NeuralWall Rules Kit

Understanding the formats

How a profile is structured, and why it is published in several formats derived from a single source.

One source, many renderings

Each profile has a single source of truth, validated against a schema. Every published format (Machine, Human, AI/RAG, YAML) is a reproducible rendering of it — never hand-authored. This guarantees no divergence ("zero drift"): fixing the source regenerates all renderings.

source machine.jsonhuman.mdrag.mdfiche.yaml

Published formats

machine.json · For tools & pipelines

Machine (JSON)

Complete structured representation of the profile, faithful to the schema. Meant for automation and programmatic ingestion.

human.md · For readers

Human (Markdown)

Readable rendering (rule tables, threat model, sources) in the chosen language. This is what you read on a profile page.

rag.md · For LLMs

AI / RAG (Markdown)

Variant optimized for retrieval-augmented generation (RAG): compact narrative, MITRE and threat model surfaced for grounding.

fiche.yaml · For archival & review

YAML

Canonical YAML export of the source, under CC-BY-4.0. Readable, diff-able, verifiable.

Anatomy of a profile

Identifiers and enumerations are code (snake_case, never translated). Only prose (title, description, rationale) is multilingual.

Field Purpose
schema_version Ingestion contract (schema) version. Distinct from the content version.
id Stable profile identifier (snake_case).
version Semantic version of the profile content.
trust_tier Trust tier: community | reviewed | verified.
title / description Multilingual prose ({fr, en}) — the what and the why.
mitre_attack[] Authored MITRE ATT&CK techniques (never inferred).
threat_model Summary, attacker goal, key controls — human expertise.
rules[] The rules: application (L7), zones, action, security profiles, decryption, logging.
references[] Provenance: the only place a vendor/product and its official URL may appear.

Trust tiers

Each profile carries a trust tier, weighted at ingestion by downstream engines. It is the first line of defense against poisoning.

community Unreviewed contribution.
reviewed Reviewed by a maintainer.
verified Validated by an authoritative source.

Principles

  • Vendor-agnostic: normative content names no brand (we identify the L7 application, not a product).
  • Enumerations in snake_case, never translated; only prose is multilingual.
  • Enumerations belong to a shared control taxonomy.
  • Content under CC-BY-4.0; contributions attested via DCO (git commit -s).

Going further