\n  applications = [\"ONEDRIVE\"]\n\n  # Only restrictive DENY actions\n  actions = data.zia_cloud_app_control_rule_actions.onedrive_deny.filtered_actions\n}\n```\n\n### Example 4: Multiple Applications with Intersection\n\n```hcl\n# Query actions for two applications\ndata \"zia_cloud_app_control_rule_actions\" \"multi_file_share\" {\n  type       = \"FILE_SHARE\"\n  cloud_apps = [\"ONEDRIVE\", \"DROPBOX\"]\n}\n\nresource \"zia_cloud_app_control_rule\" \"multi_file_share\" {\n  name         = \"File Sharing Controls\"\n  type         = \"FILE_SHARE\"\n  order        = 1\n  rank         = 7\n  state        = \"ENABLED\"\n  applications = [\"ONEDRIVE\", \"DROPBOX\"]\n\n  # Returns only actions supported by BOTH OneDrive AND Dropbox\n  actions = data.zia_cloud_app_control_rule_actions.multi_file_share.available_actions_without_isolate\n}\n\n# Output shows the intersection\noutput \"common_file_share_actions\" {\n  value = data.zia_cloud_app_control_rule_actions.multi_file_share.available_actions_without_isolate\n  # Example output: Actions both apps support\n}\n```\n\n### Example 5: CAUTION Actions Only\n\n```hcl\ndata \"zia_cloud_app_control_rule_actions\" \"caution_only\" {\n  type            = \"AI_ML\"\n  cloud_apps      = [\"CHATGPT_AI\"]\n  action_prefixes = [\"CAUTION\"]\n}\n\nresource \"zia_cloud_app_control_rule\" \"caution_rule\" {\n  name         = \"ChatGPT Caution\"\n  type         = \"AI_ML\"\n  order        = 1\n  rank         = 7\n  state        = \"ENABLED\"\n  applications = [\"CHATGPT_AI\"]\n\n  # Only CAUTION actions (user warnings)\n  actions = data.zia_cloud_app_control_rule_actions.caution_only.filtered_actions\n}\n```\n\n### Example 6: Viewing All Available Attributes\n\n```hcl\ndata \"zia_cloud_app_control_rule_actions\" \"chatgpt\" {\n  type            = \"AI_ML\"\n  cloud_apps      = [\"CHATGPT_AI\"]\n  action_prefixes = [\"ALLOW\", \"DENY\"]  # Optional filtering\n}\n\n# View all output attributes\noutput \"all_actions\" {\n  value = data.zia_cloud_app_control_rule_actions.chatgpt.available_actions\n  # All actions including ISOLATE (17 actions for ChatGPT)\n}\n\noutput \"standard_actions\" {\n  value = data.zia_cloud_app_control_rule_actions.chatgpt.available_actions_without_isolate\n  # All except ISOLATE (16 actions)\n}\n\noutput \"isolate_only\" {\n  value = data.zia_cloud_app_control_rule_actions.chatgpt.isolate_actions\n  # Only ISOLATE actions (1 action)\n}\n\noutput \"custom_filtered\" {\n  value = data.zia_cloud_app_control_rule_actions.chatgpt.filtered_actions\n  # Only ALLOW and DENY actions (based on action_prefixes)\n}\n```\n\n## Notes\n\n### Application Intersection Behavior\n\nWhen querying multiple applications, the API returns only the intersection of actions:\n\n**Example**:\n\n* `CHATGPT_AI` alone supports 12 actions (including ALLOW_AI_ML_RENAME)\n* `GOOGLE_GEMINI` alone supports 11 actions (does NOT support RENAME)\n* Query with both: `[\"CHATGPT_AI\", \"GOOGLE_GEMINI\"]` returns 9 actions (RENAME excluded)\n\nThis ensures that rules with multiple applications only use actions that work for all of them.\n\n### ISOLATE Actions Special Requirements\n\nISOLATE actions have unique requirements:\n\n1. **Cannot be mixed**: ISOLATE actions must be used alone in a rule\n2. **Require CBI profile**: Must configure \u003cspan pulumi-lang-nodejs=\"`cbiProfile`\" pulumi-lang-dotnet=\"`CbiProfile`\" pulumi-lang-go=\"`cbiProfile`\" pulumi-lang-python=\"`cbi_profile`\" pulumi-lang-yaml=\"`cbiProfile`\" pulumi-lang-java=\"`cbiProfile`\"\u003e`cbi_profile`\u003c/span\u003e block with a valid profile\n3. **No EUN template**: Cannot set \u003cspan pulumi-lang-nodejs=\"`browserEunTemplateId`\" pulumi-lang-dotnet=\"`BrowserEunTemplateId`\" pulumi-lang-go=\"`browserEunTemplateId`\" pulumi-lang-python=\"`browser_eun_template_id`\" pulumi-lang-yaml=\"`browserEunTemplateId`\" pulumi-lang-java=\"`browserEunTemplateId`\"\u003e`browser_eun_template_id`\u003c/span\u003e when using ISOLATE\n4. **Separate rules**: Create one rule for ISOLATE actions, separate rules for other actions\n\n### Validation\n\nThe \u003cspan pulumi-lang-nodejs=\"`zia.CloudAppControlRule`\" pulumi-lang-dotnet=\"`zia.CloudAppControlRule`\" pulumi-lang-go=\"`CloudAppControlRule`\" pulumi-lang-python=\"`CloudAppControlRule`\" pulumi-lang-yaml=\"`zia.CloudAppControlRule`\" pulumi-lang-java=\"`zia.CloudAppControlRule`\"\u003e`zia.CloudAppControlRule`\u003c/span\u003e resource automatically validates actions during `pulumi preview`:\n\n* Ensures actions are valid for the specified applications\n* Validates ISOLATE action requirements\n* Provides helpful error messages with valid action lists\n* Suggests using the data source if manual actions are invalid\n","inputs":{"description":"A collection of arguments for invoking getCloudAppControlRuleActions.\n","properties":{"actionPrefixes":{"type":"array","items":{"type":"string"}},"cloudApps":{"type":"array","items":{"type":"string"}},"type":{"type":"string"}},"type":"object","required":["cloudApps","type"]},"outputs":{"description":"A collection of values returned by getCloudAppControlRuleActions.\n","properties":{"actionPrefixes":{"items":{"type":"string"},"type":"array"},"availableActions":{"description":"(List of Strings) Complete list of all available actions for the specified cloud applications and rule type, including ISOLATE actions. Use when you need the full list or want to apply custom Terraform filtering logic.\n","items":{"type":"string"},"type":"array"},"availableActionsWithoutIsolates":{"description":"(List of Strings) **Recommended for most use cases**. List of available actions excluding ISOLATE actions. Use this for standard Cloud App Control rules. ISOLATE actions cannot be mixed with other action types and require separate rules.\n","items":{"type":"string"},"type":"array"},"cloudApps":{"items":{"type":"string"},"type":"array"},"filteredActions":{"description":"(List of Strings) List of actions filtered by the \u003cspan pulumi-lang-nodejs=\"`actionPrefixes`\" pulumi-lang-dotnet=\"`ActionPrefixes`\" pulumi-lang-go=\"`actionPrefixes`\" pulumi-lang-python=\"`action_prefixes`\" pulumi-lang-yaml=\"`actionPrefixes`\" pulumi-lang-java=\"`actionPrefixes`\"\u003e`action_prefixes`\u003c/span\u003e parameter. Only populated when \u003cspan pulumi-lang-nodejs=\"`actionPrefixes`\" pulumi-lang-dotnet=\"`ActionPrefixes`\" pulumi-lang-go=\"`actionPrefixes`\" pulumi-lang-python=\"`action_prefixes`\" pulumi-lang-yaml=\"`actionPrefixes`\" pulumi-lang-java=\"`actionPrefixes`\"\u003e`action_prefixes`\u003c/span\u003e is specified. Use this for custom filtering by specific action types (ALLOW only, DENY only, ALLOW+DENY, etc.).\n","items":{"type":"string"},"type":"array"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"isolateActions":{"description":"(List of Strings) List of only ISOLATE actions (Cloud Browser Isolation). Use this for CBI rules. When using ISOLATE actions:\n* They **cannot** be mixed with other action types (ALLOW, DENY, etc.)\n* They **require** \u003cspan pulumi-lang-nodejs=\"`cbiProfile`\" pulumi-lang-dotnet=\"`CbiProfile`\" pulumi-lang-go=\"`cbiProfile`\" pulumi-lang-python=\"`cbi_profile`\" pulumi-lang-yaml=\"`cbiProfile`\" pulumi-lang-java=\"`cbiProfile`\"\u003e`cbi_profile`\u003c/span\u003e block in the resource\n* They **cannot** have \u003cspan pulumi-lang-nodejs=\"`browserEunTemplateId`\" pulumi-lang-dotnet=\"`BrowserEunTemplateId`\" pulumi-lang-go=\"`browserEunTemplateId`\" pulumi-lang-python=\"`browser_eun_template_id`\" pulumi-lang-yaml=\"`browserEunTemplateId`\" pulumi-lang-java=\"`browserEunTemplateId`\"\u003e`browser_eun_template_id`\u003c/span\u003e set\n* Create separate rules for ISOLATE vs non-ISOLATE actions\n","items":{"type":"string"},"type":"array"},"type":{"type":"string"}},"required":["availableActions","availableActionsWithoutIsolates","cloudApps","filteredActions","isolateActions","type","id"],"type":"object"}},"zia:index/getCloudApplicationInstance:getCloudApplicationInstance":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-cloud-application-instances)\n* [API documentation](https://help.zscaler.com/zia/cloud-app-control-policy#/cloudApplicationInstances-get)\n\nUse the **zia_cloud_application_instance** data source to get information about cloud application instances in the Zscaler Internet Access cloud or via the API.\n\n## Example Usage\n\n### By Name\n\n```hcl\ndata \"zia_cloud_application_instance\" \"this\"{\n    name = \"SharePointOnline\"\n}\n```\n\n### By ID\n\n```hcl\ndata \"zia_cloud_application_instance\" \"this\"{\n    id = \"11743520\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getCloudApplicationInstance.\n","properties":{"id":{"type":"integer"},"name":{"type":"string"}},"type":"object"},"outputs":{"description":"A collection of values returned by getCloudApplicationInstance.\n","properties":{"id":{"type":"integer"},"instanceIdentifiers":{"items":{"$ref":"#/types/zia:index/getCloudApplicationInstanceInstanceIdentifier:getCloudApplicationInstanceInstanceIdentifier"},"type":"array"},"instanceType":{"type":"string"},"lastModifiedBies":{"items":{"$ref":"#/types/zia:index/getCloudApplicationInstanceLastModifiedBy:getCloudApplicationInstanceLastModifiedBy"},"type":"array"},"modifiedAt":{"type":"integer"},"name":{"type":"string"}},"required":["id","instanceIdentifiers","instanceType","lastModifiedBies","modifiedAt","name"],"type":"object"}},"zia:index/getCloudApplications:getCloudApplications":{"description":"* [Official documentation](https://help.zscaler.com/zia/cloud-applications#/cloudApplications/sslPolicy-get)\n* [API documentation](https://help.zscaler.com/zia/cloud-applications#/cloudApplications/sslPolicy-get)\n\nUse the **zia_cloud_applications** data source to Retrieves a list of Predefined and User Defined Cloud Applications associated with the DLP rules, Cloud App Control rules, Advanced Settings, Bandwidth Classes, File Type Control and SSL Inspection rules. The returned information can be associated with the attribute \u003cspan pulumi-lang-nodejs=\"`cloudApplications`\" pulumi-lang-dotnet=\"`CloudApplications`\" pulumi-lang-go=\"`cloudApplications`\" pulumi-lang-python=\"`cloud_applications`\" pulumi-lang-yaml=\"`cloudApplications`\" pulumi-lang-java=\"`cloudApplications`\"\u003e`cloud_applications`\u003c/span\u003e on supported rules.\n\n```hcl\ndata \"zia_cloud_applications\" \"this\" {\n  policy_type = \"cloud_application_policy\"\n}\n\noutput \"zia_cloud_applications\" {\n  value = data.zia_cloud_applications.this\n}\n\ndata \"zia_cloud_applications\" \"this\" {\n  policy_type = \"cloud_application_policy\"\n  app_class   = [\"AI_ML\"]\n}\n\noutput \"app_ids\" {\n  value = [for app in data.zia_cloud_applications.this.applications : app[\"app\"]]\n}\n\ndata \"zia_cloud_applications\" \"this\" {\n  policy_type = \"cloud_application_ssl_policy\"\n  app_class = [\"SOCIAL_NETWORKING\"]\n  app_name = \"Nebenan\"\n}\n\noutput \"zia_cloud_applications\" {\n    value = data.zia_cloud_applications.this\n}\n\n\ndata \"zia_cloud_applications\" \"this\" {\n  policy_type = \"cloud_application_ssl_policy\"\n}\n\noutput \"zia_cloud_applications\" {\n  value = data.zia_cloud_applications.this\n}\n\n#Retrieves and Filter Cloud Application associated with a SSL inspection rule by application category\ndata \"zia_cloud_applications\" \"this\" {\n  policy_type = \"cloud_application_ssl_policy\"\n  app_class   = [\"AI_ML\"]\n}\n\noutput \"app_ids\" {\n  value = [for app in data.zia_cloud_applications.this.applications : app[\"app\"]]\n}\n\ndata \"zia_cloud_applications\" \"this\" {\n  policy_type = \"cloud_application_ssl_policy\"\n  app_class = [\"SOCIAL_NETWORKING\"]\n  app_name = \"Nebenan\"\n}\n\noutput \"zia_cloud_applications\" {\n    value = data.zia_cloud_applications.this\n}\n```\n\n## Cloud Application Category App Class Matrix\n\n**Note**: Refer to this matrix when configuring types vs actions for each specific rules\n\n|             App Class                       |\n|:-------------------------------------------:|\n|---------------------------------------------|\n|               `WEBMAIL`                     |\n|           `SOCIAL_NETWORKING`               |\n|              `STREAMING`                    |\n|                 `P2P`                       |\n|            `INSTANT_MESSAGING`              |\n|               `WEB_SEARCH`                  |\n|            `GENERAL_BROWSING`               |\n|               `ADMINISTRATION`              |\n|               `ENTERPRISE_COLLABORATION`    |\n|               `BUSINESS_PRODUCTIVITY`       |\n|               `SALES_AND_MARKETING`         |\n|               `SYSTEM_AND_DEVELOPMENT`      |\n|               `CONSUMER`                    |\n|               `FILE_SHARE`                  |\n|               `HOSTING_PROVIDER`            |\n|               `IT_SERVICES`                 |\n|               `DNS_OVER_HTTPS`              |\n|               `HUMAN_RESOURCES`             |\n|               `LEGAL`                       |\n|               `HEALTH_CARE`                 |\n|               `FINANCE`                     |\n|               `CUSTOM_CAPP`                 |\n|               `AI_ML`                       |\n|---------------------------------------------|\n","inputs":{"description":"A collection of arguments for invoking getCloudApplications.\n","properties":{"appClasses":{"type":"array","items":{"type":"string"},"description":"(Set of Strings) Filter application by application category\n"},"appName":{"type":"string","description":"(String) Cloud application name\n"},"policyType":{"type":"string"}},"type":"object","required":["policyType"]},"outputs":{"description":"A collection of values returned by getCloudApplications.\n","properties":{"appClasses":{"description":"(Set of Strings) Filter application by application category\n","items":{"type":"string"},"type":"array"},"appName":{"description":"(String) Cloud application name\n","type":"string"},"applications":{"items":{"$ref":"#/types/zia:index/getCloudApplicationsApplication:getCloudApplicationsApplication"},"type":"array"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"policyType":{"type":"string"}},"required":["applications","policyType","id"],"type":"object"}},"zia:index/getCloudNSSFeed:getCloudNSSFeed":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-nss-feeds)\n* [API documentation](https://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssFeeds-get)\n\nUse the **zia_cloud_nss_feed** data source to get information about cloud NSS feeds configured in the ZIA Admin Portal\n\n## Example Usage\n\n```hcl\ndata \"zia_cloud_nss_feed\" \"this\" {\n  name = \"Google FW\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getCloudNSSFeed.\n","properties":{"id":{"type":"integer","description":"The unique identifier for the nss server\n"},"name":{"type":"string","description":"The name of the cloud NSS feed\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getCloudNSSFeed.\n","properties":{"actionFilter":{"description":"(string) Policy action filter\n","type":"string"},"activities":{"description":"(Set of String) CASB activity filter\n","items":{"type":"string"},"type":"array"},"advUserAgents":{"description":"(Set of String) Filter based on custom user agent strings\n","items":{"type":"string"},"type":"array"},"advancedThreats":{"description":"(Set of String) Advanced threats filter\n","items":{"type":"string"},"type":"array"},"alerts":{"description":"(Set of String) Alert filter\n","items":{"type":"string"},"type":"array"},"auditLogTypes":{"description":"(Set of String) Audit log type filter\n","items":{"type":"string"},"type":"array"},"authenticationToken":{"description":"(string) The authentication token value\n","type":"string"},"authenticationUrl":{"description":"(string) Authentication URL applicable when SIEM type is set to Azure Sentinel\n","type":"string"},"base64EncodedCertificate":{"description":"(string) Base64-encoded certificate\n","type":"string"},"buckets":{"items":{"$ref":"#/types/zia:index/getCloudNSSFeedBucket:getCloudNSSFeedBucket"},"type":"array"},"casbActions":{"description":"(Set of String) CASB policy action filter\n","items":{"type":"string"},"type":"array"},"casbApplications":{"description":"(Set of String) CASB application filter\n","items":{"type":"string"},"type":"array"},"casbFileTypeSuperCategories":{"description":"(Set of String) Endpoint DLP file type category filer\n","items":{"type":"string"},"type":"array"},"casbPolicyTypes":{"description":"(Set of String) CASB policy type filter\n","items":{"type":"string"},"type":"array"},"casbSeverities":{"description":"(Set of String) Zscaler's Cloud Access Security Broker (CASB) severity filter\n","items":{"type":"string"},"type":"array"},"casbTenants":{"items":{"$ref":"#/types/zia:index/getCloudNSSFeedCasbTenant:getCloudNSSFeedCasbTenant"},"type":"array"},"channelNames":{"description":"(Set of String) Collaboration channel name filter\n","items":{"type":"string"},"type":"array"},"clientDestinationIps":{"description":"(Set of String) Client's destination IPv4 addresses in Firewall policy\n","items":{"type":"string"},"type":"array"},"clientDestinationPorts":{"description":"(Set of String) Firewall logs filter based on a client's destination\n","items":{"type":"string"},"type":"array"},"clientId":{"description":"(string) Client ID applicable when SIEM type is set to S3 or Azure Sentinel\n","type":"string"},"clientIps":{"description":"(Set of String) Filter to limit the logs based on a client's public IPv4 addresses\n","items":{"type":"string"},"type":"array"},"clientSecret":{"description":"(string) Client secret applicable when SIEM type is set to S3 or Azure Sentinel\n","type":"string"},"clientSourceIps":{"description":"(Set of String) Client source IPs configured for NSS feed.\n","items":{"type":"string"},"type":"array"},"clientSourcePorts":{"description":"(Set of String) Firewall log filter based on a client's source ports\n","items":{"type":"string"},"type":"array"},"connectionHeaders":{"description":"(Set of String) The HTTP Connection headers\n","items":{"type":"string"},"type":"array"},"connectionUrl":{"description":"(string) The HTTPS URL of the SIEM log collection API endpoint\n","type":"string"},"countries":{"description":"(Set of String) Countries filter in the Firewall policy\n","items":{"type":"string"},"type":"array"},"customEscapedCharacters":{"description":"(Set of String) Characters that need to be encoded using hex when they appear in URL, Host, or Referrer\n","items":{"type":"string"},"type":"array"},"departments":{"items":{"$ref":"#/types/zia:index/getCloudNSSFeedDepartment:getCloudNSSFeedDepartment"},"type":"array"},"direction":{"description":"(string) Traffic direction filter specifying inbound or outbound\n","type":"string"},"dlpDictionaries":{"items":{"$ref":"#/types/zia:index/getCloudNSSFeedDlpDictionary:getCloudNSSFeedDlpDictionary"},"type":"array"},"dlpEngines":{"items":{"$ref":"#/types/zia:index/getCloudNSSFeedDlpEngine:getCloudNSSFeedDlpEngine"},"type":"array"},"dnsActions":{"description":"(Set of String) DNS Control policy action filter\n","items":{"type":"string"},"type":"array"},"dnsRequestTypes":{"description":"(Set of String) DNS request types included in the feed\n","items":{"type":"string"},"type":"array"},"dnsResponseTypes":{"description":"(Set of String) DNS response types filter\n","items":{"type":"string"},"type":"array"},"dnsResponses":{"description":"(Set of String) DNS responses filter\n","items":{"type":"string"},"type":"array"},"domains":{"description":"(Set of String) Filter to limit the logs to sessions associated with specific domains\n","items":{"type":"string"},"type":"array"},"downloadTimes":{"description":"(Set of String) Download time filter\n","items":{"type":"string"},"type":"array"},"durations":{"description":"(Set of String) Filter based on time durations\n","items":{"type":"string"},"type":"array"},"emailDlpLogTypes":{"description":"(Set of String) Email DLP record type filter\n","items":{"type":"string"},"type":"array"},"emailDlpPolicyAction":{"description":"(string) Action filter for Email DLP log type\n","type":"string"},"endPointDlpLogTypes":{"description":"(Set of String) Endpoint DLP log type filter\n","items":{"type":"string"},"type":"array"},"epsRateLimit":{"description":"(int) Event per second limit\n","type":"integer"},"event":{"description":"(string) CASB event filter\n","type":"string"},"externalCollaborators":{"items":{"$ref":"#/types/zia:index/getCloudNSSFeedExternalCollaborator:getCloudNSSFeedExternalCollaborator"},"type":"array"},"externalOwners":{"items":{"$ref":"#/types/zia:index/getCloudNSSFeedExternalOwner:getCloudNSSFeedExternalOwner"},"type":"array"},"feedOutputFormat":{"description":"(string) Output format used for the feed\n","type":"string"},"feedStatus":{"description":"(string) The status of the feed\n","type":"string"},"fileNames":{"description":"(Set of String) Filter based on the file name\n","items":{"type":"string"},"type":"array"},"fileSizes":{"description":"(Set of String) File size filter\n","items":{"type":"string"},"type":"array"},"fileSources":{"description":"(Set of String) Filter based on the file source\n","items":{"type":"string"},"type":"array"},"fileTypeCategories":{"description":"(Set of String) Filter based on the file type in download\n","items":{"type":"string"},"type":"array"},"fileTypeSuperCategories":{"description":"(Set of String) Filter based on the category of file type in download\n","items":{"type":"string"},"type":"array"},"firewallActions":{"description":"(Set of String) Firewall actions included in the NSS feed.\n","items":{"type":"string"},"type":"array"},"firewallLoggingMode":{"description":"(string) Filter based on the Firewall Filtering policy logging mode\n","type":"string"},"fullUrls":{"description":"(Set of String) Filter to limit the logs based on specific full URLs\n","items":{"type":"string"},"type":"array"},"grantType":{"description":"(string) Grant type applicable when SIEM type is set to Azure Sentinel\n","type":"string"},"hostNames":{"description":"(Set of String) Filter to limit the logs based on specific hostnames\n","items":{"type":"string"},"type":"array"},"id":{"description":"(int) A unique identifier for the VPN credential\n","type":"integer"},"inBoundBytes":{"description":"(Set of String) Filter based on inbound bytes\n","items":{"type":"string"},"type":"array"},"internalCollaborators":{"items":{"$ref":"#/types/zia:index/getCloudNSSFeedInternalCollaborator:getCloudNSSFeedInternalCollaborator"},"type":"array"},"internalIps":{"description":"(Set of String) Filter based on internal IPv4 addresses\n","items":{"type":"string"},"type":"array"},"itsmObjectTypes":{"items":{"$ref":"#/types/zia:index/getCloudNSSFeedItsmObjectType:getCloudNSSFeedItsmObjectType"},"type":"array"},"jsonArrayToggle":{"description":"(bool) A Boolean value indicating whether streaming of logs in JSON array format (e.g., [{JSON1},{JSON2}]) is enabled or disabled for the JSON feed output type\n","type":"boolean"},"lastSuccessFullTest":{"description":"(int) The timestamp of the last successful test. Value is in Unix time.\n","type":"integer"},"locationGroups":{"items":{"$ref":"#/types/zia:index/getCloudNSSFeedLocationGroup:getCloudNSSFeedLocationGroup"},"type":"array"},"locations":{"items":{"$ref":"#/types/zia:index/getCloudNSSFeedLocation:getCloudNSSFeedLocation"},"type":"array"},"malwareClasses":{"description":"(Set of String) Malware category filter\n","items":{"type":"string"},"type":"array"},"malwareNames":{"description":"(Set of String) Filter based on malware names\n","items":{"type":"string"},"type":"array"},"maxBatchSize":{"description":"(int) The maximum batch size in KB\n","type":"integer"},"name":{"description":"(string) The configured name of the VPN credential\n","type":"string"},"natActions":{"description":"(Set of String) NAT Control policy actions filter\n","items":{"type":"string"},"type":"array"},"nssFeedType":{"description":"(string) NSS feed format type (e.g. CSV, syslog, Splunk Common Information Model (CIM), etc.)\n","type":"string"},"nssLogType":{"description":"(string) The type of NSS logs that are streamed (e.g. Web, Firewall, DNS, Alert, etc.)\n","type":"string"},"nssType":{"description":"(string) NSS type\n","type":"string"},"nwApplications":{"description":"(Set of String) Filter to include specific network applications in the logs. By default, all network applications are included in the logs\n","items":{"type":"string"},"type":"array"},"nwApplicationsExcludes":{"description":"(Set of String) Filter to include specific network applications in the logs. By default, no network application is excluded from the logs\n","items":{"type":"string"},"type":"array"},"nwServices":{"items":{"$ref":"#/types/zia:index/getCloudNSSFeedNwService:getCloudNSSFeedNwService"},"type":"array"},"oauthAuthentication":{"description":"(bool) A Boolean value indicating whether OAuth 2.0 authentication is enabled or not\n","type":"boolean"},"objectNames":{"description":"(Set of String) CRM object name filter\n","items":{"type":"string"},"type":"array"},"objectType1s":{"description":"(Set of String) CASB activity object type filter\n","items":{"type":"string"},"type":"array"},"objectType2s":{"description":"(Set of String) CASB activity object type filter if applicable\n","items":{"type":"string"},"type":"array"},"objectTypes":{"description":"(Set of String) CRM object type filter\n","items":{"type":"string"},"type":"array"},"outBoundBytes":{"description":"(Set of String) Filter based on outbound bytes\n","items":{"type":"string"},"type":"array"},"pageRiskIndexes":{"description":"(Set of String) Page Risk Index filter\n","items":{"type":"string"},"type":"array"},"policyReasons":{"description":"(Set of String) Policy reason filter\n","items":{"type":"string"},"type":"array"},"projectNames":{"description":"(Set of String) Repository project name filter\n","items":{"type":"string"},"type":"array"},"protocolTypes":{"description":"(Set of String) Protocol types filter\n","items":{"type":"string"},"type":"array"},"refererUrls":{"description":"(Set of String) Referrer URL filter\n","items":{"type":"string"},"type":"array"},"repoNames":{"description":"(Set of String) Repository name filter\n","items":{"type":"string"},"type":"array"},"requestMethods":{"description":"(Set of String) Request methods filter\n","items":{"type":"string"},"type":"array"},"requestSizes":{"description":"(Set of String) Request size filter\n","items":{"type":"string"},"type":"array"},"responseCodes":{"description":"(Set of String) Advanced threats filter\n","items":{"type":"string"},"type":"array"},"responseSizes":{"description":"(Set of String) Request size filter\n","items":{"type":"string"},"type":"array"},"rules":{"items":{"$ref":"#/types/zia:index/getCloudNSSFeedRule:getCloudNSSFeedRule"},"type":"array"},"scanTimes":{"description":"(Set of String) Scan time filter\n","items":{"type":"string"},"type":"array"},"scope":{"description":"(string) Scope applicable when SIEM type is set to Azure Sentinel\n","type":"string"},"senderNames":{"items":{"$ref":"#/types/zia:index/getCloudNSSFeedSenderName:getCloudNSSFeedSenderName"},"type":"array"},"serverDestinationIps":{"description":"(Set of String) Filter based on the server's destination IPv4 addresses in Firewall policy\n","items":{"type":"string"},"type":"array"},"serverIps":{"description":"(Set of String) Filter to limit the logs based on the server's IPv4 addresses\n","items":{"type":"string"},"type":"array"},"serverSourceIps":{"description":"(Set of String) Filter based on the server's source IPv4 addresses in Firewall policy\n","items":{"type":"string"},"type":"array"},"serverSourcePorts":{"description":"(Set of String) Firewall log filter based on the traffic destination name\n","items":{"type":"string"},"type":"array"},"sessionCounts":{"description":"(Set of String) Firewall logs filter based on the number of sessions\n","items":{"type":"string"},"type":"array"},"siemType":{"description":"(string) Cloud NSS SIEM type\n","type":"string"},"testConnectivityCode":{"description":"(int) The code from the last test\n","type":"integer"},"threatNames":{"description":"(Set of String) Filter based on threat names\n","items":{"type":"string"},"type":"array"},"timeZone":{"description":"(string) Specifies the time zone that must be used in the output file\n","type":"string"},"trafficForwards":{"description":"(Set of String) Filter based on the firewall traffic forwarding method\n","items":{"type":"string"},"type":"array"},"transactionSizes":{"description":"(Set of String) Transaction size filter\n","items":{"type":"string"},"type":"array"},"tunnelDestIps":{"description":"(Set of String) Destination IPv4 addresses of tunnels\n","items":{"type":"string"},"type":"array"},"tunnelIps":{"description":"(Set of String) Filter based on tunnel IPv4 addresses in Firewall policy\n","items":{"type":"string"},"type":"array"},"tunnelSourceIps":{"description":"(Set of String) Source IPv4 addresses of tunnels\n","items":{"type":"string"},"type":"array"},"tunnelSourcePorts":{"description":"(Set of String) Filter based on the tunnel source port\n","items":{"type":"string"},"type":"array"},"tunnelTypes":{"description":"(Set of String) Tunnel type filter\n","items":{"type":"string"},"type":"array"},"urlCategories":{"items":{"$ref":"#/types/zia:index/getCloudNSSFeedUrlCategory:getCloudNSSFeedUrlCategory"},"type":"array"},"urlClasses":{"description":"(Set of String) URL category filter\n","items":{"type":"string"},"type":"array"},"urlSuperCategories":{"description":"(Set of String) URL supercategory filter\n","items":{"type":"string"},"type":"array"},"userAgents":{"description":"(Set of String) Predefined user agents filter\n","items":{"type":"string"},"type":"array"},"userObfuscation":{"description":"(string) Specifies whether user obfuscation is enabled or disabled\n","type":"string"},"users":{"items":{"$ref":"#/types/zia:index/getCloudNSSFeedUser:getCloudNSSFeedUser"},"type":"array"},"vpnCredentials":{"items":{"$ref":"#/types/zia:index/getCloudNSSFeedVpnCredential:getCloudNSSFeedVpnCredential"},"type":"array"},"webApplicationClasses":{"description":"(Set of String) Cloud application categories Filter\n","items":{"type":"string"},"type":"array"},"webApplications":{"description":"(Set of String) Filter to include specific cloud applications in the logs. By default, all cloud applications are included in the logs. To obtain the list of cloud applications that can be specified in this attribute, use the GET /cloudApplications/lite request.\n","items":{"type":"string"},"type":"array"},"webApplicationsExcludes":{"description":"(Set of String) Filter to exclude specific cloud applications from the logs. By default, no cloud applications is excluded from the logs. To obtain the list of cloud applications that can be specified in this attribute, use the GET /cloudApplications/lite request.\n","items":{"type":"string"},"type":"array"},"webTrafficForwards":{"description":"(Set of String) Filter based on the web traffic forwarding method\n","items":{"type":"string"},"type":"array"}},"required":["actionFilter","activities","advUserAgents","advancedThreats","alerts","auditLogTypes","authenticationToken","authenticationUrl","base64EncodedCertificate","buckets","casbActions","casbApplications","casbFileTypeSuperCategories","casbPolicyTypes","casbSeverities","casbTenants","channelNames","clientDestinationIps","clientDestinationPorts","clientId","clientIps","clientSecret","clientSourceIps","clientSourcePorts","connectionHeaders","connectionUrl","countries","customEscapedCharacters","departments","direction","dlpDictionaries","dlpEngines","dnsActions","dnsRequestTypes","dnsResponseTypes","dnsResponses","domains","downloadTimes","durations","emailDlpLogTypes","emailDlpPolicyAction","endPointDlpLogTypes","epsRateLimit","event","externalCollaborators","externalOwners","feedOutputFormat","feedStatus","fileNames","fileSizes","fileSources","fileTypeCategories","fileTypeSuperCategories","firewallActions","firewallLoggingMode","fullUrls","grantType","hostNames","id","inBoundBytes","internalCollaborators","internalIps","itsmObjectTypes","jsonArrayToggle","lastSuccessFullTest","locationGroups","locations","malwareClasses","malwareNames","maxBatchSize","name","natActions","nssFeedType","nssLogType","nssType","nwApplications","nwApplicationsExcludes","nwServices","oauthAuthentication","objectNames","objectTypes","objectType1s","objectType2s","outBoundBytes","pageRiskIndexes","policyReasons","projectNames","protocolTypes","refererUrls","repoNames","requestMethods","requestSizes","responseCodes","responseSizes","rules","scanTimes","scope","senderNames","serverDestinationIps","serverIps","serverSourceIps","serverSourcePorts","sessionCounts","siemType","testConnectivityCode","threatNames","timeZone","trafficForwards","transactionSizes","tunnelDestIps","tunnelIps","tunnelSourceIps","tunnelSourcePorts","tunnelTypes","urlCategories","urlClasses","urlSuperCategories","userAgents","userObfuscation","users","vpnCredentials","webApplicationClasses","webApplications","webApplicationsExcludes","webTrafficForwards"],"type":"object"}},"zia:index/getCustomFileTypes:getCustomFileTypes":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-file-type-control)\n* [API documentation](https://help.zscaler.com/zia/file-type-control-policy#/fileTypeRules-post)\n\nUse the **zia_custom_file_types** data source to retrieves File Type Control rules.\n\n## Example Usage\n\n```hcl\n# Retrieve a File Type Control Rule by name\ndata \"zia_custom_file_types\" \"this\" {\n    name = \"Example\"\n}\n```\n\n```hcl\n# Retrieve a File Type Control Rule by ID\ndata \"zia_custom_file_types\" \"this\" {\n    id = \"12134558\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getCustomFileTypes.\n","properties":{"id":{"type":"integer"},"name":{"type":"string"}},"type":"object"},"outputs":{"description":"A collection of values returned by getCustomFileTypes.\n","properties":{"description":{"type":"string"},"extension":{"type":"string"},"fileTypeId":{"type":"integer"},"id":{"type":"integer"},"name":{"type":"string"}},"required":["description","extension","fileTypeId","id","name"],"type":"object"}},"zia:index/getDCExclusions:getDCExclusions":{"description":"* [Official documentation](https://help.zscaler.com/zia/excluding-data-center-based-traffic-forwarding-method)\n* [API documentation](https://help.zscaler.com/legacy-apis/traffic-forwarding-0#/dcExclusions-get)\n\nUse the **zia_dc_exclusions** data source to retrieve the list of Zscaler data centers (DCs) that are currently excluded from service to your organization based on configured exclusions in the ZIA Admin Portal\n\n\u003e NOTE: This an Early Access feature.\n\n## Example Usage\n\n### Retrieve All DC Exclusions\n\n```hcl\ndata \"zia_dc_exclusions\" \"all\" {\n}\n```\n\n### Filter By Name\n\n```hcl\ndata \"zia_dc_exclusions\" \"this\" {\n    name = \"ADL\"\n}\n```\n\n### Filter By Resource ID\n\n```hcl\ndata \"zia_dc_exclusions\" \"example\" {\n  id = zia_dc_exclusions.example.id\n}\n```\n\n### Filter By Datacenter ID\n\n```hcl\ndata \"zia_dc_exclusions\" \"example\" {\n  datacenter_id = 1221\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getDCExclusions.\n","properties":{"datacenterId":{"type":"integer"},"id":{"type":"string","description":"(String) The exclusion identifier (datacenter ID as string). Matches the\u003cspan pulumi-lang-nodejs=\" zia.DCExclusions \" pulumi-lang-dotnet=\" zia.DCExclusions \" pulumi-lang-go=\" DCExclusions \" pulumi-lang-python=\" DCExclusions \" pulumi-lang-yaml=\" zia.DCExclusions \" pulumi-lang-java=\" zia.DCExclusions \"\u003e zia.DCExclusions \u003c/span\u003eresource id.\n"},"name":{"type":"string","description":"(String, Optional + Computed) Filter value when provided; when filtering by \u003cspan pulumi-lang-nodejs=\"`datacenterId`\" pulumi-lang-dotnet=\"`DatacenterId`\" pulumi-lang-go=\"`datacenterId`\" pulumi-lang-python=\"`datacenter_id`\" pulumi-lang-yaml=\"`datacenterId`\" pulumi-lang-java=\"`datacenterId`\"\u003e`datacenter_id`\u003c/span\u003e and exactly one exclusion is returned, set to that exclusion's datacenter name.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getDCExclusions.\n","properties":{"datacenterId":{"type":"integer"},"exclusions":{"description":"(List) List of DC exclusion entries.\n","items":{"$ref":"#/types/zia:index/getDCExclusionsExclusion:getDCExclusionsExclusion"},"type":"array"},"id":{"description":"(String) The exclusion identifier (datacenter ID as string). Matches the\u003cspan pulumi-lang-nodejs=\" zia.DCExclusions \" pulumi-lang-dotnet=\" zia.DCExclusions \" pulumi-lang-go=\" DCExclusions \" pulumi-lang-python=\" DCExclusions \" pulumi-lang-yaml=\" zia.DCExclusions \" pulumi-lang-java=\" zia.DCExclusions \"\u003e zia.DCExclusions \u003c/span\u003eresource id.\n","type":"string"},"name":{"description":"(String, Optional + Computed) Filter value when provided; when filtering by \u003cspan pulumi-lang-nodejs=\"`datacenterId`\" pulumi-lang-dotnet=\"`DatacenterId`\" pulumi-lang-go=\"`datacenterId`\" pulumi-lang-python=\"`datacenter_id`\" pulumi-lang-yaml=\"`datacenterId`\" pulumi-lang-java=\"`datacenterId`\"\u003e`datacenter_id`\u003c/span\u003e and exactly one exclusion is returned, set to that exclusion's datacenter name.\n","type":"string"}},"required":["exclusions","name"],"type":"object"}},"zia:index/getDLPDictionaries:getDLPDictionaries":{"description":"* [Official documentation](https://help.zscaler.com/zia/adding-custom-dlp-dictionary)\n* [API documentation](https://help.zscaler.com/zia/data-loss-prevention#/dlpDictionaries-post)\n\nUse the **zia_dlp_dictionaries** data source to get information about a DLP dictionary option available in the Zscaler Internet Access.\n\n```hcl\ndata \"zia_dlp_dictionaries\" \"example\"{\n    name = \"SALESFORCE_REPORT_LEAKAGE\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getDLPDictionaries.\n","properties":{"id":{"type":"integer","description":"Unique identifier for the DLP dictionary\n"},"name":{"type":"string","description":"DLP dictionary name\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getDLPDictionaries.\n","properties":{"binNumbers":{"description":"(Boolean) The list of Bank Identification Number (BIN) values that are included or excluded from the Credit Cards dictionary. BIN values can be specified only for Diners Club, Mastercard, RuPay, and Visa cards. Up to 512 BIN values can be configured in a dictionary. Note: This field is applicable only to the predefined Credit Cards dictionary and its clones.\n","items":{"type":"integer"},"type":"array"},"confidenceLevelForPredefinedDict":{"description":"(Optional) The DLP confidence threshold for predefined dictionaries. The following values are supported:\n* `CONFIDENCE_LEVEL_LOW`\n* `CONFIDENCE_LEVEL_MEDIUM`\n* `CONFIDENCE_LEVEL_HIGH`\n","type":"string"},"confidenceThreshold":{"description":"(String) he DLP confidence threshold. [`CONFIDENCE_LEVEL_LOW`, `CONFIDENCE_LEVEL_MEDIUM` `CONFIDENCE_LEVEL_HIGH` ]\n","type":"string"},"custom":{"description":"(Boolean) This value is set to true for custom DLP dictionaries.\n","type":"boolean"},"customPhraseMatchType":{"description":"(String) The DLP custom phrase match type. [ `MATCH_ALL_CUSTOM_PHRASE_PATTERN_DICTIONARY`, `MATCH_ANY_CUSTOM_PHRASE_PATTERN_DICTIONARY` ]\n","type":"string"},"description":{"type":"string"},"dictTemplateId":{"description":"(Number) ID of the predefined dictionary (original source dictionary) that is used for cloning. This field is applicable only to cloned dictionaries. Only a limited set of identification-based predefined dictionaries (e.g., Credit Cards, Social Security Numbers, National Identification Numbers, etc.) can be cloned. Up to 4 clones can be created from a predefined dictionary.\n","type":"integer"},"dictionaryType":{"description":"(String) The DLP dictionary type. The cloud service API only supports custom DLP dictionaries that are using the `PATTERNS_AND_PHRASES` type.\n","type":"string"},"exactDataMatchDetails":{"items":{"$ref":"#/types/zia:index/getDLPDictionariesExactDataMatchDetail:getDLPDictionariesExactDataMatchDetail"},"type":"array"},"id":{"type":"integer"},"idmProfileMatchAccuracies":{"items":{"$ref":"#/types/zia:index/getDLPDictionariesIdmProfileMatchAccuracy:getDLPDictionariesIdmProfileMatchAccuracy"},"type":"array"},"ignoreExactMatchIdmDict":{"description":"(Boolean) Indicates whether to exclude documents that are a 100% match to already-indexed documents from triggering an Indexed Document Match (IDM) Dictionary.\n","type":"boolean"},"includeBinNumbers":{"description":"(Boolean) A true value denotes that the specified Bank Identification Number (BIN) values are included in the Credit Cards dictionary. A false value denotes that the specified BIN values are excluded from the Credit Cards dictionary. Note: This field is applicable only to the predefined Credit Cards dictionary and its clones.\n","type":"boolean"},"name":{"type":"string"},"nameL10nTag":{"description":"(Boolean) Indicates whether the name is localized or not. This is always set to True for predefined DLP dictionaries.\n","type":"boolean"},"patterns":{"items":{"$ref":"#/types/zia:index/getDLPDictionariesPattern:getDLPDictionariesPattern"},"type":"array"},"phrases":{"items":{"$ref":"#/types/zia:index/getDLPDictionariesPhrase:getDLPDictionariesPhrase"},"type":"array"},"predefinedClone":{"description":"(Boolean) This field is set to true if the dictionary is cloned from a predefined dictionary. Otherwise, it is set to false.\n","type":"boolean"},"proximity":{"description":"(Optional, Integer) The DLP dictionary proximity length that defines how close a high confidence phrase must be to an instance of the pattern (that the dictionary detects) to count as a match. Supported values between \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e and \u003cspan pulumi-lang-nodejs=\"`10000`\" pulumi-lang-dotnet=\"`10000`\" pulumi-lang-go=\"`10000`\" pulumi-lang-python=\"`10000`\" pulumi-lang-yaml=\"`10000`\" pulumi-lang-java=\"`10000`\"\u003e`10000`\u003c/span\u003e\n","type":"integer"},"proximityLengthEnabled":{"description":"(Optional, Boolean) A Boolean constant that indicates whether the proximity length option is supported for a DLP dictionary or not. A true value indicates that the proximity length option is supported, whereas a false value indicates that it is not supported.\n","type":"boolean"},"thresholdType":{"type":"string"}},"required":["binNumbers","confidenceLevelForPredefinedDict","confidenceThreshold","custom","customPhraseMatchType","description","dictTemplateId","dictionaryType","exactDataMatchDetails","id","idmProfileMatchAccuracies","ignoreExactMatchIdmDict","includeBinNumbers","name","nameL10nTag","patterns","phrases","predefinedClone","proximity","proximityLengthEnabled","thresholdType"],"type":"object"}},"zia:index/getDLPEDMSchema:getDLPEDMSchema":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-exact-data-match)\n* [API documentation](https://help.zscaler.com/zia/data-loss-prevention#/dlpExactDataMatchSchemas-get)\n\nUse the **zia_dlp_edm_schema** data source to get information about a the list of DLP Exact Data Match (EDM) templates in the Zscaler Internet Access cloud or via the API.\n\n## Example Usage\n\n```hcl\n# Retrieve a DLP Exact Data Match (EDM) by name\ndata \"zia_dlp_edm_schema\" \"this\"{\n    project_name = \"Example\"\n}\n```\n\n```hcl\n# Retrieve a DLP Exact Data Match (EDM) by ID\ndata \"zia_dlp_edm_schema\" \"example\"{\n    schema_id = 1234567890\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getDLPEDMSchema.\n","properties":{"projectName":{"type":"string"},"schemaId":{"type":"integer"}},"type":"object"},"outputs":{"description":"A collection of values returned by getDLPEDMSchema.\n","properties":{"cellsUsed":{"type":"integer"},"createdBies":{"items":{"$ref":"#/types/zia:index/getDLPEDMSchemaCreatedBy:getDLPEDMSchemaCreatedBy"},"type":"array"},"edmClients":{"items":{"$ref":"#/types/zia:index/getDLPEDMSchemaEdmClient:getDLPEDMSchemaEdmClient"},"type":"array"},"fileName":{"type":"string"},"fileUploadStatus":{"type":"string"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"lastModifiedBies":{"items":{"$ref":"#/types/zia:index/getDLPEDMSchemaLastModifiedBy:getDLPEDMSchemaLastModifiedBy"},"type":"array"},"lastModifiedTime":{"type":"integer"},"origColCount":{"type":"integer"},"originalFileName":{"type":"string"},"projectName":{"type":"string"},"revision":{"type":"integer"},"schedulePresent":{"type":"boolean"},"schedules":{"items":{"$ref":"#/types/zia:index/getDLPEDMSchemaSchedule:getDLPEDMSchemaSchedule"},"type":"array"},"schemaActive":{"type":"boolean"},"schemaId":{"type":"integer"},"tokenLists":{"items":{"$ref":"#/types/zia:index/getDLPEDMSchemaTokenList:getDLPEDMSchemaTokenList"},"type":"array"}},"required":["cellsUsed","createdBies","edmClients","fileName","fileUploadStatus","lastModifiedBies","lastModifiedTime","origColCount","originalFileName","revision","schedules","schedulePresent","schemaActive","schemaId","tokenLists","id"],"type":"object"}},"zia:index/getDLPEngines:getDLPEngines":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-dlp-engines)\n* [API documentation](https://help.zscaler.com/zia/data-loss-prevention#/dlpEngines-get)\n\nUse the **zia_dlp_engines** data source to get information about a ZIA DLP Engines in the Zscaler Internet Access cloud or via the API.\n\n## Example Usage\n\n### Retrieve Custom DLP Engine By Name\n\n```hcl\n#\ndata \"zia_dlp_engines\" \"this\"{\n    name = \"Example\"\n}\n```\n\n### Retrieve Custom DLP Engine By ID\n\n```hcl\ndata \"zia_dlp_engines\" \"this\"{\n    id = 1234567890\n}\n```\n\n### Retrieve Predefined DLP Engine By Name\n\n```hcl\ndata \"zia_dlp_engines\" \"this\"{\n    predefined_engine_name = \"PCI\"\n}\n\ndata \"zia_dlp_engines\" \"this\"{\n    predefined_engine_name = \"EXTERNAL\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getDLPEngines.\n","properties":{"id":{"type":"integer"},"name":{"type":"string"},"predefinedEngineName":{"type":"string"}},"type":"object"},"outputs":{"description":"A collection of values returned by getDLPEngines.\n","properties":{"customDlpEngine":{"type":"boolean"},"description":{"type":"string"},"engineExpression":{"type":"string"},"id":{"type":"integer"},"name":{"type":"string"},"predefinedEngineName":{"type":"string"}},"required":["customDlpEngine","description","engineExpression"],"type":"object"}},"zia:index/getDLPIDMProfileLite:getDLPIDMProfileLite":{"description":"* [Official documentation](https://help.zscaler.com/zia/data-loss-prevention#/idmprofile-get)\n* [API documentation](https://help.zscaler.com/zia/about-indexed-document-match)\n\nUse the **zia_dlp_idm_profile_lite** data source to get summarized information about a ZIA DLP IDM Profile Lite in the Zscaler Internet Access cloud or via the API.\n\n## Example Usage\n\n```hcl\n# Retrieve a DLP IDM Profile Lite by name\ndata \"zia_dlp_idm_profile_lite\" \"example\"{\n    name = \"Example\"\n}\n```\n\n```hcl\n# Retrieve a DLP IDM Profile Lite by ID\ndata \"zia_dlp_idm_profile_lite\" \"example\"{\n    name = \"Example\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getDLPIDMProfileLite.\n","properties":{"activeOnly":{"type":"boolean"},"profileId":{"type":"integer"},"templateName":{"type":"string"}},"type":"object"},"outputs":{"description":"A collection of values returned by getDLPIDMProfileLite.\n","properties":{"activeOnly":{"type":"boolean"},"clientVms":{"items":{"$ref":"#/types/zia:index/getDLPIDMProfileLiteClientVm:getDLPIDMProfileLiteClientVm"},"type":"array"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"lastModifiedBies":{"items":{"$ref":"#/types/zia:index/getDLPIDMProfileLiteLastModifiedBy:getDLPIDMProfileLiteLastModifiedBy"},"type":"array"},"lastModifiedTime":{"type":"integer"},"numDocuments":{"type":"integer"},"profileId":{"type":"integer"},"templateName":{"type":"string"}},"required":["clientVms","lastModifiedBies","lastModifiedTime","numDocuments","profileId","id"],"type":"object"}},"zia:index/getDLPIDMProfiles:getDLPIDMProfiles":{"description":"* [Official documentation](https://help.zscaler.com/zia/data-loss-prevention#/idmprofile-get)\n* [API documentation](https://help.zscaler.com/zia/about-indexed-document-match)\n\nUse the **zia_dlp_idm_profile** data source to get information about a ZIA DLP IDM Profile in the Zscaler Internet Access cloud or via the API.\n\n## Example Usage\n\n```hcl\n# Retrieve a DLP IDM Profile by name\ndata \"zia_dlp_idm_profile\" \"example\"{\n    name = \"Example\"\n}\n```\n\n```hcl\n# Retrieve a DLP IDM Profile by ID\ndata \"zia_dlp_idm_profile\" \"example\"{\n    name = \"Example\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getDLPIDMProfiles.\n","properties":{"profileId":{"type":"integer"},"profileName":{"type":"string"}},"type":"object"},"outputs":{"description":"A collection of values returned by getDLPIDMProfiles.\n","properties":{"host":{"type":"string"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"idmClients":{"items":{"$ref":"#/types/zia:index/getDLPIDMProfilesIdmClient:getDLPIDMProfilesIdmClient"},"type":"array"},"lastModifiedBies":{"items":{"$ref":"#/types/zia:index/getDLPIDMProfilesLastModifiedBy:getDLPIDMProfilesLastModifiedBy"},"type":"array"},"lastModifiedTime":{"type":"integer"},"numDocuments":{"type":"integer"},"port":{"type":"integer"},"profileDesc":{"type":"string"},"profileDirPath":{"type":"string"},"profileId":{"type":"integer"},"profileName":{"type":"string"},"profileType":{"type":"string"},"scheduleDay":{"type":"integer"},"scheduleDayOfMonths":{"items":{"type":"string"},"type":"array"},"scheduleDayOfWeeks":{"items":{"type":"string"},"type":"array"},"scheduleDisabled":{"type":"boolean"},"scheduleTime":{"type":"integer"},"scheduleType":{"type":"string"},"uploadStatus":{"type":"string"},"username":{"type":"string"},"version":{"type":"integer"},"volumeOfDocuments":{"type":"integer"}},"required":["host","idmClients","lastModifiedBies","lastModifiedTime","numDocuments","port","profileDesc","profileDirPath","profileId","profileType","scheduleDay","scheduleDayOfMonths","scheduleDayOfWeeks","scheduleDisabled","scheduleTime","scheduleType","uploadStatus","username","version","volumeOfDocuments","id"],"type":"object"}},"zia:index/getDLPIncidentReceiverServers:getDLPIncidentReceiverServers":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-zscaler-incident-receiver)\n* [API documentation](https://help.zscaler.com/zia/data-loss-prevention#/incidentReceiverServers-get)\n\nUse the **zia_dlp_incident_receiver_servers** data source to get information about a ZIA DLP Incident Receiver Server in the Zscaler Internet Access cloud or via the API.\n\n## Example Usage\n\n```hcl\n# Retrieve a DLP Incident Receiver Server by name\ndata \"zia_dlp_incident_receiver_servers\" \"this\" {\n  name = \"ZS_Incident_Receiver\"\n}\n```\n\n```hcl\n# Retrieve a DLP Incident Receiver Server by ID\ndata \"zia_dlp_incident_receiver_servers\" \"this\"{\n    id = 1234567890\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getDLPIncidentReceiverServers.\n","properties":{"id":{"type":"integer"},"name":{"type":"string"}},"type":"object"},"outputs":{"description":"A collection of values returned by getDLPIncidentReceiverServers.\n","properties":{"flags":{"type":"integer"},"id":{"type":"integer"},"name":{"type":"string"},"status":{"type":"string"},"url":{"type":"string"}},"required":["flags","id","status","url"],"type":"object"}},"zia:index/getDLPNotificationTemplates:getDLPNotificationTemplates":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-dlp-notification-templates)\n* [API documentation](https://help.zscaler.com/zia/data-loss-prevention#/dlpNotificationTemplates-get)\n\nUse the **zia_dlp_notification_templates** data source to get information about a ZIA DLP Notification Templates in the Zscaler Internet Access cloud or via the API.\n\n## Example Usage\n\n```hcl\n# Retrieve a DLP Template by name\ndata \"zia_dlp_notification_templates\" \"example\"{\n    name = \"DLP Auditor Template Test\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getDLPNotificationTemplates.\n","properties":{"id":{"type":"integer"},"name":{"type":"string"}},"type":"object"},"outputs":{"description":"A collection of values returned by getDLPNotificationTemplates.\n","properties":{"attachContent":{"type":"boolean"},"htmlMessage":{"type":"string"},"id":{"type":"integer"},"name":{"type":"string"},"plainTextMessage":{"type":"string"},"subject":{"type":"string"},"tlsEnabled":{"type":"boolean"}},"required":["attachContent","htmlMessage","id","name","plainTextMessage","subject","tlsEnabled"],"type":"object"}},"zia:index/getDLPWebRules:getDLPWebRules":{"description":"* [Official documentation](https://help.zscaler.com/zia/configuring-dlp-policy-rules-content-inspection#Rules)\n* [API documentation](https://help.zscaler.com/zia/data-loss-prevention#/webDlpRules-get)\n\nUse the **zia_dlp_web_rules** data source to get information about a ZIA DLP Web Rules in the Zscaler Internet Access cloud or via the API.\n\n## Example Usage\n\n```hcl\n# Retrieve a DLP Web Rule by name\ndata \"zia_dlp_web_rules\" \"example\"{\n    name = \"Example\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getDLPWebRules.\n","properties":{"id":{"type":"integer"},"name":{"type":"string"}},"type":"object"},"outputs":{"description":"A collection of values returned by getDLPWebRules.\n","properties":{"accessControl":{"type":"string"},"action":{"type":"string"},"cloudApplications":{"items":{"type":"string"},"type":"array"},"departments":{"items":{"$ref":"#/types/zia:index/getDLPWebRulesDepartment:getDLPWebRulesDepartment"},"type":"array"},"description":{"type":"string"},"dlpDownloadScanEnabled":{"type":"boolean"},"dlpEngines":{"items":{"$ref":"#/types/zia:index/getDLPWebRulesDlpEngine:getDLPWebRulesDlpEngine"},"type":"array"},"excludedDepartments":{"items":{"$ref":"#/types/zia:index/getDLPWebRulesExcludedDepartment:getDLPWebRulesExcludedDepartment"},"type":"array"},"excludedGroups":{"items":{"$ref":"#/types/zia:index/getDLPWebRulesExcludedGroup:getDLPWebRulesExcludedGroup"},"type":"array"},"excludedUsers":{"items":{"$ref":"#/types/zia:index/getDLPWebRulesExcludedUser:getDLPWebRulesExcludedUser"},"type":"array"},"externalAuditorEmail":{"type":"string"},"fileTypeCategories":{"items":{"$ref":"#/types/zia:index/getDLPWebRulesFileTypeCategory:getDLPWebRulesFileTypeCategory"},"type":"array"},"fileTypes":{"items":{"type":"string"},"type":"array"},"groups":{"items":{"$ref":"#/types/zia:index/getDLPWebRulesGroup:getDLPWebRulesGroup"},"type":"array"},"id":{"type":"integer"},"includedDomainProfiles":{"items":{"$ref":"#/types/zia:index/getDLPWebRulesIncludedDomainProfile:getDLPWebRulesIncludedDomainProfile"},"type":"array"},"labels":{"items":{"$ref":"#/types/zia:index/getDLPWebRulesLabel:getDLPWebRulesLabel"},"type":"array"},"lastModifiedBies":{"items":{"$ref":"#/types/zia:index/getDLPWebRulesLastModifiedBy:getDLPWebRulesLastModifiedBy"},"type":"array"},"lastModifiedTime":{"type":"integer"},"locationGroups":{"items":{"$ref":"#/types/zia:index/getDLPWebRulesLocationGroup:getDLPWebRulesLocationGroup"},"type":"array"},"locations":{"items":{"$ref":"#/types/zia:index/getDLPWebRulesLocation:getDLPWebRulesLocation"},"type":"array"},"matchOnly":{"type":"boolean"},"minSize":{"type":"integer"},"name":{"type":"string"},"order":{"type":"integer"},"parentRule":{"type":"integer"},"protocols":{"items":{"type":"string"},"type":"array"},"rank":{"type":"integer"},"receivers":{"items":{"$ref":"#/types/zia:index/getDLPWebRulesReceiver:getDLPWebRulesReceiver"},"type":"array"},"severity":{"type":"string"},"sourceIpGroups":{"items":{"$ref":"#/types/zia:index/getDLPWebRulesSourceIpGroup:getDLPWebRulesSourceIpGroup"},"type":"array"},"state":{"type":"string"},"subRules":{"items":{"type":"string"},"type":"array"},"timeWindows":{"items":{"$ref":"#/types/zia:index/getDLPWebRulesTimeWindow:getDLPWebRulesTimeWindow"},"type":"array"},"urlCategories":{"items":{"$ref":"#/types/zia:index/getDLPWebRulesUrlCategory:getDLPWebRulesUrlCategory"},"type":"array"},"users":{"items":{"$ref":"#/types/zia:index/getDLPWebRulesUser:getDLPWebRulesUser"},"type":"array"},"withoutContentInspection":{"type":"boolean"},"workloadGroups":{"items":{"$ref":"#/types/zia:index/getDLPWebRulesWorkloadGroup:getDLPWebRulesWorkloadGroup"},"type":"array"},"zccNotificationsEnabled":{"type":"boolean"},"zscalerIncidentReceiver":{"type":"boolean"}},"required":["accessControl","action","cloudApplications","departments","description","dlpDownloadScanEnabled","dlpEngines","excludedDepartments","excludedGroups","excludedUsers","externalAuditorEmail","fileTypeCategories","fileTypes","groups","includedDomainProfiles","labels","lastModifiedBies","lastModifiedTime","locationGroups","locations","matchOnly","minSize","order","parentRule","protocols","rank","receivers","severity","sourceIpGroups","state","subRules","timeWindows","urlCategories","users","withoutContentInspection","workloadGroups","zccNotificationsEnabled","zscalerIncidentReceiver"],"type":"object"}},"zia:index/getDatacenters:getDatacenters":{"description":"* [Official documentation](https://help.zscaler.com/zia/understanding-subclouds)\n* [API documentation](https://help.zscaler.com/legacy-apis/traffic-forwarding-0#/datacenters-get)\n\nUse the **zia_datacenters** data source to retrieve the list of Zscaler data centers (DCs) that can be excluded from service to your organization.\n\n\u003e NOTE: This an Early Access feature.\n\n## Example Usage\n\n### Retrieve All Datacenters\n\n```hcl\ndata \"zia_datacenters\" \"all\" {\n}\n```\n\n### Filter By Name\n\n```hcl\ndata \"zia_datacenters\" \"filtered\" {\n    name = \"CA Client Node DC\"\n}\n```\n\n### Filter By Multiple Criteria\n\n```hcl\ndata \"zia_datacenters\" \"filtered\" {\n    city            = \"San Jose\"\n    dc_provider     = \"Zscaler Internal\"\n    gov_only        = false\n    third_party_cloud = false\n    virtual         = false\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getDatacenters.\n","properties":{"city":{"type":"string","description":"(String) City where the datacenter is located.\n"},"datacenterId":{"type":"integer","description":"(Integer, Computed) When filtering by ID or when exactly one datacenter matches, the datacenter's numeric ID. Prefer this over `datacenters[0].id` when you expect a single result (e.g. `name = \"SJC4\"`).\n"},"name":{"type":"string","description":"(String) Zscaler data center name.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getDatacenters.\n","properties":{"city":{"description":"(String) City where the datacenter is located.\n","type":"string"},"datacenterId":{"description":"(Integer, Computed) When filtering by ID or when exactly one datacenter matches, the datacenter's numeric ID. Prefer this over `datacenters[0].id` when you expect a single result (e.g. `name = \"SJC4\"`).\n","type":"integer"},"datacenters":{"description":"(List) List of datacenters matching the filter criteria.\n","items":{"$ref":"#/types/zia:index/getDatacentersDatacenter:getDatacentersDatacenter"},"type":"array"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"name":{"description":"(String) Zscaler data center name.\n","type":"string"}},"required":["city","datacenterId","datacenters","name","id"],"type":"object"}},"zia:index/getDepartmentManagement:getDepartmentManagement":{"description":"* [Official documentation](https://help.zscaler.com/zia/adding-departments)\n* [API documentation](https://help.zscaler.com/zia/user-management#/departments-get)\n\nUse the **zia_department_management** data source to get information about user department created in the Zscaler Internet Access cloud or via the API. This data source can then be associated with several ZIA resources such as: URL filtering rules, Cloud Firewall rules, and locations.\n\n## Example Usage\n\n```hcl\n# ZIA User Department Data Source\ndata \"zia_department_management\" \"engineering\" {\n name = \"Engineering\"\n}\n```\n\n```hcl\n# ZIA User Department Data Source\ndata \"zia_department_management\" \"finance\" {\n name = \"Finance\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getDepartmentManagement.\n","properties":{"id":{"type":"integer","description":"ID of the user department\n"},"name":{"type":"string","description":"Name of the user department\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getDepartmentManagement.\n","properties":{"comments":{"description":"(Optional) Additional information about this department\n","type":"string"},"deleted":{"description":"(Boolean) default: false\n","type":"boolean"},"id":{"type":"integer"},"idpId":{"description":"(Optional) Unique identfier for the identity provider (IdP)\n","type":"integer"},"name":{"type":"string"}},"required":["comments","deleted","id","idpId"],"type":"object"}},"zia:index/getDeviceGroups:getDeviceGroups":{"description":"* [Official documentation](https://help.zscaler.com/zia/device-groups#/deviceGroups-get)\n* [API documentation](https://help.zscaler.com/zia/device-groups#/deviceGroups-get)\n\nUse the **zia_device_groups** data source to get information about a device group in the Zscaler Internet Access cloud or via the API. This data source can then be associated with resources such as: URL Filtering Rules\n\n## Example Usage\n\n### By Name\n\n```hcl\n# ZIA Admin User Data Source\ndata \"zia_device_groups\" \"ios\"{\n    name = \"IOS\"\n}\n```\n\n```hcl\ndata \"zia_device_groups\" \"android\"{\n    name = \"Android\"\n}\n```\n\n### Return All Groups\n\n```hcl\ndata \"zia_device_groups\" \"all\"{\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getDeviceGroups.\n","properties":{"id":{"type":"integer","description":"(String) The unique identifer for the device group.\n"},"name":{"type":"string","description":"The name of the device group to be exported. If not provided, all device groups will be returned.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getDeviceGroups.\n","properties":{"description":{"description":"(String) The device group's description.\n","type":"string"},"deviceCount":{"description":"(int) The number of devices within the group.\n","type":"integer"},"deviceNames":{"description":"(String) The names of devices that belong to the device group. The device names are comma-separated.\n","type":"string"},"groupType":{"description":"(String) The device group type. i.e ``ZCC_OS``, ``NON_ZCC``, ``CBI``\n","type":"string"},"id":{"description":"(String) The unique identifer for the device group.\n","type":"integer"},"lists":{"description":"(List) List of all device groups when no name is specified. Each item in the list contains the same attributes as above.\n","items":{"$ref":"#/types/zia:index/getDeviceGroupsList:getDeviceGroupsList"},"type":"array"},"name":{"description":"(String) The device group name.\n","type":"string"},"osType":{"description":"(String) The operating system (OS).\n","type":"string"},"predefined":{"description":"(Boolean) Indicates whether this is a predefined device group. If this value is set to true, the group is predefined.\n","type":"boolean"}},"required":["description","deviceCount","deviceNames","groupType","lists","osType","predefined"],"type":"object"}},"zia:index/getDevices:getDevices":{"description":"* [Official documentation](https://help.zscaler.com/zia/device-groups#/deviceGroups-get)\n* [API documentation](https://help.zscaler.com/zia/device-groups#/deviceGroups-get)\n\nUse the **zia_devices** data source to get information about a device in the Zscaler Internet Access cloud or via the API. This data source can then be associated with resources such as: URL Filtering Rules\n\n## Example Usage\n\n```hcl\n# ZIA Admin User Data Source\ndata \"zia_devices\" \"device\"{\n    name = \"administrator\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getDevices.\n","properties":{"deviceGroupType":{"type":"string","description":"(String) The device group type. i.e ``ZCC_OS``, ``NON_ZCC``, ``CBI``\n"},"deviceModel":{"type":"string","description":"(String) The device model.\n"},"hostname":{"type":"string"},"id":{"type":"integer","description":"The unique identifer for the devices.\n"},"name":{"type":"string","description":"The name of the devices to be exported.\n"},"osType":{"type":"string","description":"(String) The operating system (OS). ``ANY``, ``OTHER_OS``, ``IOS``, ``ANDROID_OS``, ``WINDOWS_OS``, ``MAC_OS``, ``LINUX``\n"},"osVersion":{"type":"string","description":"(String) The operating system version.\n"},"ownerName":{"type":"string","description":"(String) The device owner's user name.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getDevices.\n","properties":{"description":{"description":"(String) The device's description.\n","type":"string"},"deviceGroupType":{"description":"(String) The device group type. i.e ``ZCC_OS``, ``NON_ZCC``, ``CBI``\n","type":"string"},"deviceModel":{"description":"(String) The device model.\n","type":"string"},"hostname":{"type":"string"},"id":{"description":"(String) The unique identifer for the device group.\n","type":"integer"},"name":{"description":"(String) The device name.\n","type":"string"},"osType":{"description":"(String) The operating system (OS). ``ANY``, ``OTHER_OS``, ``IOS``, ``ANDROID_OS``, ``WINDOWS_OS``, ``MAC_OS``, ``LINUX``\n","type":"string"},"osVersion":{"description":"(String) The operating system version.\n","type":"string"},"ownerName":{"description":"(String) The device owner's user name.\n","type":"string"},"ownerUserId":{"description":"(int) The unique identifier of the device owner (i.e., user).\n","type":"integer"}},"required":["description","deviceGroupType","deviceModel","hostname","id","name","osType","osVersion","ownerName","ownerUserId"],"type":"object"}},"zia:index/getDlpCloudToCloudIr:getDlpCloudToCloudIr":{"description":"* [Official documentation](https://help.zscaler.com/zia/dlp-cloud-cloud-incident-forwarding)\n* [API documentation](https://help.zscaler.com/zia/data-loss-prevention#/cloudToCloudIR-get)\n\nUse the **zia_dlp_cloud_to_cloud_ir** data source to get information about Cloud-to-Cloud Incident Receiver (C2CIR) tenants configured in the ZIA Admin Portal. This data source retrieves detailed information about C2CIR configurations including tenant authorization, onboardable entities, and validation status. The retrieved information can be used in Web DLP Rules\u003cspan pulumi-lang-nodejs=\" zia.DLPWebRules \" pulumi-lang-dotnet=\" zia.DLPWebRules \" pulumi-lang-go=\" DLPWebRules \" pulumi-lang-python=\" DLPWebRules \" pulumi-lang-yaml=\" zia.DLPWebRules \" pulumi-lang-java=\" zia.DLPWebRules \"\u003e zia.DLPWebRules \u003c/span\u003eor CASB DLP Rules zia_casb_dlp_rules.\n\n## Example Usage\n\n```hcl\n# Retrieve the C2CIR by name\ndata \"zia_dlp_cloud_to_cloud_ir\" \"this\" {\n  name = \"AzureTenant01\"\n}\n\n# Output the retrieved information\noutput \"zia_dlp_cloud_to_cloud_ir\" {\n  value = data.zia_dlp_cloud_to_cloud_ir.this\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getDlpCloudToCloudIr.\n","properties":{"id":{"type":"integer","description":"(Number) Unique identifier for the Zscaler app tenant.\n"},"name":{"type":"string","description":"(String) Name of the Zscaler app tenant.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getDlpCloudToCloudIr.\n","properties":{"id":{"description":"(Number) Unique identifier for the Zscaler app tenant.\n","type":"integer"},"lastModifiedBies":{"description":"(List) Information about who last modified the C2CIR tenant.\n","items":{"$ref":"#/types/zia:index/getDlpCloudToCloudIrLastModifiedBy:getDlpCloudToCloudIrLastModifiedBy"},"type":"array"},"lastTenantValidationTime":{"description":"(Number) Timestamp of the last tenant validation.\n","type":"integer"},"lastValidationMsgs":{"description":"(List) Last validation message for the onboardable entity.\n","items":{"$ref":"#/types/zia:index/getDlpCloudToCloudIrLastValidationMsg:getDlpCloudToCloudIrLastValidationMsg"},"type":"array"},"modifiedTime":{"description":"(Number) Timestamp when the C2CIR tenant was last modified.\n","type":"integer"},"name":{"description":"(String) Name of the Zscaler app tenant.\n","type":"string"},"onboardableEntities":{"description":"(List) Information about the onboardable entity.\n","items":{"$ref":"#/types/zia:index/getDlpCloudToCloudIrOnboardableEntity:getDlpCloudToCloudIrOnboardableEntity"},"type":"array"},"statuses":{"description":"(List of String) The current status of the C2CIR tenant (e.g., `CASB_TENANT_ACTIVE`).\n","items":{"type":"string"},"type":"array"}},"required":["id","lastModifiedBies","lastTenantValidationTime","lastValidationMsgs","modifiedTime","name","onboardableEntities","statuses"],"type":"object"}},"zia:index/getDlpDictionaryPredefinedIdentifiers:getDlpDictionaryPredefinedIdentifiers":{"description":"* [Official documentation](https://help.zscaler.com/zia/understanding-predefined-dlp-dictionaries)\n* [API documentation](https://help.zscaler.com/zia/data-loss-prevention#/dlpDictionaries/{dictId}/predefinedIdentifiers-get)\n\nUse the **zia_dlp_dictionary_predefined_identifiers** data source to get information about the list of predefined identifiers that are available for selection in the specified hierarchical DLP dictionary.\n\n## Example Usage\n\n```hcl\ndata \"zia_dlp_dictionary_predefined_identifiers\" \"this\" {\n  name = \"CRED_LEAKAGE\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getDlpDictionaryPredefinedIdentifiers.\n","properties":{"id":{"type":"string","description":"(String) The ID of the hierarchical DLP dictionary.\n"},"name":{"type":"string","description":"The name of the hierarchical DLP dictionary.\n"}},"type":"object","required":["name"]},"outputs":{"description":"A collection of values returned by getDlpDictionaryPredefinedIdentifiers.\n","properties":{"id":{"description":"(String) The ID of the hierarchical DLP dictionary.\n","type":"string"},"name":{"description":"(String) The name of the hierarchical DLP dictionary: Supported values: `ASPP_LEAKAGE`, `CRED_LEAKAGE`, `EUIBAN_LEAKAGE`, `PPEU_LEAKAGE`, `USDL_LEAKAGE`.\n","type":"string"},"predefinedIdentifiers":{"description":"(List) The list of hierarchical DLP dictionary values.\n","items":{"type":"string"},"type":"array"}},"required":["id","name","predefinedIdentifiers"],"type":"object"}},"zia:index/getDomainProfiles:getDomainProfiles":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-email-profiles)\n* [API documentation](https://help.zscaler.com/zia/saas-security-api#/domainProfiles/lite-get)\n\nUse the **zia_domain_profiles** data source to get information about a ZIA Domain Profiles in the Zscaler Internet Access cloud or via the API. The resource can then be utilized when configuring a Web DLP Rule resource \u003cspan pulumi-lang-nodejs=\"`zia.DLPWebRules`\" pulumi-lang-dotnet=\"`zia.DLPWebRules`\" pulumi-lang-go=\"`DLPWebRules`\" pulumi-lang-python=\"`DLPWebRules`\" pulumi-lang-yaml=\"`zia.DLPWebRules`\" pulumi-lang-java=\"`zia.DLPWebRules`\"\u003e`zia.DLPWebRules`\u003c/span\u003e\n\n## Example Usage\n\n### By Name\n\n```hcl\ndata \"zia_domain_profiles\" \"this\"{\n    profile_name = \"Example\"\n}\n```\n\n### By ID\n\n```hcl\ndata \"zia_domain_profiles\" \"this\"{\n    profile_id = \"Example\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getDomainProfiles.\n","properties":{"profileId":{"type":"integer"},"profileName":{"type":"string"}},"type":"object"},"outputs":{"description":"A collection of values returned by getDomainProfiles.\n","properties":{"customDomains":{"items":{"type":"string"},"type":"array"},"description":{"type":"string"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"includeCompanyDomains":{"type":"boolean"},"includeSubdomains":{"type":"boolean"},"predefinedEmailDomains":{"items":{"type":"string"},"type":"array"},"profileId":{"type":"integer"},"profileName":{"type":"string"}},"required":["customDomains","description","includeCompanyDomains","includeSubdomains","predefinedEmailDomains","profileId","profileName","id"],"type":"object"}},"zia:index/getEndUserNotification:getEndUserNotification":{"description":"* [Official documentation](https://help.zscaler.com/zia/understanding-browser-based-end-user-notifications)\n* [API documentation](https://help.zscaler.com/zia/end-user-notifications#/eun-get)\n\nUse the **zia_end_user_notification** data source to get information about browser-based end user notification (EUN) configuration details.\n\n## Example Usage\n\n```hcl\ndata \"zia_end_user_notification\" \"example\"{}\n```\n","outputs":{"description":"A collection of values returned by getEndUserNotification.\n","properties":{"aupCustomFrequency":{"type":"integer"},"aupDayOffset":{"type":"integer"},"aupFrequency":{"type":"string"},"aupMessage":{"type":"string"},"cautionAgainAfter":{"type":"integer"},"cautionCustomText":{"type":"string"},"cautionPerDomain":{"type":"boolean"},"customText":{"type":"string"},"displayCompanyLogo":{"type":"boolean"},"displayCompanyName":{"type":"boolean"},"displayReason":{"type":"boolean"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"idpProxyNotificationText":{"type":"string"},"notificationType":{"type":"string"},"orgPolicyLink":{"type":"string"},"quarantineCustomNotificationText":{"type":"string"},"redirectUrl":{"type":"string"},"securityReviewCustomLocation":{"type":"string"},"securityReviewEnabled":{"type":"boolean"},"securityReviewSubmitToSecurityCloud":{"type":"boolean"},"securityReviewText":{"type":"string"},"supportEmail":{"type":"string"},"supportPhone":{"type":"string"},"urlCatReviewCustomLocation":{"type":"string"},"urlCatReviewEnabled":{"type":"boolean"},"urlCatReviewSubmitToSecurityCloud":{"type":"boolean"},"urlCatReviewText":{"type":"string"},"webDlpReviewCustomLocation":{"type":"string"},"webDlpReviewEnabled":{"type":"boolean"},"webDlpReviewSubmitToSecurityCloud":{"type":"boolean"},"webDlpReviewText":{"type":"string"}},"required":["aupCustomFrequency","aupDayOffset","aupFrequency","aupMessage","cautionAgainAfter","cautionCustomText","cautionPerDomain","customText","displayCompanyLogo","displayCompanyName","displayReason","idpProxyNotificationText","notificationType","orgPolicyLink","quarantineCustomNotificationText","redirectUrl","securityReviewCustomLocation","securityReviewEnabled","securityReviewSubmitToSecurityCloud","securityReviewText","supportEmail","supportPhone","urlCatReviewCustomLocation","urlCatReviewEnabled","urlCatReviewSubmitToSecurityCloud","urlCatReviewText","webDlpReviewCustomLocation","webDlpReviewEnabled","webDlpReviewSubmitToSecurityCloud","webDlpReviewText","id"],"type":"object"}},"zia:index/getExtranet:getExtranet":{"description":"* [Official documentation](https://help.zscaler.com/legacy-apis/traffic-forwarding-0#/extranet-get)\n* [API documentation](https://help.zscaler.com/zia/understanding-extranet-application-support)\n\nUse the **zia_extranet** data source to get information about extranets configured for the organization in the Zscaler Internet Access cloud. Extranets are configured as part of Zscaler Extranet Application Support which allows an organization to connect its internal network with another organization’s network (e.g., partners, third-party vendors, etc.) that does not use the Zscaler service. Extranet Application Support enables Zscaler-managed organization users to securely access extranet resources through an IPSec VPN tunnel established between the Zscaler data center and the external organization’s data center, without requiring additional hardware or software installations.\n\n\u003e NOTE: This an Early Access feature.\n\n## Example Usage\n\n### Retrieve By Name\n\n```hcl\ndata \"zia_extranet\" \"this\" {\n    name = \"Extranet01\"\n}\n```\n\n### Retrieve By ID\n\n```hcl\ndata \"zia_extranet\" \"this\" {\n    id = 1254674585\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getExtranet.\n","properties":{"id":{"type":"integer","description":"(Integer) The ID generated for the IP pool configuration.\n"},"name":{"type":"string","description":"(String) The name of the IP pool.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getExtranet.\n","properties":{"createdAt":{"description":"(Integer) The Unix timestamp when the extranet was created.\n","type":"integer"},"description":{"description":"(String) The description of the extranet.\n","type":"string"},"extranetDnsLists":{"description":"(List) Information about the DNS servers specified for the extranet.\n","items":{"$ref":"#/types/zia:index/getExtranetExtranetDnsList:getExtranetExtranetDnsList"},"type":"array"},"extranetIpPoolLists":{"description":"(List) Information about the traffic selectors (IP pools) specified for the extranet.\n","items":{"$ref":"#/types/zia:index/getExtranetExtranetIpPoolList:getExtranetExtranetIpPoolList"},"type":"array"},"id":{"description":"(Integer) The ID generated for the IP pool configuration.\n","type":"integer"},"modifiedAt":{"description":"(Integer) The Unix timestamp when the extranet was last modified.\n","type":"integer"},"name":{"description":"(String) The name of the IP pool.\n","type":"string"}},"required":["createdAt","description","extranetDnsLists","extranetIpPoolLists","id","modifiedAt","name"],"type":"object"}},"zia:index/getFileTypeCategories:getFileTypeCategories":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-file-type-control)\n* [API documentation](https://help.zscaler.com/zia/file-type-control-policy#/fileTypeCategories-get)\n\nUse the **zia_file_type_categories** data source to retrieve the list of all file types, including predefined and custom file types, available for configuring rule conditions in different ZIA policies. You can retrieve predefined file types for specific file categories of policies. This data source can be referenced within the \u003cspan pulumi-lang-nodejs=\"`zia.DLPWebRules`\" pulumi-lang-dotnet=\"`zia.DLPWebRules`\" pulumi-lang-go=\"`DLPWebRules`\" pulumi-lang-python=\"`DLPWebRules`\" pulumi-lang-yaml=\"`zia.DLPWebRules`\" pulumi-lang-java=\"`zia.DLPWebRules`\"\u003e`zia.DLPWebRules`\u003c/span\u003e in the attribute \u003cspan pulumi-lang-nodejs=\"`fileTypeCategories`\" pulumi-lang-dotnet=\"`FileTypeCategories`\" pulumi-lang-go=\"`fileTypeCategories`\" pulumi-lang-python=\"`file_type_categories`\" pulumi-lang-yaml=\"`fileTypeCategories`\" pulumi-lang-java=\"`fileTypeCategories`\"\u003e`file_type_categories`\u003c/span\u003e.\n\nThe data source supports two modes:\n- **Single Result Mode**: Retrieve a specific file type by \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`name`\" pulumi-lang-dotnet=\"`Name`\" pulumi-lang-go=\"`name`\" pulumi-lang-python=\"`name`\" pulumi-lang-yaml=\"`name`\" pulumi-lang-java=\"`name`\"\u003e`name`\u003c/span\u003e (returns \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`name`\" pulumi-lang-dotnet=\"`Name`\" pulumi-lang-go=\"`name`\" pulumi-lang-python=\"`name`\" pulumi-lang-yaml=\"`name`\" pulumi-lang-java=\"`name`\"\u003e`name`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`parent`\" pulumi-lang-dotnet=\"`Parent`\" pulumi-lang-go=\"`parent`\" pulumi-lang-python=\"`parent`\" pulumi-lang-yaml=\"`parent`\" pulumi-lang-java=\"`parent`\"\u003e`parent`\u003c/span\u003e fields)\n- **List Mode**: Retrieve all file types matching filters like \u003cspan pulumi-lang-nodejs=\"`enums`\" pulumi-lang-dotnet=\"`Enums`\" pulumi-lang-go=\"`enums`\" pulumi-lang-python=\"`enums`\" pulumi-lang-yaml=\"`enums`\" pulumi-lang-java=\"`enums`\"\u003e`enums`\u003c/span\u003e (returns results in the \u003cspan pulumi-lang-nodejs=\"`categories`\" pulumi-lang-dotnet=\"`Categories`\" pulumi-lang-go=\"`categories`\" pulumi-lang-python=\"`categories`\" pulumi-lang-yaml=\"`categories`\" pulumi-lang-java=\"`categories`\"\u003e`categories`\u003c/span\u003e list)\n\n## Example Usage\n\n### Retrieve A Specific File Type By Name\n\n```hcl\ndata \"zia_file_type_categories\" \"javascript\" {\n    name = \"FTCATEGORY_JAVASCRIPT\"\n}\n\noutput \"file_type_id\" {\n    value = data.zia_file_type_categories.javascript.id\n}\n```\n\n### Retrieve A Specific File Type By ID\n\n```hcl\ndata \"zia_file_type_categories\" \"by_id\" {\n    id = 10\n}\n\noutput \"file_type_name\" {\n    value = data.zia_file_type_categories.by_id.name\n}\n```\n\n### Retrieve A Specific File Type With Enum Filter\n\n```hcl\ndata \"zia_file_type_categories\" \"javascript_in_file_control\" {\n    enums = \"FILETYPECATEGORYFORFILETYPECONTROL\"\n    name  = \"FTCATEGORY_JAVASCRIPT\"\n}\n```\n\n### Retrieve All File Types For A Policy Category\n\n```hcl\n# Get all file types for File Type Control policy\ndata \"zia_file_type_categories\" \"all_file_control\" {\n    enums = \"FILETYPECATEGORYFORFILETYPECONTROL\"\n}\n\n# Access all categories\noutput \"all_file_types\" {\n    value = data.zia_file_type_categories.all_file_control.categories\n}\n\n# Get just the names\noutput \"file_type_names\" {\n    value = data.zia_file_type_categories.all_file_control.categories[*].name\n}\n```\n\n### Retrieve File Types Excluding Custom Types\n\n```hcl\ndata \"zia_file_type_categories\" \"predefined_only\" {\n    enums = \"FILETYPECATEGORYFORFILETYPECONTROL\"\n    exclude_custom_file_types = true\n}\n\noutput \"predefined_file_types\" {\n    value = data.zia_file_type_categories.predefined_only.categories\n}\n```\n\n### Get All DLP File Types\n\n```hcl\ndata \"zia_file_type_categories\" \"dlp_types\" {\n    enums = \"ZSCALERDLP\"\n}\n\n# Use in a DLP rule\nresource \"zia_dlp_web_rules\" \"example\" {\n    name = \"Example DLP Rule\"\n    file_types = data.zia_file_type_categories.dlp_types.categories[*].name\n    # ... other configuration\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getFileTypeCategories.\n","properties":{"enums":{"type":"string"},"excludeCustomFileTypes":{"type":"boolean"},"id":{"type":"integer","description":"(Integer) File type category ID\n"},"name":{"type":"string","description":"(String) File type category name\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getFileTypeCategories.\n","properties":{"categories":{"description":"(List of Objects) List of file type categories matching the filter. Each object contains:\n","items":{"$ref":"#/types/zia:index/getFileTypeCategoriesCategory:getFileTypeCategoriesCategory"},"type":"array"},"enums":{"type":"string"},"excludeCustomFileTypes":{"type":"boolean"},"id":{"description":"(Integer) File type category ID\n","type":"integer"},"name":{"description":"(String) File type category name\n","type":"string"},"parent":{"description":"(String) Parent category of the file type\n","type":"string"}},"required":["categories","id","name","parent"],"type":"object"}},"zia:index/getFileTypeControlRules:getFileTypeControlRules":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-file-type-control)\n* [API documentation](https://help.zscaler.com/zia/file-type-control-policy#/fileTypeRules-post)\n\nUse the **zia_file_type_control_rules** data source to retrieves File Type Control rules.\n\n## Example Usage\n\n```hcl\n# Retrieve a File Type Control Rule by name\ndata \"zia_file_type_control_rules\" \"this\" {\n    name = \"Example\"\n}\n```\n\n```hcl\n# Retrieve a File Type Control Rule by ID\ndata \"zia_file_type_control_rules\" \"this\" {\n    name = \"12134558\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getFileTypeControlRules.\n","properties":{"id":{"type":"integer"},"name":{"type":"string"}},"type":"object"},"outputs":{"description":"A collection of values returned by getFileTypeControlRules.\n","properties":{"accessControl":{"type":"string"},"activeContent":{"type":"boolean"},"capturePcap":{"type":"boolean"},"cloudApplications":{"items":{"type":"string"},"type":"array"},"departments":{"items":{"$ref":"#/types/zia:index/getFileTypeControlRulesDepartment:getFileTypeControlRulesDepartment"},"type":"array"},"description":{"type":"string"},"deviceGroups":{"items":{"$ref":"#/types/zia:index/getFileTypeControlRulesDeviceGroup:getFileTypeControlRulesDeviceGroup"},"type":"array"},"deviceTrustLevels":{"items":{"type":"string"},"type":"array"},"devices":{"items":{"$ref":"#/types/zia:index/getFileTypeControlRulesDevice:getFileTypeControlRulesDevice"},"type":"array"},"fileTypes":{"items":{"type":"string"},"type":"array"},"filteringAction":{"type":"string"},"groups":{"items":{"$ref":"#/types/zia:index/getFileTypeControlRulesGroup:getFileTypeControlRulesGroup"},"type":"array"},"id":{"type":"integer"},"labels":{"items":{"$ref":"#/types/zia:index/getFileTypeControlRulesLabel:getFileTypeControlRulesLabel"},"type":"array"},"lastModifiedBies":{"items":{"$ref":"#/types/zia:index/getFileTypeControlRulesLastModifiedBy:getFileTypeControlRulesLastModifiedBy"},"type":"array"},"lastModifiedTime":{"type":"integer"},"locationGroups":{"items":{"$ref":"#/types/zia:index/getFileTypeControlRulesLocationGroup:getFileTypeControlRulesLocationGroup"},"type":"array"},"locations":{"items":{"$ref":"#/types/zia:index/getFileTypeControlRulesLocation:getFileTypeControlRulesLocation"},"type":"array"},"maxSize":{"type":"integer"},"minSize":{"type":"integer"},"name":{"type":"string"},"operation":{"type":"string"},"order":{"type":"integer"},"protocols":{"items":{"type":"string"},"type":"array"},"rank":{"type":"integer"},"sizeQuota":{"type":"integer"},"state":{"type":"string"},"timeQuota":{"type":"integer"},"timeWindows":{"items":{"$ref":"#/types/zia:index/getFileTypeControlRulesTimeWindow:getFileTypeControlRulesTimeWindow"},"type":"array"},"unscannable":{"type":"boolean"},"urlCategories":{"items":{"type":"string"},"type":"array"},"users":{"items":{"$ref":"#/types/zia:index/getFileTypeControlRulesUser:getFileTypeControlRulesUser"},"type":"array"},"zpaAppSegments":{"items":{"$ref":"#/types/zia:index/getFileTypeControlRulesZpaAppSegment:getFileTypeControlRulesZpaAppSegment"},"type":"array"}},"required":["accessControl","activeContent","capturePcap","cloudApplications","departments","description","deviceGroups","deviceTrustLevels","devices","fileTypes","filteringAction","groups","id","labels","lastModifiedBies","lastModifiedTime","locationGroups","locations","maxSize","minSize","name","operation","order","protocols","rank","sizeQuota","state","timeQuota","timeWindows","unscannable","urlCategories","users","zpaAppSegments"],"type":"object"}},"zia:index/getFirewallDNSRules:getFirewallDNSRules":{"description":"* [Official documentation](https://help.zscaler.com/zia/configuring-dns-control-policy)\n* [API documentation](https://help.zscaler.com/zia/dns-control-policy#/firewallDnsRules-post)\n\nUse the **zia_firewall_dns_rule** data source to get information about a cloud firewall DNS rule available in the Zscaler Internet Access.\n\n## Example Usage\n\n```hcl\n# ZIA Firewall DNS Rule by name\ndata \"zia_firewall_dns_rule\" \"this\" {\n    name = \"Default Cloud IPS Rule\"\n}\n```\n\n```hcl\n# ZIA Firewall DNS Rule by ID\ndata \"zia_firewall_dns_rule\" \"this\" {\n    id = \"12365478\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getFirewallDNSRules.\n","properties":{"defaultDnsRuleNameUsed":{"type":"boolean","description":"(Boolean) A Boolean value that indicates whether the default DNS rule name is used for the rule.\n"},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"isWebEunEnabled":{"type":"boolean","description":"(Boolean) A Boolean value that indicates whether Enhanced User Notification (EUN) is enabled for the rule.\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getFirewallDNSRules.\n","properties":{"action":{"description":"(String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: `ALLOW`, `BLOCK`, `REDIR_REQ`, `REDIR_RES`, `REDIR_ZPA`, `REDIR_REQ_DOH`, `REDIR_REQ_KEEP_SENDER`, `REDIR_REQ_TCP`, `REDIR_REQ_UDP`, `BLOCK_WITH_RESPONSE`\n","type":"string"},"applicationGroups":{"description":"(List of Objects) DNS application groups to which the rule applies\n","items":{"$ref":"#/types/zia:index/getFirewallDNSRulesApplicationGroup:getFirewallDNSRulesApplicationGroup"},"type":"array"},"applications":{"description":"(Set of Strings) DNS tunnels and network applications to which the rule applies. To retrieve the available list of DNS tunnels applications use the data source: \u003cspan pulumi-lang-nodejs=\"`zia.getCloudApplications`\" pulumi-lang-dotnet=\"`zia.getCloudApplications`\" pulumi-lang-go=\"`getCloudApplications`\" pulumi-lang-python=\"`get_cloud_applications`\" pulumi-lang-yaml=\"`zia.getCloudApplications`\" pulumi-lang-java=\"`zia.getCloudApplications`\"\u003e`zia.getCloudApplications`\u003c/span\u003e with the \u003cspan pulumi-lang-nodejs=\"`appClass`\" pulumi-lang-dotnet=\"`AppClass`\" pulumi-lang-go=\"`appClass`\" pulumi-lang-python=\"`app_class`\" pulumi-lang-yaml=\"`appClass`\" pulumi-lang-java=\"`appClass`\"\u003e`app_class`\u003c/span\u003e value `DNS_OVER_HTTPS`. See example:\n","items":{"type":"string"},"type":"array"},"blockResponseCode":{"description":"(String) Specifies the DNS response code to be sent to the client when the action is configured to block and send response code. Supported values are: `ANY`, `NONE`, `FORMERR`, `SERVFAIL`, `NXDOMAIN`, `NOTIMP`, `REFUSED`, `YXDOMAIN`, `YXRRSET`, `NXRRSET`, `NOTAUTH`, `NOTZONE`, `BADVERS`, `BADKEY`, `BADTIME`, `BADMODE`, `BADNAME`, `BADALG`, `BADTRUNC`, `UNSUPPORTED`, `BYPASS`, `INT_ERROR`, `SRV_TIMEOUT`, `EMPTY_RESP`,\n`REQ_BLOCKED`, `ADMIN_DROP`, `WCDN_TIMEOUT`, `IPS_BLOCK`, `FQDN_RESOLV_FAIL`\n","type":"string"},"capturePcap":{"description":"(Boolean) Value that indicates whether packet capture (PCAP) is enabled or not\n","type":"boolean"},"defaultDnsRuleNameUsed":{"description":"(Boolean) A Boolean value that indicates whether the default DNS rule name is used for the rule.\n","type":"boolean"},"defaultRule":{"description":"(Boolean) Value that indicates whether the rule is the Default Cloud DNS Rule or not\n","type":"boolean"},"departments":{"description":"(List of Objects) Apply to any number of departments When not used it implies `Any` to apply the rule to all departments.\n","items":{"$ref":"#/types/zia:index/getFirewallDNSRulesDepartment:getFirewallDNSRulesDepartment"},"type":"array"},"description":{"description":"(String) Enter additional notes or information. The description cannot exceed 10,240 characters.\n","type":"string"},"destAddresses":{"description":"(Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).\n","items":{"type":"string"},"type":"array"},"destCountries":{"description":"(Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.\n**NOTE**: Provide a 2 letter [ISO3166 Alpha2 Country code](https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes). i.e ``\"US\"``, ``\"CA\"``\n","items":{"type":"string"},"type":"array"},"destIpCategories":{"description":"(Set of String)  identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.\n","items":{"type":"string"},"type":"array"},"destIpGroups":{"description":"** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.\n","items":{"$ref":"#/types/zia:index/getFirewallDNSRulesDestIpGroup:getFirewallDNSRulesDestIpGroup"},"type":"array"},"destIpv6Groups":{"items":{"$ref":"#/types/zia:index/getFirewallDNSRulesDestIpv6Group:getFirewallDNSRulesDestIpv6Group"},"type":"array"},"deviceGroups":{"description":"(List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.\n","items":{"$ref":"#/types/zia:index/getFirewallDNSRulesDeviceGroup:getFirewallDNSRulesDeviceGroup"},"type":"array"},"devices":{"description":"(List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.\n","items":{"$ref":"#/types/zia:index/getFirewallDNSRulesDevice:getFirewallDNSRulesDevice"},"type":"array"},"dnsRuleRequestTypes":{"description":"(Set of Strings) DNS request types to which the rule applies. Supportedn values are:\n`A`, `NS`, `MD`, `MF`, `CNAME`, `SOA`, `MB`, `MG`, `MR`, `NULL`, `WKS`, `PTR`, `HINFO`, `MINFO`, `MX`, `TXT`, `RP`, `AFSDB`,\n`X25`, `ISDN`, `RT`, `NSAP`, `NSAP_PTR`, `SIG`, `KEY`, `PX`, `GPOS`, `AAAA`, `LOC`, `NXT`, `EID`, `NIMLOC`, `SRV`, `ATMA`,\n`NAPTR`, `KX`, `CERT`, `A6`, `DNAME`, `SINK`, `OPT`, `APL`, `DS`, `SSHFP`, `PSECKEF`, `RRSIG`, `NSEC`, `DNSKEY`,\n`DHCID`, `NSEC3`, `NSEC3PARAM`, `TLSA`, `HIP`, `NINFO`, `RKEY`, `TALINK`, `CDS`, `CDNSKEY`, `OPENPGPKEY`, `CSYNC`,\n`ZONEMD`, `SVCB`, `HTTPS`,\n","items":{"type":"string"},"type":"array"},"groups":{"description":"(List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`8`\" pulumi-lang-dotnet=\"`8`\" pulumi-lang-go=\"`8`\" pulumi-lang-python=\"`8`\" pulumi-lang-yaml=\"`8`\" pulumi-lang-java=\"`8`\"\u003e`8`\u003c/span\u003e groups. When not used it implies `Any` to apply the rule to all groups.\n","items":{"$ref":"#/types/zia:index/getFirewallDNSRulesGroup:getFirewallDNSRulesGroup"},"type":"array"},"id":{"description":"(Integer) Identifier that uniquely identifies an entity\n","type":"integer"},"isWebEunEnabled":{"description":"(Boolean) A Boolean value that indicates whether Enhanced User Notification (EUN) is enabled for the rule.\n","type":"boolean"},"labels":{"description":"(List of Objects) Labels that are applicable to the rule.\n","items":{"$ref":"#/types/zia:index/getFirewallDNSRulesLabel:getFirewallDNSRulesLabel"},"type":"array"},"lastModifiedBies":{"items":{"$ref":"#/types/zia:index/getFirewallDNSRulesLastModifiedBy:getFirewallDNSRulesLastModifiedBy"},"type":"array"},"lastModifiedTime":{"type":"integer"},"locationGroups":{"description":"(List of Objects)You can manually select up to \u003cspan pulumi-lang-nodejs=\"`32`\" pulumi-lang-dotnet=\"`32`\" pulumi-lang-go=\"`32`\" pulumi-lang-python=\"`32`\" pulumi-lang-yaml=\"`32`\" pulumi-lang-java=\"`32`\"\u003e`32`\u003c/span\u003e location groups. When not used it implies `Any` to apply the rule to all location groups.\n","items":{"$ref":"#/types/zia:index/getFirewallDNSRulesLocationGroup:getFirewallDNSRulesLocationGroup"},"type":"array"},"locations":{"description":"(List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`8`\" pulumi-lang-dotnet=\"`8`\" pulumi-lang-go=\"`8`\" pulumi-lang-python=\"`8`\" pulumi-lang-yaml=\"`8`\" pulumi-lang-java=\"`8`\"\u003e`8`\u003c/span\u003e locations. When not used it implies `Any` to apply the rule to all groups.\n","items":{"$ref":"#/types/zia:index/getFirewallDNSRulesLocation:getFirewallDNSRulesLocation"},"type":"array"},"name":{"description":"(string) The configured name of the entity\n","type":"string"},"order":{"description":"(Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.\n","type":"integer"},"predefined":{"description":"(Boolean) A Boolean field that indicates that the rule is predefined by using a true value\n","type":"boolean"},"protocols":{"description":"(Set of Strings) The protocols to which the rules applies. Supported Values: `ANY_RULE`, `SMRULEF_CASCADING_ALLOWED`, `TCP_RULE`, `UDP_RULE`, `DOHTTPS_RULE`\n","items":{"type":"string"},"type":"array"},"rank":{"description":"(Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is \u003cspan pulumi-lang-nodejs=\"`7`\" pulumi-lang-dotnet=\"`7`\" pulumi-lang-go=\"`7`\" pulumi-lang-python=\"`7`\" pulumi-lang-yaml=\"`7`\" pulumi-lang-java=\"`7`\"\u003e`7`\u003c/span\u003e.\n","type":"integer"},"redirectIp":{"description":"(String) The IP address to which the traffic will be redirected to when the DNAT rule is triggered. If not set, no redirection is done to specific IP addresses. Only supported when the \u003cspan pulumi-lang-nodejs=\"`action`\" pulumi-lang-dotnet=\"`Action`\" pulumi-lang-go=\"`action`\" pulumi-lang-python=\"`action`\" pulumi-lang-yaml=\"`action`\" pulumi-lang-java=\"`action`\"\u003e`action`\u003c/span\u003e is `REDIR_REQ`\n","type":"string"},"resCategories":{"description":"(Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.\n","items":{"type":"string"},"type":"array"},"sourceCountries":{"description":"(Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries.\n**NOTE**: Provide a 2 letter [ISO3166 Alpha2 Country code](https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes). i.e ``\"US\"``, ``\"CA\"``\n","items":{"type":"string"},"type":"array"},"srcIpGroups":{"description":"(List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.\n","items":{"$ref":"#/types/zia:index/getFirewallDNSRulesSrcIpGroup:getFirewallDNSRulesSrcIpGroup"},"type":"array"},"srcIps":{"description":"(Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).\n","items":{"type":"string"},"type":"array"},"srcIpv6Groups":{"description":"(List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.\n","items":{"$ref":"#/types/zia:index/getFirewallDNSRulesSrcIpv6Group:getFirewallDNSRulesSrcIpv6Group"},"type":"array"},"state":{"description":"(String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.\n","type":"string"},"timeWindows":{"description":"(List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`1`\" pulumi-lang-dotnet=\"`1`\" pulumi-lang-go=\"`1`\" pulumi-lang-python=\"`1`\" pulumi-lang-yaml=\"`1`\" pulumi-lang-java=\"`1`\"\u003e`1`\u003c/span\u003e time intervals. When not used it implies \u003cspan pulumi-lang-nodejs=\"`always`\" pulumi-lang-dotnet=\"`Always`\" pulumi-lang-go=\"`always`\" pulumi-lang-python=\"`always`\" pulumi-lang-yaml=\"`always`\" pulumi-lang-java=\"`always`\"\u003e`always`\u003c/span\u003e to apply the rule to all time intervals.\n","items":{"$ref":"#/types/zia:index/getFirewallDNSRulesTimeWindow:getFirewallDNSRulesTimeWindow"},"type":"array"},"users":{"description":"(List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`4`\" pulumi-lang-dotnet=\"`4`\" pulumi-lang-go=\"`4`\" pulumi-lang-python=\"`4`\" pulumi-lang-yaml=\"`4`\" pulumi-lang-java=\"`4`\"\u003e`4`\u003c/span\u003e general and/or special users. When not used it implies `Any` to apply the rule to all users.\n","items":{"$ref":"#/types/zia:index/getFirewallDNSRulesUser:getFirewallDNSRulesUser"},"type":"array"}},"required":["action","applicationGroups","applications","blockResponseCode","capturePcap","defaultRule","departments","description","destAddresses","destCountries","destIpCategories","destIpGroups","destIpv6Groups","deviceGroups","devices","dnsRuleRequestTypes","groups","id","labels","lastModifiedBies","lastModifiedTime","locationGroups","locations","name","order","predefined","protocols","rank","redirectIp","resCategories","sourceCountries","srcIpGroups","srcIps","srcIpv6Groups","state","timeWindows","users"],"type":"object"}},"zia:index/getFirewallFilteringAppGroup:getFirewallFilteringAppGroup":{"description":"* [Official documentation](https://help.zscaler.com/zia/firewall-policies#/networkApplicationGroups-post)\n* [API documentation](https://help.zscaler.com/zia/firewall-policies#/networkApplicationGroups-post)\n\nUse the **zia_firewall_filtering_application_services_group** data source to get information about a network application group available in the Zscaler Internet Access cloud firewall. This data source can then be associated with a ZIA firewall filtering network application rule.\n\n## Example Usage\n\n```hcl\n# ZIA Network Application Groups\ndata \"zia_firewall_filtering_application_services_group\" \"example\" {\n    name = \"example\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getFirewallFilteringAppGroup.\n","properties":{"name":{"type":"string","description":"The name of the ip source group to be exported.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getFirewallFilteringAppGroup.\n","properties":{"id":{"description":"The ID of this resource.\n","type":"integer"},"name":{"type":"string"},"nameL10nTag":{"type":"boolean"}},"required":["id","name","nameL10nTag"],"type":"object"}},"zia:index/getFirewallFilteringAppServices:getFirewallFilteringAppServices":{"description":"* [Official documentation](https://help.zscaler.com/zia/firewall-policies#/networkServices-get)\n* [API documentation](https://help.zscaler.com/zia/firewall-policies#/networkServices-get)\n\nThe **zia_firewall_filtering_application_services** data source to get information about a network application services available in the Zscaler Internet Access cloud firewall. This data source can then be associated with a ZIA firewall filtering network application services rule.\n\n## Example Usage\n\n```hcl\n# ZIA Network Application Service\ndata \"zia_firewall_filtering_application_services\" \"example\" {\n  name = \"SKYPEFORBUSINESS\"\n}\n\ndata \"zia_firewall_filtering_application_services\" \"example\" {\n  name = \"FILE_SHAREPT_ONEDRIVE\"\n}\n\ndata \"zia_firewall_filtering_application_services\" \"example\" {\n  name = \"EXCHANGEONLINE\"\n}\n\ndata \"zia_firewall_filtering_application_services\" \"example\" {\n  name = \"M365COMMON\"\n}\n\ndata \"zia_firewall_filtering_application_services\" \"example\" {\n  name = \"ZOOMMEETING\"\n}\n\ndata \"zia_firewall_filtering_application_services\" \"example\" {\n  name = \"WEBEXMEETING\"\n}\n\ndata \"zia_firewall_filtering_application_services\" \"example\" {\n  name = \"WEBEXCALLING\"\n}\n\ndata \"zia_firewall_filtering_application_services\" \"example\" {\n  name = \"RINGCENTRALMEETING\"\n}\n\ndata \"zia_firewall_filtering_application_services\" \"example\" {\n  name = \"GOTOMEETING\"\n}\n\ndata \"zia_firewall_filtering_application_services\" \"example\" {\n  name = \"GOTOMEETING_INROOM\"\n}\n\ndata \"zia_firewall_filtering_application_services\" \"example\" {\n  name = \"LOGMEINMEETING\"\n}\n\ndata \"zia_firewall_filtering_application_services\" \"example\" {\n  name = \"LOGMEINRESCUE\"\n}\n\ndata \"zia_firewall_filtering_application_services\" \"example\" {\n  name = \"AWS\"\n}\n\ndata \"zia_firewall_filtering_application_services\" \"example\" {\n  name = \"GCP\"\n}\n\ndata \"zia_firewall_filtering_application_services\" \"example\" {\n  name = \"ZSCALER_CLOUD_ENDPOINTS\"\n}\n\ndata \"zia_firewall_filtering_application_services\" \"example\" {\n  name = \"TALK_DESK\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getFirewallFilteringAppServices.\n","properties":{"name":{"type":"string","description":"Name of the application layer service that you want to control. It can include any character and spaces.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getFirewallFilteringAppServices.\n","properties":{"id":{"type":"integer"},"name":{"type":"string"},"nameL10nTag":{"type":"boolean"}},"required":["id","name","nameL10nTag"],"type":"object"}},"zia:index/getFirewallFilteringApplication:getFirewallFilteringApplication":{"description":"* [Official documentation](https://help.zscaler.com/zia/firewall-policies#/networkApplications-get)\n* [API documentation](https://help.zscaler.com/zia/firewall-policies#/networkApplications-get)\n\nUse the **zia_firewall_filtering_network_application** data source to get information about a network application available in the Zscaler Internet Access cloud firewall. This data source can then be associated with a ZIA firewall filtering network application rule.\n\n## Example Usage\n\n```hcl\n# ZIA Network Application Groups\ndata \"zia_firewall_filtering_network_application\" \"apns\"{\n    id = \"APNS\"\n    locale=\"en-US\"\n}\n```\n\n```hcl\ndata \"zia_firewall_filtering_network_application\" \"dict\"{\n    id = \"DICT\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getFirewallFilteringApplication.\n","properties":{"id":{"type":"string","description":"The name of the ip source group to be exported.\n"},"locale":{"type":"string"}},"type":"object"},"outputs":{"description":"A collection of values returned by getFirewallFilteringApplication.\n","properties":{"deprecated":{"description":"(Boolean)\n","type":"boolean"},"description":{"description":"(String)\n","type":"string"},"id":{"type":"string"},"locale":{"type":"string"},"parentCategory":{"description":"(String)\n","type":"string"}},"required":["deprecated","description","parentCategory"],"type":"object"}},"zia:index/getFirewallFilteringApplicationGroups:getFirewallFilteringApplicationGroups":{"description":"* [Official documentation](https://help.zscaler.com/zia/firewall-policies#/networkApplicationGroups/{groupId}-get)\n* [API documentation](https://help.zscaler.com/zia/firewall-policies#/networkApplicationGroups/{groupId}-get)\n\nUse the **zia_firewall_filtering_network_application_groups** data source to get information about network application groups available in the Zscaler Internet Access cloud firewall. This data source can then be associated with a ZIA firewall filtering rule.\n\n## Example Usage\n\n```hcl\n# ZIA IP Source Groups\ndata \"zia_firewall_filtering_network_application_groups\" \"example\" {\n    name = \"example\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getFirewallFilteringApplicationGroups.\n","properties":{"id":{"type":"integer","description":"The ID of the ip source group resource.\n"},"name":{"type":"string","description":"The name of the ip source group to be exported.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getFirewallFilteringApplicationGroups.\n","properties":{"description":{"type":"string"},"id":{"type":"integer"},"name":{"type":"string"},"networkApplications":{"items":{"type":"string"},"type":"array"}},"required":["description","id","name","networkApplications"],"type":"object"}},"zia:index/getFirewallFilteringDestinationGroups:getFirewallFilteringDestinationGroups":{"description":"* [Official documentation](https://help.zscaler.com/zia/firewall-policies#/ipDestinationGroups-post)\n* [API documentation](https://help.zscaler.com/zia/firewall-policies#/ipDestinationGroups-post)\n\nUse the **zia_firewall_filtering_destination_groups** data source to get information about IP destination groups option available in the Zscaler Internet Access cloud firewall. This data source can then be associated with a ZIA firewall filtering rule.\n\n## Example Usage\n\n```hcl\n# ZIA Destination Groups\ndata \"zia_firewall_filtering_destination_groups\" \"example\" {\n    name = \"example\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getFirewallFilteringDestinationGroups.\n","properties":{"id":{"type":"integer","description":"The ID of the destination group resource.\n"},"name":{"type":"string","description":"The name of the destination group to be exported.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getFirewallFilteringDestinationGroups.\n","properties":{"addresses":{"description":"(List of String) Destination IP addresses within the group\n","items":{"type":"string"},"type":"array"},"countries":{"description":"(List of String) Destination IP address counties. You can identify destinations based on the location of a server.\n","items":{"type":"string"},"type":"array"},"description":{"description":"(String) Additional information about the destination IP group\n","type":"string"},"id":{"type":"integer"},"ipCategories":{"description":"(List of String) Destination IP address URL categories. You can identify destinations based on the URL category of the domain. See list of all IP Categories [Here](https://help.zscaler.com/zia/firewall-policies#/ipDestinationGroups-get)\n* !\u003e **WARNING:** The \u003cspan pulumi-lang-nodejs=\"`ipCategories`\" pulumi-lang-dotnet=\"`IpCategories`\" pulumi-lang-go=\"`ipCategories`\" pulumi-lang-python=\"`ip_categories`\" pulumi-lang-yaml=\"`ipCategories`\" pulumi-lang-java=\"`ipCategories`\"\u003e`ip_categories`\u003c/span\u003e attribute only accepts custom URL categories.\n","items":{"type":"string"},"type":"array"},"name":{"type":"string"},"type":{"description":"(String) Destination IP group type (i.e., the group can contain destination IP addresses or FQDNs)\n","type":"string"}},"required":["addresses","countries","description","id","ipCategories","name","type"],"type":"object"}},"zia:index/getFirewallFilteringNetworkServiceGroups:getFirewallFilteringNetworkServiceGroups":{"description":"* [Official documentation](https://help.zscaler.com/zia/firewall-policies#/networkServiceGroups-get)\n* [API documentation](https://help.zscaler.com/zia/firewall-policies#/networkServiceGroups-get)\n\nUse the **zia_firewall_filtering_network_service_groups** data source to get information about a network service groups available in the Zscaler Internet Access cloud firewall. This data source can then be associated with a ZIA firewall filtering network service rule.\n\n## Example Usage\n\n```hcl\n# ZIA Network Service Groups\ndata \"zia_firewall_filtering_network_service_groups\" \"example\"{\n    name = \"Corporate Custom SSH TCP_10022\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getFirewallFilteringNetworkServiceGroups.\n","properties":{"id":{"type":"integer","description":"The ID of the ip source group to be exported.\n"},"name":{"type":"string","description":"The name of the ip source group to be exported.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getFirewallFilteringNetworkServiceGroups.\n","properties":{"description":{"description":"(String)\n","type":"string"},"id":{"description":"(Number)\n","type":"integer"},"name":{"description":"(String)\n","type":"string"},"services":{"description":"(Number) The ID of this resource.\n","items":{"$ref":"#/types/zia:index/getFirewallFilteringNetworkServiceGroupsService:getFirewallFilteringNetworkServiceGroupsService"},"type":"array"}},"required":["description","id","name","services"],"type":"object"}},"zia:index/getFirewallFilteringNetworkServices:getFirewallFilteringNetworkServices":{"description":"* [Official documentation](https://help.zscaler.com/zia/firewall-policies#/networkServices-get)\n* [API documentation](https://help.zscaler.com/zia/firewall-policies#/networkServices-get)\n\nThe **zia_firewall_filtering_network_service** data source to get information about a network service available in the Zscaler Internet Access cloud firewall. This data source can then be associated with a ZIA firewall filtering network service rule.\n\n## Example Usage\n\n```hcl\ndata \"zia_firewall_filtering_network_service\" \"example_protocol\" {\n  protocol = \"TCP\"\n}\n\n# Test locale only\ndata \"zia_firewall_filtering_network_service\" \"example_locale\" {\n  locale = \"en-US\"\n}\n\n# Test protocol + locale\ndata \"zia_firewall_filtering_network_service\" \"example_both\" {\n  protocol = \"TCP\"\n  locale   = \"en-US\"\n}\n\ndata \"zia_firewall_filtering_network_service\" \"dns\" {\n  name = \"DNS\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getFirewallFilteringNetworkServices.\n","properties":{"id":{"type":"integer","description":"The ID of the application layer service to be exported.\n"},"locale":{"type":"string","description":"(String) When set to one of the supported locales (i.e., `en-US`, `de-DE`, `es-ES`, `fr-FR`, `ja-JP`,`fr-FR`, `ja-JP`, `zh-CN`), the network service's description is localized into the requested language.\n"},"name":{"type":"string","description":"Name of the application layer service that you want to control. It can include any character and spaces.\nSee the [Network Services API](https://help.zscaler.com/zia/firewall-policies#/networkServices-get) for the list of available services. Check the attribute \u003cspan pulumi-lang-nodejs=\"`tag`\" pulumi-lang-dotnet=\"`Tag`\" pulumi-lang-go=\"`tag`\" pulumi-lang-python=\"`tag`\" pulumi-lang-yaml=\"`tag`\" pulumi-lang-java=\"`tag`\"\u003e`tag`\u003c/span\u003e in the API documentation for the updated list.\n"},"protocol":{"type":"string","description":"(String) Filter based on the network service protocol. Supported values are: `TCP`, `UDP`, `ICMP`, `GRE`, `ESP`, `OTHER`\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getFirewallFilteringNetworkServices.\n","properties":{"description":{"description":"(String) Enter additional notes or information. The description cannot exceed 10240 characters.\n","type":"string"},"destTcpPorts":{"description":"(Required) The TCP destination port number (example: 50) or port number range (example: 1000-1050), if any, that is used by the network service.\n","items":{"$ref":"#/types/zia:index/getFirewallFilteringNetworkServicesDestTcpPort:getFirewallFilteringNetworkServicesDestTcpPort"},"type":"array"},"destUdpPorts":{"description":"The UDP source port number (example: 50) or port number range (example: 1000-1050), if any, that is used by the network service.\n","items":{"$ref":"#/types/zia:index/getFirewallFilteringNetworkServicesDestUdpPort:getFirewallFilteringNetworkServicesDestUdpPort"},"type":"array"},"id":{"type":"integer"},"isNameL10nTag":{"description":"(Bool) - Default: false\n","type":"boolean"},"locale":{"description":"(String) When set to one of the supported locales (i.e., `en-US`, `de-DE`, `es-ES`, `fr-FR`, `ja-JP`,`fr-FR`, `ja-JP`, `zh-CN`), the network service's description is localized into the requested language.\n","type":"string"},"name":{"type":"string"},"protocol":{"description":"(String) Filter based on the network service protocol. Supported values are: `TCP`, `UDP`, `ICMP`, `GRE`, `ESP`, `OTHER`\n","type":"string"},"srcTcpPorts":{"description":"(Optional) The TCP source port number (example: 50) or port number range (example: 1000-1050), if any, that is used by the network service\n","items":{"$ref":"#/types/zia:index/getFirewallFilteringNetworkServicesSrcTcpPort:getFirewallFilteringNetworkServicesSrcTcpPort"},"type":"array"},"srcUdpPorts":{"description":"The UDP source port number (example: 50) or port number range (example: 1000-1050), if any, that is used by the network service.\n","items":{"$ref":"#/types/zia:index/getFirewallFilteringNetworkServicesSrcUdpPort:getFirewallFilteringNetworkServicesSrcUdpPort"},"type":"array"},"tag":{"description":"(string) - Supported network services names returned by the API. See the [Network Services API](https://help.zscaler.com/zia/firewall-policies#/networkServices-get) for the list of available services. Check the attribute \u003cspan pulumi-lang-nodejs=\"`tag`\" pulumi-lang-dotnet=\"`Tag`\" pulumi-lang-go=\"`tag`\" pulumi-lang-python=\"`tag`\" pulumi-lang-yaml=\"`tag`\" pulumi-lang-java=\"`tag`\"\u003e`tag`\u003c/span\u003e in the API documentation for the updated list.\n","type":"string"},"type":{"description":"(String) - Supported values are: `STANDARD`, `PREDEFINED` and `CUSTOM`\n","type":"string"}},"required":["description","destTcpPorts","destUdpPorts","id","isNameL10nTag","name","protocol","srcTcpPorts","srcUdpPorts","tag","type"],"type":"object"}},"zia:index/getFirewallFilteringRule:getFirewallFilteringRule":{"description":"* [Official documentation](https://help.zscaler.com/zia/firewall-policies#/firewallFilteringRules-post)\n* [API documentation](https://help.zscaler.com/zia/firewall-policies#/firewallFilteringRules-post)\n\nUse the **zia_firewall_filtering_rule** data source to get information about a cloud firewall rule available in the Zscaler Internet Access cloud firewall.\n\n## Example Usage\n\n```hcl\n# ZIA Firewall Filtering Rule\ndata \"zia_firewall_filtering_rule\" \"example\" {\n    name = \"Office 365 One Click Rule\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getFirewallFilteringRule.\n","properties":{"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getFirewallFilteringRule.\n","properties":{"accessControl":{"description":"(String)\n","type":"string"},"action":{"description":"(Optional) Choose the action of the service when packets match the rule. The following actions are accepted: `ALLOW`, `BLOCK_DROP`, `BLOCK_RESET`, `BLOCK_ICMP`, `EVAL_NWAPP`\n","type":"string"},"appServiceGroups":{"description":"Application service groups on which this rule is applied\n","items":{"$ref":"#/types/zia:index/getFirewallFilteringRuleAppServiceGroup:getFirewallFilteringRuleAppServiceGroup"},"type":"array"},"appServices":{"description":"Application services on which this rule is applied\n","items":{"$ref":"#/types/zia:index/getFirewallFilteringRuleAppService:getFirewallFilteringRuleAppService"},"type":"array"},"defaultRule":{"description":"(Boolean)\n","type":"boolean"},"departments":{"description":"(Optional) Apply to any number of departments When not used it implies `Any` to apply the rule to all departments.\n","items":{"$ref":"#/types/zia:index/getFirewallFilteringRuleDepartment:getFirewallFilteringRuleDepartment"},"type":"array"},"description":{"description":"(Optional) Enter additional notes or information. The description cannot exceed 10,240 characters.\n","type":"string"},"destAddresses":{"description":"** - (List of String) -  IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.\n","items":{"type":"string"},"type":"array"},"destCountries":{"description":"** - (List of String) Identify destinations based on the location of a server. Provide a 2 letter [ISO3166 Alpha2 Country code](https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes). i.e ``\"US\"``, ``\"CA\"``\n","items":{"type":"string"},"type":"array"},"destIpCategories":{"description":"** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.\n","items":{"type":"string"},"type":"array"},"destIpGroups":{"description":"** - (Optional) Any number of destination IP address groups that you want to control with this rule.\n","items":{"$ref":"#/types/zia:index/getFirewallFilteringRuleDestIpGroup:getFirewallFilteringRuleDestIpGroup"},"type":"array"},"deviceGroups":{"items":{"$ref":"#/types/zia:index/getFirewallFilteringRuleDeviceGroup:getFirewallFilteringRuleDeviceGroup"},"type":"array"},"deviceTrustLevels":{"items":{"type":"string"},"type":"array"},"devices":{"items":{"$ref":"#/types/zia:index/getFirewallFilteringRuleDevice:getFirewallFilteringRuleDevice"},"type":"array"},"enableFullLogging":{"description":"(Boolean)\n","type":"boolean"},"groups":{"description":"(Optional) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`8`\" pulumi-lang-dotnet=\"`8`\" pulumi-lang-go=\"`8`\" pulumi-lang-python=\"`8`\" pulumi-lang-yaml=\"`8`\" pulumi-lang-java=\"`8`\"\u003e`8`\u003c/span\u003e groups. When not used it implies `Any` to apply the rule to all groups.\n","items":{"$ref":"#/types/zia:index/getFirewallFilteringRuleGroup:getFirewallFilteringRuleGroup"},"type":"array"},"id":{"description":"(Number) The ID of this resource.\n","type":"integer"},"labels":{"description":"Labels that are applicable to the rule.\n","items":{"$ref":"#/types/zia:index/getFirewallFilteringRuleLabel:getFirewallFilteringRuleLabel"},"type":"array"},"lastModifiedBies":{"items":{"$ref":"#/types/zia:index/getFirewallFilteringRuleLastModifiedBy:getFirewallFilteringRuleLastModifiedBy"},"type":"array"},"lastModifiedTime":{"description":"(Number)\n","type":"integer"},"locationGroups":{"description":"(Optional) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`32`\" pulumi-lang-dotnet=\"`32`\" pulumi-lang-go=\"`32`\" pulumi-lang-python=\"`32`\" pulumi-lang-yaml=\"`32`\" pulumi-lang-java=\"`32`\"\u003e`32`\u003c/span\u003e location groups. When not used it implies `Any` to apply the rule to all location groups.\n","items":{"$ref":"#/types/zia:index/getFirewallFilteringRuleLocationGroup:getFirewallFilteringRuleLocationGroup"},"type":"array"},"locations":{"description":"(Optional) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`8`\" pulumi-lang-dotnet=\"`8`\" pulumi-lang-go=\"`8`\" pulumi-lang-python=\"`8`\" pulumi-lang-yaml=\"`8`\" pulumi-lang-java=\"`8`\"\u003e`8`\u003c/span\u003e locations. When not used it implies `Any` to apply the rule to all groups.\n","items":{"$ref":"#/types/zia:index/getFirewallFilteringRuleLocation:getFirewallFilteringRuleLocation"},"type":"array"},"name":{"description":"(String) The name of the workload group\n","type":"string"},"nwApplicationGroups":{"description":"(Optional) Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify\n","items":{"$ref":"#/types/zia:index/getFirewallFilteringRuleNwApplicationGroup:getFirewallFilteringRuleNwApplicationGroup"},"type":"array"},"nwApplications":{"description":"(Optional) When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.\n","items":{"type":"string"},"type":"array"},"nwServiceGroups":{"description":"(Optional) Any number of predefined or custom network service groups to which the rule applies.\n","items":{"$ref":"#/types/zia:index/getFirewallFilteringRuleNwServiceGroup:getFirewallFilteringRuleNwServiceGroup"},"type":"array"},"nwServices":{"description":"(Optional) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to `1,024` additional custom services.\n","items":{"$ref":"#/types/zia:index/getFirewallFilteringRuleNwService:getFirewallFilteringRuleNwService"},"type":"array"},"order":{"description":"(Required) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.\n","type":"integer"},"predefined":{"description":"(Boolean)\n","type":"boolean"},"rank":{"description":"(Optional) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is \u003cspan pulumi-lang-nodejs=\"`7`\" pulumi-lang-dotnet=\"`7`\" pulumi-lang-go=\"`7`\" pulumi-lang-python=\"`7`\" pulumi-lang-yaml=\"`7`\" pulumi-lang-java=\"`7`\"\u003e`7`\u003c/span\u003e.\n","type":"integer"},"srcIpGroups":{"description":"(Optional) Any number of source IP address groups that you want to control with this rule.\n","items":{"$ref":"#/types/zia:index/getFirewallFilteringRuleSrcIpGroup:getFirewallFilteringRuleSrcIpGroup"},"type":"array"},"srcIps":{"description":"(Optional) You can enter individual IP addresses, subnets, or address ranges.\n","items":{"type":"string"},"type":"array"},"state":{"description":"(Optional) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.\n","type":"string"},"timeWindows":{"description":"(Optional) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`2`\" pulumi-lang-dotnet=\"`2`\" pulumi-lang-go=\"`2`\" pulumi-lang-python=\"`2`\" pulumi-lang-yaml=\"`2`\" pulumi-lang-java=\"`2`\"\u003e`2`\u003c/span\u003e time intervals. When not used it implies \u003cspan pulumi-lang-nodejs=\"`always`\" pulumi-lang-dotnet=\"`Always`\" pulumi-lang-go=\"`always`\" pulumi-lang-python=\"`always`\" pulumi-lang-yaml=\"`always`\" pulumi-lang-java=\"`always`\"\u003e`always`\u003c/span\u003e to apply the rule to all time intervals.\n","items":{"$ref":"#/types/zia:index/getFirewallFilteringRuleTimeWindow:getFirewallFilteringRuleTimeWindow"},"type":"array"},"users":{"description":"(Optional) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`4`\" pulumi-lang-dotnet=\"`4`\" pulumi-lang-go=\"`4`\" pulumi-lang-python=\"`4`\" pulumi-lang-yaml=\"`4`\" pulumi-lang-java=\"`4`\"\u003e`4`\u003c/span\u003e general and/or special users. When not used it implies `Any` to apply the rule to all users.\n","items":{"$ref":"#/types/zia:index/getFirewallFilteringRuleUser:getFirewallFilteringRuleUser"},"type":"array"},"workloadGroups":{"description":"(List) The list of preconfigured workload groups to which the policy must be applied\n","items":{"$ref":"#/types/zia:index/getFirewallFilteringRuleWorkloadGroup:getFirewallFilteringRuleWorkloadGroup"},"type":"array"},"zpaAppSegments":{"items":{"$ref":"#/types/zia:index/getFirewallFilteringRuleZpaAppSegment:getFirewallFilteringRuleZpaAppSegment"},"type":"array"}},"required":["accessControl","action","appServiceGroups","appServices","defaultRule","departments","description","destAddresses","destCountries","destIpCategories","destIpGroups","deviceGroups","deviceTrustLevels","devices","enableFullLogging","groups","labels","lastModifiedBies","lastModifiedTime","locationGroups","locations","nwApplicationGroups","nwApplications","nwServiceGroups","nwServices","order","predefined","rank","srcIpGroups","srcIps","state","timeWindows","users","workloadGroups","zpaAppSegments"],"type":"object"}},"zia:index/getFirewallFilteringSourceIPGroups:getFirewallFilteringSourceIPGroups":{"description":"* [Official documentation](https://help.zscaler.com/zia/firewall-policies#/ipSourceGroups-get)\n* [API documentation](https://help.zscaler.com/zia/firewall-policies#/ipSourceGroups-get)\n\nUse the **zia_firewall_filtering_ip_source_groups** data source to get information about ip source groups available in the Zscaler Internet Access cloud firewall. This data source can then be associated with a ZIA firewall filtering rule.\n\n## Example Usage\n\n```hcl\n# ZIA IP Source Groups\ndata \"zia_firewall_filtering_ip_source_groups\" \"example\" {\n    name = \"example\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getFirewallFilteringSourceIPGroups.\n","properties":{"id":{"type":"integer","description":"The ID of the ip source group resource.\n"},"name":{"type":"string","description":"The name of the ip source group to be exported.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getFirewallFilteringSourceIPGroups.\n","properties":{"description":{"description":"(String)\n","type":"string"},"id":{"description":"The ID of this resource.\n","type":"integer"},"ipAddresses":{"description":"(List of String)\n","items":{"type":"string"},"type":"array"},"name":{"type":"string"}},"required":["description","id","ipAddresses","name"],"type":"object"}},"zia:index/getForwardingControlProxies:getForwardingControlProxies":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-third-party-proxies)\n* [API documentation](https://help.zscaler.com/zia/forwarding-control-policy#/proxies-get)\n\nUse the **zia_forwarding_control_proxies** data source to get information about a third-party proxy service available in the Zscaler Internet Access.\n\n## Example Usage\n\n### Retrieve By Name\n\n```hcl\ndata \"zia_forwarding_control_proxies\" \"this\" {\n    name = \"Proxy01\"\n}\n```\n\n### Retrieve By ID\n\n```hcl\ndata \"zia_forwarding_control_proxies\" \"this\" {\n    id = \"18492370\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getForwardingControlProxies.\n","properties":{"id":{"type":"integer","description":"Unique identifier for the third-party proxy services\n"},"name":{"type":"string","description":"Proxy name for the third-party proxy services\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getForwardingControlProxies.\n","properties":{"address":{"description":"(String) The IP address or the FQDN of the third-party proxy service\n","type":"string"},"base64EncodeXauHeader":{"description":"(Boolean) Flag indicating whether the added X-Authenticated-User header is Base64 encoded. When enabled, the user ID is encoded using the Base64 encoding method.\n","type":"boolean"},"certs":{"description":"(Set of Objects) The root certificate used by the third-party proxy to perform SSL inspection. This root certificate is used by Zscaler to validate the SSL leaf certificates signed by the upstream proxy. The required root certificate appears in this drop-down list only if it is uploaded from the Administration \u003e Root Certificates page.\n","items":{"$ref":"#/types/zia:index/getForwardingControlProxiesCert:getForwardingControlProxiesCert"},"type":"array"},"description":{"description":"(String) Additional notes or information\n","type":"string"},"id":{"description":"(Integer) Identifier that uniquely identifies the certificate\n","type":"integer"},"insertXauHeader":{"description":"(Boolean) Flag indicating whether X-Authenticated-User header is added by the proxy. Enable to automatically insert authenticated user ID to the HTTP header, X-Authenticated-User.\n","type":"boolean"},"lastModifiedBies":{"items":{"$ref":"#/types/zia:index/getForwardingControlProxiesLastModifiedBy:getForwardingControlProxiesLastModifiedBy"},"type":"array"},"lastModifiedTime":{"type":"integer"},"name":{"type":"string"},"port":{"description":"(integer) The port number on which the third-party proxy service listens to the requests forwarded from Zscaler\n","type":"integer"},"type":{"description":"(String) Gateway type. Returned values: `PROXYCHAIN`, `ZIA`, `ECSELF`\n","type":"string"}},"required":["address","base64EncodeXauHeader","certs","description","id","insertXauHeader","lastModifiedBies","lastModifiedTime","name","port","type"],"type":"object"}},"zia:index/getForwardingControlProxyGateway:getForwardingControlProxyGateway":{"deprecationMessage":"zia.index/getforwardingcontrolproxygateway.getForwardingControlProxyGateway has been deprecated in favor of zia.index/getforwardingproxygateway.getForwardingProxyGateway","description":"* [Official documentation](https://help.zscaler.com/zia/about-gateways-proxies)\n* [API documentation](https://help.zscaler.com/zia/forwarding-control-policy#/proxyGateways-get)\n\nUse the **zia_forwarding_control_proxy_gateway** data source to retrieve the proxy gateway information. This data source can then be associated with the attribute \u003cspan pulumi-lang-nodejs=\"`proxyGateway`\" pulumi-lang-dotnet=\"`ProxyGateway`\" pulumi-lang-go=\"`proxyGateway`\" pulumi-lang-python=\"`proxy_gateway`\" pulumi-lang-yaml=\"`proxyGateway`\" pulumi-lang-java=\"`proxyGateway`\"\u003e`proxy_gateway`\u003c/span\u003e when creating a Forwarding Control Rule via the resource: \u003cspan pulumi-lang-nodejs=\"`zia.ForwardingControlRule`\" pulumi-lang-dotnet=\"`zia.ForwardingControlRule`\" pulumi-lang-go=\"`ForwardingControlRule`\" pulumi-lang-python=\"`ForwardingControlRule`\" pulumi-lang-yaml=\"`zia.ForwardingControlRule`\" pulumi-lang-java=\"`zia.ForwardingControlRule`\"\u003e`zia.ForwardingControlRule`\u003c/span\u003e\n\n## Example Usage\n\n```hcl\n# ZIA Forwarding Control - Proxy Gateway\ndata \"zia_forwarding_control_proxy_gateway\" \"this\" {\n  name = \"Proxy_GW01\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getForwardingControlProxyGateway.\n","properties":{"id":{"type":"integer","description":"The ID of the forwarding control Proxy Gateway resource.\n"},"name":{"type":"string","description":"The name of the forwarding control Proxy Gateway to be exported.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getForwardingControlProxyGateway.\n","properties":{"description":{"description":"(string) - Additional details about the Proxy gateway\n","type":"string"},"failClosed":{"description":"(Boolean) - Indicates whether fail close is enabled to drop the traffic or disabled to allow the traffic when both primary and secondary proxies defined in this gateway are unreachable.\n","type":"boolean"},"id":{"description":"(string) A unique identifier for the secondary proxy gateway\n","type":"integer"},"lastModifiedBies":{"description":"(list) -  Information about the admin user that last modified the Proxy gateway\n","items":{"$ref":"#/types/zia:index/getForwardingControlProxyGatewayLastModifiedBy:getForwardingControlProxyGatewayLastModifiedBy"},"type":"array"},"lastModifiedTime":{"description":"(int) - Timestamp when the ZPA gateway was last modified\n","type":"integer"},"name":{"description":"(string) The configured name for the secondary proxy gateway\n","type":"string"},"primaryProxies":{"description":"(Set of String) - The primary proxy for the gateway. This field is not applicable to the Lite API.\n","items":{"$ref":"#/types/zia:index/getForwardingControlProxyGatewayPrimaryProxy:getForwardingControlProxyGatewayPrimaryProxy"},"type":"array"},"secondaryProxies":{"description":"() - The secondary proxy for the gateway. This field is not applicable to the Lite API.\n","items":{"$ref":"#/types/zia:index/getForwardingControlProxyGatewaySecondaryProxy:getForwardingControlProxyGatewaySecondaryProxy"},"type":"array"},"type":{"description":"(string) - Indicates whether the type of Proxy gateway. Returned values are: `PROXYCHAIN`, `ZIA`, or `ECSELF`\n","type":"string"}},"required":["description","failClosed","id","lastModifiedBies","lastModifiedTime","name","primaryProxies","secondaryProxies","type"],"type":"object"}},"zia:index/getForwardingControlRule:getForwardingControlRule":{"description":"* [Official documentation](https://help.zscaler.com/zia/configuring-forwarding-policy)\n* [API documentation](https://help.zscaler.com/zia/forwarding-control-policy#/forwardingRules-get)\n\nUse the **zia_forwarding_control_rule** data source to get information about a forwarding control rule which is used to forward selective Zscaler traffic to specific destinations based on your needs.For example, if you want to forward specific web traffic to a third-party proxy service or if you want to forward source IP anchored application traffic to a specific Zscaler Private Access (ZPA) App Connector or internal application traffic through ZIA threat and data protection engines, use forwarding control by configuring appropriate rules.\n\n## Example Usage\n\n```hcl\n# ZIA Forwarding Control - ZPA Gateway\ndata \"zia_forwarding_control_rule\" \"this\" {\n  name = \"FWD_RULE01\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getForwardingControlRule.\n","properties":{"id":{"type":"integer","description":"A unique identifier assigned to the forwarding rule.\n"},"name":{"type":"string","description":"The name of the forwarding rule.\n"},"type":{"type":"string","description":"(string) -  The rule type selected from the available options\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getForwardingControlRule.\n","properties":{"departments":{"description":"(list) Apply to any number of departments When not used it implies `Any` to apply the rule to all departments.\n","items":{"$ref":"#/types/zia:index/getForwardingControlRuleDepartment:getForwardingControlRuleDepartment"},"type":"array"},"description":{"description":"(string) - Additional information about the forwarding rule\n","type":"string"},"destAddresses":{"description":"** - (list) -  IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.\n","items":{"type":"string"},"type":"array"},"destCountries":{"description":"** - (list) estination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries. Provide a 2 letter [ISO3166 Alpha2 Country code](https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes).\n","items":{"type":"string"},"type":"array"},"destIpCategories":{"description":"** - (list) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.\n","items":{"type":"string"},"type":"array"},"destIpGroups":{"description":"** - (list) Any number of destination IP address groups that you want to control with this rule.\n","items":{"$ref":"#/types/zia:index/getForwardingControlRuleDestIpGroup:getForwardingControlRuleDestIpGroup"},"type":"array"},"destIpv6Groups":{"items":{"$ref":"#/types/zia:index/getForwardingControlRuleDestIpv6Group:getForwardingControlRuleDestIpv6Group"},"type":"array"},"deviceGroups":{"description":"(list) Name-ID pairs of device groups for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.\n","items":{"$ref":"#/types/zia:index/getForwardingControlRuleDeviceGroup:getForwardingControlRuleDeviceGroup"},"type":"array"},"devices":{"description":"(list) Name-ID pairs of devices for which the rule must be applied. Specifies devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.\n","items":{"$ref":"#/types/zia:index/getForwardingControlRuleDevice:getForwardingControlRuleDevice"},"type":"array"},"ecGroups":{"description":"(list) - Name-ID pairs of the Zscaler Cloud Connector groups to which the forwarding rule applies\n","items":{"$ref":"#/types/zia:index/getForwardingControlRuleEcGroup:getForwardingControlRuleEcGroup"},"type":"array"},"forwardMethod":{"description":"(string) - The type of traffic forwarding method selected from the available options.\n","type":"string"},"groups":{"description":"(list) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`8`\" pulumi-lang-dotnet=\"`8`\" pulumi-lang-go=\"`8`\" pulumi-lang-python=\"`8`\" pulumi-lang-yaml=\"`8`\" pulumi-lang-java=\"`8`\"\u003e`8`\u003c/span\u003e groups. When not used it implies `Any` to apply the rule to all groups.\n","items":{"$ref":"#/types/zia:index/getForwardingControlRuleGroup:getForwardingControlRuleGroup"},"type":"array"},"id":{"description":"(int) Identifier that uniquely identifies an entity\n","type":"integer"},"labels":{"description":"(list) Labels that are applicable to the rule.\n","items":{"$ref":"#/types/zia:index/getForwardingControlRuleLabel:getForwardingControlRuleLabel"},"type":"array"},"locationGroups":{"description":"(Optional) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`32`\" pulumi-lang-dotnet=\"`32`\" pulumi-lang-go=\"`32`\" pulumi-lang-python=\"`32`\" pulumi-lang-yaml=\"`32`\" pulumi-lang-java=\"`32`\"\u003e`32`\u003c/span\u003e location groups. When not used it implies `Any` to apply the rule to all location groups.\n","items":{"$ref":"#/types/zia:index/getForwardingControlRuleLocationGroup:getForwardingControlRuleLocationGroup"},"type":"array"},"locations":{"description":"(Optional) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`8`\" pulumi-lang-dotnet=\"`8`\" pulumi-lang-go=\"`8`\" pulumi-lang-python=\"`8`\" pulumi-lang-yaml=\"`8`\" pulumi-lang-java=\"`8`\"\u003e`8`\u003c/span\u003e locations. When not used it implies `Any` to apply the rule to all groups.\n","items":{"$ref":"#/types/zia:index/getForwardingControlRuleLocation:getForwardingControlRuleLocation"},"type":"array"},"name":{"description":"(string) The configured name of the entity\n","type":"string"},"nwApplicationGroups":{"description":"(list) Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify\n","items":{"$ref":"#/types/zia:index/getForwardingControlRuleNwApplicationGroup:getForwardingControlRuleNwApplicationGroup"},"type":"array"},"nwApplications":{"description":"(Optional) When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify.\n","items":{"type":"string"},"type":"array"},"nwServiceGroups":{"description":"(list) Any number of predefined or custom network service groups to which the rule applies.\n","items":{"$ref":"#/types/zia:index/getForwardingControlRuleNwServiceGroup:getForwardingControlRuleNwServiceGroup"},"type":"array"},"nwServices":{"description":"(list) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to `1,024` additional custom services.\n","items":{"$ref":"#/types/zia:index/getForwardingControlRuleNwService:getForwardingControlRuleNwService"},"type":"array"},"order":{"description":"(string) - The order of execution for the forwarding rule order.\n","type":"integer"},"proxyGateways":{"description":"(set) The proxy gateway for which the rule is applicable. This field is applicable only for the `PROXYCHAIN` forwarding method.\n","items":{"$ref":"#/types/zia:index/getForwardingControlRuleProxyGateway:getForwardingControlRuleProxyGateway"},"type":"array"},"rank":{"type":"integer"},"resCategories":{"description":"** - (list) List of destination domain categories to which the rule applies.\n","items":{"type":"string"},"type":"array"},"srcIpGroups":{"description":"(list) Any number of source IP address groups that you want to control with this rule.\n","items":{"$ref":"#/types/zia:index/getForwardingControlRuleSrcIpGroup:getForwardingControlRuleSrcIpGroup"},"type":"array"},"srcIps":{"description":"(Optional) You can enter individual IP addresses, subnets, or address ranges.\n","items":{"type":"string"},"type":"array"},"srcIpv6Groups":{"items":{"$ref":"#/types/zia:index/getForwardingControlRuleSrcIpv6Group:getForwardingControlRuleSrcIpv6Group"},"type":"array"},"state":{"description":"(string) - Indicates whether the forwarding rule is enabled or disabled.\n","type":"string"},"type":{"description":"(string) -  The rule type selected from the available options\n","type":"string"},"users":{"description":"(list) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`4`\" pulumi-lang-dotnet=\"`4`\" pulumi-lang-go=\"`4`\" pulumi-lang-python=\"`4`\" pulumi-lang-yaml=\"`4`\" pulumi-lang-java=\"`4`\"\u003e`4`\u003c/span\u003e general and/or special users. When not used it implies `Any` to apply the rule to all users.\n","items":{"$ref":"#/types/zia:index/getForwardingControlRuleUser:getForwardingControlRuleUser"},"type":"array"},"zpaAppSegments":{"description":"(set) The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the `ZPA` Gateway forwarding method.\n","items":{"$ref":"#/types/zia:index/getForwardingControlRuleZpaAppSegment:getForwardingControlRuleZpaAppSegment"},"type":"array"},"zpaApplicationSegmentGroups":{"description":"(set) List of ZPA Application Segment Groups for which this rule is applicable. This field is applicable only for the `ECZPA` forwarding method (used for Zscaler Cloud Connector).\n","items":{"$ref":"#/types/zia:index/getForwardingControlRuleZpaApplicationSegmentGroup:getForwardingControlRuleZpaApplicationSegmentGroup"},"type":"array"},"zpaApplicationSegments":{"description":"(set) List of ZPA Application Segments for which this rule is applicable. This field is applicable only for the `ECZPA` forwarding method (used for Zscaler Cloud Connector).\n","items":{"$ref":"#/types/zia:index/getForwardingControlRuleZpaApplicationSegment:getForwardingControlRuleZpaApplicationSegment"},"type":"array"},"zpaBrokerRule":{"type":"boolean"},"zpaGateways":{"description":"(set) The ZPA Gateway for which this rule is applicable. This field is applicable only for the `ZPA` forwarding method.\n","items":{"$ref":"#/types/zia:index/getForwardingControlRuleZpaGateway:getForwardingControlRuleZpaGateway"},"type":"array"}},"required":["departments","description","destAddresses","destCountries","destIpCategories","destIpGroups","destIpv6Groups","deviceGroups","devices","ecGroups","forwardMethod","groups","labels","locationGroups","locations","nwApplicationGroups","nwApplications","nwServiceGroups","nwServices","order","proxyGateways","rank","resCategories","srcIpGroups","srcIps","srcIpv6Groups","state","users","zpaAppSegments","zpaApplicationSegmentGroups","zpaApplicationSegments","zpaBrokerRule","zpaGateways"],"type":"object"}},"zia:index/getForwardingControlZPAGateway:getForwardingControlZPAGateway":{"description":"* [Official documentation](https://help.zscaler.com/zia/configuring-forwarding-policy)\n* [API documentation](https://help.zscaler.com/zia/forwarding-control-policy#/zpaGateways-post)\n\nUse the **zia_forwarding_control_zpa_gateway** data source to get information about a forwarding control zpa gateway used in IP Source Anchoring integration between Zscaler Internet Access and Zscaler Private Access. This data source can then be associated with a ZIA Forwarding Control Rule.\n\n## Example Usage\n\n```hcl\n# ZIA Forwarding Control - ZPA Gateway\ndata \"zia_forwarding_control_zpa_gateway\" \"this\" {\n  name = \"ZPA_GW01\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getForwardingControlZPAGateway.\n","properties":{"id":{"type":"integer","description":"The ID of the forwarding control ZPA Gateway resource.\n"},"name":{"type":"string","description":"The name of the forwarding control ZPA Gateway to be exported.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getForwardingControlZPAGateway.\n","properties":{"description":{"description":"(string) - Additional details about the ZPA gateway\n","type":"string"},"id":{"description":"(int) - Identifier that uniquely identifies an entity\n","type":"integer"},"lastModifiedBies":{"description":"(list) -  Information about the admin user that last modified the ZPA gateway\n","items":{"$ref":"#/types/zia:index/getForwardingControlZPAGatewayLastModifiedBy:getForwardingControlZPAGatewayLastModifiedBy"},"type":"array"},"lastModifiedTime":{"description":"(int) - Timestamp when the ZPA gateway was last modified\n","type":"integer"},"name":{"description":"(string) The configured name of the entity\n","type":"string"},"type":{"description":"(string) - Indicates whether the ZPA gateway is configured for Zscaler Internet Access (using option ZPA) or Zscaler Cloud Connector (using option ECZPA)\n","type":"string"},"zpaAppSegments":{"items":{"$ref":"#/types/zia:index/getForwardingControlZPAGatewayZpaAppSegment:getForwardingControlZPAGatewayZpaAppSegment"},"type":"array"},"zpaServerGroups":{"description":"() - The ZPA Server Group that is configured for Source IP Anchoring\n","items":{"$ref":"#/types/zia:index/getForwardingControlZPAGatewayZpaServerGroup:getForwardingControlZPAGatewayZpaServerGroup"},"type":"array"},"zpaTenantId":{"type":"integer"}},"required":["description","id","lastModifiedBies","lastModifiedTime","name","type","zpaAppSegments","zpaServerGroups","zpaTenantId"],"type":"object"}},"zia:index/getForwardingProxyGateway:getForwardingProxyGateway":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-gateways-proxies)\n* [API documentation](https://help.zscaler.com/zia/forwarding-control-policy#/proxyGateways-get)\n\nUse the **zia_forwarding_control_proxy_gateway** data source to retrieve the proxy gateway information. This data source can then be associated with the attribute \u003cspan pulumi-lang-nodejs=\"`proxyGateway`\" pulumi-lang-dotnet=\"`ProxyGateway`\" pulumi-lang-go=\"`proxyGateway`\" pulumi-lang-python=\"`proxy_gateway`\" pulumi-lang-yaml=\"`proxyGateway`\" pulumi-lang-java=\"`proxyGateway`\"\u003e`proxy_gateway`\u003c/span\u003e when creating a Forwarding Control Rule via the resource: \u003cspan pulumi-lang-nodejs=\"`zia.ForwardingControlRule`\" pulumi-lang-dotnet=\"`zia.ForwardingControlRule`\" pulumi-lang-go=\"`ForwardingControlRule`\" pulumi-lang-python=\"`ForwardingControlRule`\" pulumi-lang-yaml=\"`zia.ForwardingControlRule`\" pulumi-lang-java=\"`zia.ForwardingControlRule`\"\u003e`zia.ForwardingControlRule`\u003c/span\u003e\n\n## Example Usage\n\n```hcl\n# ZIA Forwarding Control - Proxy Gateway\ndata \"zia_forwarding_control_proxy_gateway\" \"this\" {\n  name = \"Proxy_GW01\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getForwardingProxyGateway.\n","properties":{"id":{"type":"integer","description":"The ID of the forwarding control Proxy Gateway resource.\n"},"name":{"type":"string","description":"The name of the forwarding control Proxy Gateway to be exported.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getForwardingProxyGateway.\n","properties":{"description":{"description":"(string) - Additional details about the Proxy gateway\n","type":"string"},"failClosed":{"description":"(Boolean) - Indicates whether fail close is enabled to drop the traffic or disabled to allow the traffic when both primary and secondary proxies defined in this gateway are unreachable.\n","type":"boolean"},"id":{"description":"(string) A unique identifier for the secondary proxy gateway\n","type":"integer"},"lastModifiedBies":{"description":"(list) -  Information about the admin user that last modified the Proxy gateway\n","items":{"$ref":"#/types/zia:index/getForwardingProxyGatewayLastModifiedBy:getForwardingProxyGatewayLastModifiedBy"},"type":"array"},"lastModifiedTime":{"description":"(int) - Timestamp when the ZPA gateway was last modified\n","type":"integer"},"name":{"description":"(string) The configured name for the secondary proxy gateway\n","type":"string"},"primaryProxies":{"description":"(Set of String) - The primary proxy for the gateway. This field is not applicable to the Lite API.\n","items":{"$ref":"#/types/zia:index/getForwardingProxyGatewayPrimaryProxy:getForwardingProxyGatewayPrimaryProxy"},"type":"array"},"secondaryProxies":{"description":"() - The secondary proxy for the gateway. This field is not applicable to the Lite API.\n","items":{"$ref":"#/types/zia:index/getForwardingProxyGatewaySecondaryProxy:getForwardingProxyGatewaySecondaryProxy"},"type":"array"},"type":{"description":"(string) - Indicates whether the type of Proxy gateway. Returned values are: `PROXYCHAIN`, `ZIA`, or `ECSELF`\n","type":"string"}},"required":["description","failClosed","id","lastModifiedBies","lastModifiedTime","name","primaryProxies","secondaryProxies","type"],"type":"object"}},"zia:index/getFtpControlPolicy:getFtpControlPolicy":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-ftp-control)\n* [API documentation](https://help.zscaler.com/zia/ftp-control-policy#/ftpSettings-get)\n\nUse the **zia_ftp_control_policy** data source to retrieves the FTP Control Policy configuration. To learn more see [Configuring the FTP Control Policy](https://help.zscaler.com/zia/configuring-ftp-control-policy)\n\n## Example Usage\n\n```hcl\ndata \"zia_ftp_control_policy\" \"this\" {}\n```\n","outputs":{"description":"A collection of values returned by getFtpControlPolicy.\n","properties":{"ftpEnabled":{"description":"(Boolean) Indicates whether to enable native FTP. When enabled, users can connect to native FTP sites and download files.\n","type":"boolean"},"ftpOverHttpEnabled":{"description":"(Boolean) Indicates whether to enable FTP over HTTP. By default, the Zscaler service doesn't allow users from a location to upload or download files from FTP sites that use FTP over HTTP. Select this to enable browsers to connect to FTP over HTTP sites and download files. If a remote user uses a dedicated port, then the service supports FTP over HTTP for them.\n","type":"boolean"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"urlCategories":{"description":"(List of Strings) List of URL categories that allow FTP traffic\n","items":{"type":"string"},"type":"array"},"urls":{"description":"(List of Strings) Domains or URLs included for the FTP Control settings\n","items":{"type":"string"},"type":"array"}},"required":["ftpEnabled","ftpOverHttpEnabled","urlCategories","urls","id"],"type":"object"}},"zia:index/getGroupManagement:getGroupManagement":{"description":"* [Official documentation](https://help.zscaler.com/zia/user-management#/groups-get)\n* [API documentation](https://help.zscaler.com/zia/user-management#/groups-get)\n\nUse the **zia_group_management** data source to get information about a user group that may have been created in the Zscaler Internet Access portal. This data source can then be associated with a ZIA cloud firewall filtering rule, and URL filtering rules.\n\n## Example Usage\n\n```hcl\ndata \"zia_group_management\" \"devops\" {\n name = \"DevOps\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getGroupManagement.\n","properties":{"id":{"type":"integer","description":"Unique identfier for the group.\n"},"name":{"type":"string","description":"Name of the user group\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getGroupManagement.\n","properties":{"comments":{"description":"(Optional) Additional information about the group\n","type":"string"},"id":{"type":"integer"},"idpId":{"description":"(Optional) Unique identfier for the identity provider (IdP)\n","type":"integer"},"name":{"type":"string"}},"required":["comments","id","idpId"],"type":"object"}},"zia:index/getIPSFirewallRule:getIPSFirewallRule":{"description":"* [Official documentation](https://help.zscaler.com/zia/ips-control-policy#/firewallIpsRules-get)\n* [API documentation](https://help.zscaler.com/zia/configuring-ips-control-policy)\n\nUse the **zia_firewall_ips_rule** data source to get information about a cloud firewall IPS rule available in the Zscaler Internet Access.\n\n## Example Usage\n\n```hcl\n# ZIA Firewall IPS Rule by name\ndata \"zia_firewall_ips_rule\" \"this\" {\n    name = \"Default Cloud IPS Rule\"\n}\n```\n\n```hcl\n# ZIA Firewall IPS Rule by ID\ndata \"zia_firewall_ips_rule\" \"this\" {\n    id = \"12365478\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getIPSFirewallRule.\n","properties":{"eunTemplateId":{"type":"integer","description":"(Integer) The EUN template ID associated with the rule\n"},"id":{"type":"integer","description":"Unique identifier for the Firewall Filtering policy rule\n"},"isEunEnabled":{"type":"boolean"},"name":{"type":"string","description":"Name of the Firewall Filtering policy rule\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getIPSFirewallRule.\n","properties":{"action":{"description":"(String) The action configured for the rule that must take place if the traffic matches the rule criteria, such as allowing or blocking the traffic or bypassing the rule. The following actions are accepted: `ALLOW`, `BLOCK_DROP`, `BLOCK_RESET`, `BYPASS_IPS`\n","type":"string"},"capturePcap":{"description":"(Boolean) Value that indicates whether packet capture (PCAP) is enabled or not\n","type":"boolean"},"defaultRule":{"description":"(Boolean) Value that indicates whether the rule is the Default Cloud IPS Rule or not\n","type":"boolean"},"departments":{"description":"(List of Objects) Apply to any number of departments When not used it implies `Any` to apply the rule to all departments.\n","items":{"$ref":"#/types/zia:index/getIPSFirewallRuleDepartment:getIPSFirewallRuleDepartment"},"type":"array"},"description":{"description":"(String) Enter additional notes or information. The description cannot exceed 10,240 characters.\n","type":"string"},"destAddresses":{"description":"(Set of String) Destination IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific destination IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).\n","items":{"type":"string"},"type":"array"},"destCountries":{"description":"(Set of String) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.\n**NOTE**: Provide a 2 letter [ISO3166 Alpha2 Country code](https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes). i.e ``\"US\"``, ``\"CA\"``\n","items":{"type":"string"},"type":"array"},"destIpCategories":{"description":"(Set of String)  identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.\n","items":{"type":"string"},"type":"array"},"destIpGroups":{"description":"** - (List of Objects) Any number of destination IP address groups that you want to control with this rule.\n","items":{"$ref":"#/types/zia:index/getIPSFirewallRuleDestIpGroup:getIPSFirewallRuleDestIpGroup"},"type":"array"},"destIpv6Groups":{"items":{"$ref":"#/types/zia:index/getIPSFirewallRuleDestIpv6Group:getIPSFirewallRuleDestIpv6Group"},"type":"array"},"deviceGroups":{"description":"(List of Objects) Device groups to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.\n","items":{"$ref":"#/types/zia:index/getIPSFirewallRuleDeviceGroup:getIPSFirewallRuleDeviceGroup"},"type":"array"},"devices":{"description":"(List of Objects) Devices to which the rule applies. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.\n","items":{"$ref":"#/types/zia:index/getIPSFirewallRuleDevice:getIPSFirewallRuleDevice"},"type":"array"},"enableFullLogging":{"description":"(Integer) A Boolean value that indicates whether full logging is enabled. A true value indicates that full logging is enabled, whereas a false value indicates that aggregate logging is enabled.\n","type":"boolean"},"eunTemplateId":{"description":"(Integer) The EUN template ID associated with the rule\n","type":"integer"},"groups":{"description":"(List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`8`\" pulumi-lang-dotnet=\"`8`\" pulumi-lang-go=\"`8`\" pulumi-lang-python=\"`8`\" pulumi-lang-yaml=\"`8`\" pulumi-lang-java=\"`8`\"\u003e`8`\u003c/span\u003e groups. When not used it implies `Any` to apply the rule to all groups.\n","items":{"$ref":"#/types/zia:index/getIPSFirewallRuleGroup:getIPSFirewallRuleGroup"},"type":"array"},"id":{"description":"(Integer) Identifier that uniquely identifies an entity\n","type":"integer"},"isEunEnabled":{"type":"boolean"},"labels":{"description":"(List of Objects) Labels that are applicable to the rule.\n","items":{"$ref":"#/types/zia:index/getIPSFirewallRuleLabel:getIPSFirewallRuleLabel"},"type":"array"},"lastModifiedBies":{"items":{"$ref":"#/types/zia:index/getIPSFirewallRuleLastModifiedBy:getIPSFirewallRuleLastModifiedBy"},"type":"array"},"lastModifiedTime":{"type":"integer"},"locationGroups":{"description":"(List of Objects)You can manually select up to \u003cspan pulumi-lang-nodejs=\"`32`\" pulumi-lang-dotnet=\"`32`\" pulumi-lang-go=\"`32`\" pulumi-lang-python=\"`32`\" pulumi-lang-yaml=\"`32`\" pulumi-lang-java=\"`32`\"\u003e`32`\u003c/span\u003e location groups. When not used it implies `Any` to apply the rule to all location groups.\n","items":{"$ref":"#/types/zia:index/getIPSFirewallRuleLocationGroup:getIPSFirewallRuleLocationGroup"},"type":"array"},"locations":{"description":"(List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`8`\" pulumi-lang-dotnet=\"`8`\" pulumi-lang-go=\"`8`\" pulumi-lang-python=\"`8`\" pulumi-lang-yaml=\"`8`\" pulumi-lang-java=\"`8`\"\u003e`8`\u003c/span\u003e locations. When not used it implies `Any` to apply the rule to all groups.\n","items":{"$ref":"#/types/zia:index/getIPSFirewallRuleLocation:getIPSFirewallRuleLocation"},"type":"array"},"name":{"description":"(String) The configured name of the entity\n","type":"string"},"nwServiceGroups":{"description":"(List of Objects) Any number of predefined or custom network service groups to which the rule applies.\n","items":{"$ref":"#/types/zia:index/getIPSFirewallRuleNwServiceGroup:getIPSFirewallRuleNwServiceGroup"},"type":"array"},"nwServices":{"description":"(List of Objects) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to `1,024` additional custom services.\n","items":{"$ref":"#/types/zia:index/getIPSFirewallRuleNwService:getIPSFirewallRuleNwService"},"type":"array"},"order":{"description":"(Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.\n","type":"integer"},"predefined":{"description":"(Boolean) A Boolean field that indicates that the rule is predefined by using a true value\n","type":"boolean"},"rank":{"description":"(Integer) By default, the admin ranking is disabled. To use this feature, you must enable admin rank. The default value is \u003cspan pulumi-lang-nodejs=\"`7`\" pulumi-lang-dotnet=\"`7`\" pulumi-lang-go=\"`7`\" pulumi-lang-python=\"`7`\" pulumi-lang-yaml=\"`7`\" pulumi-lang-java=\"`7`\"\u003e`7`\u003c/span\u003e.\n","type":"integer"},"resCategories":{"description":"(Set of String) URL categories associated with resolved IP addresses to which the rule applies. If not set, the rule is not restricted to a specific URL category.\n","items":{"type":"string"},"type":"array"},"sourceCountries":{"description":"(Set of String) The countries of origin of traffic for which the rule is applicable. If not set, the rule is not restricted to specific source countries.\n**NOTE**: Provide a 2 letter [ISO3166 Alpha2 Country code](https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes). i.e ``\"US\"``, ``\"CA\"``\n","items":{"type":"string"},"type":"array"},"srcIpGroups":{"description":"(List of Objects)Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.\n","items":{"$ref":"#/types/zia:index/getIPSFirewallRuleSrcIpGroup:getIPSFirewallRuleSrcIpGroup"},"type":"array"},"srcIps":{"description":"(Set of String) Source IP addresses or FQDNs to which the rule applies. If not set, the rule is not restricted to a specific source IP address. Each IP entry can be a single IP address, CIDR (e.g., 10.10.33.0/24), or an IP range (e.g., 10.10.33.1-10.10.33.10).\n","items":{"type":"string"},"type":"array"},"srcIpv6Groups":{"description":"(List of Objects) Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.\n","items":{"$ref":"#/types/zia:index/getIPSFirewallRuleSrcIpv6Group:getIPSFirewallRuleSrcIpv6Group"},"type":"array"},"state":{"description":"(String) An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.\n","type":"string"},"threatCategories":{"description":"(List of Objects) Advanced threat categories to which the rule applies\n","items":{"$ref":"#/types/zia:index/getIPSFirewallRuleThreatCategory:getIPSFirewallRuleThreatCategory"},"type":"array"},"timeWindows":{"description":"(List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`1`\" pulumi-lang-dotnet=\"`1`\" pulumi-lang-go=\"`1`\" pulumi-lang-python=\"`1`\" pulumi-lang-yaml=\"`1`\" pulumi-lang-java=\"`1`\"\u003e`1`\u003c/span\u003e time intervals. When not used it implies \u003cspan pulumi-lang-nodejs=\"`always`\" pulumi-lang-dotnet=\"`Always`\" pulumi-lang-go=\"`always`\" pulumi-lang-python=\"`always`\" pulumi-lang-yaml=\"`always`\" pulumi-lang-java=\"`always`\"\u003e`always`\u003c/span\u003e to apply the rule to all time intervals.\n","items":{"$ref":"#/types/zia:index/getIPSFirewallRuleTimeWindow:getIPSFirewallRuleTimeWindow"},"type":"array"},"users":{"description":"(List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`4`\" pulumi-lang-dotnet=\"`4`\" pulumi-lang-go=\"`4`\" pulumi-lang-python=\"`4`\" pulumi-lang-yaml=\"`4`\" pulumi-lang-java=\"`4`\"\u003e`4`\u003c/span\u003e general and/or special users. When not used it implies `Any` to apply the rule to all users.\n","items":{"$ref":"#/types/zia:index/getIPSFirewallRuleUser:getIPSFirewallRuleUser"},"type":"array"},"zpaAppSegments":{"description":"(List of Objects) The ZPA application segments to which the rule applies\n","items":{"$ref":"#/types/zia:index/getIPSFirewallRuleZpaAppSegment:getIPSFirewallRuleZpaAppSegment"},"type":"array"}},"required":["action","capturePcap","defaultRule","departments","description","destAddresses","destCountries","destIpCategories","destIpGroups","destIpv6Groups","deviceGroups","devices","enableFullLogging","groups","id","labels","lastModifiedBies","lastModifiedTime","locationGroups","locations","name","nwServiceGroups","nwServices","order","predefined","rank","resCategories","sourceCountries","srcIpGroups","srcIps","srcIpv6Groups","state","threatCategories","timeWindows","users","zpaAppSegments"],"type":"object"}},"zia:index/getIcapServers:getIcapServers":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-icap-communication-between-zscaler-and-dlp-servers)\n* [API documentation](https://help.zscaler.com/zia/data-loss-prevention#/icapServers/lite-get)\n\nUse the **zia_dlp_engines** data source to get information about a the list of DLP servers using ICAP in the Zscaler Internet Access cloud or via the API.\n\n## Example Usage\n\n```hcl\n# Retrieve a DLP ICAP Server by name\ndata \"zia_dlp_icap_servers\" \"example\"{\n    name = \"Example\"\n}\n```\n\n```hcl\n# Retrieve a DLP ICAP Server by ID\ndata \"zia_dlp_icap_servers\" \"example\"{\n    id = 1234567890\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getIcapServers.\n","properties":{"id":{"type":"integer"},"name":{"type":"string"}},"type":"object"},"outputs":{"description":"A collection of values returned by getIcapServers.\n","properties":{"id":{"type":"integer"},"name":{"type":"string"},"status":{"type":"string"},"url":{"type":"string"}},"required":["id","status","url"],"type":"object"}},"zia:index/getLocationGroups:getLocationGroups":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-locations)\n* [API documentation](https://help.zscaler.com/zia/location-management#/locations-get)\n\nUse the **zia_location_groups** data source to get information about a location group option available in the Zscaler Internet Access.\n\n```hcl\ndata \"zia_location_groups\" \"example\"{\n    name = \"Corporate User Traffic Group\"\n}\n```\n\n```hcl\ndata \"zia_location_groups\" \"example\"{\n    name = \"Guest Wifi Group\"\n}\n```\n\n```hcl\ndata \"zia_location_groups\" \"example\"{\n    name = \"IoT Traffic Group\"\n}\n```\n\n```hcl\ndata \"zia_location_groups\" \"example\"{\n    name = \"Server Traffic Group\"\n}\n```\n\n```hcl\ndata \"zia_location_groups\" \"example\"{\n    name = \"Server Traffic Group\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getLocationGroups.\n","properties":{"dynamicLocationGroupCriterias":{"type":"array","items":{"$ref":"#/types/zia:index/getLocationGroupsDynamicLocationGroupCriteria:getLocationGroupsDynamicLocationGroupCriteria"},"description":"(Block Set) Dynamic location group information.\n"},"id":{"type":"integer","description":"Unique identifier for the location group\n"},"name":{"type":"string","description":"Location group name\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getLocationGroups.\n","properties":{"comments":{"description":"(List of Object)\n","type":"string"},"deleted":{"description":"(Boolean) Indicates the location group was deleted\n","type":"boolean"},"dynamicLocationGroupCriterias":{"description":"(Block Set) Dynamic location group information.\n","items":{"$ref":"#/types/zia:index/getLocationGroupsDynamicLocationGroupCriteria:getLocationGroupsDynamicLocationGroupCriteria"},"type":"array"},"groupType":{"description":"(String) The location group's type (i.e., Static or Dynamic)\n","type":"string"},"id":{"description":"(Number) Identifier that uniquely identifies an entity\n","type":"integer"},"lastModTime":{"description":"(List of Object) Automatically populated with the current time, after a successful POST or PUT request.\n","type":"integer"},"lastModUsers":{"description":"(List of Object)\n","items":{"$ref":"#/types/zia:index/getLocationGroupsLastModUser:getLocationGroupsLastModUser"},"type":"array"},"locations":{"description":"(List of Object) The Name-ID pairs of the locations that are assigned to the static location group. This is ignored if the groupType is Dynamic.\n","items":{"$ref":"#/types/zia:index/getLocationGroupsLocation:getLocationGroupsLocation"},"type":"array"},"name":{"description":"(String) The configured name of the entity\n","type":"string"},"predefined":{"description":"(Boolean)\n","type":"boolean"}},"required":["comments","deleted","groupType","id","lastModTime","lastModUsers","locations","predefined"],"type":"object"}},"zia:index/getLocationLite:getLocationLite":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-locations)\n* [API documentation](https://help.zscaler.com/zia/location-management#/locations/lite-get)\n\nUse the **zia_location_lite** data source to get information about a location in lite mode option available in the Zscaler Internet Access. This data source can be used to retrieve the Road Warrior location to then associated with one of the following resources: `\u003cspan pulumi-lang-nodejs=\"`zia.URLFilteringRules`\" pulumi-lang-dotnet=\"`zia.URLFilteringRules`\" pulumi-lang-go=\"`URLFilteringRules`\" pulumi-lang-python=\"`URLFilteringRules`\" pulumi-lang-yaml=\"`zia.URLFilteringRules`\" pulumi-lang-java=\"`zia.URLFilteringRules`\"\u003e`zia.URLFilteringRules`\u003c/span\u003e`, `\u003cspan pulumi-lang-nodejs=\"`zia.FirewallFilteringRule`\" pulumi-lang-dotnet=\"`zia.FirewallFilteringRule`\" pulumi-lang-go=\"`FirewallFilteringRule`\" pulumi-lang-python=\"`FirewallFilteringRule`\" pulumi-lang-yaml=\"`zia.FirewallFilteringRule`\" pulumi-lang-java=\"`zia.FirewallFilteringRule`\"\u003e`zia.FirewallFilteringRule`\u003c/span\u003e` and `\u003cspan pulumi-lang-nodejs=\"`zia.DLPWebRules`\" pulumi-lang-dotnet=\"`zia.DLPWebRules`\" pulumi-lang-go=\"`DLPWebRules`\" pulumi-lang-python=\"`DLPWebRules`\" pulumi-lang-yaml=\"`zia.DLPWebRules`\" pulumi-lang-java=\"`zia.DLPWebRules`\"\u003e`zia.DLPWebRules`\u003c/span\u003e\n\n```hcl\ndata \"zia_location_lite\" \"this\" {\n name = \"Road Warrior\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getLocationLite.\n","properties":{"id":{"type":"integer","description":"Unique identifier for the location group\n"},"name":{"type":"string","description":"Location group name\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getLocationLite.\n","properties":{"aupBlockInternetUntilAccepted":{"description":"(Boolean) For First Time AUP Behavior, Block Internet Access. When set, all internet access (including non-HTTP traffic) is disabled until the user accepts the AUP.\n","type":"boolean"},"aupEnabled":{"description":"(Boolean) Enable AUP. When set to true, AUP is enabled for the location.\n","type":"boolean"},"aupForceSslInspection":{"description":"(Boolean) For First Time AUP Behavior, Force SSL Inspection. When set, Zscaler will force SSL Inspection in order to enforce AUP for HTTPS traffic.\n","type":"boolean"},"cautionEnabled":{"description":"(Boolean) Enable Caution. When set to true, a caution notifcation is enabled for the location.\n","type":"boolean"},"id":{"type":"integer"},"ipsControl":{"description":"(Boolean) Enable IPS Control. When set to true, IPS Control is enabled for the location if Firewall is enabled.\n","type":"boolean"},"ipv6Enabled":{"description":"(Number) If set to true, IPv6 is enabled for the location and IPv6 traffic from the location can be forwarded to the Zscaler service to enforce security policies.\n","type":"boolean"},"name":{"type":"string"},"ofwEnabled":{"description":"(Boolean) Enable Firewall. When set to true, Firewall is enabled for the location.\n","type":"boolean"},"other6SubLocation":{"description":"(Boolean) If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv6 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other6 and it can be renamed, if required. This field is applicable only if ipv6Enabled is set is true\n","type":"boolean"},"otherSubLocation":{"description":"(Boolean) If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv4 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other and it can be renamed, if required.\n","type":"boolean"},"parentId":{"description":"(Number) - Parent Location ID. If this ID does not exist or is \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e, it is implied that it is a parent location. Otherwise, it is a sub-location whose parent has this ID. x-applicableTo: `SUB`\n","type":"integer"},"subLocAccIds":{"items":{"type":"string"},"type":"array"},"subLocScope":{"type":"string"},"subLocScopeEnabled":{"type":"boolean"},"subLocScopeValues":{"items":{"type":"string"},"type":"array"},"surrogateIp":{"description":"(Boolean) Enable Surrogate IP. When set to true, users are mapped to internal device IP addresses.\n","type":"boolean"},"surrogateIpEnforcedForKnownBrowsers":{"description":"(Boolean) Enforce Surrogate IP for Known Browsers. When set to true, IP Surrogate is enforced for all known browsers.\n","type":"boolean"},"tz":{"description":"(String) Timezone of the location. If not specified, it defaults to GMT.\n","type":"string"},"xffForwardEnabled":{"description":"(Boolean) Enable XFF Forwarding. When set to true, traffic is passed to Zscaler Cloud via the X-Forwarded-For (XFF) header.\n","type":"boolean"},"zappSslScanEnabled":{"description":"(Boolean) This parameter was deprecated and no longer has an effect on SSL policy. It remains supported in the API payload in order to maintain backwards compatibility with existing scripts, but it will be removed in future.\n","type":"boolean"}},"required":["aupBlockInternetUntilAccepted","aupEnabled","aupForceSslInspection","cautionEnabled","id","ipsControl","ipv6Enabled","ofwEnabled","other6SubLocation","otherSubLocation","parentId","subLocAccIds","subLocScope","subLocScopeEnabled","subLocScopeValues","surrogateIp","surrogateIpEnforcedForKnownBrowsers","tz","xffForwardEnabled","zappSslScanEnabled"],"type":"object"}},"zia:index/getLocationManagement:getLocationManagement":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-locations)\n* [API documentation](https://help.zscaler.com/zia/location-management#/locations-get)\n\nUse the **zia_location_management** data source to get information about a location resource available in the Zscaler Internet Access Location Management. This resource can then be referenced in multiple other resources, such as URL Filtering Rules, Firewall rules etc.\n\n## Example Usage\n\n```hcl\n# ZIA Location Managemeent\ndata \"zia_location_management\" \"example\"{\n    name = \"San Jose\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getLocationManagement.\n","properties":{"basicAuthEnabled":{"type":"boolean"},"id":{"type":"integer","description":"The ID of the location to be exported.\n"},"name":{"type":"string","description":"The name of the location to be exported.\n"},"parentName":{"type":"string"}},"type":"object"},"outputs":{"description":"A collection of values returned by getLocationManagement.\n","properties":{"aupBlockInternetUntilAccepted":{"description":"(Boolean) For First Time AUP Behavior, Block Internet Access. When set, all internet access (including non-HTTP traffic) is disabled until the user accepts the AUP.\n","type":"boolean"},"aupEnabled":{"description":"(Boolean) Enable AUP. When set to true, AUP is enabled for the location.\n","type":"boolean"},"aupForceSslInspection":{"description":"(Boolean) For First Time AUP Behavior, Force SSL Inspection. When set, Zscaler will force SSL Inspection in order to enforce AUP for HTTPS traffic.\n","type":"boolean"},"aupTimeoutInDays":{"description":"(Number) Custom AUP Frequency. Refresh time (in days) to re-validate the AUP.\n","type":"integer"},"authRequired":{"description":"(Boolean) Enforce Authentication. Required when ports are enabled, IP Surrogate is enabled, or Kerberos Authentication is enabled.\n","type":"boolean"},"basicAuthEnabled":{"type":"boolean"},"cautionEnabled":{"description":"(Boolean) Enable Caution. When set to true, a caution notifcation is enabled for the location.\n","type":"boolean"},"country":{"description":"(String) Country\n","type":"string"},"defaultExtranetDns":{"type":"boolean"},"defaultExtranetTsPool":{"type":"boolean"},"description":{"description":"(String) Additional notes or information regarding the location or sub-location. The description cannot exceed 1024 characters.\n","type":"string"},"digestAuthEnabled":{"type":"boolean"},"displayTimeUnit":{"description":"(String) Display Time Unit. The time unit to display for IP Surrogate idle time to disassociation.\n","type":"string"},"dnBandwidth":{"description":"(Number) Download bandwidth in bytes. The value \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e implies no Bandwidth Control enforcement.\n","type":"integer"},"extranetDns":{"description":"(Block, Max: 1) The ID of the DNS server configuration used in the extranet\n","items":{"$ref":"#/types/zia:index/getLocationManagementExtranetDn:getLocationManagementExtranetDn"},"type":"array"},"extranetIpPools":{"description":"(Block, Max: 1) The ID of the traffic selector specified in the extranet\n","items":{"$ref":"#/types/zia:index/getLocationManagementExtranetIpPool:getLocationManagementExtranetIpPool"},"type":"array"},"extranets":{"description":"(Block, Max: 1) The ID of the extranet resource that must be assigned to the location\n","items":{"$ref":"#/types/zia:index/getLocationManagementExtranet:getLocationManagementExtranet"},"type":"array"},"id":{"description":"(int) The Identifier that uniquely identifies an entity\n","type":"integer"},"idleTimeInMinutes":{"description":"(Number) Idle Time to Disassociation. The user mapping idle time (in minutes) is required if a Surrogate IP is enabled.\n","type":"integer"},"iotDiscoveryEnabled":{"type":"boolean"},"ipAddresses":{"description":"(List of String) For locations: IP addresses of the egress points that are provisioned in the Zscaler Cloud. Each entry is a single IP address (e.g., `238.10.33.9`). For sub-locations: Egress, internal, or GRE tunnel IP addresses. Each entry is either a single IP address, CIDR (e.g., `10.10.33.0/24`), or range (e.g., `10.10.33.1-10.10.33.10`)).\n","items":{"type":"string"},"type":"array"},"ipsControl":{"description":"(Boolean) Enable IPS Control. When set to true, IPS Control is enabled for the location if Firewall is enabled.\n","type":"boolean"},"kerberosAuthEnabled":{"type":"boolean"},"name":{"description":"(String) The configured name of the entity\n","type":"string"},"ofwEnabled":{"description":"(Boolean) Enable Firewall. When set to true, Firewall is enabled for the location.\n","type":"boolean"},"other6SubLocation":{"type":"boolean"},"otherSubLocation":{"type":"boolean"},"parentId":{"description":"(Number) - Parent Location ID. If this ID does not exist or is \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e, it is implied that it is a parent location. Otherwise, it is a sub-location whose parent has this ID. x-applicableTo: `SUB`\n","type":"integer"},"parentName":{"type":"string"},"ports":{"description":"(List of String) IP ports that are associated with the location.\n","items":{"type":"string"},"type":"array"},"profile":{"description":"(String) Profile tag that specifies the location traffic type. If not specified, this tag defaults to `Unassigned`.\n","type":"string"},"sslScanEnabled":{"description":"(Boolean) This parameter was deprecated and no longer has an effect on SSL policy. It remains supported in the API payload in order to maintain backwards compatibility with existing scripts, but it will be removed in future.\n","type":"boolean"},"subLocAccIds":{"description":"(List of Strings) Specifies one or more Amazon Web Services (AWS) account IDs. These AWS accounts are associated with the parent location of this sublocation created in the Zscaler Cloud \u0026 Branch Connector Admin Portal.\n","items":{"type":"string"},"type":"array"},"subLocScope":{"description":"(Strings) Defines a scope for the sublocation from the available types to segregate workload traffic from a single sublocation to apply different Cloud Connector and ZIA security policies. This field is only available for the Workload traffic type sublocations whose parent locations are associated with Amazon Web Services (AWS) Cloud Connector groups. The supported options are: `VPC_ENDPOINT`, `VPC`, `NAMESPACE`, `ACCOUNT`\n","type":"string"},"subLocScopeEnabled":{"description":"(Boolean) Indicates whether defining scopes is allowed for this sublocation. Sublocation scopes are available only for the Workload traffic type sublocations whose parent locations are associated with Amazon Web Services (AWS) Cloud Connector groups.\n","type":"boolean"},"subLocScopeValues":{"description":"(List of Strings) Specifies values for the selected sublocation scope type\n","items":{"type":"string"},"type":"array"},"surrogateIp":{"description":"(Boolean) Enable Surrogate IP. When set to true, users are mapped to internal device IP addresses.\n","type":"boolean"},"surrogateIpEnforcedForKnownBrowsers":{"description":"(Boolean) Enforce Surrogate IP for Known Browsers. When set to true, IP Surrogate is enforced for all known browsers.\n","type":"boolean"},"surrogateRefreshTimeInMinutes":{"description":"(Number) Refresh Time for re-validation of Surrogacy. The surrogate refresh time (in minutes) to re-validate the IP surrogates.\n","type":"integer"},"surrogateRefreshTimeUnit":{"description":"(String) Display Refresh Time Unit. The time unit to display for refresh time for re-validation of surrogacy.\n","type":"string"},"tz":{"description":"(String) Timezone of the location. If not specified, it defaults to GMT.\n","type":"string"},"upBandwidth":{"description":"(Number) Upload bandwidth in bytes. The value \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e implies no Bandwidth Control enforcement.\n","type":"integer"},"vpnCredentials":{"items":{"$ref":"#/types/zia:index/getLocationManagementVpnCredential:getLocationManagementVpnCredential"},"type":"array"},"xffForwardEnabled":{"description":"(Boolean) Enable XFF Forwarding. When set to true, traffic is passed to Zscaler Cloud via the X-Forwarded-For (XFF) header.\n","type":"boolean"},"zappSslScanEnabled":{"description":"(Boolean) This parameter was deprecated and no longer has an effect on SSL policy. It remains supported in the API payload in order to maintain backwards compatibility with existing scripts, but it will be removed in future.\n","type":"boolean"}},"required":["aupBlockInternetUntilAccepted","aupEnabled","aupForceSslInspection","aupTimeoutInDays","authRequired","basicAuthEnabled","cautionEnabled","country","defaultExtranetDns","defaultExtranetTsPool","description","digestAuthEnabled","displayTimeUnit","dnBandwidth","extranets","extranetDns","extranetIpPools","idleTimeInMinutes","iotDiscoveryEnabled","ipAddresses","ipsControl","kerberosAuthEnabled","ofwEnabled","other6SubLocation","otherSubLocation","parentId","ports","profile","sslScanEnabled","subLocAccIds","subLocScope","subLocScopeEnabled","subLocScopeValues","surrogateIp","surrogateIpEnforcedForKnownBrowsers","surrogateRefreshTimeInMinutes","surrogateRefreshTimeUnit","tz","upBandwidth","vpnCredentials","xffForwardEnabled","zappSslScanEnabled"],"type":"object"}},"zia:index/getMalwareInspection:getMalwareInspection":{"description":"Use the **zia_atp_malware_inspection** data source to retrieves the traffic inspection configurations of Malware Protection policy. To learn more see [Configuring Malware Protection Policy](https://help.zscaler.com/unified/configuring-malware-protection-policy)\n\n## Example Usage\n\n```hcl\ndata \"zia_atp_malware_inspection\" \"this\" {}\n```\n","outputs":{"description":"A collection of values returned by getMalwareInspection.\n","properties":{"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"inspectInbound":{"type":"boolean"},"inspectOutbound":{"type":"boolean"}},"required":["inspectInbound","inspectOutbound","id"],"type":"object"}},"zia:index/getMalwarePolicy:getMalwarePolicy":{"description":"Use the **zia_atp_malware_policy** data source to retrieves information about the security exceptions configured for the Malware Protection policy. To learn more see [Configuring Malware Protection Policy](https://help.zscaler.com/unified/configuring-malware-protection-policy)\n\n## Example Usage\n\n```hcl\ndata \"zia_atp_malware_policy\" \"this\" {}\n```\n","inputs":{"description":"A collection of arguments for invoking getMalwarePolicy.\n","properties":{"blockPasswordProtectedArchiveFiles":{"type":"boolean"},"blockUnscannableFiles":{"type":"boolean"}},"type":"object"},"outputs":{"description":"A collection of values returned by getMalwarePolicy.\n","properties":{"blockPasswordProtectedArchiveFiles":{"type":"boolean"},"blockUnscannableFiles":{"type":"boolean"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"}},"required":["blockPasswordProtectedArchiveFiles","blockUnscannableFiles","id"],"type":"object"}},"zia:index/getMalwareProtocols:getMalwareProtocols":{"description":"Use the **zia_atp_malware_protocols** data source to retrieves the protocol inspection configurations for Malware Protection policy. To learn more see [Configuring Malware Protection Policy](https://help.zscaler.com/unified/configuring-malware-protection-policy)\n\n## Example Usage\n\n```hcl\ndata \"zia_atp_malware_protocols\" \"this\" {}\n```\n","outputs":{"description":"A collection of values returned by getMalwareProtocols.\n","properties":{"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"inspectFtp":{"type":"boolean"},"inspectFtpOverHttp":{"type":"boolean"},"inspectHttp":{"type":"boolean"}},"required":["inspectFtp","inspectFtpOverHttp","inspectHttp","id"],"type":"object"}},"zia:index/getMalwareSettings:getMalwareSettings":{"description":"Use the **zia_atp_malware_settings** data source to retrieves the malware protection policy configuration setting details. To learn more see [Configuring Malware Protection Policy](https://help.zscaler.com/unified/configuring-malware-protection-policy)\n\n## Example Usage\n\n```hcl\ndata \"zia_atp_malware_settings\" \"this\" {}\n```\n","outputs":{"description":"A collection of values returned by getMalwareSettings.\n","properties":{"adwareBlocked":{"type":"boolean"},"adwareCapture":{"type":"boolean"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"ransomwareBlocked":{"type":"boolean"},"ransomwareCapture":{"type":"boolean"},"remoteAccessToolBlocked":{"type":"boolean"},"remoteAccessToolCapture":{"type":"boolean"},"spywareBlocked":{"type":"boolean"},"spywareCapture":{"type":"boolean"},"trojanBlocked":{"type":"boolean"},"trojanCapture":{"type":"boolean"},"unwantedApplicationsBlocked":{"type":"boolean"},"unwantedApplicationsCapture":{"type":"boolean"},"virusBlocked":{"type":"boolean"},"virusCapture":{"type":"boolean"},"wormBlocked":{"type":"boolean"},"wormCapture":{"type":"boolean"}},"required":["adwareBlocked","adwareCapture","ransomwareBlocked","ransomwareCapture","remoteAccessToolBlocked","remoteAccessToolCapture","spywareBlocked","spywareCapture","trojanBlocked","trojanCapture","unwantedApplicationsBlocked","unwantedApplicationsCapture","virusBlocked","virusCapture","wormBlocked","wormCapture","id"],"type":"object"}},"zia:index/getMobileMalwareProtectionPolicy:getMobileMalwareProtectionPolicy":{"description":"* [Official documentation](https://help.zscaler.com/zia/configuring-mobile-malware-protection-policy)\n* [API documentation](https://help.zscaler.com/zia/mobile-malware-protection-policy#/mobileAdvanceThreatSettings-put)\n\nUse the **zia_mobile_malware_protection_policy** data source to retrieves all the rules in the Mobile Malware Protection policy configuration. To learn more see [Configuring the Mobile Malware Protection Policy](https://help.zscaler.com/zia/configuring-mobile-malware-protection-policy)\n\n## Example Usage\n\n```hcl\ndata \"zia_mobile_malware_protection_policy\" \"this\" {}\n```\n","outputs":{"description":"A collection of values returned by getMobileMalwareProtectionPolicy.\n","properties":{"blockAppsCommunicatingWithAdWebsites":{"description":"(Boolean) Blocks an application from communicating with known advertisement websites\n","type":"boolean"},"blockAppsCommunicatingWithRemoteUnknownServers":{"description":"(Boolean) Blocks an application from communicating with unknown servers (i.e., servers not normally or historically associated with the application)\n","type":"boolean"},"blockAppsSendingDeviceIdentifier":{"description":"(Boolean) Blocks an application from leaking device identifiers via communication in an unencrypted format or for an unknown purpose\n","type":"boolean"},"blockAppsSendingLocationInfo":{"description":"(Boolean) Blocks an application from leaking device location details via communication in an unencrypted format or for an unknown purpose\n","type":"boolean"},"blockAppsSendingPersonallyIdentifiableInfo":{"description":"(Boolean) Blocks an application from leaking a user's personally identifiable information (PII) via communication in an unencrypted format or for an unknown purpose\n","type":"boolean"},"blockAppsSendingUnencryptedUserCredentials":{"description":"(Boolean) Blocks an application from leaking a user's credentials in an unencrypted format\n","type":"boolean"},"blockAppsWithKnownVulnerabilities":{"description":"(Boolean) Blocks applications that contain vulnerabilities or that use insecure features, modules, or protocols\n","type":"boolean"},"blockAppsWithMaliciousActivity":{"description":"(Boolean) Blocks applications that are known to be malicious, compromised, or perform activities unknown to or hidden from the user\n","type":"boolean"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"}},"required":["blockAppsCommunicatingWithAdWebsites","blockAppsCommunicatingWithRemoteUnknownServers","blockAppsSendingDeviceIdentifier","blockAppsSendingLocationInfo","blockAppsSendingPersonallyIdentifiableInfo","blockAppsSendingUnencryptedUserCredentials","blockAppsWithKnownVulnerabilities","blockAppsWithMaliciousActivity","id"],"type":"object"}},"zia:index/getNatControlRules:getNatControlRules":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-nat-control)\n* [API documentation](https://help.zscaler.com/zia/nat-control-policy#/dnatRules-get)\n\nUse the **zia_nat_control_rules** data source to get information about a NAT Control rule available in the Zscaler Internet Access.\n\n## Example Usage\n\n### By Name\n\n```hcl\n\ndata \"zia_nat_control_rules\" \"this\" {\n  name = \"DNAT_01\"\n}\n```\n\n### By ID\n\n```hcl\n\ndata \"zia_nat_control_rules\" \"this\" {\n  id = 154658\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getNatControlRules.\n","properties":{"id":{"type":"integer","description":"A unique identifier assigned to the forwarding rule.\n"},"name":{"type":"string","description":"The name of the forwarding rule.\n"},"redirectFqdn":{"type":"string","description":"(string) - FQDN to which the traffic is redirected to when the DNAT rule is triggered. This is mutually exclusive to redirect IP.\n"},"redirectIp":{"type":"string","description":"(string) - IP address to which the traffic is redirected to when the DNAT rule is triggered. If not set, no redirection is done to the specific IP address.\n"},"redirectPort":{"type":"integer","description":"(string) -  Port to which the traffic is redirected to when the DNAT rule is triggered. If not set, no redirection is done to the specific port.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getNatControlRules.\n","properties":{"defaultRule":{"description":"(Boolean) If set to true, the default rule is applied\n","type":"boolean"},"departments":{"description":"(Block List, Max: 1) Apply to any number of departments When not used it implies `Any` to apply the rule to all departments.\n","items":{"$ref":"#/types/zia:index/getNatControlRulesDepartment:getNatControlRulesDepartment"},"type":"array"},"description":{"description":"(string) - Additional information about the forwarding rule\n","type":"string"},"destAddresses":{"description":"** - (List of String) -  IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.\n","items":{"type":"string"},"type":"array"},"destCountries":{"description":"** - (List of String) Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.\n","items":{"type":"string"},"type":"array"},"destIpCategories":{"description":"** - (List of String) IP address categories of destination for which the DNAT rule is applicable. If not set, the rule is not restricted to specific destination IP categories.\n","items":{"type":"string"},"type":"array"},"destIpGroups":{"description":"** - (Block List, Max: 1) Any number of destination IP address groups that you want to control with this rule.\n","items":{"$ref":"#/types/zia:index/getNatControlRulesDestIpGroup:getNatControlRulesDestIpGroup"},"type":"array"},"destIpv6Groups":{"description":"** - (Block List, Max: 1) Any number of destination IPv6 address groups that you want to control with this rule.\n","items":{"$ref":"#/types/zia:index/getNatControlRulesDestIpv6Group:getNatControlRulesDestIpv6Group"},"type":"array"},"deviceGroups":{"items":{"$ref":"#/types/zia:index/getNatControlRulesDeviceGroup:getNatControlRulesDeviceGroup"},"type":"array"},"devices":{"items":{"$ref":"#/types/zia:index/getNatControlRulesDevice:getNatControlRulesDevice"},"type":"array"},"enableFullLogging":{"description":"(Boolean)\n","type":"boolean"},"groups":{"description":"(Block List, Max: 1) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`8`\" pulumi-lang-dotnet=\"`8`\" pulumi-lang-go=\"`8`\" pulumi-lang-python=\"`8`\" pulumi-lang-yaml=\"`8`\" pulumi-lang-java=\"`8`\"\u003e`8`\u003c/span\u003e groups. When not used it implies `Any` to apply the rule to all groups.\n","items":{"$ref":"#/types/zia:index/getNatControlRulesGroup:getNatControlRulesGroup"},"type":"array"},"id":{"description":"(int) The ID of this resource.\n","type":"integer"},"labels":{"description":"(Block List, Max: 1) Labels that are applicable to the rule.\n","items":{"$ref":"#/types/zia:index/getNatControlRulesLabel:getNatControlRulesLabel"},"type":"array"},"lastModifiedBies":{"items":{"$ref":"#/types/zia:index/getNatControlRulesLastModifiedBy:getNatControlRulesLastModifiedBy"},"type":"array"},"lastModifiedTime":{"description":"(Number)\n","type":"integer"},"locationGroups":{"description":"(Block List, Max: 1) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`32`\" pulumi-lang-dotnet=\"`32`\" pulumi-lang-go=\"`32`\" pulumi-lang-python=\"`32`\" pulumi-lang-yaml=\"`32`\" pulumi-lang-java=\"`32`\"\u003e`32`\u003c/span\u003e location groups. When not used it implies `Any` to apply the rule to all location groups.\n","items":{"$ref":"#/types/zia:index/getNatControlRulesLocationGroup:getNatControlRulesLocationGroup"},"type":"array"},"locations":{"description":"(Block List, Max: 1) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`8`\" pulumi-lang-dotnet=\"`8`\" pulumi-lang-go=\"`8`\" pulumi-lang-python=\"`8`\" pulumi-lang-yaml=\"`8`\" pulumi-lang-java=\"`8`\"\u003e`8`\u003c/span\u003e locations. When not used it implies `Any` to apply the rule to all groups.\n","items":{"$ref":"#/types/zia:index/getNatControlRulesLocation:getNatControlRulesLocation"},"type":"array"},"name":{"description":"(String) The configured name of the entity\n","type":"string"},"nwServiceGroups":{"description":"(Block List, Max: 1) Any number of predefined or custom network service groups to which the rule applies.\n","items":{"$ref":"#/types/zia:index/getNatControlRulesNwServiceGroup:getNatControlRulesNwServiceGroup"},"type":"array"},"nwServices":{"description":"(Block List, Max: 1) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to `1,024` additional custom services.\n","items":{"$ref":"#/types/zia:index/getNatControlRulesNwService:getNatControlRulesNwService"},"type":"array"},"order":{"description":"(string) - The order of execution for the forwarding rule order.\n","type":"integer"},"predefined":{"description":"(Boolean) If set to true, a predefined rule is applied\n","type":"boolean"},"rank":{"type":"integer"},"redirectFqdn":{"description":"(string) - FQDN to which the traffic is redirected to when the DNAT rule is triggered. This is mutually exclusive to redirect IP.\n","type":"string"},"redirectIp":{"description":"(string) - IP address to which the traffic is redirected to when the DNAT rule is triggered. If not set, no redirection is done to the specific IP address.\n","type":"string"},"redirectPort":{"description":"(string) -  Port to which the traffic is redirected to when the DNAT rule is triggered. If not set, no redirection is done to the specific port.\n","type":"integer"},"resCategories":{"items":{"type":"string"},"type":"array"},"srcIpGroups":{"description":"(Block List, Max: 1) Any number of source IP address groups that you want to control with this rule.\n","items":{"$ref":"#/types/zia:index/getNatControlRulesSrcIpGroup:getNatControlRulesSrcIpGroup"},"type":"array"},"srcIps":{"description":"(List of String) You can enter individual IP addresses, subnets, or address ranges.\n","items":{"type":"string"},"type":"array"},"srcIpv6Groups":{"description":"(Block List, Max: 1) Any number of source IPv6 address groups that you want to control with this rule.\n","items":{"$ref":"#/types/zia:index/getNatControlRulesSrcIpv6Group:getNatControlRulesSrcIpv6Group"},"type":"array"},"state":{"type":"string"},"timeWindows":{"description":"(Block List, Max: 1) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`2`\" pulumi-lang-dotnet=\"`2`\" pulumi-lang-go=\"`2`\" pulumi-lang-python=\"`2`\" pulumi-lang-yaml=\"`2`\" pulumi-lang-java=\"`2`\"\u003e`2`\u003c/span\u003e time intervals. When not used it implies \u003cspan pulumi-lang-nodejs=\"`always`\" pulumi-lang-dotnet=\"`Always`\" pulumi-lang-go=\"`always`\" pulumi-lang-python=\"`always`\" pulumi-lang-yaml=\"`always`\" pulumi-lang-java=\"`always`\"\u003e`always`\u003c/span\u003e to apply the rule to all time intervals.\n","items":{"$ref":"#/types/zia:index/getNatControlRulesTimeWindow:getNatControlRulesTimeWindow"},"type":"array"},"users":{"description":"(Block List, Max: 1) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`4`\" pulumi-lang-dotnet=\"`4`\" pulumi-lang-go=\"`4`\" pulumi-lang-python=\"`4`\" pulumi-lang-yaml=\"`4`\" pulumi-lang-java=\"`4`\"\u003e`4`\u003c/span\u003e general and/or special users. When not used it implies `Any` to apply the rule to all users.\n","items":{"$ref":"#/types/zia:index/getNatControlRulesUser:getNatControlRulesUser"},"type":"array"}},"required":["defaultRule","departments","description","destAddresses","destCountries","destIpCategories","destIpGroups","destIpv6Groups","deviceGroups","devices","enableFullLogging","groups","id","labels","lastModifiedBies","lastModifiedTime","locationGroups","locations","name","nwServiceGroups","nwServices","order","predefined","rank","resCategories","srcIpGroups","srcIps","srcIpv6Groups","state","timeWindows","users"],"type":"object"}},"zia:index/getNssServer:getNssServer":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-nss-servers)\n* [API documentation](https://help.zscaler.com/zia/cloud-nanolog-streaming-service-nss#/nssServers-get)\n\nUse the **zia_nss_server** data source to get information about a nss server resource in the Zscaler Internet Access cloud or via the API.\nSee [Adding NSS Servers](https://help.zscaler.com/zia/adding-nss-servers) for more details.\n\n## Example Usage\n\n### Retrieve By Name\n\n```hcl\ndata \"zia_nss_server\" \"this\" {\n    name = \"NSSServer01\"\n}\n```\n\n### Retrieve By ID\n\n```hcl\ndata \"zia_nss_server\" \"this\" {\n    id = \"5445585\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getNssServer.\n","properties":{"id":{"type":"integer","description":"System-generated identifier of the NSS server based on the software platform\n"},"name":{"type":"string","description":"The name of the nss server to be exported.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getNssServer.\n","properties":{"icapSvrId":{"description":"(integer) The ICAP server ID\n","type":"integer"},"id":{"type":"integer"},"name":{"type":"string"},"state":{"description":"(String) The health of the NSS server. Returned Values:  `UNHEALTHY`, `HEALTHY`, `UNKNOWN`\n","type":"string"},"status":{"description":"(String) Enables or disables the status of the NSS server. Returned Values: `ENABLED`, `DISABLED`, `DISABLED_BY_SERVICE_PROVIDER`, `NOT_PROVISIONED_IN_SERVICE_PROVIDER`, `IN_TRIAL`\n","type":"string"},"type":{"description":"(String) Whether you are creating an NSS for web logs or firewall logs. Returned Values:  `NSS_FOR_WEB`, `NSS_FOR_FIREWALL`\n","type":"string"}},"required":["icapSvrId","id","name","state","status","type"],"type":"object"}},"zia:index/getRiskProfiles:getRiskProfiles":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-cloud-application-risk-profile)\n* [API documentation](https://help.zscaler.com/zia/cloud-applications#/riskProfiles-get)\n\nUse the **zia_risk_profiles** data source to get information about a cloud application risk profile in the Zscaler Internet Access cloud or via the API.\nSee [About Cloud Application Risk Profile](https://help.zscaler.com/zia/about-cloud-application-risk-profile) for more details.\n\n## Example Usage\n\n### Retrieve By Name\n\n```hcl\ndata \"zia_risk_profiles\" \"this\" {\n    name = \"RiskProfile01\"\n}\n```\n\n### Retrieve By ID\n\n```hcl\ndata \"zia_risk_profiles\" \"this\" {\n    id = \"5445585\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getRiskProfiles.\n","properties":{"id":{"type":"integer","description":"Unique identifier for the risk profile.\n"},"name":{"type":"string","description":"Cloud application risk profile name.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getRiskProfiles.\n","properties":{"adminAuditLogs":{"description":"(String) Filters based on support for administrative logging. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n","type":"string"},"certifications":{"description":"(Optional) Filters based on supported certifications.\n","items":{"type":"string"},"type":"array"},"createTime":{"type":"integer"},"customTags":{"description":"(Set) List of custom tags to be included or excluded for the profile.\n","items":{"$ref":"#/types/zia:index/getRiskProfilesCustomTag:getRiskProfilesCustomTag"},"type":"array"},"dataBreach":{"description":"(String) Filters based on history of data breaches. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n","type":"string"},"dataEncryptionInTransits":{"description":"(Optional) Filters based on encryption of data in transit.\n","items":{"type":"string"},"type":"array"},"dnsCaaPolicy":{"description":"(String) Filters based on DNS CAA policy implementation.\n","type":"string"},"domainBasedMessageAuth":{"description":"(String) Filters based on DMARC support. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n","type":"string"},"domainKeysIdentifiedMail":{"description":"(String) Filters based on DKIM authentication support. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n","type":"string"},"evasive":{"description":"(String) Filters based on anonymous access support. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n","type":"string"},"excludeCertificates":{"description":"(Int) Indicates if the certificates are included or not.\n","type":"integer"},"fileSharing":{"description":"(String) Filters based on file sharing capability. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n","type":"string"},"httpSecurityHeaders":{"description":"(String) Filters based on HTTP security headers support. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n","type":"string"},"id":{"type":"integer"},"lastModTime":{"type":"integer"},"lastModifiedBies":{"items":{"$ref":"#/types/zia:index/getRiskProfilesLastModifiedBy:getRiskProfilesLastModifiedBy"},"type":"array"},"malwareScanningForContent":{"description":"(String) Filters based on content malware scanning. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n","type":"string"},"mfaSupport":{"description":"(String) Filters based on multi-factor authentication support. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n","type":"string"},"name":{"type":"string"},"passwordStrength":{"description":"(String) Filters based on password strength policy. Supported values: `ANY`, `GOOD`, `POOR`, `UN_KNOWN`.\n","type":"string"},"poorItemsOfService":{"description":"(String) Filters applications based on questionable legal terms. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n","type":"string"},"profileType":{"description":"(String) Risk profile type. Supported value: `CLOUD_APPLICATIONS`. Default is `CLOUD_APPLICATIONS`.\n","type":"string"},"remoteScreenSharing":{"description":"(String) Filters based on remote screen sharing support. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n","type":"string"},"riskIndices":{"description":"(Optional) Filters based on risk index thresholds.\n","items":{"type":"integer"},"type":"array"},"senderPolicyFramework":{"description":"(String) Filters based on SPF authentication support. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n","type":"string"},"sourceIpRestrictions":{"description":"(String) Filters based on IP restriction support. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n","type":"string"},"sslCertKeySize":{"description":"(String) Filters based on SSL certificate key size. Supported values: `ANY`, `UN_KNOWN`, `BITS_1024`, `BITS_2048`, `BITS_256`, `BITS_3072`, `BITS_384`, `BITS_4096`, `BITS_8192`.\n","type":"string"},"sslCertValidity":{"description":"(String) Filters based on SSL certificate validity period. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n","type":"string"},"sslPinned":{"description":"(String) Filters based on use of pinned SSL certificates. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n","type":"string"},"status":{"description":"(String) Status of the applications. Supported values: `UN_SANCTIONED`, `SANCTIONED`, `ANY`.\n","type":"string"},"supportForWaf":{"description":"(String) Filters based on Web Application Firewall (WAF) support. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n","type":"string"},"vulnerability":{"description":"(String) Filters based on published CVE vulnerabilities. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n","type":"string"},"vulnerabilityDisclosure":{"description":"(String) Filters based on vulnerability disclosure policy. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n","type":"string"},"vulnerableToHeartBleed":{"description":"(String) Filters based on Heartbleed vulnerability. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n","type":"string"},"vulnerableToLogJam":{"description":"(String) Filters based on Logjam vulnerability. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n","type":"string"},"vulnerableToPoodle":{"description":"(String) Filters based on POODLE vulnerability. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n","type":"string"},"weakCipherSupport":{"description":"(String) Filters based on weak cipher usage. Supported values: `ANY`, `YES`, `NO`, `UN_KNOWN`.\n","type":"string"}},"required":["adminAuditLogs","certifications","createTime","customTags","dataBreach","dataEncryptionInTransits","dnsCaaPolicy","domainBasedMessageAuth","domainKeysIdentifiedMail","evasive","excludeCertificates","fileSharing","httpSecurityHeaders","id","lastModTime","lastModifiedBies","malwareScanningForContent","mfaSupport","name","passwordStrength","poorItemsOfService","profileType","remoteScreenSharing","riskIndices","senderPolicyFramework","sourceIpRestrictions","sslCertKeySize","sslCertValidity","sslPinned","status","supportForWaf","vulnerability","vulnerabilityDisclosure","vulnerableToHeartBleed","vulnerableToLogJam","vulnerableToPoodle","weakCipherSupport"],"type":"object"}},"zia:index/getRuleLabels:getRuleLabels":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-rule-labels)\n* [API documentation](https://help.zscaler.com/zia/rule-labels#/ruleLabels-get)\n\nUse the **zia_rule_labels** data source to get information about a rule label resource in the Zscaler Internet Access cloud or via the API. This data source can then be associated with resources such as: Firewall Rules and URL filtering rules\n\n## Example Usage\n\n```hcl\n# ZIA Rule Labels Data Source\ndata \"zia_rule_labels\" \"example\" {\n    name = \"Example\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getRuleLabels.\n","properties":{"id":{"type":"integer","description":"The unique identifer for the rule label.\n"},"name":{"type":"string","description":"The name of the rule label to be exported.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getRuleLabels.\n","properties":{"createdBies":{"description":"(String) The admin that created the rule label. This is a read-only field. Ignored by PUT requests.\n","items":{"$ref":"#/types/zia:index/getRuleLabelsCreatedBy:getRuleLabelsCreatedBy"},"type":"array"},"description":{"description":"(String) The rule label description.\n","type":"string"},"id":{"type":"integer"},"lastModifiedBies":{"description":"(String) The admin that modified the rule label last. This is a read-only field. Ignored by PUT requests.\n","items":{"$ref":"#/types/zia:index/getRuleLabelsLastModifiedBy:getRuleLabelsLastModifiedBy"},"type":"array"},"lastModifiedTime":{"description":"(String) Timestamp when the rule lable was last modified. This is a read-only field. Ignored by PUT and DELETE requests.\n","type":"integer"},"name":{"type":"string"},"referencedRuleCount":{"description":"(int) The number of rules that reference the label.\n","type":"integer"}},"required":["createdBies","description","id","lastModifiedBies","lastModifiedTime","name","referencedRuleCount"],"type":"object"}},"zia:index/getSSLInspectionRules:getSSLInspectionRules":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-ssl-inspection-policy)\n* [API documentation](https://help.zscaler.com/zia/ssl-inspection-policy#/sslInspectionRules-get)\n\nUse the **zia_ssl_inspection_rules** data source to get information about a ssl inspection rule in the Zscaler Internet Access.\n\n## Example Usage\n\n```hcl\n# ZIA SSL Inspection by name\ndata \"zia_ssl_inspection_rules\" \"this\" {\n    name = \"SSL_Inspection_Rule01\"\n}\n```\n\n```hcl\n# ZIA SSL Inspection by ID\ndata \"zia_ssl_inspection_rules\" \"this\" {\n    id = \"12365478\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getSSLInspectionRules.\n","properties":{"id":{"type":"integer","description":"Unique identifier for the SSL Inspection\n"},"name":{"type":"string","description":"Name of the SSL Inspection\n"},"urlCategories":{"type":"array","items":{"type":"string"},"description":"The list of URL categories to which the DLP policy rule must be applied.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getSSLInspectionRules.\n","properties":{"actions":{"description":"Action taken when the traffic matches policy\n","items":{"$ref":"#/types/zia:index/getSSLInspectionRulesAction:getSSLInspectionRulesAction"},"type":"array"},"cloudApplications":{"description":"The list of URL categories to which the DLP policy rule must be applied.\n","items":{"type":"string"},"type":"array"},"departments":{"description":"ID pairs of departments for which the rule is applied.\n","items":{"$ref":"#/types/zia:index/getSSLInspectionRulesDepartment:getSSLInspectionRulesDepartment"},"type":"array"},"description":{"description":"The description of the workload group\n","type":"string"},"destIpGroups":{"description":"ID pairs of destination IP address groups for which the rule is applied.\n","items":{"$ref":"#/types/zia:index/getSSLInspectionRulesDestIpGroup:getSSLInspectionRulesDestIpGroup"},"type":"array"},"deviceGroups":{"description":"ID pairs of device groups for which the rule is applied.\n","items":{"$ref":"#/types/zia:index/getSSLInspectionRulesDeviceGroup:getSSLInspectionRulesDeviceGroup"},"type":"array"},"deviceTrustLevels":{"description":"Lists device trust levels for which the rule must be applied (for devices managed using Zscaler Client Connector).\n","items":{"type":"string"},"type":"array"},"devices":{"description":"ID pairs of devices for which the rule is applied\n","items":{"$ref":"#/types/zia:index/getSSLInspectionRulesDevice:getSSLInspectionRulesDevice"},"type":"array"},"groups":{"description":"ID pairs of groups for which the rule is applied. If not set, rule is applied for all groups.\n","items":{"$ref":"#/types/zia:index/getSSLInspectionRulesGroup:getSSLInspectionRulesGroup"},"type":"array"},"id":{"description":"A unique identifier assigned to the workload group\n","type":"integer"},"labels":{"description":"ID pairs of labels associated with the rule.\n","items":{"$ref":"#/types/zia:index/getSSLInspectionRulesLabel:getSSLInspectionRulesLabel"},"type":"array"},"lastModifiedBies":{"description":"A nested block with details about who last modified the workload group.\n","items":{"$ref":"#/types/zia:index/getSSLInspectionRulesLastModifiedBy:getSSLInspectionRulesLastModifiedBy"},"type":"array"},"lastModifiedTime":{"description":"Timestamp when the workload group was last modified.\n","type":"integer"},"locationGroups":{"description":"ID pairs of location groups to which the rule is applied. When empty, it implies applying to all location groups.\n","items":{"$ref":"#/types/zia:index/getSSLInspectionRulesLocationGroup:getSSLInspectionRulesLocationGroup"},"type":"array"},"locations":{"description":"ID pairs of locations to which the rule is applied. When empty, it implies applying to all locations.\n","items":{"$ref":"#/types/zia:index/getSSLInspectionRulesLocation:getSSLInspectionRulesLocation"},"type":"array"},"name":{"description":"The name of the workload group\n","type":"string"},"order":{"description":"Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.\n","type":"integer"},"platforms":{"description":"Zscaler Client Connector device platforms for which this rule is applied. Supported Values: `SCAN_IOS`, `SCAN_ANDROID`, `SCAN_MACOS`, `SCAN_WINDOWS`, `NO_CLIENT_CONNECTOR`, `SCAN_LINUX`\n","items":{"type":"string"},"type":"array"},"proxyGateways":{"description":"When using ZPA Gateway forwarding, name-ID pairs of ZPA Application Segments for which the rule is applicable.\n","items":{"$ref":"#/types/zia:index/getSSLInspectionRulesProxyGateway:getSSLInspectionRulesProxyGateway"},"type":"array"},"rank":{"description":"The admin rank specified for the rule based on your assigned admin rank. Admin rank determines the rule order that can be specified for the rule. Admin rank can be configured if it is enabled in the Advanced Settings.\n","type":"integer"},"roadWarriorForKerberos":{"description":"Indicates whether this rule is applied to remote users that use PAC with Kerberos authentication.\n","type":"boolean"},"sourceIpGroups":{"description":"ID pairs of source IP address groups for which the rule is applied.\n","items":{"$ref":"#/types/zia:index/getSSLInspectionRulesSourceIpGroup:getSSLInspectionRulesSourceIpGroup"},"type":"array"},"state":{"description":"The state of the rule indicating whether it is enabled or disabled. Supported values: `ENABLED` or `DISABLED`\n","type":"string"},"timeWindows":{"description":"The time intervals during which the rule applies\n","items":{"$ref":"#/types/zia:index/getSSLInspectionRulesTimeWindow:getSSLInspectionRulesTimeWindow"},"type":"array"},"urlCategories":{"description":"The list of URL categories to which the DLP policy rule must be applied.\n","items":{"type":"string"},"type":"array"},"userAgentTypes":{"description":"A list of user agent types the rule applies to.\n","items":{"type":"string"},"type":"array"},"users":{"description":"The list of preconfigured workload groups to which the policy must be applied.\n","items":{"$ref":"#/types/zia:index/getSSLInspectionRulesUser:getSSLInspectionRulesUser"},"type":"array"},"workloadGroups":{"description":"The list of preconfigured workload groups to which the policy must be applied.\n","items":{"$ref":"#/types/zia:index/getSSLInspectionRulesWorkloadGroup:getSSLInspectionRulesWorkloadGroup"},"type":"array"},"zpaAppSegments":{"description":"The list of ZPA Application Segments for which this rule is applicable (applicable only for ZPA Gateway forwarding).\n","items":{"$ref":"#/types/zia:index/getSSLInspectionRulesZpaAppSegment:getSSLInspectionRulesZpaAppSegment"},"type":"array"}},"required":["actions","cloudApplications","departments","description","destIpGroups","deviceGroups","deviceTrustLevels","devices","groups","id","labels","lastModifiedBies","lastModifiedTime","locationGroups","locations","name","order","platforms","proxyGateways","rank","roadWarriorForKerberos","sourceIpGroups","state","timeWindows","userAgentTypes","users","workloadGroups","zpaAppSegments"],"type":"object"}},"zia:index/getSandboxBehavioralAnalysis:getSandboxBehavioralAnalysis":{"description":"* [Official documentation](https://help.zscaler.com/zia/sandbox-policy-settings#/behavioralAnalysisAdvancedSettings-get)\n* [API documentation](https://help.zscaler.com/zia/sandbox-policy-settings#/behavioralAnalysisAdvancedSettings-get)\n\nUse the **zia_sandbox_behavioral_analysis** data source to get get the custom list of MD5 file hashes that are blocked by Sandbox\n\n## Example Usage\n\n```hcl\n# ZIA Security Policy Settings Data Source\ndata \"zia_sandbox_behavioral_analysis\" list_all {}\n```\n","outputs":{"description":"A collection of values returned by getSandboxBehavioralAnalysis.\n","properties":{"fileHashesToBeBlockeds":{"items":{"type":"string"},"type":"array"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"}},"required":["fileHashesToBeBlockeds","id"],"type":"object"}},"zia:index/getSandboxReport:getSandboxReport":{"description":"* [Official documentation](https://help.zscaler.com/zia/sandbox-report-use-cases)\n* [API documentation](https://help.zscaler.com/zia/sandbox-report#/sandbox/report/{md5Hash}-get)\n\nUse the **zia_sandbox_report** data source gets a full (i.e., complete) or summary detail report for an MD5 hash of a file that was analyzed by Sandbox.\n\n## Example Usage\n\n### Obtain Full Sandbox Report\n\n```hcl\ndata \"zia_sandbox_report\" \"this\" {\n  md5_hash = \"F69CA01D65E6C8F9E3540029E5F6AB92\"\n  details = \"full\"\n}\n```\n\n### Obtain Summarized Sandbox Report\n\n```hcl\ndata \"zia_sandbox_report\" \"this\" {\n  md5_hash = \"F69CA01D65E6C8F9E3540029E5F6AB92\"\n  details = \"summary\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getSandboxReport.\n","properties":{"details":{"type":"string","description":"(Required) Type of report, full or summary.\n"},"exploits":{"type":"array","items":{"$ref":"#/types/zia:index/getSandboxReportExploit:getSandboxReportExploit"}},"md5Hash":{"type":"string","description":"(Required) MD5 hash of the file that was analyzed by Sandbox.\n"},"networkings":{"type":"array","items":{"$ref":"#/types/zia:index/getSandboxReportNetworking:getSandboxReportNetworking"}},"persistences":{"type":"array","items":{"$ref":"#/types/zia:index/getSandboxReportPersistence:getSandboxReportPersistence"}},"securityBypasses":{"type":"array","items":{"$ref":"#/types/zia:index/getSandboxReportSecurityBypass:getSandboxReportSecurityBypass"}},"spywares":{"type":"array","items":{"$ref":"#/types/zia:index/getSandboxReportSpyware:getSandboxReportSpyware"}},"stealths":{"type":"array","items":{"$ref":"#/types/zia:index/getSandboxReportStealth:getSandboxReportStealth"}}},"type":"object","required":["md5Hash"]},"outputs":{"description":"A collection of values returned by getSandboxReport.\n","properties":{"classifications":{"items":{"$ref":"#/types/zia:index/getSandboxReportClassification:getSandboxReportClassification"},"type":"array"},"details":{"description":"(Required) Type of report, full or summary.\n","type":"string"},"exploits":{"items":{"$ref":"#/types/zia:index/getSandboxReportExploit:getSandboxReportExploit"},"type":"array"},"fileProperties":{"items":{"$ref":"#/types/zia:index/getSandboxReportFileProperty:getSandboxReportFileProperty"},"type":"array"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"md5Hash":{"description":"(Required) MD5 hash of the file that was analyzed by Sandbox.\n","type":"string"},"networkings":{"items":{"$ref":"#/types/zia:index/getSandboxReportNetworking:getSandboxReportNetworking"},"type":"array"},"origins":{"items":{"$ref":"#/types/zia:index/getSandboxReportOrigin:getSandboxReportOrigin"},"type":"array"},"persistences":{"items":{"$ref":"#/types/zia:index/getSandboxReportPersistence:getSandboxReportPersistence"},"type":"array"},"securityBypasses":{"items":{"$ref":"#/types/zia:index/getSandboxReportSecurityBypass:getSandboxReportSecurityBypass"},"type":"array"},"spywares":{"items":{"$ref":"#/types/zia:index/getSandboxReportSpyware:getSandboxReportSpyware"},"type":"array"},"stealths":{"items":{"$ref":"#/types/zia:index/getSandboxReportStealth:getSandboxReportStealth"},"type":"array"},"summaries":{"description":"Summary detail report for an MD5 hash of a file that was analyzed by Sandbox\n","items":{"$ref":"#/types/zia:index/getSandboxReportSummary:getSandboxReportSummary"},"type":"array"},"systemSummaries":{"items":{"$ref":"#/types/zia:index/getSandboxReportSystemSummary:getSandboxReportSystemSummary"},"type":"array"}},"required":["classifications","exploits","fileProperties","md5Hash","networkings","origins","persistences","securityBypasses","spywares","stealths","summaries","systemSummaries","id"],"type":"object"}},"zia:index/getSandboxRules:getSandboxRules":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-sandbox)\n* [API documentation](https://help.zscaler.com/zia/sandbox-policy-settings#/sandboxRules-get)\n\nUse the **zia_sandbox_rules** data source to get information about a sandbox rule in the Zscaler Internet Access.\n\n## Example Usage\n\n```hcl\n# ZIA Sandbox Rule by name\ndata \"zia_sandbox_rules\" \"this\" {\n    name = \"Default BA Rule\"\n}\n```\n\n```hcl\n# ZIA Sandbox Rule by ID\ndata \"zia_sandbox_rules\" \"this\" {\n    id = \"12365478\"\n}\n```\n\n## Read-Only\n\nIn addition to all arguments above, the following attributes are exported:\n\n* \u003cspan pulumi-lang-nodejs=\"`description`\" pulumi-lang-dotnet=\"`Description`\" pulumi-lang-go=\"`description`\" pulumi-lang-python=\"`description`\" pulumi-lang-yaml=\"`description`\" pulumi-lang-java=\"`description`\"\u003e`description`\u003c/span\u003e - (String) Enter additional notes or information. The description cannot exceed 10,240 characters.\n* \u003cspan pulumi-lang-nodejs=\"`order`\" pulumi-lang-dotnet=\"`Order`\" pulumi-lang-go=\"`order`\" pulumi-lang-python=\"`order`\" pulumi-lang-yaml=\"`order`\" pulumi-lang-java=\"`order`\"\u003e`order`\u003c/span\u003e - (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order.\n* \u003cspan pulumi-lang-nodejs=\"`state`\" pulumi-lang-dotnet=\"`State`\" pulumi-lang-go=\"`state`\" pulumi-lang-python=\"`state`\" pulumi-lang-yaml=\"`state`\" pulumi-lang-java=\"`state`\"\u003e`state`\u003c/span\u003e - (String) The state of the rule indicating whether it is enabled or disabled. Supported values: `ENABLED` or `DISABLED`\n* \u003cspan pulumi-lang-nodejs=\"`rank`\" pulumi-lang-dotnet=\"`Rank`\" pulumi-lang-go=\"`rank`\" pulumi-lang-python=\"`rank`\" pulumi-lang-yaml=\"`rank`\" pulumi-lang-java=\"`rank`\"\u003e`rank`\u003c/span\u003e - (Integer) The admin rank specified for the rule based on your assigned admin rank. Admin rank determines the rule order that can be specified for the rule. Admin rank can be configured if it is enabled in the Advanced Settings.\n* \u003cspan pulumi-lang-nodejs=\"`baRuleAction`\" pulumi-lang-dotnet=\"`BaRuleAction`\" pulumi-lang-go=\"`baRuleAction`\" pulumi-lang-python=\"`ba_rule_action`\" pulumi-lang-yaml=\"`baRuleAction`\" pulumi-lang-java=\"`baRuleAction`\"\u003e`ba_rule_action`\u003c/span\u003e - (String) The action configured for the rule that must take place if the traffic matches the rule criteria. Supported Values: `ALLOW` or `BLOCK`\n* \u003cspan pulumi-lang-nodejs=\"`firstTimeEnable`\" pulumi-lang-dotnet=\"`FirstTimeEnable`\" pulumi-lang-go=\"`firstTimeEnable`\" pulumi-lang-python=\"`first_time_enable`\" pulumi-lang-yaml=\"`firstTimeEnable`\" pulumi-lang-java=\"`firstTimeEnable`\"\u003e`first_time_enable`\u003c/span\u003e - (Boolean) A Boolean value indicating whether a First-Time Action is specifically configured for the rule. The First-Time Action takes place when users download unknown files. The action to be applied is specified using the firstTimeOperation field.\n* \u003cspan pulumi-lang-nodejs=\"`firstTimeOperation`\" pulumi-lang-dotnet=\"`FirstTimeOperation`\" pulumi-lang-go=\"`firstTimeOperation`\" pulumi-lang-python=\"`first_time_operation`\" pulumi-lang-yaml=\"`firstTimeOperation`\" pulumi-lang-java=\"`firstTimeOperation`\"\u003e`first_time_operation`\u003c/span\u003e - (String) The action that must take place when users download unknown files for the first time. Supported Values: `ALLOW_SCAN`, `QUARANTINE`, `ALLOW_NOSCAN`, `QUARANTINE_ISOLATE`\n* \u003cspan pulumi-lang-nodejs=\"`mlActionEnabled`\" pulumi-lang-dotnet=\"`MlActionEnabled`\" pulumi-lang-go=\"`mlActionEnabled`\" pulumi-lang-python=\"`ml_action_enabled`\" pulumi-lang-yaml=\"`mlActionEnabled`\" pulumi-lang-java=\"`mlActionEnabled`\"\u003e`ml_action_enabled`\u003c/span\u003e - (Boolean) A Boolean value indicating whether to enable or disable the AI Instant Verdict option to have the Zscaler service use AI analysis to instantly assign threat scores to unknown files. This option is available to use only with specific rule actions such as Quarantine and Allow and Scan for First-Time Action.\n* \u003cspan pulumi-lang-nodejs=\"`byThreatScore`\" pulumi-lang-dotnet=\"`ByThreatScore`\" pulumi-lang-go=\"`byThreatScore`\" pulumi-lang-python=\"`by_threat_score`\" pulumi-lang-yaml=\"`byThreatScore`\" pulumi-lang-java=\"`byThreatScore`\"\u003e`by_threat_score`\u003c/span\u003e - (Integer)\n* \u003cspan pulumi-lang-nodejs=\"`defaultRule`\" pulumi-lang-dotnet=\"`DefaultRule`\" pulumi-lang-go=\"`defaultRule`\" pulumi-lang-python=\"`default_rule`\" pulumi-lang-yaml=\"`defaultRule`\" pulumi-lang-java=\"`defaultRule`\"\u003e`default_rule`\u003c/span\u003e - (Boolean) Value that indicates whether the rule is the Default Cloud IPS Rule or not\n\n* \u003cspan pulumi-lang-nodejs=\"`urlCategories`\" pulumi-lang-dotnet=\"`UrlCategories`\" pulumi-lang-go=\"`urlCategories`\" pulumi-lang-python=\"`url_categories`\" pulumi-lang-yaml=\"`urlCategories`\" pulumi-lang-java=\"`urlCategories`\"\u003e`url_categories`\u003c/span\u003e - (List of Strings) The list of URL categories to which the DLP policy rule must be applied.\n* \u003cspan pulumi-lang-nodejs=\"`fileTypes`\" pulumi-lang-dotnet=\"`FileTypes`\" pulumi-lang-go=\"`fileTypes`\" pulumi-lang-python=\"`file_types`\" pulumi-lang-yaml=\"`fileTypes`\" pulumi-lang-java=\"`fileTypes`\"\u003e`file_types`\u003c/span\u003e - (List of Strings) File type categories for which the policy is applied. If not set, the rule is applied across all file types.\n\n`Who, Where and When` supports the following attributes:\n\n* \u003cspan pulumi-lang-nodejs=\"`locations`\" pulumi-lang-dotnet=\"`Locations`\" pulumi-lang-go=\"`locations`\" pulumi-lang-python=\"`locations`\" pulumi-lang-yaml=\"`locations`\" pulumi-lang-java=\"`locations`\"\u003e`locations`\u003c/span\u003e - (List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`8`\" pulumi-lang-dotnet=\"`8`\" pulumi-lang-go=\"`8`\" pulumi-lang-python=\"`8`\" pulumi-lang-yaml=\"`8`\" pulumi-lang-java=\"`8`\"\u003e`8`\u003c/span\u003e locations. When not used it implies `Any` to apply the rule to all groups.\n      - \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e - (Integer) Identifier that uniquely identifies an entity\n* \u003cspan pulumi-lang-nodejs=\"`locationGroups`\" pulumi-lang-dotnet=\"`LocationGroups`\" pulumi-lang-go=\"`locationGroups`\" pulumi-lang-python=\"`location_groups`\" pulumi-lang-yaml=\"`locationGroups`\" pulumi-lang-java=\"`locationGroups`\"\u003e`location_groups`\u003c/span\u003e - (List of Objects)You can manually select up to \u003cspan pulumi-lang-nodejs=\"`32`\" pulumi-lang-dotnet=\"`32`\" pulumi-lang-go=\"`32`\" pulumi-lang-python=\"`32`\" pulumi-lang-yaml=\"`32`\" pulumi-lang-java=\"`32`\"\u003e`32`\u003c/span\u003e location groups. When not used it implies `Any` to apply the rule to all location groups.\n      - \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e - (Integer) Identifier that uniquely identifies an entity\n* \u003cspan pulumi-lang-nodejs=\"`users`\" pulumi-lang-dotnet=\"`Users`\" pulumi-lang-go=\"`users`\" pulumi-lang-python=\"`users`\" pulumi-lang-yaml=\"`users`\" pulumi-lang-java=\"`users`\"\u003e`users`\u003c/span\u003e - (List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`4`\" pulumi-lang-dotnet=\"`4`\" pulumi-lang-go=\"`4`\" pulumi-lang-python=\"`4`\" pulumi-lang-yaml=\"`4`\" pulumi-lang-java=\"`4`\"\u003e`4`\u003c/span\u003e general and/or special users. When not used it implies `Any` to apply the rule to all users.\n      - \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e - (Integer) Identifier that uniquely identifies an entity\n* \u003cspan pulumi-lang-nodejs=\"`groups`\" pulumi-lang-dotnet=\"`Groups`\" pulumi-lang-go=\"`groups`\" pulumi-lang-python=\"`groups`\" pulumi-lang-yaml=\"`groups`\" pulumi-lang-java=\"`groups`\"\u003e`groups`\u003c/span\u003e - (List of Objects) You can manually select up to \u003cspan pulumi-lang-nodejs=\"`8`\" pulumi-lang-dotnet=\"`8`\" pulumi-lang-go=\"`8`\" pulumi-lang-python=\"`8`\" pulumi-lang-yaml=\"`8`\" pulumi-lang-java=\"`8`\"\u003e`8`\u003c/span\u003e groups. When not used it implies `Any` to apply the rule to all groups.\n      - \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e - (Integer) Identifier that uniquely identifies an entity\n* \u003cspan pulumi-lang-nodejs=\"`departments`\" pulumi-lang-dotnet=\"`Departments`\" pulumi-lang-go=\"`departments`\" pulumi-lang-python=\"`departments`\" pulumi-lang-yaml=\"`departments`\" pulumi-lang-java=\"`departments`\"\u003e`departments`\u003c/span\u003e - (List of Objects) Apply to any number of departments When not used it implies `Any` to apply the rule to all departments.\n      - \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e - (Integer) Identifier that uniquely identifies an entity\n\n* \u003cspan pulumi-lang-nodejs=\"`labels`\" pulumi-lang-dotnet=\"`Labels`\" pulumi-lang-go=\"`labels`\" pulumi-lang-python=\"`labels`\" pulumi-lang-yaml=\"`labels`\" pulumi-lang-java=\"`labels`\"\u003e`labels`\u003c/span\u003e (List of Objects) Labels that are applicable to the rule.\n      - \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e - (Integer) Identifier that uniquely identifies an entity\n\n* \u003cspan pulumi-lang-nodejs=\"`zpaAppSegments`\" pulumi-lang-dotnet=\"`ZpaAppSegments`\" pulumi-lang-go=\"`zpaAppSegments`\" pulumi-lang-python=\"`zpa_app_segments`\" pulumi-lang-yaml=\"`zpaAppSegments`\" pulumi-lang-java=\"`zpaAppSegments`\"\u003e`zpa_app_segments`\u003c/span\u003e (List of Objects) The ZPA application segments to which the rule applies\n      - \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e - (Integer) Identifier that uniquely identifies an entity\n","inputs":{"description":"A collection of arguments for invoking getSandboxRules.\n","properties":{"id":{"type":"integer","description":"Unique identifier for the Sandbox rule\n"},"name":{"type":"string","description":"Name of the Sandbox rule\n"},"urlCategories":{"type":"array","items":{"type":"string"}}},"type":"object"},"outputs":{"description":"A collection of values returned by getSandboxRules.\n","properties":{"baPolicyCategories":{"items":{"type":"string"},"type":"array"},"baRuleAction":{"type":"string"},"byThreatScore":{"type":"integer"},"departments":{"items":{"$ref":"#/types/zia:index/getSandboxRulesDepartment:getSandboxRulesDepartment"},"type":"array"},"description":{"type":"string"},"fileTypes":{"items":{"type":"string"},"type":"array"},"firstTimeEnable":{"type":"boolean"},"firstTimeOperation":{"type":"string"},"groups":{"items":{"$ref":"#/types/zia:index/getSandboxRulesGroup:getSandboxRulesGroup"},"type":"array"},"id":{"type":"integer"},"labels":{"items":{"$ref":"#/types/zia:index/getSandboxRulesLabel:getSandboxRulesLabel"},"type":"array"},"lastModifiedBies":{"items":{"$ref":"#/types/zia:index/getSandboxRulesLastModifiedBy:getSandboxRulesLastModifiedBy"},"type":"array"},"lastModifiedTime":{"type":"integer"},"locationGroups":{"items":{"$ref":"#/types/zia:index/getSandboxRulesLocationGroup:getSandboxRulesLocationGroup"},"type":"array"},"locations":{"items":{"$ref":"#/types/zia:index/getSandboxRulesLocation:getSandboxRulesLocation"},"type":"array"},"mlActionEnabled":{"type":"boolean"},"name":{"type":"string"},"order":{"type":"integer"},"protocols":{"items":{"type":"string"},"type":"array"},"rank":{"type":"integer"},"state":{"type":"string"},"urlCategories":{"items":{"type":"string"},"type":"array"},"users":{"items":{"$ref":"#/types/zia:index/getSandboxRulesUser:getSandboxRulesUser"},"type":"array"},"zpaAppSegments":{"items":{"$ref":"#/types/zia:index/getSandboxRulesZpaAppSegment:getSandboxRulesZpaAppSegment"},"type":"array"}},"required":["baPolicyCategories","baRuleAction","byThreatScore","departments","description","fileTypes","firstTimeEnable","firstTimeOperation","groups","id","labels","lastModifiedBies","lastModifiedTime","locationGroups","locations","mlActionEnabled","name","order","protocols","rank","state","users","zpaAppSegments"],"type":"object"}},"zia:index/getSecuritySettings:getSecuritySettings":{"description":"* [Official documentation](https://help.zscaler.com/zia/security-policy-settings#/security-put)\n* [API documentation](https://help.zscaler.com/zia/security-policy-settings#/security-put)\n\nUse the **zia_security_settings** data source to get a list of URLs that were added to the allow and denylist under the Advanced Threat Protection policy in the Zscaler Internet Access cloud or via the API.\n\n## Example Usage\n\n```hcl\n# ZIA Security Policy Settings Data Source\ndata \"zia_security_settings\" \"example\"{}\n```\n","outputs":{"description":"A collection of values returned by getSecuritySettings.\n","properties":{"blacklistUrls":{"items":{"type":"string"},"type":"array"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"whitelistUrls":{"items":{"type":"string"},"type":"array"}},"required":["blacklistUrls","whitelistUrls","id"],"type":"object"}},"zia:index/getSubCloud:getSubCloud":{"description":"* [Official documentation](https://help.zscaler.com/zia/understanding-subclouds)\n* [API documentation](https://help.zscaler.com/legacy-apis/traffic-forwarding-0#/subclouds-get)\n\nUse the **zia_sub_cloud** data source to get information about a subcloud available in the Zscaler Internet Access cloud. Summary of the subcloud associated with an organization. This also represents the data centers that are excluded and associated with the subcloud.\n\n\u003e NOTE: This an Early Access feature.\n\n## Example Usage\n\n### Retrieve By Name\n\n```hcl\ndata \"zia_sub_cloud\" \"this\" {\n    name = \"SubCloud01\"\n}\n```\n\n### Retrieve By ID\n\n```hcl\ndata \"zia_sub_cloud\" \"this\" {\n    id = 1254674585\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getSubCloud.\n","properties":{"id":{"type":"integer","description":"(Integer) A unique identifier for an entity\n"},"name":{"type":"string","description":"(String) The configured name of the entity (read-only)\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getSubCloud.\n","properties":{"dcs":{"description":"(List) List of data centers associated with the subcloud\n","items":{"$ref":"#/types/zia:index/getSubCloudDc:getSubCloudDc"},"type":"array"},"exclusions":{"description":"(List) List of data centers that are excluded from the subcloud. Information about data center excluded from the subcloud.\n","items":{"$ref":"#/types/zia:index/getSubCloudExclusion:getSubCloudExclusion"},"type":"array"},"id":{"description":"(Integer) A unique identifier for an entity\n","type":"integer"},"name":{"description":"(String) The configured name of the entity (read-only)\n","type":"string"}},"required":["dcs","exclusions","id","name"],"type":"object"}},"zia:index/getSubscriptionAlert:getSubscriptionAlert":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-alert-subscriptions)\n* [API documentation](https://help.zscaler.com/zia/alerts#/alertSubscriptions-get)\n\nUse the **zia_subscription_alert** data source to get information about a subscription alert resource in the Zscaler Internet Access cloud or via the API.\n\n## Example Usage\n\n### Via Email\n\n```hcl\ndata \"zia_subscription_alert\" \"this\" {\n    email = \"alert@acme.com\"\n}\n```\n\n### Via ID\n\n```hcl\ndata \"zia_subscription_alert\" \"this\" {\n    id = 3271\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getSubscriptionAlert.\n","properties":{"email":{"type":"string","description":"The name of the subscription alert to be exported.\n"},"id":{"type":"integer","description":"The unique identifer for the subscription alert.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getSubscriptionAlert.\n","properties":{"complySeverities":{"description":"(List of String) Lists the severity levels of the Comply Severity Alert class information that the recipient receives\n","items":{"type":"string"},"type":"array"},"deleted":{"description":"(bool) Deletes an existing alert subscription\n","type":"boolean"},"description":{"description":"(String) Additional comments or information about the alert subscription\n","type":"string"},"email":{"type":"string"},"id":{"type":"integer"},"manageSeverities":{"description":"(List of String) Lists the severity levels of the Manage Severity Alert class information that the recipient receives\n","items":{"type":"string"},"type":"array"},"pt0Severities":{"description":"(List of String) Lists the severity levels of the Patient 0 Severity Alert class information that the recipient receives\n","items":{"type":"string"},"type":"array"},"secureSeverities":{"description":"(List of String) Lists the severity levels of the Secure Severity Alert class information that the recipient receives\n","items":{"type":"string"},"type":"array"},"systemSeverities":{"description":"(List of String) Lists the severity levels of the System Severity Alert class information that the recipient receives\n","items":{"type":"string"},"type":"array"}},"required":["complySeverities","deleted","description","email","id","manageSeverities","pt0Severities","secureSeverities","systemSeverities"],"type":"object"}},"zia:index/getTenantRestrictionProfile:getTenantRestrictionProfile":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-tenant-profiles)\n* [API documentation](https://help.zscaler.com/zia/cloud-app-control-policy#/tenancyRestrictionProfile-get)\n\nUse the **zia_tenant_restriction_profile** data source to get information about a ZIA Domain Profiles in the Zscaler Internet Access cloud or via the API. The resource can then be utilized when configuring a Web DLP Rule resource \u003cspan pulumi-lang-nodejs=\"`zia.DLPWebRules`\" pulumi-lang-dotnet=\"`zia.DLPWebRules`\" pulumi-lang-go=\"`DLPWebRules`\" pulumi-lang-python=\"`DLPWebRules`\" pulumi-lang-yaml=\"`zia.DLPWebRules`\" pulumi-lang-java=\"`zia.DLPWebRules`\"\u003e`zia.DLPWebRules`\u003c/span\u003e\n\n## Example Usage\n\n### By Name\n\n```hcl\ndata \"zia_tenant_restriction_profile\" \"this\"{\n    name = \"MiicrosoftO365Login\"\n}\n```\n\n### By ID\n\n```hcl\ndata \"zia_tenant_restriction_profile\" \"this\"{\n    id = \"5421656\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getTenantRestrictionProfile.\n","properties":{"description":{"type":"string"},"id":{"type":"integer"},"name":{"type":"string"}},"type":"object"},"outputs":{"description":"A collection of values returned by getTenantRestrictionProfile.\n","properties":{"allowGcpCloudStorageRead":{"type":"boolean"},"allowGoogleConsumers":{"type":"boolean"},"allowGoogleVisitors":{"type":"boolean"},"appType":{"type":"string"},"description":{"type":"string"},"id":{"type":"integer"},"itemDataPrimaries":{"items":{"type":"string"},"type":"array"},"itemDataSecondaries":{"items":{"type":"string"},"type":"array"},"itemTypePrimary":{"type":"string"},"itemTypeSecondary":{"type":"string"},"itemValues":{"items":{"type":"string"},"type":"array"},"lastModifiedTime":{"type":"integer"},"lastModifiedUserId":{"type":"integer"},"msLoginServicesTrV2":{"type":"boolean"},"name":{"type":"string"},"restrictPersonalO365Domains":{"type":"boolean"}},"required":["allowGcpCloudStorageRead","allowGoogleConsumers","allowGoogleVisitors","appType","description","id","itemDataPrimaries","itemDataSecondaries","itemTypePrimary","itemTypeSecondary","itemValues","lastModifiedTime","lastModifiedUserId","msLoginServicesTrV2","name","restrictPersonalO365Domains"],"type":"object"}},"zia:index/getTimeWindow:getTimeWindow":{"description":"* [Official documentation](https://help.zscaler.com/zia/defining-time-intervals)\n* [API documentation](https://help.zscaler.com/zia/firewall-policies#/timeWindows-get)\n\nUse the **zia_firewall_filtering_time_window** data source to get information about a time window option available in the Zscaler Internet Access cloud firewall. This data source can then be associated with a ZIA firewall filtering rule.\n\n## Example Usage\n\n```hcl\n# ZIA Time Window - Work Hours\ndata \"zia_firewall_filtering_time_window\" \"work_hours\"{\n    name = \"Work hours\"\n}\n```\n\n```hcl\n# ZIA Time Window - Weekends\ndata \"zia_firewall_filtering_time_window\" \"weekends\"{\n    name = \"Weekends\"\n}\n```\n\n```hcl\n# ZIA Time Window - Off Hours\ndata \"zia_firewall_filtering_time_window\" \"off_hours\"{\n    name = \"Off hours\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getTimeWindow.\n","properties":{"id":{"type":"integer","description":"The ID of the time window resource.\n"},"name":{"type":"string","description":"The name of the time window to be exported.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getTimeWindow.\n","properties":{"dayOfWeeks":{"description":"(String). The supported values are:\n* `ANY` - (String)\n* `NONE` - (String)\n* `EVERYDAY` - (String)\n* `SUN` - (String)\n* `MON` - (String)\n* `TUE` - (String)\n* `WED` - (String)\n* `THU` - (String)\n* `FRI` - (String)\n* `SAT` - (String)\n","items":{"type":"string"},"type":"array"},"endTime":{"description":"(String)\n","type":"integer"},"id":{"type":"integer"},"name":{"type":"string"},"startTime":{"description":"(String)\n","type":"integer"}},"required":["dayOfWeeks","endTime","id","startTime"],"type":"object"}},"zia:index/getTrafficCaptureRules:getTrafficCaptureRules":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-traffic-capture-policy)\n* [API documentation](https://help.zscaler.com/zia/traffic-capture-policy#/trafficCaptureRules-get)\n\nUse the **zia_traffic_capture_rules** data source to get information about a traffic capture rules available in the Zscaler Internet Access cloud firewall.\n\n## Example Usage\n\n### Retrieve By Name\n\n```hcl\ndata \"zia_traffic_capture_rules\" \"example\" {\n    name = \"Capture_Rule01\"\n}\n```\n\n### Retrieve By ID\n\n```hcl\ndata \"zia_traffic_capture_rules\" \"example\" {\n    id = 1254674585\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getTrafficCaptureRules.\n","properties":{"id":{"type":"integer","description":"(Number) A unique identifier assigned to the workload group\n"},"name":{"type":"string","description":"(String) The name of the workload group\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getTrafficCaptureRules.\n","properties":{"accessControl":{"description":"(String) The admin's access privilege to this rule based on the assigned role\n","type":"string"},"action":{"description":"(String) The action the rule takes when packets match. Values: `CAPTURE`, `SKIP`\n","type":"string"},"appServiceGroups":{"items":{"$ref":"#/types/zia:index/getTrafficCaptureRulesAppServiceGroup:getTrafficCaptureRulesAppServiceGroup"},"type":"array"},"defaultRule":{"description":"(Boolean) Indicates if this is a default rule\n","type":"boolean"},"departments":{"description":"(List) Departments for which the rule applies. You can apply to any number of departments.\n","items":{"$ref":"#/types/zia:index/getTrafficCaptureRulesDepartment:getTrafficCaptureRulesDepartment"},"type":"array"},"description":{"description":"(String) Additional information about the rule. Cannot exceed 10,240 characters.\n","type":"string"},"destAddresses":{"description":"** - (List of String) -  IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry.\n","items":{"type":"string"},"type":"array"},"destCountries":{"description":"** - (List of String) Identify destinations based on the location of a server. Provide a 2 letter [ISO3166 Alpha2 Country code](https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes). i.e ``\"US\"``, ``\"CA\"``\n","items":{"type":"string"},"type":"array"},"destIpCategories":{"items":{"type":"string"},"type":"array"},"destIpGroups":{"description":"** - (Optional) Any number of destination IP address groups that you want to control with this rule.\n","items":{"$ref":"#/types/zia:index/getTrafficCaptureRulesDestIpGroup:getTrafficCaptureRulesDestIpGroup"},"type":"array"},"deviceGroups":{"items":{"$ref":"#/types/zia:index/getTrafficCaptureRulesDeviceGroup:getTrafficCaptureRulesDeviceGroup"},"type":"array"},"deviceTrustLevels":{"items":{"type":"string"},"type":"array"},"devices":{"items":{"$ref":"#/types/zia:index/getTrafficCaptureRulesDevice:getTrafficCaptureRulesDevice"},"type":"array"},"excludeSrcCountries":{"description":"(Boolean) Indicates whether the countries specified in the sourceCountries field are included or excluded from the rule. A true value denotes that the specified source countries are excluded from the rule. A false value denotes that the rule is applied to the source countries if there is a match.\n","type":"boolean"},"groups":{"description":"(List) Groups for which the rule applies. You can manually select up to \u003cspan pulumi-lang-nodejs=\"`8`\" pulumi-lang-dotnet=\"`8`\" pulumi-lang-go=\"`8`\" pulumi-lang-python=\"`8`\" pulumi-lang-yaml=\"`8`\" pulumi-lang-java=\"`8`\"\u003e`8`\u003c/span\u003e groups.\n","items":{"$ref":"#/types/zia:index/getTrafficCaptureRulesGroup:getTrafficCaptureRulesGroup"},"type":"array"},"id":{"description":"(Number) A unique identifier assigned to the workload group\n","type":"integer"},"labels":{"items":{"$ref":"#/types/zia:index/getTrafficCaptureRulesLabel:getTrafficCaptureRulesLabel"},"type":"array"},"lastModifiedBies":{"description":"(List) User who last modified the rule\n","items":{"$ref":"#/types/zia:index/getTrafficCaptureRulesLastModifiedBy:getTrafficCaptureRulesLastModifiedBy"},"type":"array"},"lastModifiedTime":{"description":"(Integer) Timestamp when the rule was last modified\n","type":"integer"},"locationGroups":{"description":"(List) Location groups for which the rule applies. You can manually select up to \u003cspan pulumi-lang-nodejs=\"`32`\" pulumi-lang-dotnet=\"`32`\" pulumi-lang-go=\"`32`\" pulumi-lang-python=\"`32`\" pulumi-lang-yaml=\"`32`\" pulumi-lang-java=\"`32`\"\u003e`32`\u003c/span\u003e location groups.\n","items":{"$ref":"#/types/zia:index/getTrafficCaptureRulesLocationGroup:getTrafficCaptureRulesLocationGroup"},"type":"array"},"locations":{"description":"(List) Locations for which the rule applies. You can manually select up to \u003cspan pulumi-lang-nodejs=\"`8`\" pulumi-lang-dotnet=\"`8`\" pulumi-lang-go=\"`8`\" pulumi-lang-python=\"`8`\" pulumi-lang-yaml=\"`8`\" pulumi-lang-java=\"`8`\"\u003e`8`\u003c/span\u003e locations.\n","items":{"$ref":"#/types/zia:index/getTrafficCaptureRulesLocation:getTrafficCaptureRulesLocation"},"type":"array"},"name":{"description":"(String) The name of the workload group\n","type":"string"},"nwApplicationGroups":{"description":"(List) Network application groups for which the rule applies.\n","items":{"$ref":"#/types/zia:index/getTrafficCaptureRulesNwApplicationGroup:getTrafficCaptureRulesNwApplicationGroup"},"type":"array"},"nwApplications":{"description":"(List of String) Network service applications. The service provides predefined applications.\n","items":{"type":"string"},"type":"array"},"nwServiceGroups":{"description":"(List) Network service groups for which the rule applies.\n","items":{"$ref":"#/types/zia:index/getTrafficCaptureRulesNwServiceGroup:getTrafficCaptureRulesNwServiceGroup"},"type":"array"},"nwServices":{"description":"(List) Network services for which the rule applies. The Zscaler firewall has predefined services and you can configure up to `1,024` additional custom services.\n","items":{"$ref":"#/types/zia:index/getTrafficCaptureRulesNwService:getTrafficCaptureRulesNwService"},"type":"array"},"order":{"description":"(Integer) Rule order number. Policy rules are evaluated in ascending numerical order.\n","type":"integer"},"predefined":{"description":"(Boolean) Indicates if this is a predefined rule\n","type":"boolean"},"rank":{"description":"(Integer) Admin rank of the Traffic Capture policy rule. Default value is \u003cspan pulumi-lang-nodejs=\"`7`\" pulumi-lang-dotnet=\"`7`\" pulumi-lang-go=\"`7`\" pulumi-lang-python=\"`7`\" pulumi-lang-yaml=\"`7`\" pulumi-lang-java=\"`7`\"\u003e`7`\u003c/span\u003e.\n","type":"integer"},"sourceCountries":{"description":"** - (List of String) Identify destinations based on the location of a server. Provide a 2 letter [ISO3166 Alpha2 Country code](https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes). i.e ``\"US\"``, ``\"CA\"``\n","items":{"type":"string"},"type":"array"},"srcIpGroups":{"description":"(Optional) Any number of source IP address groups that you want to control with this rule.\n","items":{"$ref":"#/types/zia:index/getTrafficCaptureRulesSrcIpGroup:getTrafficCaptureRulesSrcIpGroup"},"type":"array"},"srcIps":{"description":"(Optional) You can enter individual IP addresses, subnets, or address ranges.\n","items":{"type":"string"},"type":"array"},"state":{"description":"(String) Rule state. An enabled rule is actively enforced. Values: `ENABLED`, `DISABLED`\n","type":"string"},"timeWindows":{"description":"(List) Time intervals in which the rule applies. You can manually select up to \u003cspan pulumi-lang-nodejs=\"`2`\" pulumi-lang-dotnet=\"`2`\" pulumi-lang-go=\"`2`\" pulumi-lang-python=\"`2`\" pulumi-lang-yaml=\"`2`\" pulumi-lang-java=\"`2`\"\u003e`2`\u003c/span\u003e time intervals.\n","items":{"$ref":"#/types/zia:index/getTrafficCaptureRulesTimeWindow:getTrafficCaptureRulesTimeWindow"},"type":"array"},"txnSampling":{"description":"(String) The percentage of connections sampled for capturing each time the rule is triggered. Supported Values: `NONE`, `ONE_PERCENT`, `TWO_PERCENT`, `FIVE_PERCENT`, `TEN_PERCENT`, `TWENTY_FIVE_PERCENT`, `HUNDRED_PERCENT`\n","type":"string"},"txnSizeLimit":{"description":"(String) The maximum size of traffic to capture per connection. Supported Values: `NONE`, `UNLIMITED`, `THIRTY_TWO_KB`, `TWO_FIFTY_SIX_KB`, `TWO_MB`, `FOUR_MB`, `THIRTY_TWO_MB`, `SIXTY_FOUR_MB`\n","type":"string"},"users":{"description":"(List) Users for which the rule applies. You can manually select up to \u003cspan pulumi-lang-nodejs=\"`4`\" pulumi-lang-dotnet=\"`4`\" pulumi-lang-go=\"`4`\" pulumi-lang-python=\"`4`\" pulumi-lang-yaml=\"`4`\" pulumi-lang-java=\"`4`\"\u003e`4`\u003c/span\u003e general and/or special users.\n","items":{"$ref":"#/types/zia:index/getTrafficCaptureRulesUser:getTrafficCaptureRulesUser"},"type":"array"},"workloadGroups":{"description":"(List) The list of preconfigured workload groups to which the policy must be applied\n","items":{"$ref":"#/types/zia:index/getTrafficCaptureRulesWorkloadGroup:getTrafficCaptureRulesWorkloadGroup"},"type":"array"}},"required":["accessControl","action","appServiceGroups","defaultRule","departments","description","destAddresses","destCountries","destIpCategories","destIpGroups","deviceGroups","deviceTrustLevels","devices","excludeSrcCountries","groups","id","labels","lastModifiedBies","lastModifiedTime","locationGroups","locations","name","nwApplicationGroups","nwApplications","nwServiceGroups","nwServices","order","predefined","rank","sourceCountries","srcIpGroups","srcIps","state","timeWindows","txnSampling","txnSizeLimit","users","workloadGroups"],"type":"object"}},"zia:index/getTrafficForwardingGREInternalIPRange:getTrafficForwardingGREInternalIPRange":{"description":"* [Official documentation](https://help.zscaler.com/zia/traffic-forwarding-0#/greTunnels/availableInternalIpRanges-get)\n* [API documentation](https://help.zscaler.com/zia/traffic-forwarding-0#/greTunnels/availableInternalIpRanges-get)\n\nUse the **zia_gre_internal_ip_range_list** data source to get information about the next available GRE tunnel internal ip ranges for the purposes of GRE tunnel creation in the Zscaler Internet Access when the \u003cspan pulumi-lang-nodejs=\"`ipUnnumbered`\" pulumi-lang-dotnet=\"`IpUnnumbered`\" pulumi-lang-go=\"`ipUnnumbered`\" pulumi-lang-python=\"`ip_unnumbered`\" pulumi-lang-yaml=\"`ipUnnumbered`\" pulumi-lang-java=\"`ipUnnumbered`\"\u003e`ip_unnumbered`\u003c/span\u003e parameter is set to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e\n\n## Example Usage\n\n```hcl\n# Retrieve GRE available Internal IP Ranges\n# By default it will return the first 10 available internal ip ranges\ndata \"zia_gre_internal_ip_range_list\" \"example\"{\n}\n```\n\n```hcl\n# Retrieve GRE available Internal IP Ranges\n# By using the `required_count` parameter it will return the indicated number of IP ranges.\ndata \"zia_gre_internal_ip_range_list\" \"example\"{\n  required_count = 20\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getTrafficForwardingGREInternalIPRange.\n","properties":{"requiredCount":{"type":"integer"}},"type":"object"},"outputs":{"description":"A collection of values returned by getTrafficForwardingGREInternalIPRange.\n","properties":{"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"lists":{"items":{"$ref":"#/types/zia:index/getTrafficForwardingGREInternalIPRangeList:getTrafficForwardingGREInternalIPRangeList"},"type":"array"},"requiredCount":{"type":"integer"}},"required":["lists","id"],"type":"object"}},"zia:index/getTrafficForwardingGRETunnel:getTrafficForwardingGRETunnel":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-gre-tunnels)\n* [API documentation](https://help.zscaler.com/zia/traffic-forwarding-0#/greTunnels-post)\n\nThe **zia_traffic_forwarding_gre_tunnel** data source to get information about provisioned GRE tunnel information created in the Zscaler Internet Access portal.\n\n## Example Usage\n\n### Retrieve GRE Tunnel By Source IP\n\n```hcl\ndata \"zia_traffic_forwarding_gre_tunnel\" \"example\" {\n  source_ip = \"1.1.1.1\"\n}\n```\n\n### Retrieve GRE Tunnel By ID\n\n```hcl\ndata \"zia_traffic_forwarding_gre_tunnel\" \"example\" {\n  id = 1419395\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getTrafficForwardingGRETunnel.\n","properties":{"id":{"type":"integer","description":"Unique identifier of the static IP address that is associated to a GRE tunnel\n"},"sourceIp":{"type":"string","description":"The source IP address of the GRE tunnel. This is typically a static IP address in the organization or SD-WAN.\n\n\u003e **NOTE** \u003cspan pulumi-lang-nodejs=\"`sourceIp`\" pulumi-lang-dotnet=\"`SourceIp`\" pulumi-lang-go=\"`sourceIp`\" pulumi-lang-python=\"`source_ip`\" pulumi-lang-yaml=\"`sourceIp`\" pulumi-lang-java=\"`sourceIp`\"\u003e`source_ip`\u003c/span\u003e is the public IP address (Static IP) associated with the GRE Tunnel\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getTrafficForwardingGRETunnel.\n","properties":{"comment":{"description":"(String) Additional information about this GRE tunnel\n","type":"string"},"id":{"description":"(Number) Unique identifer of the GRE virtual IP address (VIP)\n","type":"integer"},"internalIpRange":{"description":"(String) The start of the internal IP address in /29 CIDR range. Automatically set by the provider if \u003cspan pulumi-lang-nodejs=\"`ipUnnumbered`\" pulumi-lang-dotnet=\"`IpUnnumbered`\" pulumi-lang-go=\"`ipUnnumbered`\" pulumi-lang-python=\"`ip_unnumbered`\" pulumi-lang-yaml=\"`ipUnnumbered`\" pulumi-lang-java=\"`ipUnnumbered`\"\u003e`ip_unnumbered`\u003c/span\u003e is set to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n","type":"string"},"ipUnnumbered":{"description":"(Boolean) This is required to support the automated SD-WAN provisioning of GRE tunnels, when set to true\u003cspan pulumi-lang-nodejs=\" greTunIp \" pulumi-lang-dotnet=\" GreTunIp \" pulumi-lang-go=\" greTunIp \" pulumi-lang-python=\" gre_tun_ip \" pulumi-lang-yaml=\" greTunIp \" pulumi-lang-java=\" greTunIp \"\u003e gre_tun_ip \u003c/span\u003eand\u003cspan pulumi-lang-nodejs=\" greTunId \" pulumi-lang-dotnet=\" GreTunId \" pulumi-lang-go=\" greTunId \" pulumi-lang-python=\" gre_tun_id \" pulumi-lang-yaml=\" greTunId \" pulumi-lang-java=\" greTunId \"\u003e gre_tun_id \u003c/span\u003eare set to null\n","type":"boolean"},"lastModificationTime":{"type":"integer"},"lastModifiedBies":{"items":{"$ref":"#/types/zia:index/getTrafficForwardingGRETunnelLastModifiedBy:getTrafficForwardingGRETunnelLastModifiedBy"},"type":"array"},"managedBies":{"items":{"$ref":"#/types/zia:index/getTrafficForwardingGRETunnelManagedBy:getTrafficForwardingGRETunnelManagedBy"},"type":"array"},"primaryDestVips":{"description":"**` (List) The primary destination data center and virtual IP address (VIP) of the GRE tunnel.\n","items":{"$ref":"#/types/zia:index/getTrafficForwardingGRETunnelPrimaryDestVip:getTrafficForwardingGRETunnelPrimaryDestVip"},"type":"array"},"secondaryDestVips":{"description":"(List) The secondary destination data center and virtual IP address (VIP) of the GRE tunnel.\n","items":{"$ref":"#/types/zia:index/getTrafficForwardingGRETunnelSecondaryDestVip:getTrafficForwardingGRETunnelSecondaryDestVip"},"type":"array"},"sourceIp":{"type":"string"},"withinCountry":{"description":"(Boolean) Restrict the data center virtual IP addresses (VIPs) only to those within the same country as the source IP address\n","type":"boolean"}},"required":["comment","internalIpRange","ipUnnumbered","lastModificationTime","lastModifiedBies","managedBies","primaryDestVips","secondaryDestVips","withinCountry"],"type":"object"}},"zia:index/getTrafficForwardingGRETunnelInfo:getTrafficForwardingGRETunnelInfo":{"description":"* [Official documentation](https://help.zscaler.com/zia/traffic-forwarding-0#/orgProvisioning/ipGreTunnelInfo-get)\n* [API documentation](https://help.zscaler.com/zia/traffic-forwarding-0#/orgProvisioning/ipGreTunnelInfo-get)\n\nThe **zia_traffic_forwarding_gre_tunnel_info** data source to get information about provisioned GRE tunnel information created in the Zscaler Internet Access portal.\n\n## Example Usage\n\n```hcl\n# ZIA Traffic Forwarding - GRE tunnel\ndata \"zia_traffic_forwarding_gre_tunnel_info\" \"example\" {\n  ip_address = \"1.1.1.1\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getTrafficForwardingGRETunnelInfo.\n","properties":{"greEnabled":{"type":"boolean","description":"Displays only ip addresses with GRE tunnel enabled\n\n\u003e **NOTE** \u003cspan pulumi-lang-nodejs=\"`ipAddress`\" pulumi-lang-dotnet=\"`IpAddress`\" pulumi-lang-go=\"`ipAddress`\" pulumi-lang-python=\"`ip_address`\" pulumi-lang-yaml=\"`ipAddress`\" pulumi-lang-java=\"`ipAddress`\"\u003e`ip_address`\u003c/span\u003e is the public IP address (Static IP) associated with the GRE Tunnel\n"},"ipAddress":{"type":"string","description":"Filter based on an IP address range.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getTrafficForwardingGRETunnelInfo.\n","properties":{"greEnabled":{"type":"boolean"},"greRangePrimary":{"description":"(String)\n","type":"string"},"greRangeSecondary":{"description":"(String)\n","type":"string"},"greTunnelIp":{"description":"(String) The start of the internal IP address in /29 CIDR range\n","type":"string"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"ipAddress":{"type":"string"},"primaryGw":{"description":"(String)\n","type":"string"},"secondaryGw":{"description":"(String)\n","type":"string"},"tunId":{"description":"(Number)\n","type":"integer"}},"required":["greRangePrimary","greRangeSecondary","greTunnelIp","primaryGw","secondaryGw","tunId","id"],"type":"object"}},"zia:index/getTrafficForwardingNodeVIPs:getTrafficForwardingNodeVIPs":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-gre-tunnels)\n* [API documentation](https://help.zscaler.com/zia/traffic-forwarding-0#/greTunnels-post)\n\nUse the **zia_traffic_forwarding_public_node_vips** data source to retrieve a paginated list of virtual IP addresses (VIPs) available in the Zscaler cloud.\n\n## Example Usage\n\n```hcl\n# ZIA Traffic Forwarding - Virtual IP Addresses (VIPs)\ndata \"zia_traffic_forwarding_public_node_vips\" \"yvr1\"{\n    datacenter = \"YVR1\"\n}\n\noutput \"zia_traffic_forwarding_public_node_vips_yvr1\"{\n    value = data.zia_traffic_forwarding_public_node_vips.yvr1\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getTrafficForwardingNodeVIPs.\n","properties":{"datacenter":{"type":"string","description":"Data-center Name\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getTrafficForwardingNodeVIPs.\n","properties":{"city":{"type":"string"},"cloudName":{"type":"string"},"datacenter":{"type":"string"},"greDomainName":{"type":"string"},"greIps":{"items":{"type":"string"},"type":"array"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"location":{"type":"string"},"pacDomainName":{"type":"string"},"pacIps":{"items":{"type":"string"},"type":"array"},"region":{"type":"string"},"vpnDomainName":{"type":"string"},"vpnIps":{"items":{"type":"string"},"type":"array"}},"required":["city","cloudName","greDomainName","greIps","location","pacDomainName","pacIps","region","vpnDomainName","vpnIps","id"],"type":"object"}},"zia:index/getTrafficForwardingStaticIP:getTrafficForwardingStaticIP":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-static-ip)\n* [API documentation](https://help.zscaler.com/zia/traffic-forwarding-0#/staticIP-get)\n\nUse the **zia_traffic_forwarding_static_ip** data source to get information about all provisioned static IP addresses. This resource can then be utilized when creating a GRE Tunnel or VPN Credential resource of Type `IP`\n\n## Example Usage\n\n```hcl\n# ZIA Traffic Forwarding - Static IPs\ndata \"zia_traffic_forwarding_static_ip\" \"example\"{\n    ip_address =  \"1.1.1.1\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getTrafficForwardingStaticIP.\n","properties":{"id":{"type":"integer","description":"The unique identifier for the static IP address\n"},"ipAddress":{"type":"string","description":"The static IP address\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getTrafficForwardingStaticIP.\n","properties":{"cities":{"items":{"$ref":"#/types/zia:index/getTrafficForwardingStaticIPCity:getTrafficForwardingStaticIPCity"},"type":"array"},"comment":{"description":"(String) Additional information about this static IP address\n","type":"string"},"geoOverride":{"description":"(Boolean) If not set, geographic coordinates and city are automatically determined from the IP address. Otherwise, the latitude and longitude coordinates must be provided.\n","type":"boolean"},"id":{"description":"(String) Identifier that uniquely identifies an entity\n","type":"integer"},"ipAddress":{"description":"(String) The static IP address\n","type":"string"},"lastModificationTime":{"description":"(Number) When the static IP address was last modified\n","type":"integer"},"lastModifiedBies":{"description":"(Set of Object)\n","items":{"$ref":"#/types/zia:index/getTrafficForwardingStaticIPLastModifiedBy:getTrafficForwardingStaticIPLastModifiedBy"},"type":"array"},"latitude":{"description":"(Number) Required only if the geoOverride attribute is set. Latitude with 7 digit precision after decimal point, ranges between `-90` and \u003cspan pulumi-lang-nodejs=\"`90`\" pulumi-lang-dotnet=\"`90`\" pulumi-lang-go=\"`90`\" pulumi-lang-python=\"`90`\" pulumi-lang-yaml=\"`90`\" pulumi-lang-java=\"`90`\"\u003e`90`\u003c/span\u003e degrees.\n","type":"number"},"longitude":{"description":"(Number) Required only if the geoOverride attribute is set. Longitude with 7 digit precision after decimal point, ranges between `-180` and \u003cspan pulumi-lang-nodejs=\"`180`\" pulumi-lang-dotnet=\"`180`\" pulumi-lang-go=\"`180`\" pulumi-lang-python=\"`180`\" pulumi-lang-yaml=\"`180`\" pulumi-lang-java=\"`180`\"\u003e`180`\u003c/span\u003e degrees.\n","type":"number"},"managedBies":{"description":"(Set of Object)\n","items":{"$ref":"#/types/zia:index/getTrafficForwardingStaticIPManagedBy:getTrafficForwardingStaticIPManagedBy"},"type":"array"},"routableIp":{"description":"(Boolean) Indicates whether a non-RFC 1918 IP address is publicly routable. This attribute is ignored if there is no ZIA Private Service Edge associated to the organization.\n","type":"boolean"}},"required":["cities","comment","geoOverride","id","ipAddress","lastModificationTime","lastModifiedBies","latitude","longitude","managedBies","routableIp"],"type":"object"}},"zia:index/getTrafficForwardingVIPRecommendedList:getTrafficForwardingVIPRecommendedList":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-gre-tunnels)\n* [API documentation](https://help.zscaler.com/zia/traffic-forwarding-0#/greTunnels-post)\n\nUse the **zia_traffic_forwarding_gre_vip_recommended_list** data source to get information about a list of recommended GRE tunnel virtual IP addresses (VIPs), based on source IP address or latitude/longitude coordinates.\n\n## Example Usage\n\n```hcl\n# ZIA Traffic Forwarding - GRE VIP Recommended List\ndata \"zia_traffic_forwarding_gre_vip_recommended_list\" \"this\"{\n    source_ip = \"1.1.1.1\"\n    required_count = 2\n}\n```\n\n### With Overridden Geo Coordinates\n\n```hcl\n# ZIA Traffic Forwarding - GRE VIP Recommended List\ndata \"zia_traffic_forwarding_gre_vip_recommended_list\" \"this\"{\n    source_ip = \"1.1.1.1\"\n    required_count = 2\n    latitude     = 22.2914\n    longitude    = 114.1445\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getTrafficForwardingVIPRecommendedList.\n","properties":{"includeCurrentVips":{"type":"boolean","description":"(Boolean) Include currently assigned VIPs.\n"},"includePrivateServiceEdge":{"type":"boolean","description":"(Boolean) Include ZIA Private Service Edge VIPs.\n"},"latitude":{"type":"number","description":"(Number) The latitude coordinate of the GRE tunnel source.\n"},"longitude":{"type":"number","description":"(Number) The longitude coordinate of the GRE tunnel source.\n"},"requiredCount":{"type":"integer","description":"Number of IP address to be exported.\n"},"routableIp":{"type":"boolean","description":"(Boolean) The routable IP address.\n"},"sourceIp":{"type":"string","description":"Filter based on an IP address range.\n"},"subcloud":{"type":"string","description":"(String) The longitude coordinate of the GRE tunnel source.\n"},"withinCountryOnly":{"type":"boolean","description":"(Boolean) Search within country only.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getTrafficForwardingVIPRecommendedList.\n","properties":{"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"includeCurrentVips":{"description":"(Boolean) Include currently assigned VIPs.\n","type":"boolean"},"includePrivateServiceEdge":{"description":"(Boolean) Include ZIA Private Service Edge VIPs.\n","type":"boolean"},"latitude":{"description":"(Number) The latitude coordinate of the GRE tunnel source.\n","type":"number"},"lists":{"description":"The list of all recommended returned Virtual IP Addresses (VIPs)\n","items":{"$ref":"#/types/zia:index/getTrafficForwardingVIPRecommendedListList:getTrafficForwardingVIPRecommendedListList"},"type":"array"},"longitude":{"description":"(Number) The longitude coordinate of the GRE tunnel source.\n","type":"number"},"requiredCount":{"type":"integer"},"routableIp":{"description":"(Boolean) The routable IP address.\n","type":"boolean"},"sourceIp":{"description":"(String) The public source IP address.\n","type":"string"},"subcloud":{"description":"(String) The longitude coordinate of the GRE tunnel source.\n","type":"string"},"withinCountryOnly":{"description":"(Boolean) Search within country only.\n","type":"boolean"}},"required":["lists","id"],"type":"object"}},"zia:index/getTrafficForwardingVPNCredentials:getTrafficForwardingVPNCredentials":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-vpn-credentials)\n* [API documentation](https://help.zscaler.com/zia/traffic-forwarding-0#/vpnCredentials-get)\n\nUse the **zia_traffic_forwarding_vpn_credentials** data source to get information about VPN credentials that can be associated to locations. VPN is one way to route traffic from customer locations to the cloud. Site-to-Site IPSec VPN credentials can be identified by the cloud through one of the following methods:\n\n* Common Name (CN) of IPSec Certificate\n* VPN User FQDN - requires VPN_SITE_TO_SITE subscription\n* VPN IP Address - requires VPN_SITE_TO_SITE subscription\n* Extended Authentication (XAUTH) or hosted mobile UserID - requires VPN_MOBILE subscription\n\n## Example Usage\n\n```hcl\n# ZIA Traffic Forwarding - VPN Credentials of Type FQDN\ndata \"zia_traffic_forwarding_vpn_credentials\" \"example\"{\n    fqdn = \"sjc-1-37@acme.com\"\n}\n```\n\n```hcl\n# ZIA Traffic Forwarding - VPN Credentials of Type IP\ndata \"zia_traffic_forwarding_vpn_credentials\" \"example\"{\n    ip_address = \"1.1.1.1\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getTrafficForwardingVPNCredentials.\n","properties":{"fqdn":{"type":"string","description":"(String) Fully Qualified Domain Name. Applicable only to `UFQDN` or `XAUTH` (or `HOSTED_MOBILE_USERS`) auth type.\n"},"id":{"type":"integer","description":"Unique identifer of the GRE virtual IP address (VIP)\n"},"ipAddress":{"type":"string","description":"Filter based on an IP address range.\n"},"type":{"type":"string","description":"(String) VPN authentication type (i.e., how the VPN credential is sent to the server). It is not modifiable after VpnCredential is created.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getTrafficForwardingVPNCredentials.\n","properties":{"comments":{"description":"(String) Additional information about this VPN credential.\n","type":"string"},"fqdn":{"description":"(String) Fully Qualified Domain Name. Applicable only to `UFQDN` or `XAUTH` (or `HOSTED_MOBILE_USERS`) auth type.\n","type":"string"},"id":{"description":"(Number) Identifier that uniquely identifies an entity\n","type":"integer"},"ipAddress":{"type":"string"},"locations":{"description":"(Set of Object) Location that is associated to this VPN credential. Non-existence means not associated to any location.\n","items":{"$ref":"#/types/zia:index/getTrafficForwardingVPNCredentialsLocation:getTrafficForwardingVPNCredentialsLocation"},"type":"array"},"managedBies":{"description":"(Set of Object) SD-WAN Partner that manages the location. If a partner does not manage the locaton, this is set to Self.\n","items":{"$ref":"#/types/zia:index/getTrafficForwardingVPNCredentialsManagedBy:getTrafficForwardingVPNCredentialsManagedBy"},"type":"array"},"preSharedKey":{"description":"(String) Pre-shared key. This is a required field for `UFQDN` and `IP` auth type.\n","type":"string"},"type":{"description":"(String) VPN authentication type (i.e., how the VPN credential is sent to the server). It is not modifiable after VpnCredential is created.\n","type":"string"}},"required":["comments","id","locations","managedBies","preSharedKey","type"],"type":"object"}},"zia:index/getURLCategories:getURLCategories":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-url-categories)\n* [API documentation](https://help.zscaler.com/zia/url-categories#/urlCategories-get)\n\nUse the **zia_url_categories** data source to get information about all or custom URL categories. By default, the response includes keywords.\n\n## Example Usage\n\n### Query A URL Category By Name (Default - All Types)\n\n```hcl\ndata \"zia_url_categories\" \"this\" {\n    configured_name = \"Example\"\n}\n```\n\n### Query A URL Category By ID\n\n```hcl\ndata \"zia_url_categories\" \"this\" {\n    id = \"CUSTOM_08\"\n}\n```\n\n### Query A URL_CATEGORY Type\n\n```hcl\ndata \"zia_url_categories\" \"url_category_example\" {\n    configured_name = \"My URL Category\"\n    type            = \"URL_CATEGORY\"\n}\n```\n\n### Query A TLD_CATEGORY Type\n\n```hcl\ndata \"zia_url_categories\" \"tld_category_example\" {\n    configured_name = \"tld_russia\"\n    type            = \"TLD_CATEGORY\"\n}\n```\n\n### Query All Category Types (Explicit)\n\n```hcl\ndata \"zia_url_categories\" \"all_types_example\" {\n    configured_name = \"Example\"\n    type            = \"ALL\"\n}\n```\n\n### Query Predefined URL Categories\n\n```hcl\ndata \"zia_url_categories\" \"this\" {\n    id = \"CORPORATE_MARKETING\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getURLCategories.\n","properties":{"categoryGroup":{"type":"string"},"configuredName":{"type":"string","description":"(String) Name of the URL category. This is only required for custom URL categories.\n"},"customCategory":{"type":"boolean","description":"(Boolean) Set to true for custom URL category. Up to 48 custom URL categories can be added per organization.\n"},"customIpRangesCount":{"type":"integer","description":"(Number) The number of custom IP address ranges associated to the URL category.\n"},"id":{"type":"string","description":"(String) Identifier that uniquely identifies an entity\n"},"regexPatterns":{"type":"array","items":{"type":"string"}},"regexPatternsRetainingParentCategories":{"type":"array","items":{"type":"string"}},"superCategory":{"type":"string","description":"(String)\n"},"type":{"type":"string","description":"(String) The admin scope type. The attribute name is subject to change. `ORGANIZATION`, `DEPARTMENT`, `LOCATION`, `LOCATION_GROUP`\n"},"urlType":{"type":"string"},"val":{"type":"integer","description":"(Number) The unique ID for the URL category.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getURLCategories.\n","properties":{"categoryGroup":{"type":"string"},"configuredName":{"description":"(String) Name of the URL category. This is only required for custom URL categories.\n","type":"string"},"customCategory":{"description":"(Boolean) Set to true for custom URL category. Up to 48 custom URL categories can be added per organization.\n","type":"boolean"},"customIpRangesCount":{"description":"(Number) The number of custom IP address ranges associated to the URL category.\n","type":"integer"},"customUrlsCount":{"description":"(Number) The number of custom URLs associated to the URL category.\n","type":"integer"},"dbCategorizedUrls":{"description":"(List of String) URLs added to a custom URL category are also retained under the original parent URL category (i.e., the predefined category the URL previously belonged to).\n","items":{"type":"string"},"type":"array"},"description":{"description":"(String) Description of the category.\n","type":"string"},"editable":{"description":"(Boolean) Value is set to false for custom URL category when due to scope user does not have edit permission\n","type":"boolean"},"id":{"description":"(String) Identifier that uniquely identifies an entity\n","type":"string"},"ipRanges":{"items":{"type":"string"},"type":"array"},"ipRangesRetainingParentCategories":{"items":{"type":"string"},"type":"array"},"ipRangesRetainingParentCategoryCount":{"description":"(Number) The number of custom IP address ranges associated to the URL category, that also need to be retained under the original parent category.\n","type":"integer"},"keywords":{"description":"(List of String) Custom keywords associated to a URL category. Up to 2048 custom keywords can be added per organization across all categories (including bandwidth classes).\n","items":{"type":"string"},"type":"array"},"keywordsRetainingParentCategories":{"items":{"type":"string"},"type":"array"},"regexPatterns":{"items":{"type":"string"},"type":"array"},"regexPatternsRetainingParentCategories":{"items":{"type":"string"},"type":"array"},"scopes":{"description":"(List of Object) Scope of the custom categories.\n","items":{"$ref":"#/types/zia:index/getURLCategoriesScope:getURLCategoriesScope"},"type":"array"},"superCategory":{"description":"(String)\n","type":"string"},"type":{"description":"(String) The admin scope type. The attribute name is subject to change. `ORGANIZATION`, `DEPARTMENT`, `LOCATION`, `LOCATION_GROUP`\n","type":"string"},"urlKeywordCounts":{"description":"(List of Object) URL and keyword counts for the category.\n","items":{"$ref":"#/types/zia:index/getURLCategoriesUrlKeywordCount:getURLCategoriesUrlKeywordCount"},"type":"array"},"urlType":{"type":"string"},"urls":{"description":"(List of String) Custom URLs to add to a URL category. Up to 25,000 custom URLs can be added per organization across all categories (including bandwidth classes).\n","items":{"type":"string"},"type":"array"},"urlsRetainingParentCategoryCount":{"description":"(Number) The number of custom URLs associated to the URL category, that also need to be retained under the original parent category.\n","type":"integer"},"val":{"description":"(Number) The unique ID for the URL category.\n","type":"integer"}},"required":["categoryGroup","configuredName","customCategory","customUrlsCount","dbCategorizedUrls","description","editable","id","ipRanges","ipRangesRetainingParentCategories","ipRangesRetainingParentCategoryCount","keywords","keywordsRetainingParentCategories","scopes","urlKeywordCounts","urls","urlsRetainingParentCategoryCount","val"],"type":"object"}},"zia:index/getURLFilteringCloudAppSettings:getURLFilteringCloudAppSettings":{"description":"* [Official documentation](https://help.zscaler.com/zia/url-cloud-app-control-policy-settings#/advancedUrlFilterAndCloudAppSettings-get)\n* [API documentation](https://help.zscaler.com/zia/url-cloud-app-control-policy-settings#/advancedUrlFilterAndCloudAppSettings-get)\n\nUse the **zia_url_filtering_and_cloud_app_settings** data source to get information about URL and Cloud App Control advanced policy settings.\n\n```hcl\n```\n","outputs":{"description":"A collection of values returned by getURLFilteringCloudAppSettings.\n","properties":{"blockSkype":{"type":"boolean"},"considerEmbeddedSites":{"type":"boolean"},"enableBlockOverrideForNonAuthUser":{"type":"boolean"},"enableChatgptPrompt":{"type":"boolean"},"enableCipaCompliance":{"type":"boolean"},"enableDynamicContentCat":{"type":"boolean"},"enableGeminiPrompt":{"type":"boolean"},"enableMetaPrompt":{"type":"boolean"},"enableMicrosoftCopilotPrompt":{"type":"boolean"},"enableMsftO365":{"type":"boolean"},"enableNewlyRegisteredDomains":{"type":"boolean"},"enableOffice365":{"type":"boolean"},"enablePerPlexityPrompt":{"type":"boolean"},"enablePoepPrompt":{"type":"boolean"},"enableUcaasLogmein":{"type":"boolean"},"enableUcaasRingCentral":{"type":"boolean"},"enableUcaasTalkdesk":{"type":"boolean"},"enableUcaasWebex":{"type":"boolean"},"enableUcaasZoom":{"type":"boolean"},"enforceSafeSearch":{"type":"boolean"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"}},"required":["blockSkype","considerEmbeddedSites","enableBlockOverrideForNonAuthUser","enableChatgptPrompt","enableCipaCompliance","enableDynamicContentCat","enableGeminiPrompt","enableMetaPrompt","enableMicrosoftCopilotPrompt","enableMsftO365","enableNewlyRegisteredDomains","enableOffice365","enablePerPlexityPrompt","enablePoepPrompt","enableUcaasLogmein","enableUcaasRingCentral","enableUcaasTalkdesk","enableUcaasWebex","enableUcaasZoom","enforceSafeSearch","id"],"type":"object"}},"zia:index/getURLFilteringRules:getURLFilteringRules":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-url-filtering)\n* [API documentation](https://help.zscaler.com/zia/url-filtering-policy#/urlFilteringRules-post)\n\nUse the **zia_url_filtering_rules** data source to get information about a URL filtering rule information for the specified `Name`.\n\n```hcl\ndata \"zia_url_filtering_rules\" \"example\"{\n    name = \"Example\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getURLFilteringRules.\n","properties":{"id":{"type":"integer","description":"URL Filtering Rule ID\n"},"name":{"type":"string","description":"Name of the URL Filtering policy rule\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getURLFilteringRules.\n","properties":{"action":{"description":"(String) Action taken when traffic matches rule criteria. Supported values: `ANY`, `NONE`, `BLOCK`, `CAUTION`, `ALLOW`, `ICAP_RESPONSE`\n","type":"string"},"blockOverride":{"description":"(String) When set to true, a `BLOCK` action triggered by the rule could be overridden. If true and both overrideGroup and overrideUsers are not set, the `BLOCK` triggered by this rule could be overridden for any users. If\u003cspan pulumi-lang-nodejs=\" blockOverride \" pulumi-lang-dotnet=\" BlockOverride \" pulumi-lang-go=\" blockOverride \" pulumi-lang-python=\" block_override \" pulumi-lang-yaml=\" blockOverride \" pulumi-lang-java=\" blockOverride \"\u003e block_override \u003c/span\u003eis not set, `BLOCK` action cannot be overridden.\n","type":"boolean"},"cbiProfiles":{"description":"(List) The cloud browser isolation profile to which the ISOLATE action is applied in the URL Filtering Policy rules. This block is required when the attribute \u003cspan pulumi-lang-nodejs=\"`action`\" pulumi-lang-dotnet=\"`Action`\" pulumi-lang-go=\"`action`\" pulumi-lang-python=\"`action`\" pulumi-lang-yaml=\"`action`\" pulumi-lang-java=\"`action`\"\u003e`action`\u003c/span\u003e is set to `ISOLATE`\n","items":{"$ref":"#/types/zia:index/getURLFilteringRulesCbiProfile:getURLFilteringRulesCbiProfile"},"type":"array"},"ciparule":{"type":"boolean"},"departments":{"description":"(List of Object) The departments to which the Firewall Filtering policy rule applies\n","items":{"$ref":"#/types/zia:index/getURLFilteringRulesDepartment:getURLFilteringRulesDepartment"},"type":"array"},"description":{"description":"(String) Additional information about the rule\n","type":"string"},"deviceGroups":{"items":{"$ref":"#/types/zia:index/getURLFilteringRulesDeviceGroup:getURLFilteringRulesDeviceGroup"},"type":"array"},"deviceTrustLevels":{"description":"(List) List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation. Supported values: `ANY`, `UNKNOWN_DEVICETRUSTLEVEL`, `LOW_TRUST`, `MEDIUM_TRUST`, `HIGH_TRUST`\n","items":{"type":"string"},"type":"array"},"devices":{"items":{"$ref":"#/types/zia:index/getURLFilteringRulesDevice:getURLFilteringRulesDevice"},"type":"array"},"endUserNotificationUrl":{"description":"(String) URL of end user notification page to be displayed when the rule is matched. Not applicable if either 'overrideUsers' or 'overrideGroups' is specified.\n","type":"string"},"enforceTimeValidity":{"description":"(String) Enforce a set a validity time period for the URL Filtering rule.\n","type":"boolean"},"groups":{"description":"(List of Object) The groups to which the Firewall Filtering policy rule applies\n","items":{"$ref":"#/types/zia:index/getURLFilteringRulesGroup:getURLFilteringRulesGroup"},"type":"array"},"id":{"description":"(Number) A unique identifier assigned to the workload group\n","type":"integer"},"labels":{"items":{"$ref":"#/types/zia:index/getURLFilteringRulesLabel:getURLFilteringRulesLabel"},"type":"array"},"lastModifiedBies":{"items":{"$ref":"#/types/zia:index/getURLFilteringRulesLastModifiedBy:getURLFilteringRulesLastModifiedBy"},"type":"array"},"lastModifiedTime":{"description":"(Number) When the rule was last modified\n","type":"integer"},"locationGroups":{"description":"(List of Object) The location groups to which the Firewall Filtering policy rule applies\n","items":{"$ref":"#/types/zia:index/getURLFilteringRulesLocationGroup:getURLFilteringRulesLocationGroup"},"type":"array"},"locations":{"description":"(List of Object) The locations to which the Firewall Filtering policy rule applies\n","items":{"$ref":"#/types/zia:index/getURLFilteringRulesLocation:getURLFilteringRulesLocation"},"type":"array"},"name":{"description":"(String) The name of the workload group\n","type":"string"},"order":{"description":"(Number) Order of execution of rule with respect to other URL Filtering rules\n","type":"integer"},"overrideGroups":{"description":"(List of Object) Name-ID pairs of users for which this rule can be overridden. Applicable only if blockOverride is set to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, action is `BLOCK` and overrideGroups is not set.If this overrideUsers is not set, `BLOCK` action can be overridden for any group.\n","items":{"$ref":"#/types/zia:index/getURLFilteringRulesOverrideGroup:getURLFilteringRulesOverrideGroup"},"type":"array"},"overrideUsers":{"description":"(List of Object) Name-ID pairs of users for which this rule can be overridden. Applicable only if blockOverride is set to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, action is `BLOCK` and overrideGroups is not set.If this overrideUsers is not set, `BLOCK` action can be overridden for any user.\n","items":{"$ref":"#/types/zia:index/getURLFilteringRulesOverrideUser:getURLFilteringRulesOverrideUser"},"type":"array"},"protocols":{"description":"(List of Object) Protocol criteria. Supported values: `SMRULEF_ZPA_BROKERS_RULE`, `ANY_RULE`, `TCP_RULE`, `UDP_RULE`, `DOHTTPS_RULE`, `TUNNELSSL_RULE`, `HTTP_PROXY`, `FOHTTP_RULE`, `FTP_RULE`, `HTTPS_RULE`, `HTTP_RULE`, `SSL_RULE`, `TUNNEL_RULE`, `WEBSOCKETSSL_RULE`, `WEBSOCKET_RULE`\n","items":{"type":"string"},"type":"array"},"rank":{"description":"(String) Admin rank of the admin who creates this rule\n","type":"integer"},"requestMethods":{"description":"(String) Request method for which the rule must be applied. If not set, rule will be applied to all methods\n","items":{"type":"string"},"type":"array"},"sizeQuota":{"description":"(String) Size quota in KB beyond which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to `BLOCK`, this field is not applicable.\n","type":"integer"},"sourceIpGroups":{"items":{"$ref":"#/types/zia:index/getURLFilteringRulesSourceIpGroup:getURLFilteringRulesSourceIpGroup"},"type":"array"},"state":{"description":"(String) Rule State\n","type":"string"},"timeQuota":{"description":"(String) Time quota in minutes, after which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to `BLOCK`, this field is not applicable.\n","type":"integer"},"timeWindows":{"description":"(List of Object) The time interval in which the Firewall Filtering policy rule applies\n","items":{"$ref":"#/types/zia:index/getURLFilteringRulesTimeWindow:getURLFilteringRulesTimeWindow"},"type":"array"},"urlCategories":{"description":"(String) List of URL categories for which rule must be applied\n","items":{"type":"string"},"type":"array"},"userAgentTypes":{"description":"(List) - User Agent types on which this rule will be applied: Returned values are: `CHROME`, `FIREFOX`, `MSIE`, `MSEDGE`,   `MSCHREDGE`, `OPERA`, `OTHER`, `SAFARI`\n","items":{"type":"string"},"type":"array"},"users":{"description":"(List of Object) The users to which the Firewall Filtering policy rule applies\n","items":{"$ref":"#/types/zia:index/getURLFilteringRulesUser:getURLFilteringRulesUser"},"type":"array"},"validityEndTime":{"description":"(Number) If enforceTimeValidity is set to true, the URL Filtering rule will cease to be valid on this end date and time.\n","type":"integer"},"validityStartTime":{"description":"(Number) If enforceTimeValidity is set to true, the URL Filtering rule will be valid starting on this date and time.\n","type":"integer"},"validityTimeZoneId":{"description":"(Number) If enforceTimeValidity is set to true, the URL Filtering rule date and time will be valid based on this time zone ID.\n","type":"string"},"workloadGroups":{"description":"(List) The list of preconfigured workload groups to which the policy must be applied\n","items":{"$ref":"#/types/zia:index/getURLFilteringRulesWorkloadGroup:getURLFilteringRulesWorkloadGroup"},"type":"array"}},"required":["action","blockOverride","cbiProfiles","ciparule","departments","description","deviceGroups","deviceTrustLevels","devices","endUserNotificationUrl","enforceTimeValidity","groups","labels","lastModifiedBies","lastModifiedTime","locationGroups","locations","order","overrideGroups","overrideUsers","protocols","rank","requestMethods","sizeQuota","sourceIpGroups","state","timeQuota","timeWindows","urlCategories","userAgentTypes","users","validityEndTime","validityStartTime","validityTimeZoneId","workloadGroups"],"type":"object"}},"zia:index/getUserManagement:getUserManagement":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-url-filteringhttps://help.zscaler.com/zia/user-management#/users-get)\n* [API documentation](https://help.zscaler.com/zia/about-url-filteringhttps://help.zscaler.com/zia/user-management#/users-get)\n\nUse the **zia_user_management** data source to get information about a user account that may have been created in the Zscaler Internet Access portal or via API. This data source can then be associated with a ZIA cloud firewall filtering rule, and URL filtering rules.\n\n## Example Usage\n\n```hcl\n# ZIA Local User Account\ndata \"zia_user_management\" \"adam_ashcroft\" {\n name = \"Adam Ashcroft\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getUserManagement.\n","properties":{"authMethods":{"type":"array","items":{"type":"string"},"description":"(String) Type of authentication method to be enabled. Supported values are: ``BASIC`` and ``DIGEST``\n"},"id":{"type":"integer","description":"The ID of the time window resource.\n"},"name":{"type":"string","description":"User name. This appears when choosing users for policies.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getUserManagement.\n","properties":{"adminUser":{"description":"(String) True if this user is an Admin user. readOnly: \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e default: \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e\n","type":"boolean"},"authMethods":{"description":"(String) Type of authentication method to be enabled. Supported values are: ``BASIC`` and ``DIGEST``\n","items":{"type":"string"},"type":"array"},"comments":{"description":"(String) Additional information about the group\n","type":"string"},"departments":{"description":"(String) Department a user belongs to\n","items":{"$ref":"#/types/zia:index/getUserManagementDepartment:getUserManagementDepartment"},"type":"array"},"email":{"description":"(Required) User email consists of a user name and domain name. It does not have to be a valid email address, but it must be unique and its domain must belong to the organization\n","type":"string"},"groups":{"description":"(String) List of Groups a user belongs to. Groups are used in policies.\n","items":{"$ref":"#/types/zia:index/getUserManagementGroup:getUserManagementGroup"},"type":"array"},"id":{"description":"(Number) Unique identfier for the group\n","type":"integer"},"isAuditor":{"type":"string"},"name":{"description":"(String) Group name\n","type":"string"},"tempAuthEmail":{"description":"(String) Temporary Authentication Email. If you enabled one-time tokens or links, enter the email address to which the Zscaler service sends the tokens or links. If this is empty, the service will send the email to the User email.\n","type":"string"},"type":{"description":"(String) User type. Provided only if this user is not an end user. The supported types are:\n* `SUPERADMIN`\n* `ADMIN`\n* `AUDITOR`\n* `GUEST`\n* `REPORT_USER`\n* `UNAUTH_TRAFFIC_DEFAULT`\n","type":"string"}},"required":["adminUser","comments","departments","email","groups","isAuditor","tempAuthEmail","type"],"type":"object"}},"zia:index/getVirtualServiceEdgeCluster:getVirtualServiceEdgeCluster":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-virtual-service-edge-clusters)\n* [API documentation](https://help.zscaler.com/zia/service-edges#/virtualZenClusters-get)\n\nUse the **zia_virtual_service_edge_cluster** data source to get information about a Virtual Service Edge Cluster information for the specified `Name` or `ID`\n\n## Example Usage\n\n```hcl\ndata \"zia_virtual_service_edge_cluster\" \"this\"{\n    name = \"VSECluster01\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getVirtualServiceEdgeCluster.\n","properties":{"id":{"type":"integer","description":"System-generated Virtual Service Edge cluster ID\n"},"name":{"type":"string","description":"Name of the Virtual Service Edge cluster\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getVirtualServiceEdgeCluster.\n","properties":{"defaultGateway":{"description":"The IP address of the default gateway to the internet\n","type":"string"},"id":{"description":"System-generated Virtual Service Edge cluster ID\n","type":"integer"},"ipAddress":{"description":"The Virtual Service Edge cluster IP address\n","type":"string"},"ipSecEnabled":{"description":"A Boolean value that specifies whether to terminate IPSec traffic from the client at selected Virtual Service Edge instances for the Virtual Service Edge cluster\n","type":"boolean"},"lastModifiedTime":{"type":"integer"},"name":{"description":"Name of the Virtual Service Edge cluster\n","type":"string"},"status":{"description":"Specifies the status of the Virtual Service Edge cluster. The status is set to ENABLED by default\n","type":"string"},"subnetMask":{"description":"The Virtual Service Edge cluster subnet mask\n","type":"string"},"type":{"description":"The Virtual Service Edge cluster type. Supported values: `ANY`, `NONE`, `SME`, `SMSM`, `SMCA`, `SMUI`, `SMCDS`, `SMDNSD`, `SMAA`, `SMTP`, `SMQTN`, `VIP`, `UIZ`, `UIAE`, `SITEREVIEW`, `PAC`, `S_RELAY`, `M_RELAY`, `H_MON`, `SMIKE`, `NSS`, `SMEZA`, `SMLB`, `SMFCCLT`, `SMBA`, `SMBAC`, `SMESXI`, `SMBAUI`, `VZEN`, `ZSCMCLT`, `SMDLP`, `ZSQUERY`, `ADP`, `SMCDSDLP`, `SMSCIM`, `ZSAPI`, `ZSCMCDSSCLT`, `LOCAL_MTS`, `SVPN`, `SMCASB`, `SMFALCONUI`, `MOBILEAPP_REG`, `SMRESTSVR`, `FALCONCA`, `MOBILEAPP_NF`, `ZIRSVR`, `SMEDGEUI`, `ALERTEVAL`, `ALERTNOTIF`, `SMPARTNERUI`, `CQM`, `DATAKEEPER`, `SMBAM`, `ZWACLT`\n","type":"string"},"virtualZenNodes":{"description":"List of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ECZPA forwarding method (used for Zscaler Cloud Connector)\n","items":{"$ref":"#/types/zia:index/getVirtualServiceEdgeClusterVirtualZenNode:getVirtualServiceEdgeClusterVirtualZenNode"},"type":"array"}},"required":["defaultGateway","id","ipAddress","ipSecEnabled","lastModifiedTime","name","status","subnetMask","type","virtualZenNodes"],"type":"object"}},"zia:index/getVirtualServiceEdgeNode:getVirtualServiceEdgeNode":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-virtual-service-edges)\n* [API documentation](https://help.zscaler.com/zia/service-edges#/virtualZenNodes-post)\n\nUse the **zia_virtual_service_edge_node** data source to get information about a Virtual Service Edge Node for the specified `Name` or `ID`\n\n## Example Usage\n\n```hcl\ndata \"zia_virtual_service_edge_node\" \"this\"{\n    name = \"VSENode01\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getVirtualServiceEdgeNode.\n","properties":{"id":{"type":"integer","description":"System-generated Virtual Service Edge cluster ID\n"},"name":{"type":"string","description":"Name of the Virtual Service Edge cluster\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getVirtualServiceEdgeNode.\n","properties":{"clusterName":{"description":"Virtual Service Edge cluster name\n","type":"string"},"defaultGateway":{"description":"The IP address of the default gateway to the internet\n","type":"string"},"deploymentMode":{"description":"Specifies the deployment mode. Select either STANDALONE or CLUSTER if you have the VMware ESXi platform. Otherwise, select only STANDALONE\n","type":"string"},"establishSupportTunnelEnabled":{"description":"A Boolean value that indicates whether or not a support tunnel for Zscaler Support is enabled\n","type":"boolean"},"id":{"description":"System-generated Virtual Service Edge cluster ID\n","type":"integer"},"inProduction":{"description":"Represents the Virtual Service Edge instances deployed for production purposes\n","type":"boolean"},"ipAddress":{"description":"The Virtual Service Edge cluster IP address\n","type":"string"},"ipSecEnabled":{"description":"A Boolean value that specifies whether to terminate IPSec traffic from the client at selected Virtual Service Edge instances for the Virtual Service Edge cluster\n","type":"boolean"},"loadBalancerIpAddress":{"description":"The IP address of the load balancer. This field is applicable only when the 'deploymentMode' field is set to CLUSTER\n","type":"string"},"name":{"description":"Name of the Virtual Service Edge cluster\n","type":"string"},"onDemandSupportTunnelEnabled":{"description":"A Boolean value that indicates whether or not the On-Demand Support Tunnel is enabled\n","type":"boolean"},"status":{"description":"Specifies the status of the Virtual Service Edge cluster. The status is set to ENABLED by default\n","type":"string"},"subnetMask":{"description":"The Virtual Service Edge cluster subnet mask\n","type":"string"},"type":{"description":"The Virtual Service Edge cluster type\n","type":"string"},"vzenSkuType":{"description":"The Virtual Service Edge SKU type. Supported Values: SMALL, MEDIUM, LARGE\n","type":"string"},"zgatewayId":{"description":"The Zscaler service gateway ID\n","type":"integer"}},"required":["clusterName","defaultGateway","deploymentMode","establishSupportTunnelEnabled","id","inProduction","ipAddress","ipSecEnabled","loadBalancerIpAddress","name","onDemandSupportTunnelEnabled","status","subnetMask","type","vzenSkuType","zgatewayId"],"type":"object"}},"zia:index/getWorkloadGroups:getWorkloadGroups":{"description":"* [Official documentation](https://help.zscaler.com/zia/about-workload-groups)\n* [API documentation](https://help.zscaler.com/zia/workload-groups#/workloadGroups-get)\n\nUse the **zia_workload_groups** data source to get information about Workload Groups in the Zscaler Internet Access cloud or via the API. This data source can then be used as a criterion in ZIA policies such as, Firewall Filtering, URL Filtering, and Data Loss Prevention (DLP) to apply security policies to the workload traffic.\n\n## Example Usage\n\n```hcl\n# ZIA Admin User Data Source\ndata \"zia_workload_groups\" \"ios\"{\n    name = \"Example\"\n}\n```\n","inputs":{"description":"A collection of arguments for invoking getWorkloadGroups.\n","properties":{"id":{"type":"integer","description":"The unique identifer for the workload group.\n"},"name":{"type":"string","description":"The name of the workload group to be exported.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getWorkloadGroups.\n","properties":{"description":{"description":"(String) The description of the workload group.\n","type":"string"},"expression":{"description":"(String) The workload group expression containing tag types, tags, and their relationships.\n","type":"string"},"expressionJsons":{"description":"(List) The workload group expression containing tag types, tags, and their relationships represented in a JSON format.\n","items":{"$ref":"#/types/zia:index/getWorkloadGroupsExpressionJson:getWorkloadGroupsExpressionJson"},"type":"array"},"id":{"description":"(Number) Identifier that uniquely identifies an entity\n","type":"integer"},"lastModifiedBies":{"items":{"$ref":"#/types/zia:index/getWorkloadGroupsLastModifiedBy:getWorkloadGroupsLastModifiedBy"},"type":"array"},"lastModifiedTime":{"description":"(Number) When the rule was last modified\n","type":"integer"},"name":{"description":"(String) The configured name of the entity\n","type":"string"}},"required":["description","expression","expressionJsons","id","lastModifiedBies","lastModifiedTime"],"type":"object"}}}}