{
    id: string
    The rule's unique database key
 
    name: string
    The rule's display name
 
    activationDate: date-time
    When the rule starts to be active
    Example: 2017-01-31T13:45:00.000+0000
 
    annotation: string
    Notes, comments, description, explanation
 
    applicableSecurityContextTypeId: integer
    The types of security contexts this rule applies to
 
    applicableSecurityContextTypeName: string
    The meaning of the numeric applicableSecurityContextTypeId
 
    correctableFlag: boolean
    Whether or not this rule is correctable
 
    cveIDs: [
      Associated security vulnerability CVE ID(s)
 
      string
    ]
 
    deactivationDate: date-time
    When the rule stops being active
    Example: 2017-01-31T13:45:00.000+0000
 
    deviceTypeGuid: string
    Which device type this rules applies to; null means it applies to all device types
 
    deviceTypeName: string
    The name of the device type
 
    releases: string
    The operating system image versions this rule applies to
 
    ruleSetId: #ComponentId
    Identifies the owning rule set
 
    severityId: integer
    The violation severity
 
    severityName: string
    The meaning of the numeric severityId
 
    dynamicFields: [
      The dynamic fields
 
       #DynamicFieldValueDTO
    ]
}

{
    contents: string*
    The text contents
 
    injectionFlag: boolean
    Whether or not the contents contain device type interaction XML code
 
    substitutionParameterCheckFlag: boolean
    Whether or not the contents should be validated for correct substitution parameter syntax
}

{
}

{
    id: string
    The database key of the component; an incoming component can be identified either by its database key, or by its unique name, or by its name with qualifiers which are unique when combined; when this database key is present, it takes precedence and componentName and qualifiers(when present) are used to verify the retrieved component
 
    componentName: string
    The name of the component; an incoming component can be identified either by its database key, or by its unique name, or by its name with qualifiers which are unique when combined; this name is used to verify any component retrieved by database key, and is used if there is no database key or if the database key fails to resolve
 
    componentType: string*
    The type of the component, used to verify what is retrieved by key/name; valid values are: Combogroup, Condition, Configuration, Device, DynamicField, EmailDistributionList, Group, Keyword, Model, OsImage, Realm, Role, Rule, RuleSet, SecurityVulnerability, SnmpManagerStation, Template, and User
 
    qualifiers: {
      Any additional single qualifier needed to identify the component uniquely, when the name alone is not sufficient; the map key is the extra attribute name string; the map value string completes the identification of the component; for componentType Configuration: key=deviceName, value=name of the device the configuration belongs to; for componentType DynamicField: key=type, value=base class name of the component associated with the dynamic field; for componentType Group, ComboGroup: key=realmName, value=name of the realm the group belongs to; for componentType Model: key=vendorGuid, value=the vendor GUID; for componentType OsImage: key=filename, value=name of the file(s) making up the image; for componentType SecurityVulnerability: key=vendorGuid, value=the vendor GUID
    }
}

{
    commitFlag: boolean
    Whether or not to commit changes after running the commands in the custom action
 
    guid: string*
    The GUID that identifies the type of action
 
    markAsTrustedFlag: boolean
    Whether or not any changed configurations resulting from running this action should be marked as trusted
 
    rebootFlag: boolean
    Whether or not the device should be rebooted after running the commands in the custom action
 
    runtimeProperties: {
      Name/value pairs for any runtime parameters, for substitution into device commands; this is a map where the key is the property name string and the value is the property value string
    }
}

{
    activationKey: string
    When image source is from remote file server, license key to activate features in the binary image on the device
 
    deleteCurrentImageId: integer*
    How to handle the current image file, when the device supports file management of its binary files
 
    files: [
      When image source is from remote file server, which file (or files, for devices with multi-file images) are to be deployed
 
       #OsFileDTO
    ]
 
    footprintKbytes: integer
    When image source is from remote file server, the memory footprint, in kilobytes, for the remote image, to verify the new image can run in the device (for those devices that support memory size discovery)
 
    imageFromLibraryId: #ComponentId
    When image source is image from library, identifies the OS image in the library
 
    imageSourceId: integer*
    Which OS image is to be deployed; as a rule corrective action, this is limited to an image from the library or an image from a remote file server
 
    markAsTrustedFlag: boolean
    Whether or not any changed configurations resulting from running this action should be marked as trusted
 
    parallelExecutionFlag: boolean
    When true, runs this action on multiple devices concurrently; when false, runs this action on multiple devices one by one sequentially (to reduce memory overhead due to large or identical images)
 
    rebootTypeId: integer*
    Whether or not to reboot after the image is deployed, and how to handle unsaved changes prior to rebooting
 
    targetImageFilesystem: string*
    Where the binary file is to be placed on the device's file systems
 
    transferModeId: integer
    When image source is from remote file server, which file transfer mode is to be used to copy files from the remote server to the device
}

{
    commitFlag: boolean
    Whether or not to commit changes after deploying the script or configuration
 
    forceTunneledTransferFlag: boolean
    Whether or not to deploy the script in tunneled mode, overriding the transfer mode set in the device
 
    markAsTrustedFlag: boolean
    Whether or not any changed configurations resulting from running this action should be marked as trusted
 
    scriptParams: #CorrectiveScriptParamsDTO *
    Which script or configuration is to be deployed to the device
 
    smartMergeModeId: integer
    Selects to build an incremental merge script or a full merge script
 
    stopOnSyntaxErrorFlag: boolean
    When deploying in tunneled mode, whether or not to stop pushing commands from the script once a syntax error is detected
 
    syntaxScanFlag: boolean
    Whether or not to validate the command line syntax in the script prior to deploying it
}

{
    markAsTrustedFlag: boolean
    Whether or not any changed configurations resulting from running this action should be marked as trusted
 
    rebootFlag: boolean
    Whether or not the device should be rebooted after deploying the script or configuration
 
    scriptParams: #CorrectiveScriptParamsDTO *
    Which script or configuration is to be deployed to the device
}

{
    adhocTemplate: #AdhocTemplateDTO
    When the selected script type is ad-hoc template, this is the template
 
    templateId: #ComponentId
    When the selected script type is template, this identifies the template
 
    runtimeProperties: {
      When the selected script type is template, and the template contains runtime substitution parameters, this contains the name/value pairs for those parameters; this is a map where the key is the property name string and the value is the property value string
    }
 
    scriptTypeId: integer*
    The selected script or configuration type; for a rule corrective action, this is limited to complying with this rule, template, and ad-hoc template
}

{
}

{
    excludeTriggerFlag: boolean
    Whether or not lines that match the trigger are removed from the lines in the domain
 
    ignoreCommentsFlag: boolean
    Whether or not comment lines (as defined by the device's device type) are removed from the lines in the domain
 
    noOtherLinesContainingPattern: string
    Regular expression to match lines that the rule does not allow to exist in the configuration outside of those lines already matched by the rule's subject; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
}

{
    begin: #SearchStringDTO *
    The configuration line that starts a block of contiguous lines; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
 
    beginInclusiveFlag: boolean
    Whether or not the line that matches the 'begin' value is part of the block and thus included in validation against the subject; note the end line is always excluded from subject matching
 
    caseSensitiveFlag: boolean
    Whether or not string matching is case sensitive
 
    deleteEmptyBlocksFlag: boolean
    When computing the compliant configuration during remediation, if removing lines such that the enclosing block becomes completely empty, this flag determines whether or not the empty enclosing block is also removed
 
    distinctEndLinesFlag: boolean
    Whether or not each begin line has a distinct matching end line, such that the removal of an empty block during remediation can safely remove the end line; some configurations use a closing brace or an exit to delimit every block (in which case this flag should be true to prevent stray end lines being left behind); some configurations end a block with the start of a different block (in which case this flag should be false to prevent improper removal of unrelated lines)
 
    end: #SearchStringDTO *
    The configuration line that ends a block of lines; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
 
    excludeTriggerFlag: boolean
    Whether or not lines that match the trigger are removed from the lines in the domain
 
    frequency: string*
    How many times the blocks can appear in the configuration: notAtAll: the block should never appear and the rule is violated if it does; atMostOnce: the block should appear zero or one times and the rule is violated if it appears more; exactlyOnce: the block should appear once and the rule is violated if it appears more; atLeastOnce: the block should appear one or more times and the rule is violated if it is missing; anyNumberOfTimes: the block can appear any number of times
 
    ignoreCommentsFlag: boolean
    Whether or not comment lines (as defined by the device's device type) are removed from the lines in the domain
 
    ignoreEOLFlag: boolean
    Whether or not line breaks are ignored when matching the subject against the lines in this domain; when true, all eligible lines within the block are concatenated together into a single line before being tested against the subject
 
    ignoreBlocksContainingPattern: string
    Regular expression to select blocks to be removed from the domain; when this pattern is matched by at least one line within a block, then that block is ignored; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
 
    includeBlocksContainingPattern: string
    Regular expression to select blocks to be included in the domain; when this pattern is matched by at least one line within a block, then that block is included in the domain; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
 
    noOtherLinesContainingPattern: string
    Regular expression to match lines that the rule does not allow to exist in the configuration outside of those lines already matched by the rule's subject; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
}

{
}

{
}

{
    caseSensitiveFlag: boolean
    Whether or not string matching is case sensitive
 
    excludePattern: string
    Regular expression for lines removed from the lines in the domain; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
 
    excludeTriggerFlag: boolean
    Whether or not lines that match the trigger are removed from the lines in the domain
 
    ignoreCommentsFlag: boolean
    Whether or not comment lines (as defined by the device's device type) are removed from the lines in the domain
 
    includePattern: string*
    Regular expression for lines included in the domain, selecting the lines that are validated against the subject; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
 
    noOtherLinesContainingPattern: string
    Regular expression to match lines that the rule does not allow to exist in the configuration outside of those lines already matched by the rule's subject; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
}

{
    blocks: [
      The begin and end lines for the nested levels of blocks that enclose the lines of interest; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
 
       #NestedBlockDTO
    ]*
 
    beginRegexFlag: boolean
    Whether or not the begin strings represent regex patterns (true) or exact complete lines (false)
 
    caseSensitiveFlag: boolean
    Whether or not string matching is case sensitive
 
    deleteEmptyBlocksFlag: boolean
    When computing the compliant configuration during remediation, if removing lines such that the enclosing block becomes completely empty, this flag determines whether or not the empty enclosing block is also removed
 
    distinctEndLinesFlag: boolean
    Whether or not each begin line has a distinct matching end line, such that the removal of an empty block during remediation can safely remove the end line; some configurations use a closing brace or an exit to delimit every block (in which case this flag should be true to prevent stray end lines being left behind); some configurations end a block with the start of a different block (in which case this flag should be false to prevent improper removal of unrelated lines)
 
    endRegexFlag: boolean
    Whether or not the end strings represent regex patterns (true) or exact complete lines (false)
 
    excludeTriggerFlag: boolean
    Whether or not lines that match the trigger are removed from the lines in the domain
 
    frequency: string*
    How many times the innermost blocks can appear in the configuration: notAtAll: the block should never appear and the rule is violated if it does; atMostOnce: the block should appear zero or one times and the rule is violated if it appears more; exactlyOnce: the block should appear once and the rule is violated if it appears more; atLeastOnce: the block should appear one or more times and the rule is violated if it is missing; anyNumberOfTimes: the block can appear any number of times
 
    ignoreCommentsFlag: boolean
    Whether or not comment lines (as defined by the device's device type) are removed from the lines in the domain
 
    ignoreEOLFlag: boolean
    Whether or not line breaks are ignored when matching the subject against the lines in this domain; when true, all eligible lines within the innermost block are concatenated together into a single line before being tested against the subject
 
    ignoreBlocksContainingPattern: string
    Regular expression to select blocks to be removed from the domain; when this pattern is matched by at least one line within an innermost block, then that block is ignored; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
 
    includeBlocksContainingPattern: string
    Regular expression to select blocks to be included in the domain; when this pattern is matched by at least one line within an innermost block, then that block is included in the domain; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
 
    innermostBeginInclusiveFlag: boolean
    Whether or not the line that matches the 'begin' value of the innermost block is part of that block and thus included in validation against the subject; note the end line is always excluded from subject matching
 
    noOtherLinesContainingPattern: string
    Regular expression to match lines that the rule does not allow to exist in the configuration outside of those lines already matched by the rule's subject; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
}

{
    id: string
    The database key of the dynamic field whose value this is (read-only)
 
    name: string
    The name of the dynamic field (read-only)
 
    values: [
      The value(s) for the dynamic field; for a single-value field, only the first entry is relevant; read-only for Auto Derived and Configuration Profiled types
 
      string
    ]
 
    dynamicFieldDetailsLink: string
    Link to get more detailed information about the dynamic field (read-only)
}

[
    A list of JSON Patch operations
 
     #JsonPatch.OneOperation
  ]

{
}

string
  Pointer or path to an element or property

{
    op: string*
    Enum: [
      "add"
    ]
    value: any*
    path: #JsonPatch.Pointer *
}

{
    op: string*
    Enum: [
      "remove"
    ]
    path: #JsonPatch.Pointer *
}

{
    op: string*
    Enum: [
      "replace"
    ]
    value: any*
    path: #JsonPatch.Pointer *
}

{
    op: string*
    Enum: [
      "move"
    ]
    path: #JsonPatch.Pointer *
    from: #JsonPatch.Pointer *
}

{
    op: string*
    Enum: [
      "copy"
    ]
    path: #JsonPatch.Pointer *
    from: #JsonPatch.Pointer *
}

{
    op: string*
    Enum: [
      "test"
    ]
    value: any*
    path: #JsonPatch.Pointer *
}

{
    begin: string*
    The line that a block begins with
 
    end: string*
    The line that a block, beginning with the 'begin' line, ends with
}

{
    max: string
    Number at the upper bound of valid values; string to allow use of substitution parameters
 
    min: string
    Number at the lower bound of valid values; string to allow use of substitution parameters
 
    notFlag: boolean
    For the "is" vs "is not" selection; true for "is not"
 
    operatorId: integer*
    How numbers are compared; valid values are the integer operators (except not "Not Equal To")
}

{
    imageTypeName: string
    What type of binary file this is, when a device supports multi-file images
 
    name: string
    The name of the file
 
    sizeBytes: integer
    The size of the file in bytes
 
    messageDigest: string
    The MD5 checksum or digest
}

{
    id: string
    The rule's unique database key (read-only)
 
    name: string*
    The rule's display name
 
    activationDate: date-time
    When the rule starts to be active
    Example: 2017-01-31T13:45:00.000+0000
 
    annotation: string
    Notes, comments, description, explanation
 
    applicableModelIds: [
      Which models this rule is applied to; when null or empty, the rule applies to all models
 
       #ComponentId
    ]
 
    applicableSecurityContextTypeId: integer
    The types of security contexts this rule applies to
 
    applicableTrailGuids: [
      The GUID(s) of the configuration trails this rule applies to
 
      string
    ]*
 
    correctableFlag: boolean
    Whether or not this rule is correctable (read-only)
 
    correctiveActions: {
      How a rule violation can be corrected; map key is the configuration trail GUID; map value is a CorrectiveSpanActionDTO that applies a correction to the configuration that is in violation, resulting in the violation being cleared
    }
 
    cveIDs: [
      Associated security vulnerability CVE ID(s): when the rule is associated with a security vulnerability, this is read-only
 
      string
    ]
 
    deactivationDate: date-time
    When the rule stops being active
    Example: 2017-01-31T13:45:00.000+0000
 
    deviceTypeGuid: string
    Which device type this rule applies to; null means it applies to all device types
 
    domain: #DomainDTO *
    What part of the configuration is to be examined
 
    excludedGroupFilters: {
      The names of any groups whose member devices are excluded from being checked against this rule; map key is the name of the group (asterisk wildcards allowed); map value is a list of ComponentId containing the realm(s) that own the groups of interest (where a null value means all realms)
    }
 
    excludedSpanIds: [
      Any network spans whose member devices are excluded from being checked against this rule
 
       #ComponentId
    ]
 
    maxRelease: string
    The maximum OS version, for when this rule applies to a min/max range of operating system versions
 
    minRelease: string
    The minimum OS version, for when this rule applies to a min/max range of operating system versions
 
    osImageNamePatterns: [
      The regular expressions for matching on OS version names, when this rule applies to a discrete set of images
 
      string
    ]
 
    ruleSetId: #ComponentId *
    Identifies the owning rule set
 
    ruleSetDetailsLink: string
    Link to get complete details about the owning rule set (read-only)
 
    securityVulnerabilityId: #ComponentId
    Identifies any security vulnerability associated with this rule
 
    severityId: integer*
    The violation severity
 
    subject: #SubjectDTO *
    What content is to be verified in the configuration, that determines the presence of a violation
 
    substitutionParameterCheckFlag: boolean
    Whether or not the trigger, domain and subject are to be validated for proper substitution parameter syntax
 
    trigger: #TriggerDTO
    Content that must appear in the configuration in order for this rule to be applied
 
    dynamicFields: [
      The dynamic fields
 
       #DynamicFieldValueDTO
    ]
}

{
    dynamicFieldFilters: {
      Any filters on dynamic fields; this is a map where the map key is the filter string (the value to be matched) and the map value is a ComponentId that identifies the dynamic field; menu-type dynamic fields support only exact matching; the filter string must be formatted properly when the dynamic field is a Date or Integer type
    }
 
    containsUnresolvableDynamicFieldFiltersFlag: boolean
    Indicates that one or more of the dynamic fields being filtered on no longer exists and thus re-using this filter may not result in the same outcome (read-only)
 
    activationTimePeriod: string
    Search for rules whose activation date matches this criteria
 
    contentsMatch: string
    Search for rules whose trigger, subject, or domain contains text that matches this wildcard-enabled string
 
    cveIDs: [
      Search for rules whose associated CVE IDs include one of these CVE IDs
 
      string
    ]
 
    deactivationTimePeriod: string
    Search for rules whose deactivation date matches this criteria
 
    deviceTypeGuid: string
    Search for rules with this device type
 
    excludeRulesWithAllDeviceTypesFlag: boolean
    When searching for rules of a particular device type, whether or not rules associated with all device types are included in what matches or are excluded
 
    includeNonCorrectableRulesFlag: boolean
    Search for rules that cannot be corrected (that is, a rule that has no corrective actions, is in a disabled rule set, is not currently activated, or has a grammar whose violation cannot be automatically corrected); when all include*Flag values are false, then filtering based on correctability is skipped; note using the include*Flags is not allowed in jobs or predefined jobs
 
    includeRulesCorrectableViaDeployToActiveFlag: boolean
    Search for rules that can be corrected by running a Deploy to Active action; when all include*Flag values are false, then filtering based on correctability is skipped; note using the include*Flags is not allowed in jobs or predefined jobs
 
    includeRulesCorrectableViaDeployToStoredFlag: boolean
    Search for rules that can be corrected by running a Deploy to Stored action; when all include*Flag values are false, then filtering based on correctability is skipped; note using the include*Flags is not allowed in jobs or predefined jobs
 
    includeRulesCorrectableViaRemediateFlag: boolean
    Search for rules that can be corrected by running a Remediate action; when all include*Flag values are false, then filtering based on correctability is skipped; note using the include*Flags is not allowed in jobs or predefined jobs
 
    ruleNameMatch: string
    Search for rules whose name matches this wildcard-enabled string
 
    ruleSetNameMatch: string
    Search for rules whose parent rule set name matches this wildcard-enabled string
 
    severityIds: [
      Search for rules whose severity matches one of these severities
 
      integer
    ]
 
    vendorGuid: string
    Search for rules whose device type belongs to this vendor
}

{
    regexFlag: boolean
    Whether or not the 'string' represents a regex pattern (true) or an exact complete line (false)
 
    string: string*
    Text for matching against a configuration line
}

{
    caseSensitiveFlag: boolean
    Whether or not string matching is case sensitive
 
    frequency: string*
    How many times the specified string(s) can appear within the domain: notAtAll: the string(s) should never appear and the rule is violated if they do; atMostOnce: the string(s) should appear zero or one times and the rule is violated if they appear more; exactlyOnce: the string(s) should appear once and the rule is violated if they appear more; atLeastOnce: the string(s) should appear one or more times and the rule is violated if they are missing
 
    ignoreWhitespaceFlag: boolean
    Whether or not whitespace within configuration lines is ignored
}

{
    caseSensitiveFlag: boolean
    Whether or not string matching is case sensitive
 
    frequency: string*
    How many times the specified string(s) can appear within the domain: notAtAll: the string(s) should never appear and the rule is violated if they do; atMostOnce: the string(s) should appear zero or one times and the rule is violated if they appear more; exactlyOnce: the string(s) should appear once and the rule is violated if they appear more; atLeastOnce: the string(s) should appear one or more times and the rule is violated if they are missing
 
    ignoreWhitespaceFlag: boolean
    Whether or not whitespace within configuration lines is ignored
 
    line: string*
    Literal line to look for within the domain; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
}

{
    caseSensitiveFlag: boolean
    Whether or not string matching is case sensitive
 
    frequency: string*
    How many times the specified string(s) can appear within the domain: notAtAll: the string(s) should never appear and the rule is violated if they do; atMostOnce: the string(s) should appear zero or one times and the rule is violated if they appear more; exactlyOnce: the string(s) should appear once and the rule is violated if they appear more; atLeastOnce: the string(s) should appear one or more times and the rule is violated if they are missing
 
    ignoreWhitespaceFlag: boolean
    Whether or not whitespace within configuration lines is ignored
 
    combinedWithAndFlag: boolean
    Whether or not the lines are combined with the AND operation (true; line one AND line two AND line three, and so on) or with the OR operation (false; line one OR line two OR line three, and so on)
 
    contiguousFlag: boolean
    Whether or not any other non-matching lines from the configuration are allowed to appear interspersed within the matched subject lines
 
    lines: [
      The literal lines to look for within the configuration (in the order the lines are to appear, when the orderedFlag is set); any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
 
      string
    ]*
 
    orderedFlag: boolean
    Whether or not the lines are matched in order
}

{
    caseSensitiveFlag: boolean
    Whether or not string matching is case sensitive
 
    frequency: string*
    How many times the specified string(s) can appear within the domain: notAtAll: the string(s) should never appear and the rule is violated if they do; atMostOnce: the string(s) should appear zero or one times and the rule is violated if they appear more; exactlyOnce: the string(s) should appear once and the rule is violated if they appear more; atLeastOnce: the string(s) should appear one or more times and the rule is violated if they are missing
 
    ignoreWhitespaceFlag: boolean
    Whether or not whitespace within configuration lines is ignored
 
    correction: string
    A literal line to apply as a correction when the subject pattern is not matched as required; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
 
    pattern: string*
    The regular expression for matching a line within the domain; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
 
    max: string
    Version at the upper bound of valid values
 
    min: string
    Version at the lower bound of valid values
 
    operatorId: integer*
    How versions are to be compared; valid values are the integer operators (except not "Equal To" and "Not Equal To")
}

{
    caseSensitiveFlag: boolean
    Whether or not string matching is case sensitive
 
    frequency: string*
    How many times the specified string(s) can appear within the domain: notAtAll: the string(s) should never appear and the rule is violated if they do; atMostOnce: the string(s) should appear zero or one times and the rule is violated if they appear more; exactlyOnce: the string(s) should appear once and the rule is violated if they appear more; atLeastOnce: the string(s) should appear one or more times and the rule is violated if they are missing
 
    ignoreWhitespaceFlag: boolean
    Whether or not whitespace within configuration lines is ignored
 
    correction: string
    A literal line to apply as a correction when the subject pattern is not matched as required; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
 
    pattern: string*
    The regular expression for matching a line within the domain; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
 
    comparisonCriteria: [
      How the values within a line are compared
 
       #ComparisonCriteriaDTO
    ]*
}

{
    caseSensitiveFlag: boolean
    Whether or not string matching is case sensitive
 
    frequency: string*
    How many times the specified string(s) can appear within the domain: notAtAll: the string(s) should never appear and the rule is violated if they do; atMostOnce: the string(s) should appear zero or one times and the rule is violated if they appear more; exactlyOnce: the string(s) should appear once and the rule is violated if they appear more; atLeastOnce: the string(s) should appear one or more times and the rule is violated if they are missing
 
    ignoreWhitespaceFlag: boolean
    Whether or not whitespace within configuration lines is ignored
 
    correction: string
    A literal line to apply as a correction when the subject pattern is not matched as required; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
 
    pattern: string*
    The regular expression for matching a line within the domain; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
}

{
    caseSensitiveFlag: boolean
    Whether or not string matching is case sensitive
 
    frequency: string*
    How many times the specified string(s) can appear within the domain: notAtAll: the string(s) should never appear and the rule is violated if they do; atMostOnce: the string(s) should appear zero or one times and the rule is violated if they appear more; exactlyOnce: the string(s) should appear once and the rule is violated if they appear more; atLeastOnce: the string(s) should appear one or more times and the rule is violated if they are missing
 
    ignoreWhitespaceFlag: boolean
    Whether or not whitespace within configuration lines is ignored
 
    combinedWithAndFlag: boolean
    Whether or not the patterns are combined with the AND operation (true; pattern one AND pattern two AND pattern three, and so on) or with the OR operation (false; pattern one OR pattern two OR pattern three, and so on)
 
    contiguousFlag: boolean
    Whether or not any other non-matching lines from the configuration are allowed to appear interspersed within the matched subject lines
 
    corrections: [
      The literal lines to apply as corrections when the subject patterns are not matched as required; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
 
      string
    ]
 
    forceAllCorrectionsFlag: boolean
    When true, every correction line is applied if any of the patterns is violated; when false, only the correction line that corresponds positionally to the failed pattern is applied
 
    orderedFlag: boolean
    Whether or not the patterns are matched in order
 
    patterns: [
      The regular expressions to match within the configuration; (in the order the lines are to appear, when the orderedFlag is set); any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
 
      string
    ]*
}

{
    caseSensitiveFlag: boolean
    Whether or not string comparisons are case sensitive
 
    compareTo: [
      One or more values that the parsed value will be compared against; the strings are treated as literal text or as regular expressions, depending on the operator
 
      string
    ]*
 
    operatorId: integer*
    How text values are compared; a positive value matches literal text strings; a negative value matches using regular expressions; 4 = Equals; 5 = Does Not Equal; -4 = Matches; -5 = Does Not Match
}