* [Blog](https://origin-researchcenter.paloaltonetworks.com/blog)
* [Cloud Security](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/)
* [Cloud Computing](https://origin-researchcenter.paloaltonetworks.com/blog/category/cloud-computing-2/)
* JSON Preview Helps Build ...

# JSON Preview Helps Build Custom Policies in RQL Faster Than Ever

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fjson-preview%2F)  
[](https://twitter.com/share?text=JSON+Preview+Helps+Build+Custom+Policies+in+RQL+Faster+Than+Ever&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fjson-preview%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fjson-preview%2F&title=JSON+Preview+Helps+Build+Custom+Policies+in+RQL+Faster+Than+Ever&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/json-preview/&ts=markdown)  
\[\](mailto:?subject=JSON Preview Helps Build Custom Policies in RQL Faster Than Ever)  
Link copied  
By [Young Lee](https://www.paloaltonetworks.com/blog/author/young-lee/?ts=markdown "Posts by Young Lee")  
Jul 07, 2021  
4 minutes  
[Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown)  
[Cloud Posture Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security-posture-management/?ts=markdown)  
[JSON](https://www.paloaltonetworks.com/blog/tag/json/?ts=markdown)  
[RQL](https://www.paloaltonetworks.com/blog/tag/rql/?ts=markdown)

As more and more companies expand their cloud footprints, it gradually becomes harder to [maintain visibility and compliance](https://www.paloaltonetworks.com/prisma/cloud/visibility-compliance-governance) across their whole environments. Coupled with the fact that cloud service providers are constantly adding new services and updating existing ones, scaling one's cloud security strategy becomes a massive challenge. This is originally why Prisma Cloud developed [Resource Query Language (RQL)](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-rql-reference/rql-reference/rql).

## What is RQL?

RQL is a proprietary language designed with the goal of allowing anyone---including those without any particular programming experience---to quickly and easily build custom policies that act as guardrails for your cloud environment. Behind every compliance standard is a set of policies, and behind every policy is an RQL query: it acts as the underlying engine that drives Prisma Cloud's misconfiguration detection capabilities.

For those familiar with databases, RQL is similar to Structured Query Language, or SQL, a set of conditions that match on a particular combination of data within your cloud environment (the "data" here referring to your cloud resources' configuration data). All configuration data ingested by Prisma Cloud is in JSON format, allowing for a simple and standardized way for RQL to match data on. By matching on the particular configurations you want to monitor, you can ensure that your resources will be continuously monitored by Prisma Cloud for security violations.

## Introducing JSON Preview

Starting with our 21.6.2 release, Prisma Cloud users will be able to create custom policies and begin investigating incidents even more quickly using our fast and intuitive JSON Preview. While we already offer a robust, context-aware auto-suggestion mechanism to guide users through creating an RQL query today, it became challenging to remember which parts of a resource's JSON were relevant, especially when there are so many APIs and services across multiple cloud service providers. This new feature makes the query building process dramatically easier by simply showing you a preview of the entire JSON schema as you craft your query.

To get started, login to Prisma Cloud and navigate to the Investigate page. Turn on the JSON Preview toggle and begin creating a Config RQL query. When you get to the JSON rule, you will see a preview depending on the API that you've chosen:
![The preview will show up in lieu of the classic autosuggestions when the toggle is enabled and the RQL query needs a JSON path as its next input.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/07/word-image.png)
The preview will show up in lieu of the classic autosuggestions when the toggle is enabled and the RQL query needs a JSON path as its next input.

You can explore the JSON schema visually by scrolling through the preview. All attributes are sorted alphabetically. You can also minimize, maximize any sections by clicking on the chevron icons. Hover over any attribute of the preview to see what the corresponding JSON path will look like:
![Hovering over an attribute will show a preview of the JSON path that will be appended to the RQL query.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/07/word-image-1.png)
Hovering over an attribute will show a preview of the JSON path that will be appended to the RQL query.

If you're looking for a specific attribute, you can use the search bar in the JSON Preview to filter by matches only, including attributes that may be nested within other ones:
![Use the search bar to locate attributes quickly and easily.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/07/word-image-2.png)
Use the search bar to locate attributes quickly and easily.

Once you've found the path that you want, click on the attribute to automatically append the correct path to your RQL query:
![Once the path is selected, you can continue to build your RQL query using the classic autosuggestions.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/07/word-image-3.png)
Once the path is selected, you can continue to build your RQL query using the classic autosuggestions.

And just like that, you have built your first RQL query without ever having to look through an example resource configuration file.

The feature also works for chaining together multiple JSON paths:
![In general, the JSON Preview will automatically display whenever a JSON path is needed next in the RQL query.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/07/word-image-4.png)
In general, the JSON Preview will automatically display whenever a JSON path is needed next in the RQL query.

Lastly, JSON Preview works for complex Join queries referencing multiple APIs, and the correct API will automatically be chosen for the preview:
![The JSON Preview is context-aware and works for multi-API join queries.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/07/word-image-5.png)
The JSON Preview is context-aware and works for multi-API join queries.

## The Future of RQL

The JSON Preview is the first of many steps in improving the query building experience. For example, support for more complex nested array rules, functions, and descriptions of what each attribute means in context are all planned enhancements for the RQL building experience. Our ultimate goal is to enable all users---no matter their technical backgrounds---to be able to create the necessary policy guardrails to maintain their security posture and investigate critical incidents happening in their cloud environments.

Want to try Prisma Cloud? [Request a trial today](https://www.paloaltonetworks.com/prisma/request-a-prisma-cloud-trial) to start securing your cloud environments.

*** ** * ** ***

## Related Blogs

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Cloud Posture Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security-posture-management/?ts=markdown), [Data Security](https://www.paloaltonetworks.com/blog/category/data-security/?ts=markdown)

[#### New Capabilities Scan for Sensitive and Publicly Exposed Data](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/scan-sensitive-and-publicly-exposed-data/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Cloud Posture Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security-posture-management/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown)

[#### How to Set Up Prisma Cloud Threat Detection in 6 Steps](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/how-to-set-up-prisma-cloud-threat-detection/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Cloud Posture Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security-posture-management/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown)

[#### Prisma Cloud Support for Docker DISA STIG](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/support-for-docker-disa-stig/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Cloud Posture Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security-posture-management/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown)

[#### Unveiling a Comprehensive Attack Explorer for Cloud Native Apps](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/comprehensive-attack-explorer-for-cloud-native-apps/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Cloud Infrastructure Entitlement Management](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-infrastructure-entitlement-management/?ts=markdown), [Cloud Posture Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security-posture-management/?ts=markdown)

[#### Why IAM Security Must Be an Essential Component of CSPM](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/iam-security-essential-cspm/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Cloud Posture Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security-posture-management/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown)

[#### 5 Common Causes for Cloud Storage Breaches](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/causes-cloud-storage-breaches/)

### Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language