Unable to specify Log Session in Log Setting

Documentation link

https://pan.dev/access/api/prisma-access-config/post-sse-config-v-1-security-rules/

Describe the problem

Inaccuracy/Missing Config: Unable to set Log Session in Log Settings

Description:

In rule base settings, similar to PanOS you have the ability to specify if you want to log:

Session Start
Session End
Both Session Start and Session End

Most default behavior is to only want to log the "Session End", but there are circumstances where you want both or also to log the session start. The API call to create or edit a Security Rule does not allow you the ability to make those changes or pass those values. At least in the documents and when I pull the rules from my configurations. Example:

My adjusted JSON response pulling a list of rules:

{
    "Remote Networks": {
        "pre": {
            "6d34a8b1-4b21-4a03-8693-934e116f5d05": {
                "id": "6d34a8b1-4b21-4a03-8693-934e116f5d05",
                "name": "test-from-api-post-2",
                "folder": "Remote Networks",
                "position": "pre",
                "action": "allow",
                "source_hip": [
                    "any"
                ],
                "destination_hip": [
                    "any"
                ],
                "from": [
                    "any"
                ],
                "source_user": [
                    "any"
                ],
                "category": [
                    "any"
                ],
                "application": [
                    "any"
                ],
                "service": [
                    "application-default"
                ],
                "log_setting": "Cortex Data Lake",
                "destination": [
                    "any"
                ],
                "disabled": false,
                "negate_destination": false,
                "negate_source": false,
                "source": [
                    "any"
                ],
                "to": [
                    "any"
                ]
            }
        }
    }
}

This is formatted directly from the list (the above is how I reformat to help navigate through the rules (it would be much more helpful if there was a numerical value of where the rule is located so a new rule can be inserted or moved around in this case I can only use the UUID of the rule as the placement as even though your list is done in order there is no way I can reference the listed order to insert or move rules around via the API; at least from the docs or what I can tell).

{
    "data": [
        {
            "id": "6d34a8b1-4b21-4a03-8693-934e116f5d05",
            "name": "test-from-api-post-2",
            "folder": "Remote Networks",
            "position": "pre",
            "action": "allow",
            "source_hip": [
                "any"
            ],
            "destination_hip": [
                "any"
            ],
            "from": [
                "any"
            ],
            "source_user": [
                "any"
            ],
            "category": [
                "any"
            ],
            "application": [
                "any"
            ],
            "service": [
                "application-default"
            ],
            "log_setting": "Cortex Data Lake",
            "destination": [
                "any"
            ],
            "disabled": false,
            "negate_destination": false,
            "negate_source": false,
            "source": [
                "any"
            ],
            "to": [
                "any"
            ]
        }
    ],
    "offset": 0,
    "total": 22,
    "limit": 50
}

Either way does not show you the Session Action nor allows you to enter the session action. This also leads to a question as to why can we not adjust or override the default behavior of the

Suggested fix

Add field to be able to make this adjustment that is required when a log setting is set. Or specify that if it is not sent then the default is Session End log.

PaloAltoNetworks / pan.dev