Viewing docs for pulumi-resource-zia v1.3.8
published on Friday, Mar 13, 2026 by Zscaler
published on Friday, Mar 13, 2026 by Zscaler
Viewing docs for pulumi-resource-zia v1.3.8
published on Friday, Mar 13, 2026 by Zscaler
published on Friday, Mar 13, 2026 by Zscaler
The zia_sandbox_rules resource manages sandbox policy rules in the Zscaler Internet Access (ZIA) cloud service. Sandbox rules define actions for file analysis based on criteria such as locations, departments, groups, users, and file types.
For more information, see the ZIA Cloud Sandbox documentation.
Example Usage
Basic Sandbox Rule
Example coming soon!
Example coming soon!
Example coming soon!
import * as zia from "@bdzscaler/pulumi-zia";
const example = new zia.SandboxRule("example", {
name: "Example Sandbox Rule",
description: "Block suspicious file types",
order: 1,
state: "ENABLED",
baRuleAction: "ALLOW",
fileTypes: ["ALL_OUTBOUND"],
protocols: ["FTP_RULE", "SSL_RULE", "FOHTTP_RULE", "HTTP_PROXY"],
});
import zscaler_pulumi_zia as zia
example = zia.SandboxRule("example",
name="Example Sandbox Rule",
description="Block suspicious file types",
order=1,
state="ENABLED",
ba_rule_action="ALLOW",
file_types=["ALL_OUTBOUND"],
protocols=["FTP_RULE", "SSL_RULE", "FOHTTP_RULE", "HTTP_PROXY"],
)
resources:
example:
type: zia:SandboxRule
properties:
name: Example Sandbox Rule
description: Block suspicious file types
order: 1
state: ENABLED
baRuleAction: ALLOW
fileTypes:
- ALL_OUTBOUND
protocols:
- FTP_RULE
- SSL_RULE
- FOHTTP_RULE
- HTTP_PROXY
Create SandboxRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new SandboxRule(name: string, args: SandboxRuleArgs, opts?: CustomResourceOptions);@overload
def SandboxRule(resource_name: str,
args: SandboxRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def SandboxRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
name: Optional[str] = None,
order: Optional[int] = None,
location_groups: Optional[Sequence[int]] = None,
locations: Optional[Sequence[int]] = None,
description: Optional[str] = None,
file_types: Optional[Sequence[str]] = None,
first_time_enable: Optional[bool] = None,
first_time_operation: Optional[str] = None,
groups: Optional[Sequence[int]] = None,
labels: Optional[Sequence[int]] = None,
ba_policy_categories: Optional[Sequence[str]] = None,
departments: Optional[Sequence[int]] = None,
ml_action_enabled: Optional[bool] = None,
by_threat_score: Optional[int] = None,
ba_rule_action: Optional[str] = None,
protocols: Optional[Sequence[str]] = None,
rank: Optional[int] = None,
state: Optional[str] = None,
url_categories: Optional[Sequence[str]] = None,
users: Optional[Sequence[int]] = None,
zpa_app_segments: Optional[Sequence[ZPAAppSegmentInputArgs]] = None)func NewSandboxRule(ctx *Context, name string, args SandboxRuleArgs, opts ...ResourceOption) (*SandboxRule, error)public SandboxRule(string name, SandboxRuleArgs args, CustomResourceOptions? opts = null)
public SandboxRule(String name, SandboxRuleArgs args)
public SandboxRule(String name, SandboxRuleArgs args, CustomResourceOptions options)
type: zia:SandboxRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SandboxRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SandboxRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SandboxRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SandboxRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SandboxRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var sandboxRuleResource = new Zia.SandboxRule("sandboxRuleResource", new()
{
Name = "string",
Order = 0,
LocationGroups = new[]
{
0,
},
Locations = new[]
{
0,
},
Description = "string",
FileTypes = new[]
{
"string",
},
FirstTimeEnable = false,
FirstTimeOperation = "string",
Groups = new[]
{
0,
},
Labels = new[]
{
0,
},
BaPolicyCategories = new[]
{
"string",
},
Departments = new[]
{
0,
},
MlActionEnabled = false,
ByThreatScore = 0,
BaRuleAction = "string",
Protocols = new[]
{
"string",
},
Rank = 0,
State = "string",
UrlCategories = new[]
{
"string",
},
Users = new[]
{
0,
},
ZpaAppSegments = new[]
{
new Zia.Inputs.ZPAAppSegmentInputArgs
{
ExternalId = "string",
Name = "string",
},
},
});
example, err := zia.NewSandboxRule(ctx, "sandboxRuleResource", &zia.SandboxRuleArgs{
Name: pulumi.String("string"),
Order: pulumi.Int(0),
LocationGroups: pulumi.IntArray{
pulumi.Int(0),
},
Locations: pulumi.IntArray{
pulumi.Int(0),
},
Description: pulumi.String("string"),
FileTypes: pulumi.StringArray{
pulumi.String("string"),
},
FirstTimeEnable: pulumi.Bool(false),
FirstTimeOperation: pulumi.String("string"),
Groups: pulumi.IntArray{
pulumi.Int(0),
},
Labels: pulumi.IntArray{
pulumi.Int(0),
},
BaPolicyCategories: pulumi.StringArray{
pulumi.String("string"),
},
Departments: pulumi.IntArray{
pulumi.Int(0),
},
MlActionEnabled: pulumi.Bool(false),
ByThreatScore: pulumi.Int(0),
BaRuleAction: pulumi.String("string"),
Protocols: pulumi.StringArray{
pulumi.String("string"),
},
Rank: pulumi.Int(0),
State: pulumi.String("string"),
UrlCategories: pulumi.StringArray{
pulumi.String("string"),
},
Users: pulumi.IntArray{
pulumi.Int(0),
},
ZpaAppSegments: pulumizia.ZPAAppSegmentInputArray{
&pulumizia.ZPAAppSegmentInputArgs{
ExternalId: pulumi.String("string"),
Name: pulumi.String("string"),
},
},
})
var sandboxRuleResource = new SandboxRule("sandboxRuleResource", SandboxRuleArgs.builder()
.name("string")
.order(0)
.locationGroups(0)
.locations(0)
.description("string")
.fileTypes("string")
.firstTimeEnable(false)
.firstTimeOperation("string")
.groups(0)
.labels(0)
.baPolicyCategories("string")
.departments(0)
.mlActionEnabled(false)
.byThreatScore(0)
.baRuleAction("string")
.protocols("string")
.rank(0)
.state("string")
.urlCategories("string")
.users(0)
.zpaAppSegments(ZPAAppSegmentInputArgs.builder()
.externalId("string")
.name("string")
.build())
.build());
sandbox_rule_resource = zia.SandboxRule("sandboxRuleResource",
name="string",
order=0,
location_groups=[0],
locations=[0],
description="string",
file_types=["string"],
first_time_enable=False,
first_time_operation="string",
groups=[0],
labels=[0],
ba_policy_categories=["string"],
departments=[0],
ml_action_enabled=False,
by_threat_score=0,
ba_rule_action="string",
protocols=["string"],
rank=0,
state="string",
url_categories=["string"],
users=[0],
zpa_app_segments=[{
"external_id": "string",
"name": "string",
}])
const sandboxRuleResource = new zia.SandboxRule("sandboxRuleResource", {
name: "string",
order: 0,
locationGroups: [0],
locations: [0],
description: "string",
fileTypes: ["string"],
firstTimeEnable: false,
firstTimeOperation: "string",
groups: [0],
labels: [0],
baPolicyCategories: ["string"],
departments: [0],
mlActionEnabled: false,
byThreatScore: 0,
baRuleAction: "string",
protocols: ["string"],
rank: 0,
state: "string",
urlCategories: ["string"],
users: [0],
zpaAppSegments: [{
externalId: "string",
name: "string",
}],
});
type: zia:SandboxRule
properties:
baPolicyCategories:
- string
baRuleAction: string
byThreatScore: 0
departments:
- 0
description: string
fileTypes:
- string
firstTimeEnable: false
firstTimeOperation: string
groups:
- 0
labels:
- 0
locationGroups:
- 0
locations:
- 0
mlActionEnabled: false
name: string
order: 0
protocols:
- string
rank: 0
state: string
urlCategories:
- string
users:
- 0
zpaAppSegments:
- externalId: string
name: string
SandboxRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The SandboxRule resource accepts the following input properties:
- Name string
- The name of the sandbox rule. Must be unique.
- Order int
- The order of execution of the rule with respect to other sandbox rules.
- Ba
Policy List<string>Categories - List of behavioral analysis policy categories.
- Ba
Rule stringAction - The action applied when the rule is matched. Valid values:
ALLOW,BLOCK,QUARANTINE. - By
Threat intScore - Threat score threshold for the rule. Files with a score above this value trigger the action.
- Departments List<int>
- IDs of departments to which the rule applies.
- Description string
- Additional information about the sandbox rule.
- File
Types List<string> - List of file types for which the rule applies (e.g.,
ALL_OUTBOUND,EXE,DLL). - First
Time boolEnable - If set to true, a first-time action is enabled.
- First
Time stringOperation - The action for first-time file downloads. Valid values:
ALLOW_SCAN,QUARANTINE. - Groups List<int>
- IDs of groups to which the rule applies.
- Labels List<int>
- IDs of labels associated with the rule.
- Location
Groups List<int> - IDs of location groups to which the rule applies.
- Locations List<int>
- IDs of locations to which the rule applies.
- Ml
Action boolEnabled - If set to true, machine learning-based analysis action is enabled.
- Protocols List<string>
- Protocols to which the rule applies. Valid values:
FTP_RULE,SSL_RULE,FOHTTP_RULE,HTTP_PROXY. - Rank int
- Admin rank of the sandbox policy rule. Valid values: 0-7. Default: 7.
- State string
- Rule state. Valid values:
ENABLED,DISABLED. - Url
Categories List<string> - List of URL categories to which the rule applies.
- Users List<int>
- IDs of users to which the rule applies.
- Zpa
App List<zscaler.Segments Pulumi Package. Zia. Inputs. ZPAApp Segment Input> - List of ZPA application segments to which the rule applies.
- Name string
- The name of the sandbox rule. Must be unique.
- Order int
- The order of execution of the rule with respect to other sandbox rules.
- Ba
Policy []stringCategories - List of behavioral analysis policy categories.
- Ba
Rule stringAction - The action applied when the rule is matched. Valid values:
ALLOW,BLOCK,QUARANTINE. - By
Threat intScore - Threat score threshold for the rule. Files with a score above this value trigger the action.
- Departments []int
- IDs of departments to which the rule applies.
- Description string
- Additional information about the sandbox rule.
- File
Types []string - List of file types for which the rule applies (e.g.,
ALL_OUTBOUND,EXE,DLL). - First
Time boolEnable - If set to true, a first-time action is enabled.
- First
Time stringOperation - The action for first-time file downloads. Valid values:
ALLOW_SCAN,QUARANTINE. - Groups []int
- IDs of groups to which the rule applies.
- Labels []int
- IDs of labels associated with the rule.
- Location
Groups []int - IDs of location groups to which the rule applies.
- Locations []int
- IDs of locations to which the rule applies.
- Ml
Action boolEnabled - If set to true, machine learning-based analysis action is enabled.
- Protocols []string
- Protocols to which the rule applies. Valid values:
FTP_RULE,SSL_RULE,FOHTTP_RULE,HTTP_PROXY. - Rank int
- Admin rank of the sandbox policy rule. Valid values: 0-7. Default: 7.
- State string
- Rule state. Valid values:
ENABLED,DISABLED. - Url
Categories []string - List of URL categories to which the rule applies.
- Users []int
- IDs of users to which the rule applies.
- Zpa
App []ZPAAppSegments Segment Input Args - List of ZPA application segments to which the rule applies.
- name String
- The name of the sandbox rule. Must be unique.
- order Integer
- The order of execution of the rule with respect to other sandbox rules.
- ba
Policy List<String>Categories - List of behavioral analysis policy categories.
- ba
Rule StringAction - The action applied when the rule is matched. Valid values:
ALLOW,BLOCK,QUARANTINE. - by
Threat IntegerScore - Threat score threshold for the rule. Files with a score above this value trigger the action.
- departments List<Integer>
- IDs of departments to which the rule applies.
- description String
- Additional information about the sandbox rule.
- file
Types List<String> - List of file types for which the rule applies (e.g.,
ALL_OUTBOUND,EXE,DLL). - first
Time BooleanEnable - If set to true, a first-time action is enabled.
- first
Time StringOperation - The action for first-time file downloads. Valid values:
ALLOW_SCAN,QUARANTINE. - groups List<Integer>
- IDs of groups to which the rule applies.
- labels List<Integer>
- IDs of labels associated with the rule.
- location
Groups List<Integer> - IDs of location groups to which the rule applies.
- locations List<Integer>
- IDs of locations to which the rule applies.
- ml
Action BooleanEnabled - If set to true, machine learning-based analysis action is enabled.
- protocols List<String>
- Protocols to which the rule applies. Valid values:
FTP_RULE,SSL_RULE,FOHTTP_RULE,HTTP_PROXY. - rank Integer
- Admin rank of the sandbox policy rule. Valid values: 0-7. Default: 7.
- state String
- Rule state. Valid values:
ENABLED,DISABLED. - url
Categories List<String> - List of URL categories to which the rule applies.
- users List<Integer>
- IDs of users to which the rule applies.
- zpa
App List<ZPAAppSegments Segment Input> - List of ZPA application segments to which the rule applies.
- name string
- The name of the sandbox rule. Must be unique.
- order number
- The order of execution of the rule with respect to other sandbox rules.
- ba
Policy string[]Categories - List of behavioral analysis policy categories.
- ba
Rule stringAction - The action applied when the rule is matched. Valid values:
ALLOW,BLOCK,QUARANTINE. - by
Threat numberScore - Threat score threshold for the rule. Files with a score above this value trigger the action.
- departments number[]
- IDs of departments to which the rule applies.
- description string
- Additional information about the sandbox rule.
- file
Types string[] - List of file types for which the rule applies (e.g.,
ALL_OUTBOUND,EXE,DLL). - first
Time booleanEnable - If set to true, a first-time action is enabled.
- first
Time stringOperation - The action for first-time file downloads. Valid values:
ALLOW_SCAN,QUARANTINE. - groups number[]
- IDs of groups to which the rule applies.
- labels number[]
- IDs of labels associated with the rule.
- location
Groups number[] - IDs of location groups to which the rule applies.
- locations number[]
- IDs of locations to which the rule applies.
- ml
Action booleanEnabled - If set to true, machine learning-based analysis action is enabled.
- protocols string[]
- Protocols to which the rule applies. Valid values:
FTP_RULE,SSL_RULE,FOHTTP_RULE,HTTP_PROXY. - rank number
- Admin rank of the sandbox policy rule. Valid values: 0-7. Default: 7.
- state string
- Rule state. Valid values:
ENABLED,DISABLED. - url
Categories string[] - List of URL categories to which the rule applies.
- users number[]
- IDs of users to which the rule applies.
- zpa
App ZPAAppSegments Segment Input[] - List of ZPA application segments to which the rule applies.
- name str
- The name of the sandbox rule. Must be unique.
- order int
- The order of execution of the rule with respect to other sandbox rules.
- ba_
policy_ Sequence[str]categories - List of behavioral analysis policy categories.
- ba_
rule_ straction - The action applied when the rule is matched. Valid values:
ALLOW,BLOCK,QUARANTINE. - by_
threat_ intscore - Threat score threshold for the rule. Files with a score above this value trigger the action.
- departments Sequence[int]
- IDs of departments to which the rule applies.
- description str
- Additional information about the sandbox rule.
- file_
types Sequence[str] - List of file types for which the rule applies (e.g.,
ALL_OUTBOUND,EXE,DLL). - first_
time_ boolenable - If set to true, a first-time action is enabled.
- first_
time_ stroperation - The action for first-time file downloads. Valid values:
ALLOW_SCAN,QUARANTINE. - groups Sequence[int]
- IDs of groups to which the rule applies.
- labels Sequence[int]
- IDs of labels associated with the rule.
- location_
groups Sequence[int] - IDs of location groups to which the rule applies.
- locations Sequence[int]
- IDs of locations to which the rule applies.
- ml_
action_ boolenabled - If set to true, machine learning-based analysis action is enabled.
- protocols Sequence[str]
- Protocols to which the rule applies. Valid values:
FTP_RULE,SSL_RULE,FOHTTP_RULE,HTTP_PROXY. - rank int
- Admin rank of the sandbox policy rule. Valid values: 0-7. Default: 7.
- state str
- Rule state. Valid values:
ENABLED,DISABLED. - url_
categories Sequence[str] - List of URL categories to which the rule applies.
- users Sequence[int]
- IDs of users to which the rule applies.
- zpa_
app_ Sequence[ZPAAppsegments Segment Input Args] - List of ZPA application segments to which the rule applies.
- name String
- The name of the sandbox rule. Must be unique.
- order Number
- The order of execution of the rule with respect to other sandbox rules.
- ba
Policy List<String>Categories - List of behavioral analysis policy categories.
- ba
Rule StringAction - The action applied when the rule is matched. Valid values:
ALLOW,BLOCK,QUARANTINE. - by
Threat NumberScore - Threat score threshold for the rule. Files with a score above this value trigger the action.
- departments List<Number>
- IDs of departments to which the rule applies.
- description String
- Additional information about the sandbox rule.
- file
Types List<String> - List of file types for which the rule applies (e.g.,
ALL_OUTBOUND,EXE,DLL). - first
Time BooleanEnable - If set to true, a first-time action is enabled.
- first
Time StringOperation - The action for first-time file downloads. Valid values:
ALLOW_SCAN,QUARANTINE. - groups List<Number>
- IDs of groups to which the rule applies.
- labels List<Number>
- IDs of labels associated with the rule.
- location
Groups List<Number> - IDs of location groups to which the rule applies.
- locations List<Number>
- IDs of locations to which the rule applies.
- ml
Action BooleanEnabled - If set to true, machine learning-based analysis action is enabled.
- protocols List<String>
- Protocols to which the rule applies. Valid values:
FTP_RULE,SSL_RULE,FOHTTP_RULE,HTTP_PROXY. - rank Number
- Admin rank of the sandbox policy rule. Valid values: 0-7. Default: 7.
- state String
- Rule state. Valid values:
ENABLED,DISABLED. - url
Categories List<String> - List of URL categories to which the rule applies.
- users List<Number>
- IDs of users to which the rule applies.
- zpa
App List<Property Map>Segments - List of ZPA application segments to which the rule applies.
Outputs
All input properties are implicitly available as output properties. Additionally, the SandboxRule resource produces the following output properties:
Supporting Types
ZPAAppSegmentInput, ZPAAppSegmentInputArgs
- External
Id string - Name string
- External
Id string - Name string
- external
Id String - name String
- external
Id string - name string
- external_
id str - name str
- external
Id String - name String
Import
An existing Sandbox Rule can be imported using its resource ID, e.g.
$ pulumi import zia:index:SandboxRule example 12345
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- zia zscaler/pulumi-zia
- License
Viewing docs for pulumi-resource-zia v1.3.8
published on Friday, Mar 13, 2026 by Zscaler
published on Friday, Mar 13, 2026 by Zscaler
