diff --git a/.gitignore b/.gitignore
index 0ed53e7..c463b7b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,6 +2,7 @@
 /swagger_go.json
 /.env
 *.out
+/waf
 
 *.dll
 *.exe
diff --git a/UPDATING_OPENAPI_JSON.md b/UPDATING_OPENAPI_JSON.md
index 0103bcb..71800bc 100644
--- a/UPDATING_OPENAPI_JSON.md
+++ b/UPDATING_OPENAPI_JSON.md
@@ -6,15 +6,12 @@ This project uses a modified `openapi.json`. Please maintain these instructions
 
 1. Take the latest `openapi-external.json` from [netlify/bitballoon-openapi](https://github.dev/netlify/bitballoon-openapi/blob/main/openapi-external.json).
 1. Remove the billing_details property from the `Account` object (also from the `required` array).
-1. Fix the type of `Repo.base_rel_dir` to `boolean`.
 1. Remove all required properties from the `Repo` object (manual builds).
 1. Remove the `domain` property from the `required` array of the `DnsZone` object.
 1. Remove the `values`, `scopes` and `is_secret` parameters from the `updateEnvVar` operation.
 1. Add a request body schema to the `updateEnvVar` operation, by copying it from an earlier version of the `openapi.json`.
 1. Remove `scopes` from the `required` array of the `updateEnvVar` operation request body.
 1. Remove `scopes` from the `required` array of the `EnvVar` object.
-1. Add a `package_path` property of type `string` to the `Repo` object.
-1. Add a `branch` property of type `string` to the `Repo` object.
 1. Add a `functions_region` property of type `string` to the `Site` object.
 1. Add a `cdp_enabled_contexts` property of type `array` of `string`s to the `Site` object.
 1. Add a `hud_enabled` property of type `boolean` to the `Site` object.
@@ -23,12 +20,11 @@ This project uses a modified `openapi.json`. Please maintain these instructions
 1. Change the type of `LogDrain.id` to `string`.
 1. Add the various `log_drains` paths from `bitballoon-openapi`'s `openapi.json` file.
 1. Remove the required properties from the `LogDrainServiceConfig` object.
-1. Add properties to the `LogDrainServiceConfig` object, by copying it from an earlier version of the `openapi.json`.
 1. Change the request body of the `Log Drains-update` operation to use the `LogDrain` object (copy from `Log Drains-create`).
 1. Add the various `firewall_rule_set` paths from `bitballoon-openapi`'s `openapi.json` file (NOTE: both site and account level).
 1. Replace the response body of the `getAccountFirewallRuleSet` operation to use the `SiteFirewallConfig` object.
 1. Replace the request body of the `updateAccountFirewallRuleSet` operation to use the `SiteFirewallConfig` object.
-1. Renamed the `unpublished_rules` and `published_rules` properties to `unpublished` and `published` in the `SiteFirewallConfig` object, also in the required properties array.
 1. Add a `rum_enabled` property of type `boolean` to the `Site` object.
 1. Add a `rum_enabled` property of type `boolean` to the `PartialSite` object.
 1. Add an `analytics_instance_id` property of type `string` to the `Site` object.
+1. Add the various WAF paths and schemas, by copying them from an earlier version of the `openapi.json`.
diff --git a/docs/data-sources/managed_waf_rules.md b/docs/data-sources/managed_waf_rules.md
new file mode 100644
index 0000000..9498065
--- /dev/null
+++ b/docs/data-sources/managed_waf_rules.md
@@ -0,0 +1,61 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "netlify_managed_waf_rules Data Source - netlify"
+subcategory: ""
+description: |-
+  Netlify managed WAF rule sets. This should be used when defining a WAF policy (netlify_waf_policy).
+---
+
+# netlify_managed_waf_rules (Data Source)
+
+Netlify managed WAF rule sets. This should be used when defining a WAF policy (netlify_waf_policy).
+
+## Example Usage
+
+```terraform
+# Read-only definitions of all managed WAF rules available in Netlify.
+# The team ID is required to query the rules.
+data "netlify_managed_waf_rules" "example" {
+  team_id = "6600abcdef1234567890abcd"
+}
+```
+
+
+## Schema
+
+### Required
+
+- `team_id` (String)
+
+### Read-Only
+
+- `rule_sets` (Attributes Map) (see [below for nested schema](#nestedatt--rule_sets))
+
+
+### Nested Schema for `rule_sets`
+
+Read-Only:
+
+- `definition` (Attributes) (see [below for nested schema](#nestedatt--rule_sets--definition))
+- `rules` (Attributes List) (see [below for nested schema](#nestedatt--rule_sets--rules))
+
+
+### Nested Schema for `rule_sets.definition`
+
+Read-Only:
+
+- `id` (String)
+- `type` (String)
+- `version` (String)
+
+
+
+### Nested Schema for `rule_sets.rules`
+
+Read-Only:
+
+- `category` (String)
+- `description` (String)
+- `id` (String)
+- `phase` (String)
+- `severity` (String) notice, warning, error, critical
diff --git a/docs/resources/site_build_settings.md b/docs/resources/site_build_settings.md
index 6048479..f02dc91 100644
--- a/docs/resources/site_build_settings.md
+++ b/docs/resources/site_build_settings.md
@@ -44,6 +44,7 @@ resource "netlify_site_build_settings" "blog" {
 - `package_directory` (String)
 - `pretty_urls` (Boolean)
 - `stop_builds` (Boolean)
+- `waf_policy_id` (String) See more details in the netlify_waf_policy resource.
 
 ### Read-Only
 
diff --git a/docs/resources/waf_policy.md b/docs/resources/waf_policy.md
new file mode 100644
index 0000000..554334d
--- /dev/null
+++ b/docs/resources/waf_policy.md
@@ -0,0 +1,113 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "netlify_waf_policy Resource - netlify"
+subcategory: ""
+description: |-
+  Netlify Web Application Firewall (WAF) policy. Read more https://docs.netlify.com/security/secure-access-to-sites/web-application-firewall/
+---
+
+# netlify_waf_policy (Resource)
+
+Netlify Web Application Firewall (WAF) policy. [Read more](https://docs.netlify.com/security/secure-access-to-sites/web-application-firewall/)
+
+## Example Usage
+
+```terraform
+resource "netlify_waf_policy" "example" {
+  team_id     = data.netlify_team.team.id
+  name        = "Terraform Policy"
+  description = "This is a test policy through Terraform"
+  rule_sets = [
+    {
+      managed_id        = "crs-basic",
+      passive_mode      = true,
+      overall_threshold = 5,
+      category_thresholds = {
+        "fixation" = 8,
+      },
+      rule_overrides = {
+        "920100" = {
+          action = "log_only"
+        }
+      }
+    }
+  ]
+}
+
+# To use this policy in a site, use the netlify_site_build_settings resource:
+
+resource "netlify_site_build_settings" "example" {
+  # other attributes...
+  waf_policy_id = netlify_waf_policy.example.id
+}
+
+# To dynamically define the rule overrides, you can query netlify_managed_waf_rules to get the rule IDs:
+
+data "netlify_managed_waf_rules" "example" {
+  team_id = "6600abcdef1234567890abcd"
+}
+
+resource "netlify_waf_policy" "example" {
+  team_id     = "66ae34e11a567e9092e3850f"
+  name        = "Terraform Policy"
+  description = "This is a test policy through Terraform"
+  rule_sets = [
+    {
+      managed_id        = "crs-basic",
+      passive_mode      = true,
+      overall_threshold = 5,
+      rule_overrides = {
+        for rule in data.netlify_managed_waf_rules.example.rule_sets["crs-basic"].rules : rule.id => {
+          action = "log_only"
+        } if rule.category == "rce"
+      }
+    }
+  ]
+}
+```
+
+
+## Schema
+
+### Required
+
+- `description` (String)
+- `name` (String)
+- `rule_sets` (Attributes List) (see [below for nested schema](#nestedatt--rule_sets))
+- `team_id` (String)
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+- `last_updated` (String)
+
+
+### Nested Schema for `rule_sets`
+
+Required:
+
+- `managed_id` (String) The managed ID of the rule set. Currently, only crs-basic is supported.
+- `overall_threshold` (Number) Recommended default value is 5
+- `passive_mode` (Boolean)
+
+Optional:
+
+- `category_thresholds` (Map of Number) Thresholds for each category, e.g. fixation, injection-generic, injection-java, injection-php, lfi, protocol, rce, reputation-scanner, rfi, sqli, ssrf, xss
+- `excluded_patterns` (List of String)
+- `rule_overrides` (Attributes Map) (see [below for nested schema](#nestedatt--rule_sets--rule_overrides))
+
+
+### Nested Schema for `rule_sets.rule_overrides`
+
+Required:
+
+- `action` (String) log_only or none
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+# Import a WAF policy by its team ID and the policy ID
+terraform import netlify_waf_policy.main 6600abcdef1234567890abcd:6600abcdef1234567890abcd
+```
diff --git a/examples/data-sources/netlify_managed_waf_rules/data-source.tf b/examples/data-sources/netlify_managed_waf_rules/data-source.tf
new file mode 100644
index 0000000..3ce2be6
--- /dev/null
+++ b/examples/data-sources/netlify_managed_waf_rules/data-source.tf
@@ -0,0 +1,5 @@
+# Read-only definitions of all managed WAF rules available in Netlify.
+# The team ID is required to query the rules.
+data "netlify_managed_waf_rules" "example" {
+  team_id = "6600abcdef1234567890abcd"
+}
diff --git a/examples/resources/netlify_waf_policy/import.sh b/examples/resources/netlify_waf_policy/import.sh
new file mode 100644
index 0000000..c17c9b6
--- /dev/null
+++ b/examples/resources/netlify_waf_policy/import.sh
@@ -0,0 +1,2 @@
+# Import a WAF policy by its team ID and the policy ID
+terraform import netlify_waf_policy.main 6600abcdef1234567890abcd:6600abcdef1234567890abcd
diff --git a/examples/resources/netlify_waf_policy/resource.tf b/examples/resources/netlify_waf_policy/resource.tf
new file mode 100644
index 0000000..41bd049
--- /dev/null
+++ b/examples/resources/netlify_waf_policy/resource.tf
@@ -0,0 +1,51 @@
+resource "netlify_waf_policy" "example" {
+  team_id     = data.netlify_team.team.id
+  name        = "Terraform Policy"
+  description = "This is a test policy through Terraform"
+  rule_sets = [
+    {
+      managed_id        = "crs-basic",
+      passive_mode      = true,
+      overall_threshold = 5,
+      category_thresholds = {
+        "fixation" = 8,
+      },
+      rule_overrides = {
+        "920100" = {
+          action = "log_only"
+        }
+      }
+    }
+  ]
+}
+
+# To use this policy in a site, use the netlify_site_build_settings resource:
+
+resource "netlify_site_build_settings" "example" {
+  # other attributes...
+  waf_policy_id = netlify_waf_policy.example.id
+}
+
+# To dynamically define the rule overrides, you can query netlify_managed_waf_rules to get the rule IDs:
+
+data "netlify_managed_waf_rules" "example" {
+  team_id = "6600abcdef1234567890abcd"
+}
+
+resource "netlify_waf_policy" "example" {
+  team_id     = "66ae34e11a567e9092e3850f"
+  name        = "Terraform Policy"
+  description = "This is a test policy through Terraform"
+  rule_sets = [
+    {
+      managed_id        = "crs-basic",
+      passive_mode      = true,
+      overall_threshold = 5,
+      rule_overrides = {
+        for rule in data.netlify_managed_waf_rules.example.rule_sets["crs-basic"].rules : rule.id => {
+          action = "log_only"
+        } if rule.category == "rce"
+      }
+    }
+  ]
+}
diff --git a/internal/netlifyapi/.openapi-generator/FILES b/internal/netlifyapi/.openapi-generator/FILES
index 0b24711..974ffae 100644
--- a/internal/netlifyapi/.openapi-generator/FILES
+++ b/internal/netlifyapi/.openapi-generator/FILES
@@ -30,6 +30,8 @@ api_sni_certificates.go
 api_snippets.go
 api_split_tests.go
 api_users.go
+api_waf_managed_rules.go
+api_waf_policies.go
 api_work_os_scim.go
 client.go
 configuration.go
@@ -156,6 +158,10 @@ model_key_value_target_config.go
 model_log_drain.go
 model_log_drain_service_config.go
 model_log_drains_verify_request.go
+model_managed_waf_rule_set.go
+model_managed_waf_rule_set_definition.go
+model_managed_waf_rule_set_rules_inner.go
+model_managed_waf_rules.go
 model_member.go
 model_member_committer_match_method.go
 model_mfa_confirmation.go
@@ -228,5 +234,9 @@ model_user_connected_accounts.go
 model_user_questionnaire_params.go
 model_user_signup.go
 model_value_target_config.go
+model_waf_policy.go
+model_waf_policy_rule_override.go
+model_waf_policy_rule_sets_inner.go
+model_waf_policy_update.go
 response.go
 utils.go
diff --git a/internal/netlifyapi/api/openapi.yaml b/internal/netlifyapi/api/openapi.yaml
index 9f9c7b6..ec3f90b 100644
--- a/internal/netlifyapi/api/openapi.yaml
+++ b/internal/netlifyapi/api/openapi.yaml
@@ -5308,6 +5308,195 @@ paths:
       x-internal: "true"
       x-controller: api/v1/accounts
       x-action: update_firewall_rule_set
+  /api/v1/accounts/{account_id}/waf/policies:
+    post:
+      description: Creates a new WAF policy for the account.
+      operationId: createWafPolicy
+      parameters:
+      - description: The ID of the account
+        explode: false
+        in: path
+        name: account_id
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/WafPolicy'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/WafPolicyUpdate'
+          description: WAF Policy created
+      tags:
+      - WAF Policies
+  /api/v1/sites/{site_id}/waf/policy:
+    get:
+      description: Retrieves the WAF policy for the site.
+      operationId: getSiteWafPolicy
+      parameters:
+      - description: The ID of the site
+        explode: false
+        in: path
+        name: site_id
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/WafPolicy'
+          description: WAF Policy retrieved
+        "404":
+          description: WAF Policy not found
+      tags:
+      - WAF Policies
+    put:
+      description: Updates the WAF policy for the site.
+      operationId: updateSiteWafPolicy
+      parameters:
+      - description: The ID of the site
+        explode: false
+        in: path
+        name: site_id
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/WafPolicyUpdate'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json: {}
+          description: WAF Policy updated
+      tags:
+      - WAF Policies
+  /api/v1/accounts/{account_id}/waf/policies/{policy_id}:
+    delete:
+      description: Deletes the WAF policy for the account.
+      operationId: deleteWafPolicy
+      parameters:
+      - description: The ID of the account
+        explode: false
+        in: path
+        name: account_id
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: The ID of the WAF policy
+        explode: false
+        in: path
+        name: policy_id
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "202":
+          content:
+            application/json: {}
+          description: WAF Policy deleted
+      tags:
+      - WAF Policies
+    get:
+      description: Retrieves the WAF policy for the account.
+      operationId: getWafPolicy
+      parameters:
+      - description: The ID of the account
+        explode: false
+        in: path
+        name: account_id
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: The ID of the WAF policy
+        explode: false
+        in: path
+        name: policy_id
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/WafPolicy'
+          description: WAF Policy retrieved
+      tags:
+      - WAF Policies
+    put:
+      description: Updates the WAF policy for the account.
+      operationId: updateWafPolicy
+      parameters:
+      - description: The ID of the account
+        explode: false
+        in: path
+        name: account_id
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: The ID of the WAF policy
+        explode: false
+        in: path
+        name: policy_id
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/WafPolicy'
+        required: true
+      responses:
+        "202":
+          content:
+            application/json: {}
+          description: WAF Policy updated
+      tags:
+      - WAF Policies
+  /api/v1/accounts/{account_id}/waf/managed:
+    get:
+      description: Retrieves the managed WAF rules for the account.
+      operationId: getManagedWafRules
+      parameters:
+      - description: The ID of the account
+        explode: false
+        in: path
+        name: account_id
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ManagedWafRules'
+          description: Managed WAF rules retrieved
+      tags:
+      - WAF Managed Rules
 components:
   schemas:
     AccountBuild:
@@ -11822,6 +12011,112 @@ components:
           type: string
         use_case_something_else:
           type: string
+    WafPolicy:
+      example:
+        name: name
+        description: description
+        rule_sets:
+        - excluded_patterns:
+          - excluded_patterns
+          - excluded_patterns
+          category_thresholds:
+            key: 6
+          overall_threshold: 0
+          passive_mode: true
+          managed_id: managed_id
+          rule_overrides:
+            key:
+              action: action
+        - excluded_patterns:
+          - excluded_patterns
+          - excluded_patterns
+          category_thresholds:
+            key: 6
+          overall_threshold: 0
+          passive_mode: true
+          managed_id: managed_id
+          rule_overrides:
+            key:
+              action: action
+        id: id
+      properties:
+        id:
+          type: string
+        name:
+          type: string
+        description:
+          type: string
+        rule_sets:
+          items:
+            $ref: '#/components/schemas/WafPolicy_rule_sets_inner'
+          type: array
+      required:
+      - description
+      - name
+      - rule_sets
+    WafPolicyRuleOverride:
+      example:
+        action: action
+      properties:
+        action:
+          type: string
+      required:
+      - action
+    WafPolicyUpdate:
+      example:
+        policy_id: policy_id
+      properties:
+        policy_id:
+          type: string
+      required:
+      - policy_id
+    ManagedWafRules:
+      example:
+        rule_sets:
+          key:
+            definition:
+              id: id
+              type: type
+              version: version
+            rules:
+            - phase: phase
+              severity: severity
+              description: description
+              id: id
+              category: category
+            - phase: phase
+              severity: severity
+              description: description
+              id: id
+              category: category
+      properties:
+        rule_sets:
+          additionalProperties:
+            $ref: '#/components/schemas/ManagedWafRuleSet'
+    ManagedWafRuleSet:
+      example:
+        definition:
+          id: id
+          type: type
+          version: version
+        rules:
+        - phase: phase
+          severity: severity
+          description: description
+          id: id
+          category: category
+        - phase: phase
+          severity: severity
+          description: description
+          id: id
+          category: category
+      properties:
+        definition:
+          $ref: '#/components/schemas/ManagedWafRuleSet_definition'
+        rules:
+          items:
+            $ref: '#/components/schemas/ManagedWafRuleSet_rules_inner'
+          type: array
     createAccount_request:
       properties:
         name:
@@ -12223,6 +12518,68 @@ components:
           type: string
         bitbucket:
           type: string
+    WafPolicy_rule_sets_inner:
+      example:
+        excluded_patterns:
+        - excluded_patterns
+        - excluded_patterns
+        category_thresholds:
+          key: 6
+        overall_threshold: 0
+        passive_mode: true
+        managed_id: managed_id
+        rule_overrides:
+          key:
+            action: action
+      properties:
+        managed_id:
+          type: string
+        excluded_patterns:
+          items:
+            type: string
+          type: array
+        passive_mode:
+          type: boolean
+        overall_threshold:
+          type: integer
+        category_thresholds:
+          additionalProperties:
+            type: integer
+        rule_overrides:
+          additionalProperties:
+            $ref: '#/components/schemas/WafPolicyRuleOverride'
+      required:
+      - overall_threshold
+    ManagedWafRuleSet_definition:
+      example:
+        id: id
+        type: type
+        version: version
+      properties:
+        id:
+          type: string
+        type:
+          type: string
+        version:
+          type: string
+    ManagedWafRuleSet_rules_inner:
+      example:
+        phase: phase
+        severity: severity
+        description: description
+        id: id
+        category: category
+      properties:
+        id:
+          type: string
+        description:
+          type: string
+        phase:
+          type: string
+        category:
+          type: string
+        severity:
+          type: string
   securitySchemes:
     netlifyAuth:
       flows:
diff --git a/internal/netlifyapi/api_waf_managed_rules.go b/internal/netlifyapi/api_waf_managed_rules.go
new file mode 100644
index 0000000..ab4c589
--- /dev/null
+++ b/internal/netlifyapi/api_waf_managed_rules.go
@@ -0,0 +1,127 @@
+/*
+Netlify's API documentation
+
+Netlify is a hosting service for the programmable web. It understands your documents and provides an API to handle atomic deploys of websites, manage form submissions, inject JavaScript snippets, and much more. This is a REST-style API that uses JSON for serialization and OAuth 2 for authentication.   This document is an OpenAPI reference for the Netlify API that you can explore. For more detailed instructions for common uses, please visit the [online documentation](https://docs.netlify.com/api/get-started/). Visit our Community forum to join the conversation about [understanding and using Netlify’s API](https://community.netlify.com/t/common-issue-understanding-and-using-netlifys-api/160).   Additionally, we have two API clients for your convenience: - [Go Client](https://github.com/netlify/open-api#go-client) - [JS Client](https://github.com/netlify/js-client) 
+
+API version: 1.0
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package netlifyapi
+
+import (
+	"bytes"
+	"context"
+	"io"
+	"net/http"
+	"net/url"
+	"strings"
+)
+
+
+// WAFManagedRulesAPIService WAFManagedRulesAPI service
+type WAFManagedRulesAPIService service
+
+type ApiGetManagedWafRulesRequest struct {
+	ctx context.Context
+	ApiService *WAFManagedRulesAPIService
+	accountId string
+}
+
+func (r ApiGetManagedWafRulesRequest) Execute() (*ManagedWafRules, *http.Response, error) {
+	return r.ApiService.GetManagedWafRulesExecute(r)
+}
+
+/*
+GetManagedWafRules Method for GetManagedWafRules
+
+Retrieves the managed WAF rules for the account.
+
+ @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ @param accountId The ID of the account
+ @return ApiGetManagedWafRulesRequest
+*/
+func (a *WAFManagedRulesAPIService) GetManagedWafRules(ctx context.Context, accountId string) ApiGetManagedWafRulesRequest {
+	return ApiGetManagedWafRulesRequest{
+		ApiService: a,
+		ctx: ctx,
+		accountId: accountId,
+	}
+}
+
+// Execute executes the request
+//  @return ManagedWafRules
+func (a *WAFManagedRulesAPIService) GetManagedWafRulesExecute(r ApiGetManagedWafRulesRequest) (*ManagedWafRules, *http.Response, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ManagedWafRules
+	)
+
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "WAFManagedRulesAPIService.GetManagedWafRules")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/accounts/{account_id}/waf/managed"
+	localVarPath = strings.Replace(localVarPath, "{"+"account_id"+"}", url.PathEscape(parameterValueToString(r.accountId, "accountId")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+
+	localVarHTTPResponse, err := a.client.callAPI(req)
+	if err != nil || localVarHTTPResponse == nil {
+		return localVarReturnValue, localVarHTTPResponse, err
+	}
+
+	localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		return localVarReturnValue, localVarHTTPResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		return localVarReturnValue, localVarHTTPResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		return localVarReturnValue, localVarHTTPResponse, newErr
+	}
+
+	return localVarReturnValue, localVarHTTPResponse, nil
+}
diff --git a/internal/netlifyapi/api_waf_policies.go b/internal/netlifyapi/api_waf_policies.go
new file mode 100644
index 0000000..0e1567e
--- /dev/null
+++ b/internal/netlifyapi/api_waf_policies.go
@@ -0,0 +1,654 @@
+/*
+Netlify's API documentation
+
+Netlify is a hosting service for the programmable web. It understands your documents and provides an API to handle atomic deploys of websites, manage form submissions, inject JavaScript snippets, and much more. This is a REST-style API that uses JSON for serialization and OAuth 2 for authentication.   This document is an OpenAPI reference for the Netlify API that you can explore. For more detailed instructions for common uses, please visit the [online documentation](https://docs.netlify.com/api/get-started/). Visit our Community forum to join the conversation about [understanding and using Netlify’s API](https://community.netlify.com/t/common-issue-understanding-and-using-netlifys-api/160).   Additionally, we have two API clients for your convenience: - [Go Client](https://github.com/netlify/open-api#go-client) - [JS Client](https://github.com/netlify/js-client) 
+
+API version: 1.0
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package netlifyapi
+
+import (
+	"bytes"
+	"context"
+	"io"
+	"net/http"
+	"net/url"
+	"strings"
+)
+
+
+// WAFPoliciesAPIService WAFPoliciesAPI service
+type WAFPoliciesAPIService service
+
+type ApiCreateWafPolicyRequest struct {
+	ctx context.Context
+	ApiService *WAFPoliciesAPIService
+	accountId string
+	wafPolicy *WafPolicy
+}
+
+func (r ApiCreateWafPolicyRequest) WafPolicy(wafPolicy WafPolicy) ApiCreateWafPolicyRequest {
+	r.wafPolicy = &wafPolicy
+	return r
+}
+
+func (r ApiCreateWafPolicyRequest) Execute() (*WafPolicyUpdate, *http.Response, error) {
+	return r.ApiService.CreateWafPolicyExecute(r)
+}
+
+/*
+CreateWafPolicy Method for CreateWafPolicy
+
+Creates a new WAF policy for the account.
+
+ @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ @param accountId The ID of the account
+ @return ApiCreateWafPolicyRequest
+*/
+func (a *WAFPoliciesAPIService) CreateWafPolicy(ctx context.Context, accountId string) ApiCreateWafPolicyRequest {
+	return ApiCreateWafPolicyRequest{
+		ApiService: a,
+		ctx: ctx,
+		accountId: accountId,
+	}
+}
+
+// Execute executes the request
+//  @return WafPolicyUpdate
+func (a *WAFPoliciesAPIService) CreateWafPolicyExecute(r ApiCreateWafPolicyRequest) (*WafPolicyUpdate, *http.Response, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *WafPolicyUpdate
+	)
+
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "WAFPoliciesAPIService.CreateWafPolicy")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/accounts/{account_id}/waf/policies"
+	localVarPath = strings.Replace(localVarPath, "{"+"account_id"+"}", url.PathEscape(parameterValueToString(r.accountId, "accountId")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.wafPolicy == nil {
+		return localVarReturnValue, nil, reportError("wafPolicy is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.wafPolicy
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+
+	localVarHTTPResponse, err := a.client.callAPI(req)
+	if err != nil || localVarHTTPResponse == nil {
+		return localVarReturnValue, localVarHTTPResponse, err
+	}
+
+	localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		return localVarReturnValue, localVarHTTPResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		return localVarReturnValue, localVarHTTPResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		return localVarReturnValue, localVarHTTPResponse, newErr
+	}
+
+	return localVarReturnValue, localVarHTTPResponse, nil
+}
+
+type ApiDeleteWafPolicyRequest struct {
+	ctx context.Context
+	ApiService *WAFPoliciesAPIService
+	accountId string
+	policyId string
+}
+
+func (r ApiDeleteWafPolicyRequest) Execute() (*http.Response, error) {
+	return r.ApiService.DeleteWafPolicyExecute(r)
+}
+
+/*
+DeleteWafPolicy Method for DeleteWafPolicy
+
+Deletes the WAF policy for the account.
+
+ @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ @param accountId The ID of the account
+ @param policyId The ID of the WAF policy
+ @return ApiDeleteWafPolicyRequest
+*/
+func (a *WAFPoliciesAPIService) DeleteWafPolicy(ctx context.Context, accountId string, policyId string) ApiDeleteWafPolicyRequest {
+	return ApiDeleteWafPolicyRequest{
+		ApiService: a,
+		ctx: ctx,
+		accountId: accountId,
+		policyId: policyId,
+	}
+}
+
+// Execute executes the request
+func (a *WAFPoliciesAPIService) DeleteWafPolicyExecute(r ApiDeleteWafPolicyRequest) (*http.Response, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+	)
+
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "WAFPoliciesAPIService.DeleteWafPolicy")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/accounts/{account_id}/waf/policies/{policy_id}"
+	localVarPath = strings.Replace(localVarPath, "{"+"account_id"+"}", url.PathEscape(parameterValueToString(r.accountId, "accountId")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"policy_id"+"}", url.PathEscape(parameterValueToString(r.policyId, "policyId")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+
+	localVarHTTPResponse, err := a.client.callAPI(req)
+	if err != nil || localVarHTTPResponse == nil {
+		return localVarHTTPResponse, err
+	}
+
+	localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		return localVarHTTPResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		return localVarHTTPResponse, newErr
+	}
+
+	return localVarHTTPResponse, nil
+}
+
+type ApiGetSiteWafPolicyRequest struct {
+	ctx context.Context
+	ApiService *WAFPoliciesAPIService
+	siteId string
+}
+
+func (r ApiGetSiteWafPolicyRequest) Execute() (*WafPolicy, *http.Response, error) {
+	return r.ApiService.GetSiteWafPolicyExecute(r)
+}
+
+/*
+GetSiteWafPolicy Method for GetSiteWafPolicy
+
+Retrieves the WAF policy for the site.
+
+ @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ @param siteId The ID of the site
+ @return ApiGetSiteWafPolicyRequest
+*/
+func (a *WAFPoliciesAPIService) GetSiteWafPolicy(ctx context.Context, siteId string) ApiGetSiteWafPolicyRequest {
+	return ApiGetSiteWafPolicyRequest{
+		ApiService: a,
+		ctx: ctx,
+		siteId: siteId,
+	}
+}
+
+// Execute executes the request
+//  @return WafPolicy
+func (a *WAFPoliciesAPIService) GetSiteWafPolicyExecute(r ApiGetSiteWafPolicyRequest) (*WafPolicy, *http.Response, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *WafPolicy
+	)
+
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "WAFPoliciesAPIService.GetSiteWafPolicy")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/sites/{site_id}/waf/policy"
+	localVarPath = strings.Replace(localVarPath, "{"+"site_id"+"}", url.PathEscape(parameterValueToString(r.siteId, "siteId")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+
+	localVarHTTPResponse, err := a.client.callAPI(req)
+	if err != nil || localVarHTTPResponse == nil {
+		return localVarReturnValue, localVarHTTPResponse, err
+	}
+
+	localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		return localVarReturnValue, localVarHTTPResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		return localVarReturnValue, localVarHTTPResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		return localVarReturnValue, localVarHTTPResponse, newErr
+	}
+
+	return localVarReturnValue, localVarHTTPResponse, nil
+}
+
+type ApiGetWafPolicyRequest struct {
+	ctx context.Context
+	ApiService *WAFPoliciesAPIService
+	accountId string
+	policyId string
+}
+
+func (r ApiGetWafPolicyRequest) Execute() (*WafPolicy, *http.Response, error) {
+	return r.ApiService.GetWafPolicyExecute(r)
+}
+
+/*
+GetWafPolicy Method for GetWafPolicy
+
+Retrieves the WAF policy for the account.
+
+ @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ @param accountId The ID of the account
+ @param policyId The ID of the WAF policy
+ @return ApiGetWafPolicyRequest
+*/
+func (a *WAFPoliciesAPIService) GetWafPolicy(ctx context.Context, accountId string, policyId string) ApiGetWafPolicyRequest {
+	return ApiGetWafPolicyRequest{
+		ApiService: a,
+		ctx: ctx,
+		accountId: accountId,
+		policyId: policyId,
+	}
+}
+
+// Execute executes the request
+//  @return WafPolicy
+func (a *WAFPoliciesAPIService) GetWafPolicyExecute(r ApiGetWafPolicyRequest) (*WafPolicy, *http.Response, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *WafPolicy
+	)
+
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "WAFPoliciesAPIService.GetWafPolicy")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/accounts/{account_id}/waf/policies/{policy_id}"
+	localVarPath = strings.Replace(localVarPath, "{"+"account_id"+"}", url.PathEscape(parameterValueToString(r.accountId, "accountId")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"policy_id"+"}", url.PathEscape(parameterValueToString(r.policyId, "policyId")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+
+	localVarHTTPResponse, err := a.client.callAPI(req)
+	if err != nil || localVarHTTPResponse == nil {
+		return localVarReturnValue, localVarHTTPResponse, err
+	}
+
+	localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		return localVarReturnValue, localVarHTTPResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		return localVarReturnValue, localVarHTTPResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		return localVarReturnValue, localVarHTTPResponse, newErr
+	}
+
+	return localVarReturnValue, localVarHTTPResponse, nil
+}
+
+type ApiUpdateSiteWafPolicyRequest struct {
+	ctx context.Context
+	ApiService *WAFPoliciesAPIService
+	siteId string
+	wafPolicyUpdate *WafPolicyUpdate
+}
+
+func (r ApiUpdateSiteWafPolicyRequest) WafPolicyUpdate(wafPolicyUpdate WafPolicyUpdate) ApiUpdateSiteWafPolicyRequest {
+	r.wafPolicyUpdate = &wafPolicyUpdate
+	return r
+}
+
+func (r ApiUpdateSiteWafPolicyRequest) Execute() (*http.Response, error) {
+	return r.ApiService.UpdateSiteWafPolicyExecute(r)
+}
+
+/*
+UpdateSiteWafPolicy Method for UpdateSiteWafPolicy
+
+Updates the WAF policy for the site.
+
+ @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ @param siteId The ID of the site
+ @return ApiUpdateSiteWafPolicyRequest
+*/
+func (a *WAFPoliciesAPIService) UpdateSiteWafPolicy(ctx context.Context, siteId string) ApiUpdateSiteWafPolicyRequest {
+	return ApiUpdateSiteWafPolicyRequest{
+		ApiService: a,
+		ctx: ctx,
+		siteId: siteId,
+	}
+}
+
+// Execute executes the request
+func (a *WAFPoliciesAPIService) UpdateSiteWafPolicyExecute(r ApiUpdateSiteWafPolicyRequest) (*http.Response, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+	)
+
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "WAFPoliciesAPIService.UpdateSiteWafPolicy")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/sites/{site_id}/waf/policy"
+	localVarPath = strings.Replace(localVarPath, "{"+"site_id"+"}", url.PathEscape(parameterValueToString(r.siteId, "siteId")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.wafPolicyUpdate == nil {
+		return nil, reportError("wafPolicyUpdate is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.wafPolicyUpdate
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+
+	localVarHTTPResponse, err := a.client.callAPI(req)
+	if err != nil || localVarHTTPResponse == nil {
+		return localVarHTTPResponse, err
+	}
+
+	localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		return localVarHTTPResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		return localVarHTTPResponse, newErr
+	}
+
+	return localVarHTTPResponse, nil
+}
+
+type ApiUpdateWafPolicyRequest struct {
+	ctx context.Context
+	ApiService *WAFPoliciesAPIService
+	accountId string
+	policyId string
+	wafPolicy *WafPolicy
+}
+
+func (r ApiUpdateWafPolicyRequest) WafPolicy(wafPolicy WafPolicy) ApiUpdateWafPolicyRequest {
+	r.wafPolicy = &wafPolicy
+	return r
+}
+
+func (r ApiUpdateWafPolicyRequest) Execute() (*http.Response, error) {
+	return r.ApiService.UpdateWafPolicyExecute(r)
+}
+
+/*
+UpdateWafPolicy Method for UpdateWafPolicy
+
+Updates the WAF policy for the account.
+
+ @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ @param accountId The ID of the account
+ @param policyId The ID of the WAF policy
+ @return ApiUpdateWafPolicyRequest
+*/
+func (a *WAFPoliciesAPIService) UpdateWafPolicy(ctx context.Context, accountId string, policyId string) ApiUpdateWafPolicyRequest {
+	return ApiUpdateWafPolicyRequest{
+		ApiService: a,
+		ctx: ctx,
+		accountId: accountId,
+		policyId: policyId,
+	}
+}
+
+// Execute executes the request
+func (a *WAFPoliciesAPIService) UpdateWafPolicyExecute(r ApiUpdateWafPolicyRequest) (*http.Response, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+	)
+
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "WAFPoliciesAPIService.UpdateWafPolicy")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/accounts/{account_id}/waf/policies/{policy_id}"
+	localVarPath = strings.Replace(localVarPath, "{"+"account_id"+"}", url.PathEscape(parameterValueToString(r.accountId, "accountId")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"policy_id"+"}", url.PathEscape(parameterValueToString(r.policyId, "policyId")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.wafPolicy == nil {
+		return nil, reportError("wafPolicy is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.wafPolicy
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+
+	localVarHTTPResponse, err := a.client.callAPI(req)
+	if err != nil || localVarHTTPResponse == nil {
+		return localVarHTTPResponse, err
+	}
+
+	localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		return localVarHTTPResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		return localVarHTTPResponse, newErr
+	}
+
+	return localVarHTTPResponse, nil
+}
diff --git a/internal/netlifyapi/client.go b/internal/netlifyapi/client.go
index ae20c09..70ae570 100644
--- a/internal/netlifyapi/client.go
+++ b/internal/netlifyapi/client.go
@@ -110,6 +110,10 @@ type APIClient struct {
 
 	UsersAPI *UsersAPIService
 
+	WAFManagedRulesAPI *WAFManagedRulesAPIService
+
+	WAFPoliciesAPI *WAFPoliciesAPIService
+
 	WorkOSScimAPI *WorkOSScimAPIService
 }
 
@@ -159,6 +163,8 @@ func NewAPIClient(cfg *Configuration) *APIClient {
 	c.SnippetsAPI = (*SnippetsAPIService)(&c.common)
 	c.SplitTestsAPI = (*SplitTestsAPIService)(&c.common)
 	c.UsersAPI = (*UsersAPIService)(&c.common)
+	c.WAFManagedRulesAPI = (*WAFManagedRulesAPIService)(&c.common)
+	c.WAFPoliciesAPI = (*WAFPoliciesAPIService)(&c.common)
 	c.WorkOSScimAPI = (*WorkOSScimAPIService)(&c.common)
 
 	return c
diff --git a/internal/netlifyapi/model_managed_waf_rule_set.go b/internal/netlifyapi/model_managed_waf_rule_set.go
new file mode 100644
index 0000000..fcaa0f2
--- /dev/null
+++ b/internal/netlifyapi/model_managed_waf_rule_set.go
@@ -0,0 +1,192 @@
+/*
+Netlify's API documentation
+
+Netlify is a hosting service for the programmable web. It understands your documents and provides an API to handle atomic deploys of websites, manage form submissions, inject JavaScript snippets, and much more. This is a REST-style API that uses JSON for serialization and OAuth 2 for authentication.   This document is an OpenAPI reference for the Netlify API that you can explore. For more detailed instructions for common uses, please visit the [online documentation](https://docs.netlify.com/api/get-started/). Visit our Community forum to join the conversation about [understanding and using Netlify’s API](https://community.netlify.com/t/common-issue-understanding-and-using-netlifys-api/160).   Additionally, we have two API clients for your convenience: - [Go Client](https://github.com/netlify/open-api#go-client) - [JS Client](https://github.com/netlify/js-client) 
+
+API version: 1.0
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package netlifyapi
+
+import (
+	"encoding/json"
+)
+
+// checks if the ManagedWafRuleSet type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &ManagedWafRuleSet{}
+
+// ManagedWafRuleSet struct for ManagedWafRuleSet
+type ManagedWafRuleSet struct {
+	Definition *ManagedWafRuleSetDefinition `json:"definition,omitempty"`
+	Rules []ManagedWafRuleSetRulesInner `json:"rules,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ManagedWafRuleSet ManagedWafRuleSet
+
+// NewManagedWafRuleSet instantiates a new ManagedWafRuleSet object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewManagedWafRuleSet() *ManagedWafRuleSet {
+	this := ManagedWafRuleSet{}
+	return &this
+}
+
+// NewManagedWafRuleSetWithDefaults instantiates a new ManagedWafRuleSet object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewManagedWafRuleSetWithDefaults() *ManagedWafRuleSet {
+	this := ManagedWafRuleSet{}
+	return &this
+}
+
+// GetDefinition returns the Definition field value if set, zero value otherwise.
+func (o *ManagedWafRuleSet) GetDefinition() ManagedWafRuleSetDefinition {
+	if o == nil || IsNil(o.Definition) {
+		var ret ManagedWafRuleSetDefinition
+		return ret
+	}
+	return *o.Definition
+}
+
+// GetDefinitionOk returns a tuple with the Definition field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ManagedWafRuleSet) GetDefinitionOk() (*ManagedWafRuleSetDefinition, bool) {
+	if o == nil || IsNil(o.Definition) {
+		return nil, false
+	}
+	return o.Definition, true
+}
+
+// HasDefinition returns a boolean if a field has been set.
+func (o *ManagedWafRuleSet) HasDefinition() bool {
+	if o != nil && !IsNil(o.Definition) {
+		return true
+	}
+
+	return false
+}
+
+// SetDefinition gets a reference to the given ManagedWafRuleSetDefinition and assigns it to the Definition field.
+func (o *ManagedWafRuleSet) SetDefinition(v ManagedWafRuleSetDefinition) {
+	o.Definition = &v
+}
+
+// GetRules returns the Rules field value if set, zero value otherwise.
+func (o *ManagedWafRuleSet) GetRules() []ManagedWafRuleSetRulesInner {
+	if o == nil || IsNil(o.Rules) {
+		var ret []ManagedWafRuleSetRulesInner
+		return ret
+	}
+	return o.Rules
+}
+
+// GetRulesOk returns a tuple with the Rules field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ManagedWafRuleSet) GetRulesOk() ([]ManagedWafRuleSetRulesInner, bool) {
+	if o == nil || IsNil(o.Rules) {
+		return nil, false
+	}
+	return o.Rules, true
+}
+
+// HasRules returns a boolean if a field has been set.
+func (o *ManagedWafRuleSet) HasRules() bool {
+	if o != nil && !IsNil(o.Rules) {
+		return true
+	}
+
+	return false
+}
+
+// SetRules gets a reference to the given []ManagedWafRuleSetRulesInner and assigns it to the Rules field.
+func (o *ManagedWafRuleSet) SetRules(v []ManagedWafRuleSetRulesInner) {
+	o.Rules = v
+}
+
+func (o ManagedWafRuleSet) MarshalJSON() ([]byte, error) {
+	toSerialize,err := o.ToMap()
+	if err != nil {
+		return []byte{}, err
+	}
+	return json.Marshal(toSerialize)
+}
+
+func (o ManagedWafRuleSet) ToMap() (map[string]interface{}, error) {
+	toSerialize := map[string]interface{}{}
+	if !IsNil(o.Definition) {
+		toSerialize["definition"] = o.Definition
+	}
+	if !IsNil(o.Rules) {
+		toSerialize["rules"] = o.Rules
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return toSerialize, nil
+}
+
+func (o *ManagedWafRuleSet) UnmarshalJSON(data []byte) (err error) {
+	varManagedWafRuleSet := _ManagedWafRuleSet{}
+
+	err = json.Unmarshal(data, &varManagedWafRuleSet)
+
+	if err != nil {
+		return err
+	}
+
+	*o = ManagedWafRuleSet(varManagedWafRuleSet)
+
+	additionalProperties := make(map[string]interface{})
+
+	if err = json.Unmarshal(data, &additionalProperties); err == nil {
+		delete(additionalProperties, "definition")
+		delete(additionalProperties, "rules")
+		o.AdditionalProperties = additionalProperties
+	}
+
+	return err
+}
+
+type NullableManagedWafRuleSet struct {
+	value *ManagedWafRuleSet
+	isSet bool
+}
+
+func (v NullableManagedWafRuleSet) Get() *ManagedWafRuleSet {
+	return v.value
+}
+
+func (v *NullableManagedWafRuleSet) Set(val *ManagedWafRuleSet) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableManagedWafRuleSet) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableManagedWafRuleSet) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableManagedWafRuleSet(val *ManagedWafRuleSet) *NullableManagedWafRuleSet {
+	return &NullableManagedWafRuleSet{value: val, isSet: true}
+}
+
+func (v NullableManagedWafRuleSet) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableManagedWafRuleSet) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
+
+
diff --git a/internal/netlifyapi/model_managed_waf_rule_set_definition.go b/internal/netlifyapi/model_managed_waf_rule_set_definition.go
new file mode 100644
index 0000000..9351152
--- /dev/null
+++ b/internal/netlifyapi/model_managed_waf_rule_set_definition.go
@@ -0,0 +1,229 @@
+/*
+Netlify's API documentation
+
+Netlify is a hosting service for the programmable web. It understands your documents and provides an API to handle atomic deploys of websites, manage form submissions, inject JavaScript snippets, and much more. This is a REST-style API that uses JSON for serialization and OAuth 2 for authentication.   This document is an OpenAPI reference for the Netlify API that you can explore. For more detailed instructions for common uses, please visit the [online documentation](https://docs.netlify.com/api/get-started/). Visit our Community forum to join the conversation about [understanding and using Netlify’s API](https://community.netlify.com/t/common-issue-understanding-and-using-netlifys-api/160).   Additionally, we have two API clients for your convenience: - [Go Client](https://github.com/netlify/open-api#go-client) - [JS Client](https://github.com/netlify/js-client) 
+
+API version: 1.0
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package netlifyapi
+
+import (
+	"encoding/json"
+)
+
+// checks if the ManagedWafRuleSetDefinition type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &ManagedWafRuleSetDefinition{}
+
+// ManagedWafRuleSetDefinition struct for ManagedWafRuleSetDefinition
+type ManagedWafRuleSetDefinition struct {
+	Id *string `json:"id,omitempty"`
+	Type *string `json:"type,omitempty"`
+	Version *string `json:"version,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ManagedWafRuleSetDefinition ManagedWafRuleSetDefinition
+
+// NewManagedWafRuleSetDefinition instantiates a new ManagedWafRuleSetDefinition object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewManagedWafRuleSetDefinition() *ManagedWafRuleSetDefinition {
+	this := ManagedWafRuleSetDefinition{}
+	return &this
+}
+
+// NewManagedWafRuleSetDefinitionWithDefaults instantiates a new ManagedWafRuleSetDefinition object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewManagedWafRuleSetDefinitionWithDefaults() *ManagedWafRuleSetDefinition {
+	this := ManagedWafRuleSetDefinition{}
+	return &this
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *ManagedWafRuleSetDefinition) GetId() string {
+	if o == nil || IsNil(o.Id) {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ManagedWafRuleSetDefinition) GetIdOk() (*string, bool) {
+	if o == nil || IsNil(o.Id) {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *ManagedWafRuleSetDefinition) HasId() bool {
+	if o != nil && !IsNil(o.Id) {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *ManagedWafRuleSetDefinition) SetId(v string) {
+	o.Id = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *ManagedWafRuleSetDefinition) GetType() string {
+	if o == nil || IsNil(o.Type) {
+		var ret string
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ManagedWafRuleSetDefinition) GetTypeOk() (*string, bool) {
+	if o == nil || IsNil(o.Type) {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *ManagedWafRuleSetDefinition) HasType() bool {
+	if o != nil && !IsNil(o.Type) {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given string and assigns it to the Type field.
+func (o *ManagedWafRuleSetDefinition) SetType(v string) {
+	o.Type = &v
+}
+
+// GetVersion returns the Version field value if set, zero value otherwise.
+func (o *ManagedWafRuleSetDefinition) GetVersion() string {
+	if o == nil || IsNil(o.Version) {
+		var ret string
+		return ret
+	}
+	return *o.Version
+}
+
+// GetVersionOk returns a tuple with the Version field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ManagedWafRuleSetDefinition) GetVersionOk() (*string, bool) {
+	if o == nil || IsNil(o.Version) {
+		return nil, false
+	}
+	return o.Version, true
+}
+
+// HasVersion returns a boolean if a field has been set.
+func (o *ManagedWafRuleSetDefinition) HasVersion() bool {
+	if o != nil && !IsNil(o.Version) {
+		return true
+	}
+
+	return false
+}
+
+// SetVersion gets a reference to the given string and assigns it to the Version field.
+func (o *ManagedWafRuleSetDefinition) SetVersion(v string) {
+	o.Version = &v
+}
+
+func (o ManagedWafRuleSetDefinition) MarshalJSON() ([]byte, error) {
+	toSerialize,err := o.ToMap()
+	if err != nil {
+		return []byte{}, err
+	}
+	return json.Marshal(toSerialize)
+}
+
+func (o ManagedWafRuleSetDefinition) ToMap() (map[string]interface{}, error) {
+	toSerialize := map[string]interface{}{}
+	if !IsNil(o.Id) {
+		toSerialize["id"] = o.Id
+	}
+	if !IsNil(o.Type) {
+		toSerialize["type"] = o.Type
+	}
+	if !IsNil(o.Version) {
+		toSerialize["version"] = o.Version
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return toSerialize, nil
+}
+
+func (o *ManagedWafRuleSetDefinition) UnmarshalJSON(data []byte) (err error) {
+	varManagedWafRuleSetDefinition := _ManagedWafRuleSetDefinition{}
+
+	err = json.Unmarshal(data, &varManagedWafRuleSetDefinition)
+
+	if err != nil {
+		return err
+	}
+
+	*o = ManagedWafRuleSetDefinition(varManagedWafRuleSetDefinition)
+
+	additionalProperties := make(map[string]interface{})
+
+	if err = json.Unmarshal(data, &additionalProperties); err == nil {
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "type")
+		delete(additionalProperties, "version")
+		o.AdditionalProperties = additionalProperties
+	}
+
+	return err
+}
+
+type NullableManagedWafRuleSetDefinition struct {
+	value *ManagedWafRuleSetDefinition
+	isSet bool
+}
+
+func (v NullableManagedWafRuleSetDefinition) Get() *ManagedWafRuleSetDefinition {
+	return v.value
+}
+
+func (v *NullableManagedWafRuleSetDefinition) Set(val *ManagedWafRuleSetDefinition) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableManagedWafRuleSetDefinition) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableManagedWafRuleSetDefinition) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableManagedWafRuleSetDefinition(val *ManagedWafRuleSetDefinition) *NullableManagedWafRuleSetDefinition {
+	return &NullableManagedWafRuleSetDefinition{value: val, isSet: true}
+}
+
+func (v NullableManagedWafRuleSetDefinition) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableManagedWafRuleSetDefinition) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
+
+
diff --git a/internal/netlifyapi/model_managed_waf_rule_set_rules_inner.go b/internal/netlifyapi/model_managed_waf_rule_set_rules_inner.go
new file mode 100644
index 0000000..51184e6
--- /dev/null
+++ b/internal/netlifyapi/model_managed_waf_rule_set_rules_inner.go
@@ -0,0 +1,303 @@
+/*
+Netlify's API documentation
+
+Netlify is a hosting service for the programmable web. It understands your documents and provides an API to handle atomic deploys of websites, manage form submissions, inject JavaScript snippets, and much more. This is a REST-style API that uses JSON for serialization and OAuth 2 for authentication.   This document is an OpenAPI reference for the Netlify API that you can explore. For more detailed instructions for common uses, please visit the [online documentation](https://docs.netlify.com/api/get-started/). Visit our Community forum to join the conversation about [understanding and using Netlify’s API](https://community.netlify.com/t/common-issue-understanding-and-using-netlifys-api/160).   Additionally, we have two API clients for your convenience: - [Go Client](https://github.com/netlify/open-api#go-client) - [JS Client](https://github.com/netlify/js-client) 
+
+API version: 1.0
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package netlifyapi
+
+import (
+	"encoding/json"
+)
+
+// checks if the ManagedWafRuleSetRulesInner type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &ManagedWafRuleSetRulesInner{}
+
+// ManagedWafRuleSetRulesInner struct for ManagedWafRuleSetRulesInner
+type ManagedWafRuleSetRulesInner struct {
+	Id *string `json:"id,omitempty"`
+	Description *string `json:"description,omitempty"`
+	Phase *string `json:"phase,omitempty"`
+	Category *string `json:"category,omitempty"`
+	Severity *string `json:"severity,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ManagedWafRuleSetRulesInner ManagedWafRuleSetRulesInner
+
+// NewManagedWafRuleSetRulesInner instantiates a new ManagedWafRuleSetRulesInner object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewManagedWafRuleSetRulesInner() *ManagedWafRuleSetRulesInner {
+	this := ManagedWafRuleSetRulesInner{}
+	return &this
+}
+
+// NewManagedWafRuleSetRulesInnerWithDefaults instantiates a new ManagedWafRuleSetRulesInner object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewManagedWafRuleSetRulesInnerWithDefaults() *ManagedWafRuleSetRulesInner {
+	this := ManagedWafRuleSetRulesInner{}
+	return &this
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *ManagedWafRuleSetRulesInner) GetId() string {
+	if o == nil || IsNil(o.Id) {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ManagedWafRuleSetRulesInner) GetIdOk() (*string, bool) {
+	if o == nil || IsNil(o.Id) {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *ManagedWafRuleSetRulesInner) HasId() bool {
+	if o != nil && !IsNil(o.Id) {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *ManagedWafRuleSetRulesInner) SetId(v string) {
+	o.Id = &v
+}
+
+// GetDescription returns the Description field value if set, zero value otherwise.
+func (o *ManagedWafRuleSetRulesInner) GetDescription() string {
+	if o == nil || IsNil(o.Description) {
+		var ret string
+		return ret
+	}
+	return *o.Description
+}
+
+// GetDescriptionOk returns a tuple with the Description field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ManagedWafRuleSetRulesInner) GetDescriptionOk() (*string, bool) {
+	if o == nil || IsNil(o.Description) {
+		return nil, false
+	}
+	return o.Description, true
+}
+
+// HasDescription returns a boolean if a field has been set.
+func (o *ManagedWafRuleSetRulesInner) HasDescription() bool {
+	if o != nil && !IsNil(o.Description) {
+		return true
+	}
+
+	return false
+}
+
+// SetDescription gets a reference to the given string and assigns it to the Description field.
+func (o *ManagedWafRuleSetRulesInner) SetDescription(v string) {
+	o.Description = &v
+}
+
+// GetPhase returns the Phase field value if set, zero value otherwise.
+func (o *ManagedWafRuleSetRulesInner) GetPhase() string {
+	if o == nil || IsNil(o.Phase) {
+		var ret string
+		return ret
+	}
+	return *o.Phase
+}
+
+// GetPhaseOk returns a tuple with the Phase field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ManagedWafRuleSetRulesInner) GetPhaseOk() (*string, bool) {
+	if o == nil || IsNil(o.Phase) {
+		return nil, false
+	}
+	return o.Phase, true
+}
+
+// HasPhase returns a boolean if a field has been set.
+func (o *ManagedWafRuleSetRulesInner) HasPhase() bool {
+	if o != nil && !IsNil(o.Phase) {
+		return true
+	}
+
+	return false
+}
+
+// SetPhase gets a reference to the given string and assigns it to the Phase field.
+func (o *ManagedWafRuleSetRulesInner) SetPhase(v string) {
+	o.Phase = &v
+}
+
+// GetCategory returns the Category field value if set, zero value otherwise.
+func (o *ManagedWafRuleSetRulesInner) GetCategory() string {
+	if o == nil || IsNil(o.Category) {
+		var ret string
+		return ret
+	}
+	return *o.Category
+}
+
+// GetCategoryOk returns a tuple with the Category field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ManagedWafRuleSetRulesInner) GetCategoryOk() (*string, bool) {
+	if o == nil || IsNil(o.Category) {
+		return nil, false
+	}
+	return o.Category, true
+}
+
+// HasCategory returns a boolean if a field has been set.
+func (o *ManagedWafRuleSetRulesInner) HasCategory() bool {
+	if o != nil && !IsNil(o.Category) {
+		return true
+	}
+
+	return false
+}
+
+// SetCategory gets a reference to the given string and assigns it to the Category field.
+func (o *ManagedWafRuleSetRulesInner) SetCategory(v string) {
+	o.Category = &v
+}
+
+// GetSeverity returns the Severity field value if set, zero value otherwise.
+func (o *ManagedWafRuleSetRulesInner) GetSeverity() string {
+	if o == nil || IsNil(o.Severity) {
+		var ret string
+		return ret
+	}
+	return *o.Severity
+}
+
+// GetSeverityOk returns a tuple with the Severity field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ManagedWafRuleSetRulesInner) GetSeverityOk() (*string, bool) {
+	if o == nil || IsNil(o.Severity) {
+		return nil, false
+	}
+	return o.Severity, true
+}
+
+// HasSeverity returns a boolean if a field has been set.
+func (o *ManagedWafRuleSetRulesInner) HasSeverity() bool {
+	if o != nil && !IsNil(o.Severity) {
+		return true
+	}
+
+	return false
+}
+
+// SetSeverity gets a reference to the given string and assigns it to the Severity field.
+func (o *ManagedWafRuleSetRulesInner) SetSeverity(v string) {
+	o.Severity = &v
+}
+
+func (o ManagedWafRuleSetRulesInner) MarshalJSON() ([]byte, error) {
+	toSerialize,err := o.ToMap()
+	if err != nil {
+		return []byte{}, err
+	}
+	return json.Marshal(toSerialize)
+}
+
+func (o ManagedWafRuleSetRulesInner) ToMap() (map[string]interface{}, error) {
+	toSerialize := map[string]interface{}{}
+	if !IsNil(o.Id) {
+		toSerialize["id"] = o.Id
+	}
+	if !IsNil(o.Description) {
+		toSerialize["description"] = o.Description
+	}
+	if !IsNil(o.Phase) {
+		toSerialize["phase"] = o.Phase
+	}
+	if !IsNil(o.Category) {
+		toSerialize["category"] = o.Category
+	}
+	if !IsNil(o.Severity) {
+		toSerialize["severity"] = o.Severity
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return toSerialize, nil
+}
+
+func (o *ManagedWafRuleSetRulesInner) UnmarshalJSON(data []byte) (err error) {
+	varManagedWafRuleSetRulesInner := _ManagedWafRuleSetRulesInner{}
+
+	err = json.Unmarshal(data, &varManagedWafRuleSetRulesInner)
+
+	if err != nil {
+		return err
+	}
+
+	*o = ManagedWafRuleSetRulesInner(varManagedWafRuleSetRulesInner)
+
+	additionalProperties := make(map[string]interface{})
+
+	if err = json.Unmarshal(data, &additionalProperties); err == nil {
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "description")
+		delete(additionalProperties, "phase")
+		delete(additionalProperties, "category")
+		delete(additionalProperties, "severity")
+		o.AdditionalProperties = additionalProperties
+	}
+
+	return err
+}
+
+type NullableManagedWafRuleSetRulesInner struct {
+	value *ManagedWafRuleSetRulesInner
+	isSet bool
+}
+
+func (v NullableManagedWafRuleSetRulesInner) Get() *ManagedWafRuleSetRulesInner {
+	return v.value
+}
+
+func (v *NullableManagedWafRuleSetRulesInner) Set(val *ManagedWafRuleSetRulesInner) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableManagedWafRuleSetRulesInner) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableManagedWafRuleSetRulesInner) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableManagedWafRuleSetRulesInner(val *ManagedWafRuleSetRulesInner) *NullableManagedWafRuleSetRulesInner {
+	return &NullableManagedWafRuleSetRulesInner{value: val, isSet: true}
+}
+
+func (v NullableManagedWafRuleSetRulesInner) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableManagedWafRuleSetRulesInner) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
+
+
diff --git a/internal/netlifyapi/model_managed_waf_rules.go b/internal/netlifyapi/model_managed_waf_rules.go
new file mode 100644
index 0000000..ac938cc
--- /dev/null
+++ b/internal/netlifyapi/model_managed_waf_rules.go
@@ -0,0 +1,155 @@
+/*
+Netlify's API documentation
+
+Netlify is a hosting service for the programmable web. It understands your documents and provides an API to handle atomic deploys of websites, manage form submissions, inject JavaScript snippets, and much more. This is a REST-style API that uses JSON for serialization and OAuth 2 for authentication.   This document is an OpenAPI reference for the Netlify API that you can explore. For more detailed instructions for common uses, please visit the [online documentation](https://docs.netlify.com/api/get-started/). Visit our Community forum to join the conversation about [understanding and using Netlify’s API](https://community.netlify.com/t/common-issue-understanding-and-using-netlifys-api/160).   Additionally, we have two API clients for your convenience: - [Go Client](https://github.com/netlify/open-api#go-client) - [JS Client](https://github.com/netlify/js-client) 
+
+API version: 1.0
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package netlifyapi
+
+import (
+	"encoding/json"
+)
+
+// checks if the ManagedWafRules type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &ManagedWafRules{}
+
+// ManagedWafRules struct for ManagedWafRules
+type ManagedWafRules struct {
+	RuleSets map[string]ManagedWafRuleSet `json:"rule_sets,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ManagedWafRules ManagedWafRules
+
+// NewManagedWafRules instantiates a new ManagedWafRules object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewManagedWafRules() *ManagedWafRules {
+	this := ManagedWafRules{}
+	return &this
+}
+
+// NewManagedWafRulesWithDefaults instantiates a new ManagedWafRules object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewManagedWafRulesWithDefaults() *ManagedWafRules {
+	this := ManagedWafRules{}
+	return &this
+}
+
+// GetRuleSets returns the RuleSets field value if set, zero value otherwise.
+func (o *ManagedWafRules) GetRuleSets() map[string]ManagedWafRuleSet {
+	if o == nil || IsNil(o.RuleSets) {
+		var ret map[string]ManagedWafRuleSet
+		return ret
+	}
+	return o.RuleSets
+}
+
+// GetRuleSetsOk returns a tuple with the RuleSets field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ManagedWafRules) GetRuleSetsOk() (map[string]ManagedWafRuleSet, bool) {
+	if o == nil || IsNil(o.RuleSets) {
+		return map[string]ManagedWafRuleSet{}, false
+	}
+	return o.RuleSets, true
+}
+
+// HasRuleSets returns a boolean if a field has been set.
+func (o *ManagedWafRules) HasRuleSets() bool {
+	if o != nil && !IsNil(o.RuleSets) {
+		return true
+	}
+
+	return false
+}
+
+// SetRuleSets gets a reference to the given map[string]ManagedWafRuleSet and assigns it to the RuleSets field.
+func (o *ManagedWafRules) SetRuleSets(v map[string]ManagedWafRuleSet) {
+	o.RuleSets = v
+}
+
+func (o ManagedWafRules) MarshalJSON() ([]byte, error) {
+	toSerialize,err := o.ToMap()
+	if err != nil {
+		return []byte{}, err
+	}
+	return json.Marshal(toSerialize)
+}
+
+func (o ManagedWafRules) ToMap() (map[string]interface{}, error) {
+	toSerialize := map[string]interface{}{}
+	if !IsNil(o.RuleSets) {
+		toSerialize["rule_sets"] = o.RuleSets
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return toSerialize, nil
+}
+
+func (o *ManagedWafRules) UnmarshalJSON(data []byte) (err error) {
+	varManagedWafRules := _ManagedWafRules{}
+
+	err = json.Unmarshal(data, &varManagedWafRules)
+
+	if err != nil {
+		return err
+	}
+
+	*o = ManagedWafRules(varManagedWafRules)
+
+	additionalProperties := make(map[string]interface{})
+
+	if err = json.Unmarshal(data, &additionalProperties); err == nil {
+		delete(additionalProperties, "rule_sets")
+		o.AdditionalProperties = additionalProperties
+	}
+
+	return err
+}
+
+type NullableManagedWafRules struct {
+	value *ManagedWafRules
+	isSet bool
+}
+
+func (v NullableManagedWafRules) Get() *ManagedWafRules {
+	return v.value
+}
+
+func (v *NullableManagedWafRules) Set(val *ManagedWafRules) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableManagedWafRules) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableManagedWafRules) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableManagedWafRules(val *ManagedWafRules) *NullableManagedWafRules {
+	return &NullableManagedWafRules{value: val, isSet: true}
+}
+
+func (v NullableManagedWafRules) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableManagedWafRules) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
+
+
diff --git a/internal/netlifyapi/model_managed_waf_rules_rule_sets_value.go b/internal/netlifyapi/model_managed_waf_rules_rule_sets_value.go
new file mode 100644
index 0000000..f7fbf24
--- /dev/null
+++ b/internal/netlifyapi/model_managed_waf_rules_rule_sets_value.go
@@ -0,0 +1,192 @@
+/*
+Netlify's API documentation
+
+Netlify is a hosting service for the programmable web. It understands your documents and provides an API to handle atomic deploys of websites, manage form submissions, inject JavaScript snippets, and much more. This is a REST-style API that uses JSON for serialization and OAuth 2 for authentication.   This document is an OpenAPI reference for the Netlify API that you can explore. For more detailed instructions for common uses, please visit the [online documentation](https://docs.netlify.com/api/get-started/). Visit our Community forum to join the conversation about [understanding and using Netlify’s API](https://community.netlify.com/t/common-issue-understanding-and-using-netlifys-api/160).   Additionally, we have two API clients for your convenience: - [Go Client](https://github.com/netlify/open-api#go-client) - [JS Client](https://github.com/netlify/js-client) 
+
+API version: 1.0
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package netlifyapi
+
+import (
+	"encoding/json"
+)
+
+// checks if the ManagedWafRulesRuleSetsValue type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &ManagedWafRulesRuleSetsValue{}
+
+// ManagedWafRulesRuleSetsValue struct for ManagedWafRulesRuleSetsValue
+type ManagedWafRulesRuleSetsValue struct {
+	Definition *ManagedWafRulesRuleSetsValueDefinition `json:"definition,omitempty"`
+	Rules []ManagedWafRulesRuleSetsValueRulesInner `json:"rules,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ManagedWafRulesRuleSetsValue ManagedWafRulesRuleSetsValue
+
+// NewManagedWafRulesRuleSetsValue instantiates a new ManagedWafRulesRuleSetsValue object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewManagedWafRulesRuleSetsValue() *ManagedWafRulesRuleSetsValue {
+	this := ManagedWafRulesRuleSetsValue{}
+	return &this
+}
+
+// NewManagedWafRulesRuleSetsValueWithDefaults instantiates a new ManagedWafRulesRuleSetsValue object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewManagedWafRulesRuleSetsValueWithDefaults() *ManagedWafRulesRuleSetsValue {
+	this := ManagedWafRulesRuleSetsValue{}
+	return &this
+}
+
+// GetDefinition returns the Definition field value if set, zero value otherwise.
+func (o *ManagedWafRulesRuleSetsValue) GetDefinition() ManagedWafRulesRuleSetsValueDefinition {
+	if o == nil || IsNil(o.Definition) {
+		var ret ManagedWafRulesRuleSetsValueDefinition
+		return ret
+	}
+	return *o.Definition
+}
+
+// GetDefinitionOk returns a tuple with the Definition field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ManagedWafRulesRuleSetsValue) GetDefinitionOk() (*ManagedWafRulesRuleSetsValueDefinition, bool) {
+	if o == nil || IsNil(o.Definition) {
+		return nil, false
+	}
+	return o.Definition, true
+}
+
+// HasDefinition returns a boolean if a field has been set.
+func (o *ManagedWafRulesRuleSetsValue) HasDefinition() bool {
+	if o != nil && !IsNil(o.Definition) {
+		return true
+	}
+
+	return false
+}
+
+// SetDefinition gets a reference to the given ManagedWafRulesRuleSetsValueDefinition and assigns it to the Definition field.
+func (o *ManagedWafRulesRuleSetsValue) SetDefinition(v ManagedWafRulesRuleSetsValueDefinition) {
+	o.Definition = &v
+}
+
+// GetRules returns the Rules field value if set, zero value otherwise.
+func (o *ManagedWafRulesRuleSetsValue) GetRules() []ManagedWafRulesRuleSetsValueRulesInner {
+	if o == nil || IsNil(o.Rules) {
+		var ret []ManagedWafRulesRuleSetsValueRulesInner
+		return ret
+	}
+	return o.Rules
+}
+
+// GetRulesOk returns a tuple with the Rules field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ManagedWafRulesRuleSetsValue) GetRulesOk() ([]ManagedWafRulesRuleSetsValueRulesInner, bool) {
+	if o == nil || IsNil(o.Rules) {
+		return nil, false
+	}
+	return o.Rules, true
+}
+
+// HasRules returns a boolean if a field has been set.
+func (o *ManagedWafRulesRuleSetsValue) HasRules() bool {
+	if o != nil && !IsNil(o.Rules) {
+		return true
+	}
+
+	return false
+}
+
+// SetRules gets a reference to the given []ManagedWafRulesRuleSetsValueRulesInner and assigns it to the Rules field.
+func (o *ManagedWafRulesRuleSetsValue) SetRules(v []ManagedWafRulesRuleSetsValueRulesInner) {
+	o.Rules = v
+}
+
+func (o ManagedWafRulesRuleSetsValue) MarshalJSON() ([]byte, error) {
+	toSerialize,err := o.ToMap()
+	if err != nil {
+		return []byte{}, err
+	}
+	return json.Marshal(toSerialize)
+}
+
+func (o ManagedWafRulesRuleSetsValue) ToMap() (map[string]interface{}, error) {
+	toSerialize := map[string]interface{}{}
+	if !IsNil(o.Definition) {
+		toSerialize["definition"] = o.Definition
+	}
+	if !IsNil(o.Rules) {
+		toSerialize["rules"] = o.Rules
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return toSerialize, nil
+}
+
+func (o *ManagedWafRulesRuleSetsValue) UnmarshalJSON(data []byte) (err error) {
+	varManagedWafRulesRuleSetsValue := _ManagedWafRulesRuleSetsValue{}
+
+	err = json.Unmarshal(data, &varManagedWafRulesRuleSetsValue)
+
+	if err != nil {
+		return err
+	}
+
+	*o = ManagedWafRulesRuleSetsValue(varManagedWafRulesRuleSetsValue)
+
+	additionalProperties := make(map[string]interface{})
+
+	if err = json.Unmarshal(data, &additionalProperties); err == nil {
+		delete(additionalProperties, "definition")
+		delete(additionalProperties, "rules")
+		o.AdditionalProperties = additionalProperties
+	}
+
+	return err
+}
+
+type NullableManagedWafRulesRuleSetsValue struct {
+	value *ManagedWafRulesRuleSetsValue
+	isSet bool
+}
+
+func (v NullableManagedWafRulesRuleSetsValue) Get() *ManagedWafRulesRuleSetsValue {
+	return v.value
+}
+
+func (v *NullableManagedWafRulesRuleSetsValue) Set(val *ManagedWafRulesRuleSetsValue) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableManagedWafRulesRuleSetsValue) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableManagedWafRulesRuleSetsValue) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableManagedWafRulesRuleSetsValue(val *ManagedWafRulesRuleSetsValue) *NullableManagedWafRulesRuleSetsValue {
+	return &NullableManagedWafRulesRuleSetsValue{value: val, isSet: true}
+}
+
+func (v NullableManagedWafRulesRuleSetsValue) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableManagedWafRulesRuleSetsValue) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
+
+
diff --git a/internal/netlifyapi/model_managed_waf_rules_rule_sets_value_definition.go b/internal/netlifyapi/model_managed_waf_rules_rule_sets_value_definition.go
new file mode 100644
index 0000000..c2f63f4
--- /dev/null
+++ b/internal/netlifyapi/model_managed_waf_rules_rule_sets_value_definition.go
@@ -0,0 +1,229 @@
+/*
+Netlify's API documentation
+
+Netlify is a hosting service for the programmable web. It understands your documents and provides an API to handle atomic deploys of websites, manage form submissions, inject JavaScript snippets, and much more. This is a REST-style API that uses JSON for serialization and OAuth 2 for authentication.   This document is an OpenAPI reference for the Netlify API that you can explore. For more detailed instructions for common uses, please visit the [online documentation](https://docs.netlify.com/api/get-started/). Visit our Community forum to join the conversation about [understanding and using Netlify’s API](https://community.netlify.com/t/common-issue-understanding-and-using-netlifys-api/160).   Additionally, we have two API clients for your convenience: - [Go Client](https://github.com/netlify/open-api#go-client) - [JS Client](https://github.com/netlify/js-client) 
+
+API version: 1.0
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package netlifyapi
+
+import (
+	"encoding/json"
+)
+
+// checks if the ManagedWafRulesRuleSetsValueDefinition type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &ManagedWafRulesRuleSetsValueDefinition{}
+
+// ManagedWafRulesRuleSetsValueDefinition struct for ManagedWafRulesRuleSetsValueDefinition
+type ManagedWafRulesRuleSetsValueDefinition struct {
+	Id *string `json:"id,omitempty"`
+	Type *string `json:"type,omitempty"`
+	Version *string `json:"version,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ManagedWafRulesRuleSetsValueDefinition ManagedWafRulesRuleSetsValueDefinition
+
+// NewManagedWafRulesRuleSetsValueDefinition instantiates a new ManagedWafRulesRuleSetsValueDefinition object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewManagedWafRulesRuleSetsValueDefinition() *ManagedWafRulesRuleSetsValueDefinition {
+	this := ManagedWafRulesRuleSetsValueDefinition{}
+	return &this
+}
+
+// NewManagedWafRulesRuleSetsValueDefinitionWithDefaults instantiates a new ManagedWafRulesRuleSetsValueDefinition object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewManagedWafRulesRuleSetsValueDefinitionWithDefaults() *ManagedWafRulesRuleSetsValueDefinition {
+	this := ManagedWafRulesRuleSetsValueDefinition{}
+	return &this
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *ManagedWafRulesRuleSetsValueDefinition) GetId() string {
+	if o == nil || IsNil(o.Id) {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ManagedWafRulesRuleSetsValueDefinition) GetIdOk() (*string, bool) {
+	if o == nil || IsNil(o.Id) {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *ManagedWafRulesRuleSetsValueDefinition) HasId() bool {
+	if o != nil && !IsNil(o.Id) {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *ManagedWafRulesRuleSetsValueDefinition) SetId(v string) {
+	o.Id = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *ManagedWafRulesRuleSetsValueDefinition) GetType() string {
+	if o == nil || IsNil(o.Type) {
+		var ret string
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ManagedWafRulesRuleSetsValueDefinition) GetTypeOk() (*string, bool) {
+	if o == nil || IsNil(o.Type) {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *ManagedWafRulesRuleSetsValueDefinition) HasType() bool {
+	if o != nil && !IsNil(o.Type) {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given string and assigns it to the Type field.
+func (o *ManagedWafRulesRuleSetsValueDefinition) SetType(v string) {
+	o.Type = &v
+}
+
+// GetVersion returns the Version field value if set, zero value otherwise.
+func (o *ManagedWafRulesRuleSetsValueDefinition) GetVersion() string {
+	if o == nil || IsNil(o.Version) {
+		var ret string
+		return ret
+	}
+	return *o.Version
+}
+
+// GetVersionOk returns a tuple with the Version field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ManagedWafRulesRuleSetsValueDefinition) GetVersionOk() (*string, bool) {
+	if o == nil || IsNil(o.Version) {
+		return nil, false
+	}
+	return o.Version, true
+}
+
+// HasVersion returns a boolean if a field has been set.
+func (o *ManagedWafRulesRuleSetsValueDefinition) HasVersion() bool {
+	if o != nil && !IsNil(o.Version) {
+		return true
+	}
+
+	return false
+}
+
+// SetVersion gets a reference to the given string and assigns it to the Version field.
+func (o *ManagedWafRulesRuleSetsValueDefinition) SetVersion(v string) {
+	o.Version = &v
+}
+
+func (o ManagedWafRulesRuleSetsValueDefinition) MarshalJSON() ([]byte, error) {
+	toSerialize,err := o.ToMap()
+	if err != nil {
+		return []byte{}, err
+	}
+	return json.Marshal(toSerialize)
+}
+
+func (o ManagedWafRulesRuleSetsValueDefinition) ToMap() (map[string]interface{}, error) {
+	toSerialize := map[string]interface{}{}
+	if !IsNil(o.Id) {
+		toSerialize["id"] = o.Id
+	}
+	if !IsNil(o.Type) {
+		toSerialize["type"] = o.Type
+	}
+	if !IsNil(o.Version) {
+		toSerialize["version"] = o.Version
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return toSerialize, nil
+}
+
+func (o *ManagedWafRulesRuleSetsValueDefinition) UnmarshalJSON(data []byte) (err error) {
+	varManagedWafRulesRuleSetsValueDefinition := _ManagedWafRulesRuleSetsValueDefinition{}
+
+	err = json.Unmarshal(data, &varManagedWafRulesRuleSetsValueDefinition)
+
+	if err != nil {
+		return err
+	}
+
+	*o = ManagedWafRulesRuleSetsValueDefinition(varManagedWafRulesRuleSetsValueDefinition)
+
+	additionalProperties := make(map[string]interface{})
+
+	if err = json.Unmarshal(data, &additionalProperties); err == nil {
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "type")
+		delete(additionalProperties, "version")
+		o.AdditionalProperties = additionalProperties
+	}
+
+	return err
+}
+
+type NullableManagedWafRulesRuleSetsValueDefinition struct {
+	value *ManagedWafRulesRuleSetsValueDefinition
+	isSet bool
+}
+
+func (v NullableManagedWafRulesRuleSetsValueDefinition) Get() *ManagedWafRulesRuleSetsValueDefinition {
+	return v.value
+}
+
+func (v *NullableManagedWafRulesRuleSetsValueDefinition) Set(val *ManagedWafRulesRuleSetsValueDefinition) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableManagedWafRulesRuleSetsValueDefinition) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableManagedWafRulesRuleSetsValueDefinition) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableManagedWafRulesRuleSetsValueDefinition(val *ManagedWafRulesRuleSetsValueDefinition) *NullableManagedWafRulesRuleSetsValueDefinition {
+	return &NullableManagedWafRulesRuleSetsValueDefinition{value: val, isSet: true}
+}
+
+func (v NullableManagedWafRulesRuleSetsValueDefinition) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableManagedWafRulesRuleSetsValueDefinition) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
+
+
diff --git a/internal/netlifyapi/model_managed_waf_rules_rule_sets_value_rules_inner.go b/internal/netlifyapi/model_managed_waf_rules_rule_sets_value_rules_inner.go
new file mode 100644
index 0000000..cb2f4ec
--- /dev/null
+++ b/internal/netlifyapi/model_managed_waf_rules_rule_sets_value_rules_inner.go
@@ -0,0 +1,303 @@
+/*
+Netlify's API documentation
+
+Netlify is a hosting service for the programmable web. It understands your documents and provides an API to handle atomic deploys of websites, manage form submissions, inject JavaScript snippets, and much more. This is a REST-style API that uses JSON for serialization and OAuth 2 for authentication.   This document is an OpenAPI reference for the Netlify API that you can explore. For more detailed instructions for common uses, please visit the [online documentation](https://docs.netlify.com/api/get-started/). Visit our Community forum to join the conversation about [understanding and using Netlify’s API](https://community.netlify.com/t/common-issue-understanding-and-using-netlifys-api/160).   Additionally, we have two API clients for your convenience: - [Go Client](https://github.com/netlify/open-api#go-client) - [JS Client](https://github.com/netlify/js-client) 
+
+API version: 1.0
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package netlifyapi
+
+import (
+	"encoding/json"
+)
+
+// checks if the ManagedWafRulesRuleSetsValueRulesInner type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &ManagedWafRulesRuleSetsValueRulesInner{}
+
+// ManagedWafRulesRuleSetsValueRulesInner struct for ManagedWafRulesRuleSetsValueRulesInner
+type ManagedWafRulesRuleSetsValueRulesInner struct {
+	Id *string `json:"id,omitempty"`
+	Description *string `json:"description,omitempty"`
+	Phase *string `json:"phase,omitempty"`
+	Category *string `json:"category,omitempty"`
+	Severity *string `json:"severity,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ManagedWafRulesRuleSetsValueRulesInner ManagedWafRulesRuleSetsValueRulesInner
+
+// NewManagedWafRulesRuleSetsValueRulesInner instantiates a new ManagedWafRulesRuleSetsValueRulesInner object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewManagedWafRulesRuleSetsValueRulesInner() *ManagedWafRulesRuleSetsValueRulesInner {
+	this := ManagedWafRulesRuleSetsValueRulesInner{}
+	return &this
+}
+
+// NewManagedWafRulesRuleSetsValueRulesInnerWithDefaults instantiates a new ManagedWafRulesRuleSetsValueRulesInner object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewManagedWafRulesRuleSetsValueRulesInnerWithDefaults() *ManagedWafRulesRuleSetsValueRulesInner {
+	this := ManagedWafRulesRuleSetsValueRulesInner{}
+	return &this
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *ManagedWafRulesRuleSetsValueRulesInner) GetId() string {
+	if o == nil || IsNil(o.Id) {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ManagedWafRulesRuleSetsValueRulesInner) GetIdOk() (*string, bool) {
+	if o == nil || IsNil(o.Id) {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *ManagedWafRulesRuleSetsValueRulesInner) HasId() bool {
+	if o != nil && !IsNil(o.Id) {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *ManagedWafRulesRuleSetsValueRulesInner) SetId(v string) {
+	o.Id = &v
+}
+
+// GetDescription returns the Description field value if set, zero value otherwise.
+func (o *ManagedWafRulesRuleSetsValueRulesInner) GetDescription() string {
+	if o == nil || IsNil(o.Description) {
+		var ret string
+		return ret
+	}
+	return *o.Description
+}
+
+// GetDescriptionOk returns a tuple with the Description field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ManagedWafRulesRuleSetsValueRulesInner) GetDescriptionOk() (*string, bool) {
+	if o == nil || IsNil(o.Description) {
+		return nil, false
+	}
+	return o.Description, true
+}
+
+// HasDescription returns a boolean if a field has been set.
+func (o *ManagedWafRulesRuleSetsValueRulesInner) HasDescription() bool {
+	if o != nil && !IsNil(o.Description) {
+		return true
+	}
+
+	return false
+}
+
+// SetDescription gets a reference to the given string and assigns it to the Description field.
+func (o *ManagedWafRulesRuleSetsValueRulesInner) SetDescription(v string) {
+	o.Description = &v
+}
+
+// GetPhase returns the Phase field value if set, zero value otherwise.
+func (o *ManagedWafRulesRuleSetsValueRulesInner) GetPhase() string {
+	if o == nil || IsNil(o.Phase) {
+		var ret string
+		return ret
+	}
+	return *o.Phase
+}
+
+// GetPhaseOk returns a tuple with the Phase field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ManagedWafRulesRuleSetsValueRulesInner) GetPhaseOk() (*string, bool) {
+	if o == nil || IsNil(o.Phase) {
+		return nil, false
+	}
+	return o.Phase, true
+}
+
+// HasPhase returns a boolean if a field has been set.
+func (o *ManagedWafRulesRuleSetsValueRulesInner) HasPhase() bool {
+	if o != nil && !IsNil(o.Phase) {
+		return true
+	}
+
+	return false
+}
+
+// SetPhase gets a reference to the given string and assigns it to the Phase field.
+func (o *ManagedWafRulesRuleSetsValueRulesInner) SetPhase(v string) {
+	o.Phase = &v
+}
+
+// GetCategory returns the Category field value if set, zero value otherwise.
+func (o *ManagedWafRulesRuleSetsValueRulesInner) GetCategory() string {
+	if o == nil || IsNil(o.Category) {
+		var ret string
+		return ret
+	}
+	return *o.Category
+}
+
+// GetCategoryOk returns a tuple with the Category field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ManagedWafRulesRuleSetsValueRulesInner) GetCategoryOk() (*string, bool) {
+	if o == nil || IsNil(o.Category) {
+		return nil, false
+	}
+	return o.Category, true
+}
+
+// HasCategory returns a boolean if a field has been set.
+func (o *ManagedWafRulesRuleSetsValueRulesInner) HasCategory() bool {
+	if o != nil && !IsNil(o.Category) {
+		return true
+	}
+
+	return false
+}
+
+// SetCategory gets a reference to the given string and assigns it to the Category field.
+func (o *ManagedWafRulesRuleSetsValueRulesInner) SetCategory(v string) {
+	o.Category = &v
+}
+
+// GetSeverity returns the Severity field value if set, zero value otherwise.
+func (o *ManagedWafRulesRuleSetsValueRulesInner) GetSeverity() string {
+	if o == nil || IsNil(o.Severity) {
+		var ret string
+		return ret
+	}
+	return *o.Severity
+}
+
+// GetSeverityOk returns a tuple with the Severity field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ManagedWafRulesRuleSetsValueRulesInner) GetSeverityOk() (*string, bool) {
+	if o == nil || IsNil(o.Severity) {
+		return nil, false
+	}
+	return o.Severity, true
+}
+
+// HasSeverity returns a boolean if a field has been set.
+func (o *ManagedWafRulesRuleSetsValueRulesInner) HasSeverity() bool {
+	if o != nil && !IsNil(o.Severity) {
+		return true
+	}
+
+	return false
+}
+
+// SetSeverity gets a reference to the given string and assigns it to the Severity field.
+func (o *ManagedWafRulesRuleSetsValueRulesInner) SetSeverity(v string) {
+	o.Severity = &v
+}
+
+func (o ManagedWafRulesRuleSetsValueRulesInner) MarshalJSON() ([]byte, error) {
+	toSerialize,err := o.ToMap()
+	if err != nil {
+		return []byte{}, err
+	}
+	return json.Marshal(toSerialize)
+}
+
+func (o ManagedWafRulesRuleSetsValueRulesInner) ToMap() (map[string]interface{}, error) {
+	toSerialize := map[string]interface{}{}
+	if !IsNil(o.Id) {
+		toSerialize["id"] = o.Id
+	}
+	if !IsNil(o.Description) {
+		toSerialize["description"] = o.Description
+	}
+	if !IsNil(o.Phase) {
+		toSerialize["phase"] = o.Phase
+	}
+	if !IsNil(o.Category) {
+		toSerialize["category"] = o.Category
+	}
+	if !IsNil(o.Severity) {
+		toSerialize["severity"] = o.Severity
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return toSerialize, nil
+}
+
+func (o *ManagedWafRulesRuleSetsValueRulesInner) UnmarshalJSON(data []byte) (err error) {
+	varManagedWafRulesRuleSetsValueRulesInner := _ManagedWafRulesRuleSetsValueRulesInner{}
+
+	err = json.Unmarshal(data, &varManagedWafRulesRuleSetsValueRulesInner)
+
+	if err != nil {
+		return err
+	}
+
+	*o = ManagedWafRulesRuleSetsValueRulesInner(varManagedWafRulesRuleSetsValueRulesInner)
+
+	additionalProperties := make(map[string]interface{})
+
+	if err = json.Unmarshal(data, &additionalProperties); err == nil {
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "description")
+		delete(additionalProperties, "phase")
+		delete(additionalProperties, "category")
+		delete(additionalProperties, "severity")
+		o.AdditionalProperties = additionalProperties
+	}
+
+	return err
+}
+
+type NullableManagedWafRulesRuleSetsValueRulesInner struct {
+	value *ManagedWafRulesRuleSetsValueRulesInner
+	isSet bool
+}
+
+func (v NullableManagedWafRulesRuleSetsValueRulesInner) Get() *ManagedWafRulesRuleSetsValueRulesInner {
+	return v.value
+}
+
+func (v *NullableManagedWafRulesRuleSetsValueRulesInner) Set(val *ManagedWafRulesRuleSetsValueRulesInner) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableManagedWafRulesRuleSetsValueRulesInner) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableManagedWafRulesRuleSetsValueRulesInner) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableManagedWafRulesRuleSetsValueRulesInner(val *ManagedWafRulesRuleSetsValueRulesInner) *NullableManagedWafRulesRuleSetsValueRulesInner {
+	return &NullableManagedWafRulesRuleSetsValueRulesInner{value: val, isSet: true}
+}
+
+func (v NullableManagedWafRulesRuleSetsValueRulesInner) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableManagedWafRulesRuleSetsValueRulesInner) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
+
+
diff --git a/internal/netlifyapi/model_waf_policy.go b/internal/netlifyapi/model_waf_policy.go
new file mode 100644
index 0000000..ff4193a
--- /dev/null
+++ b/internal/netlifyapi/model_waf_policy.go
@@ -0,0 +1,263 @@
+/*
+Netlify's API documentation
+
+Netlify is a hosting service for the programmable web. It understands your documents and provides an API to handle atomic deploys of websites, manage form submissions, inject JavaScript snippets, and much more. This is a REST-style API that uses JSON for serialization and OAuth 2 for authentication.   This document is an OpenAPI reference for the Netlify API that you can explore. For more detailed instructions for common uses, please visit the [online documentation](https://docs.netlify.com/api/get-started/). Visit our Community forum to join the conversation about [understanding and using Netlify’s API](https://community.netlify.com/t/common-issue-understanding-and-using-netlifys-api/160).   Additionally, we have two API clients for your convenience: - [Go Client](https://github.com/netlify/open-api#go-client) - [JS Client](https://github.com/netlify/js-client) 
+
+API version: 1.0
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package netlifyapi
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// checks if the WafPolicy type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &WafPolicy{}
+
+// WafPolicy struct for WafPolicy
+type WafPolicy struct {
+	Id *string `json:"id,omitempty"`
+	Name string `json:"name"`
+	Description string `json:"description"`
+	RuleSets []WafPolicyRuleSetsInner `json:"rule_sets"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _WafPolicy WafPolicy
+
+// NewWafPolicy instantiates a new WafPolicy object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewWafPolicy(name string, description string, ruleSets []WafPolicyRuleSetsInner) *WafPolicy {
+	this := WafPolicy{}
+	this.Name = name
+	this.Description = description
+	this.RuleSets = ruleSets
+	return &this
+}
+
+// NewWafPolicyWithDefaults instantiates a new WafPolicy object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewWafPolicyWithDefaults() *WafPolicy {
+	this := WafPolicy{}
+	return &this
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *WafPolicy) GetId() string {
+	if o == nil || IsNil(o.Id) {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WafPolicy) GetIdOk() (*string, bool) {
+	if o == nil || IsNil(o.Id) {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *WafPolicy) HasId() bool {
+	if o != nil && !IsNil(o.Id) {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *WafPolicy) SetId(v string) {
+	o.Id = &v
+}
+
+// GetName returns the Name field value
+func (o *WafPolicy) GetName() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value
+// and a boolean to check if the value has been set.
+func (o *WafPolicy) GetNameOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.Name, true
+}
+
+// SetName sets field value
+func (o *WafPolicy) SetName(v string) {
+	o.Name = v
+}
+
+// GetDescription returns the Description field value
+func (o *WafPolicy) GetDescription() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.Description
+}
+
+// GetDescriptionOk returns a tuple with the Description field value
+// and a boolean to check if the value has been set.
+func (o *WafPolicy) GetDescriptionOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.Description, true
+}
+
+// SetDescription sets field value
+func (o *WafPolicy) SetDescription(v string) {
+	o.Description = v
+}
+
+// GetRuleSets returns the RuleSets field value
+func (o *WafPolicy) GetRuleSets() []WafPolicyRuleSetsInner {
+	if o == nil {
+		var ret []WafPolicyRuleSetsInner
+		return ret
+	}
+
+	return o.RuleSets
+}
+
+// GetRuleSetsOk returns a tuple with the RuleSets field value
+// and a boolean to check if the value has been set.
+func (o *WafPolicy) GetRuleSetsOk() ([]WafPolicyRuleSetsInner, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return o.RuleSets, true
+}
+
+// SetRuleSets sets field value
+func (o *WafPolicy) SetRuleSets(v []WafPolicyRuleSetsInner) {
+	o.RuleSets = v
+}
+
+func (o WafPolicy) MarshalJSON() ([]byte, error) {
+	toSerialize,err := o.ToMap()
+	if err != nil {
+		return []byte{}, err
+	}
+	return json.Marshal(toSerialize)
+}
+
+func (o WafPolicy) ToMap() (map[string]interface{}, error) {
+	toSerialize := map[string]interface{}{}
+	if !IsNil(o.Id) {
+		toSerialize["id"] = o.Id
+	}
+	toSerialize["name"] = o.Name
+	toSerialize["description"] = o.Description
+	toSerialize["rule_sets"] = o.RuleSets
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return toSerialize, nil
+}
+
+func (o *WafPolicy) UnmarshalJSON(data []byte) (err error) {
+	// This validates that all required properties are included in the JSON object
+	// by unmarshalling the object into a generic map with string keys and checking
+	// that every required field exists as a key in the generic map.
+	requiredProperties := []string{
+		"name",
+		"description",
+		"rule_sets",
+	}
+
+	allProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(data, &allProperties)
+
+	if err != nil {
+		return err;
+	}
+
+	for _, requiredProperty := range(requiredProperties) {
+		if _, exists := allProperties[requiredProperty]; !exists {
+			return fmt.Errorf("no value given for required property %v", requiredProperty)
+		}
+	}
+
+	varWafPolicy := _WafPolicy{}
+
+	err = json.Unmarshal(data, &varWafPolicy)
+
+	if err != nil {
+		return err
+	}
+
+	*o = WafPolicy(varWafPolicy)
+
+	additionalProperties := make(map[string]interface{})
+
+	if err = json.Unmarshal(data, &additionalProperties); err == nil {
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "description")
+		delete(additionalProperties, "rule_sets")
+		o.AdditionalProperties = additionalProperties
+	}
+
+	return err
+}
+
+type NullableWafPolicy struct {
+	value *WafPolicy
+	isSet bool
+}
+
+func (v NullableWafPolicy) Get() *WafPolicy {
+	return v.value
+}
+
+func (v *NullableWafPolicy) Set(val *WafPolicy) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableWafPolicy) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableWafPolicy) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableWafPolicy(val *WafPolicy) *NullableWafPolicy {
+	return &NullableWafPolicy{value: val, isSet: true}
+}
+
+func (v NullableWafPolicy) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableWafPolicy) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
+
+
diff --git a/internal/netlifyapi/model_waf_policy_rule_override.go b/internal/netlifyapi/model_waf_policy_rule_override.go
new file mode 100644
index 0000000..864f824
--- /dev/null
+++ b/internal/netlifyapi/model_waf_policy_rule_override.go
@@ -0,0 +1,168 @@
+/*
+Netlify's API documentation
+
+Netlify is a hosting service for the programmable web. It understands your documents and provides an API to handle atomic deploys of websites, manage form submissions, inject JavaScript snippets, and much more. This is a REST-style API that uses JSON for serialization and OAuth 2 for authentication.   This document is an OpenAPI reference for the Netlify API that you can explore. For more detailed instructions for common uses, please visit the [online documentation](https://docs.netlify.com/api/get-started/). Visit our Community forum to join the conversation about [understanding and using Netlify’s API](https://community.netlify.com/t/common-issue-understanding-and-using-netlifys-api/160).   Additionally, we have two API clients for your convenience: - [Go Client](https://github.com/netlify/open-api#go-client) - [JS Client](https://github.com/netlify/js-client) 
+
+API version: 1.0
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package netlifyapi
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// checks if the WafPolicyRuleOverride type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &WafPolicyRuleOverride{}
+
+// WafPolicyRuleOverride struct for WafPolicyRuleOverride
+type WafPolicyRuleOverride struct {
+	Action string `json:"action"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _WafPolicyRuleOverride WafPolicyRuleOverride
+
+// NewWafPolicyRuleOverride instantiates a new WafPolicyRuleOverride object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewWafPolicyRuleOverride(action string) *WafPolicyRuleOverride {
+	this := WafPolicyRuleOverride{}
+	this.Action = action
+	return &this
+}
+
+// NewWafPolicyRuleOverrideWithDefaults instantiates a new WafPolicyRuleOverride object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewWafPolicyRuleOverrideWithDefaults() *WafPolicyRuleOverride {
+	this := WafPolicyRuleOverride{}
+	return &this
+}
+
+// GetAction returns the Action field value
+func (o *WafPolicyRuleOverride) GetAction() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.Action
+}
+
+// GetActionOk returns a tuple with the Action field value
+// and a boolean to check if the value has been set.
+func (o *WafPolicyRuleOverride) GetActionOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.Action, true
+}
+
+// SetAction sets field value
+func (o *WafPolicyRuleOverride) SetAction(v string) {
+	o.Action = v
+}
+
+func (o WafPolicyRuleOverride) MarshalJSON() ([]byte, error) {
+	toSerialize,err := o.ToMap()
+	if err != nil {
+		return []byte{}, err
+	}
+	return json.Marshal(toSerialize)
+}
+
+func (o WafPolicyRuleOverride) ToMap() (map[string]interface{}, error) {
+	toSerialize := map[string]interface{}{}
+	toSerialize["action"] = o.Action
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return toSerialize, nil
+}
+
+func (o *WafPolicyRuleOverride) UnmarshalJSON(data []byte) (err error) {
+	// This validates that all required properties are included in the JSON object
+	// by unmarshalling the object into a generic map with string keys and checking
+	// that every required field exists as a key in the generic map.
+	requiredProperties := []string{
+		"action",
+	}
+
+	allProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(data, &allProperties)
+
+	if err != nil {
+		return err;
+	}
+
+	for _, requiredProperty := range(requiredProperties) {
+		if _, exists := allProperties[requiredProperty]; !exists {
+			return fmt.Errorf("no value given for required property %v", requiredProperty)
+		}
+	}
+
+	varWafPolicyRuleOverride := _WafPolicyRuleOverride{}
+
+	err = json.Unmarshal(data, &varWafPolicyRuleOverride)
+
+	if err != nil {
+		return err
+	}
+
+	*o = WafPolicyRuleOverride(varWafPolicyRuleOverride)
+
+	additionalProperties := make(map[string]interface{})
+
+	if err = json.Unmarshal(data, &additionalProperties); err == nil {
+		delete(additionalProperties, "action")
+		o.AdditionalProperties = additionalProperties
+	}
+
+	return err
+}
+
+type NullableWafPolicyRuleOverride struct {
+	value *WafPolicyRuleOverride
+	isSet bool
+}
+
+func (v NullableWafPolicyRuleOverride) Get() *WafPolicyRuleOverride {
+	return v.value
+}
+
+func (v *NullableWafPolicyRuleOverride) Set(val *WafPolicyRuleOverride) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableWafPolicyRuleOverride) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableWafPolicyRuleOverride) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableWafPolicyRuleOverride(val *WafPolicyRuleOverride) *NullableWafPolicyRuleOverride {
+	return &NullableWafPolicyRuleOverride{value: val, isSet: true}
+}
+
+func (v NullableWafPolicyRuleOverride) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableWafPolicyRuleOverride) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
+
+
diff --git a/internal/netlifyapi/model_waf_policy_rule_sets_inner.go b/internal/netlifyapi/model_waf_policy_rule_sets_inner.go
new file mode 100644
index 0000000..27c5a1d
--- /dev/null
+++ b/internal/netlifyapi/model_waf_policy_rule_sets_inner.go
@@ -0,0 +1,353 @@
+/*
+Netlify's API documentation
+
+Netlify is a hosting service for the programmable web. It understands your documents and provides an API to handle atomic deploys of websites, manage form submissions, inject JavaScript snippets, and much more. This is a REST-style API that uses JSON for serialization and OAuth 2 for authentication.   This document is an OpenAPI reference for the Netlify API that you can explore. For more detailed instructions for common uses, please visit the [online documentation](https://docs.netlify.com/api/get-started/). Visit our Community forum to join the conversation about [understanding and using Netlify’s API](https://community.netlify.com/t/common-issue-understanding-and-using-netlifys-api/160).   Additionally, we have two API clients for your convenience: - [Go Client](https://github.com/netlify/open-api#go-client) - [JS Client](https://github.com/netlify/js-client) 
+
+API version: 1.0
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package netlifyapi
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// checks if the WafPolicyRuleSetsInner type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &WafPolicyRuleSetsInner{}
+
+// WafPolicyRuleSetsInner struct for WafPolicyRuleSetsInner
+type WafPolicyRuleSetsInner struct {
+	ManagedId *string `json:"managed_id,omitempty"`
+	ExcludedPatterns []string `json:"excluded_patterns,omitempty"`
+	PassiveMode *bool `json:"passive_mode,omitempty"`
+	OverallThreshold int64 `json:"overall_threshold"`
+	CategoryThresholds map[string]int64 `json:"category_thresholds,omitempty"`
+	RuleOverrides map[string]WafPolicyRuleOverride `json:"rule_overrides,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _WafPolicyRuleSetsInner WafPolicyRuleSetsInner
+
+// NewWafPolicyRuleSetsInner instantiates a new WafPolicyRuleSetsInner object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewWafPolicyRuleSetsInner(overallThreshold int64) *WafPolicyRuleSetsInner {
+	this := WafPolicyRuleSetsInner{}
+	this.OverallThreshold = overallThreshold
+	return &this
+}
+
+// NewWafPolicyRuleSetsInnerWithDefaults instantiates a new WafPolicyRuleSetsInner object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewWafPolicyRuleSetsInnerWithDefaults() *WafPolicyRuleSetsInner {
+	this := WafPolicyRuleSetsInner{}
+	return &this
+}
+
+// GetManagedId returns the ManagedId field value if set, zero value otherwise.
+func (o *WafPolicyRuleSetsInner) GetManagedId() string {
+	if o == nil || IsNil(o.ManagedId) {
+		var ret string
+		return ret
+	}
+	return *o.ManagedId
+}
+
+// GetManagedIdOk returns a tuple with the ManagedId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WafPolicyRuleSetsInner) GetManagedIdOk() (*string, bool) {
+	if o == nil || IsNil(o.ManagedId) {
+		return nil, false
+	}
+	return o.ManagedId, true
+}
+
+// HasManagedId returns a boolean if a field has been set.
+func (o *WafPolicyRuleSetsInner) HasManagedId() bool {
+	if o != nil && !IsNil(o.ManagedId) {
+		return true
+	}
+
+	return false
+}
+
+// SetManagedId gets a reference to the given string and assigns it to the ManagedId field.
+func (o *WafPolicyRuleSetsInner) SetManagedId(v string) {
+	o.ManagedId = &v
+}
+
+// GetExcludedPatterns returns the ExcludedPatterns field value if set, zero value otherwise.
+func (o *WafPolicyRuleSetsInner) GetExcludedPatterns() []string {
+	if o == nil || IsNil(o.ExcludedPatterns) {
+		var ret []string
+		return ret
+	}
+	return o.ExcludedPatterns
+}
+
+// GetExcludedPatternsOk returns a tuple with the ExcludedPatterns field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WafPolicyRuleSetsInner) GetExcludedPatternsOk() ([]string, bool) {
+	if o == nil || IsNil(o.ExcludedPatterns) {
+		return nil, false
+	}
+	return o.ExcludedPatterns, true
+}
+
+// HasExcludedPatterns returns a boolean if a field has been set.
+func (o *WafPolicyRuleSetsInner) HasExcludedPatterns() bool {
+	if o != nil && !IsNil(o.ExcludedPatterns) {
+		return true
+	}
+
+	return false
+}
+
+// SetExcludedPatterns gets a reference to the given []string and assigns it to the ExcludedPatterns field.
+func (o *WafPolicyRuleSetsInner) SetExcludedPatterns(v []string) {
+	o.ExcludedPatterns = v
+}
+
+// GetPassiveMode returns the PassiveMode field value if set, zero value otherwise.
+func (o *WafPolicyRuleSetsInner) GetPassiveMode() bool {
+	if o == nil || IsNil(o.PassiveMode) {
+		var ret bool
+		return ret
+	}
+	return *o.PassiveMode
+}
+
+// GetPassiveModeOk returns a tuple with the PassiveMode field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WafPolicyRuleSetsInner) GetPassiveModeOk() (*bool, bool) {
+	if o == nil || IsNil(o.PassiveMode) {
+		return nil, false
+	}
+	return o.PassiveMode, true
+}
+
+// HasPassiveMode returns a boolean if a field has been set.
+func (o *WafPolicyRuleSetsInner) HasPassiveMode() bool {
+	if o != nil && !IsNil(o.PassiveMode) {
+		return true
+	}
+
+	return false
+}
+
+// SetPassiveMode gets a reference to the given bool and assigns it to the PassiveMode field.
+func (o *WafPolicyRuleSetsInner) SetPassiveMode(v bool) {
+	o.PassiveMode = &v
+}
+
+// GetOverallThreshold returns the OverallThreshold field value
+func (o *WafPolicyRuleSetsInner) GetOverallThreshold() int64 {
+	if o == nil {
+		var ret int64
+		return ret
+	}
+
+	return o.OverallThreshold
+}
+
+// GetOverallThresholdOk returns a tuple with the OverallThreshold field value
+// and a boolean to check if the value has been set.
+func (o *WafPolicyRuleSetsInner) GetOverallThresholdOk() (*int64, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.OverallThreshold, true
+}
+
+// SetOverallThreshold sets field value
+func (o *WafPolicyRuleSetsInner) SetOverallThreshold(v int64) {
+	o.OverallThreshold = v
+}
+
+// GetCategoryThresholds returns the CategoryThresholds field value if set, zero value otherwise.
+func (o *WafPolicyRuleSetsInner) GetCategoryThresholds() map[string]int64 {
+	if o == nil || IsNil(o.CategoryThresholds) {
+		var ret map[string]int64
+		return ret
+	}
+	return o.CategoryThresholds
+}
+
+// GetCategoryThresholdsOk returns a tuple with the CategoryThresholds field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WafPolicyRuleSetsInner) GetCategoryThresholdsOk() (map[string]int64, bool) {
+	if o == nil || IsNil(o.CategoryThresholds) {
+		return map[string]int64{}, false
+	}
+	return o.CategoryThresholds, true
+}
+
+// HasCategoryThresholds returns a boolean if a field has been set.
+func (o *WafPolicyRuleSetsInner) HasCategoryThresholds() bool {
+	if o != nil && !IsNil(o.CategoryThresholds) {
+		return true
+	}
+
+	return false
+}
+
+// SetCategoryThresholds gets a reference to the given map[string]int64 and assigns it to the CategoryThresholds field.
+func (o *WafPolicyRuleSetsInner) SetCategoryThresholds(v map[string]int64) {
+	o.CategoryThresholds = v
+}
+
+// GetRuleOverrides returns the RuleOverrides field value if set, zero value otherwise.
+func (o *WafPolicyRuleSetsInner) GetRuleOverrides() map[string]WafPolicyRuleOverride {
+	if o == nil || IsNil(o.RuleOverrides) {
+		var ret map[string]WafPolicyRuleOverride
+		return ret
+	}
+	return o.RuleOverrides
+}
+
+// GetRuleOverridesOk returns a tuple with the RuleOverrides field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WafPolicyRuleSetsInner) GetRuleOverridesOk() (map[string]WafPolicyRuleOverride, bool) {
+	if o == nil || IsNil(o.RuleOverrides) {
+		return map[string]WafPolicyRuleOverride{}, false
+	}
+	return o.RuleOverrides, true
+}
+
+// HasRuleOverrides returns a boolean if a field has been set.
+func (o *WafPolicyRuleSetsInner) HasRuleOverrides() bool {
+	if o != nil && !IsNil(o.RuleOverrides) {
+		return true
+	}
+
+	return false
+}
+
+// SetRuleOverrides gets a reference to the given map[string]WafPolicyRuleOverride and assigns it to the RuleOverrides field.
+func (o *WafPolicyRuleSetsInner) SetRuleOverrides(v map[string]WafPolicyRuleOverride) {
+	o.RuleOverrides = v
+}
+
+func (o WafPolicyRuleSetsInner) MarshalJSON() ([]byte, error) {
+	toSerialize,err := o.ToMap()
+	if err != nil {
+		return []byte{}, err
+	}
+	return json.Marshal(toSerialize)
+}
+
+func (o WafPolicyRuleSetsInner) ToMap() (map[string]interface{}, error) {
+	toSerialize := map[string]interface{}{}
+	if !IsNil(o.ManagedId) {
+		toSerialize["managed_id"] = o.ManagedId
+	}
+	if !IsNil(o.ExcludedPatterns) {
+		toSerialize["excluded_patterns"] = o.ExcludedPatterns
+	}
+	if !IsNil(o.PassiveMode) {
+		toSerialize["passive_mode"] = o.PassiveMode
+	}
+	toSerialize["overall_threshold"] = o.OverallThreshold
+	if !IsNil(o.CategoryThresholds) {
+		toSerialize["category_thresholds"] = o.CategoryThresholds
+	}
+	if !IsNil(o.RuleOverrides) {
+		toSerialize["rule_overrides"] = o.RuleOverrides
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return toSerialize, nil
+}
+
+func (o *WafPolicyRuleSetsInner) UnmarshalJSON(data []byte) (err error) {
+	// This validates that all required properties are included in the JSON object
+	// by unmarshalling the object into a generic map with string keys and checking
+	// that every required field exists as a key in the generic map.
+	requiredProperties := []string{
+		"overall_threshold",
+	}
+
+	allProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(data, &allProperties)
+
+	if err != nil {
+		return err;
+	}
+
+	for _, requiredProperty := range(requiredProperties) {
+		if _, exists := allProperties[requiredProperty]; !exists {
+			return fmt.Errorf("no value given for required property %v", requiredProperty)
+		}
+	}
+
+	varWafPolicyRuleSetsInner := _WafPolicyRuleSetsInner{}
+
+	err = json.Unmarshal(data, &varWafPolicyRuleSetsInner)
+
+	if err != nil {
+		return err
+	}
+
+	*o = WafPolicyRuleSetsInner(varWafPolicyRuleSetsInner)
+
+	additionalProperties := make(map[string]interface{})
+
+	if err = json.Unmarshal(data, &additionalProperties); err == nil {
+		delete(additionalProperties, "managed_id")
+		delete(additionalProperties, "excluded_patterns")
+		delete(additionalProperties, "passive_mode")
+		delete(additionalProperties, "overall_threshold")
+		delete(additionalProperties, "category_thresholds")
+		delete(additionalProperties, "rule_overrides")
+		o.AdditionalProperties = additionalProperties
+	}
+
+	return err
+}
+
+type NullableWafPolicyRuleSetsInner struct {
+	value *WafPolicyRuleSetsInner
+	isSet bool
+}
+
+func (v NullableWafPolicyRuleSetsInner) Get() *WafPolicyRuleSetsInner {
+	return v.value
+}
+
+func (v *NullableWafPolicyRuleSetsInner) Set(val *WafPolicyRuleSetsInner) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableWafPolicyRuleSetsInner) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableWafPolicyRuleSetsInner) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableWafPolicyRuleSetsInner(val *WafPolicyRuleSetsInner) *NullableWafPolicyRuleSetsInner {
+	return &NullableWafPolicyRuleSetsInner{value: val, isSet: true}
+}
+
+func (v NullableWafPolicyRuleSetsInner) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableWafPolicyRuleSetsInner) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
+
+
diff --git a/internal/netlifyapi/model_waf_policy_rule_sets_inner_rule_overrides.go b/internal/netlifyapi/model_waf_policy_rule_sets_inner_rule_overrides.go
new file mode 100644
index 0000000..0179e13
--- /dev/null
+++ b/internal/netlifyapi/model_waf_policy_rule_sets_inner_rule_overrides.go
@@ -0,0 +1,168 @@
+/*
+Netlify's API documentation
+
+Netlify is a hosting service for the programmable web. It understands your documents and provides an API to handle atomic deploys of websites, manage form submissions, inject JavaScript snippets, and much more. This is a REST-style API that uses JSON for serialization and OAuth 2 for authentication.   This document is an OpenAPI reference for the Netlify API that you can explore. For more detailed instructions for common uses, please visit the [online documentation](https://docs.netlify.com/api/get-started/). Visit our Community forum to join the conversation about [understanding and using Netlify’s API](https://community.netlify.com/t/common-issue-understanding-and-using-netlifys-api/160).   Additionally, we have two API clients for your convenience: - [Go Client](https://github.com/netlify/open-api#go-client) - [JS Client](https://github.com/netlify/js-client) 
+
+API version: 1.0
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package netlifyapi
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// checks if the WafPolicyRuleSetsInnerRuleOverrides type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &WafPolicyRuleSetsInnerRuleOverrides{}
+
+// WafPolicyRuleSetsInnerRuleOverrides struct for WafPolicyRuleSetsInnerRuleOverrides
+type WafPolicyRuleSetsInnerRuleOverrides struct {
+	Action string `json:"action"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _WafPolicyRuleSetsInnerRuleOverrides WafPolicyRuleSetsInnerRuleOverrides
+
+// NewWafPolicyRuleSetsInnerRuleOverrides instantiates a new WafPolicyRuleSetsInnerRuleOverrides object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewWafPolicyRuleSetsInnerRuleOverrides(action string) *WafPolicyRuleSetsInnerRuleOverrides {
+	this := WafPolicyRuleSetsInnerRuleOverrides{}
+	this.Action = action
+	return &this
+}
+
+// NewWafPolicyRuleSetsInnerRuleOverridesWithDefaults instantiates a new WafPolicyRuleSetsInnerRuleOverrides object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewWafPolicyRuleSetsInnerRuleOverridesWithDefaults() *WafPolicyRuleSetsInnerRuleOverrides {
+	this := WafPolicyRuleSetsInnerRuleOverrides{}
+	return &this
+}
+
+// GetAction returns the Action field value
+func (o *WafPolicyRuleSetsInnerRuleOverrides) GetAction() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.Action
+}
+
+// GetActionOk returns a tuple with the Action field value
+// and a boolean to check if the value has been set.
+func (o *WafPolicyRuleSetsInnerRuleOverrides) GetActionOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.Action, true
+}
+
+// SetAction sets field value
+func (o *WafPolicyRuleSetsInnerRuleOverrides) SetAction(v string) {
+	o.Action = v
+}
+
+func (o WafPolicyRuleSetsInnerRuleOverrides) MarshalJSON() ([]byte, error) {
+	toSerialize,err := o.ToMap()
+	if err != nil {
+		return []byte{}, err
+	}
+	return json.Marshal(toSerialize)
+}
+
+func (o WafPolicyRuleSetsInnerRuleOverrides) ToMap() (map[string]interface{}, error) {
+	toSerialize := map[string]interface{}{}
+	toSerialize["action"] = o.Action
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return toSerialize, nil
+}
+
+func (o *WafPolicyRuleSetsInnerRuleOverrides) UnmarshalJSON(data []byte) (err error) {
+	// This validates that all required properties are included in the JSON object
+	// by unmarshalling the object into a generic map with string keys and checking
+	// that every required field exists as a key in the generic map.
+	requiredProperties := []string{
+		"action",
+	}
+
+	allProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(data, &allProperties)
+
+	if err != nil {
+		return err;
+	}
+
+	for _, requiredProperty := range(requiredProperties) {
+		if _, exists := allProperties[requiredProperty]; !exists {
+			return fmt.Errorf("no value given for required property %v", requiredProperty)
+		}
+	}
+
+	varWafPolicyRuleSetsInnerRuleOverrides := _WafPolicyRuleSetsInnerRuleOverrides{}
+
+	err = json.Unmarshal(data, &varWafPolicyRuleSetsInnerRuleOverrides)
+
+	if err != nil {
+		return err
+	}
+
+	*o = WafPolicyRuleSetsInnerRuleOverrides(varWafPolicyRuleSetsInnerRuleOverrides)
+
+	additionalProperties := make(map[string]interface{})
+
+	if err = json.Unmarshal(data, &additionalProperties); err == nil {
+		delete(additionalProperties, "action")
+		o.AdditionalProperties = additionalProperties
+	}
+
+	return err
+}
+
+type NullableWafPolicyRuleSetsInnerRuleOverrides struct {
+	value *WafPolicyRuleSetsInnerRuleOverrides
+	isSet bool
+}
+
+func (v NullableWafPolicyRuleSetsInnerRuleOverrides) Get() *WafPolicyRuleSetsInnerRuleOverrides {
+	return v.value
+}
+
+func (v *NullableWafPolicyRuleSetsInnerRuleOverrides) Set(val *WafPolicyRuleSetsInnerRuleOverrides) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableWafPolicyRuleSetsInnerRuleOverrides) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableWafPolicyRuleSetsInnerRuleOverrides) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableWafPolicyRuleSetsInnerRuleOverrides(val *WafPolicyRuleSetsInnerRuleOverrides) *NullableWafPolicyRuleSetsInnerRuleOverrides {
+	return &NullableWafPolicyRuleSetsInnerRuleOverrides{value: val, isSet: true}
+}
+
+func (v NullableWafPolicyRuleSetsInnerRuleOverrides) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableWafPolicyRuleSetsInnerRuleOverrides) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
+
+
diff --git a/internal/netlifyapi/model_waf_policy_rule_sets_inner_rule_overrides_value.go b/internal/netlifyapi/model_waf_policy_rule_sets_inner_rule_overrides_value.go
new file mode 100644
index 0000000..616e85d
--- /dev/null
+++ b/internal/netlifyapi/model_waf_policy_rule_sets_inner_rule_overrides_value.go
@@ -0,0 +1,168 @@
+/*
+Netlify's API documentation
+
+Netlify is a hosting service for the programmable web. It understands your documents and provides an API to handle atomic deploys of websites, manage form submissions, inject JavaScript snippets, and much more. This is a REST-style API that uses JSON for serialization and OAuth 2 for authentication.   This document is an OpenAPI reference for the Netlify API that you can explore. For more detailed instructions for common uses, please visit the [online documentation](https://docs.netlify.com/api/get-started/). Visit our Community forum to join the conversation about [understanding and using Netlify’s API](https://community.netlify.com/t/common-issue-understanding-and-using-netlifys-api/160).   Additionally, we have two API clients for your convenience: - [Go Client](https://github.com/netlify/open-api#go-client) - [JS Client](https://github.com/netlify/js-client) 
+
+API version: 1.0
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package netlifyapi
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// checks if the WafPolicyRuleSetsInnerRuleOverridesValue type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &WafPolicyRuleSetsInnerRuleOverridesValue{}
+
+// WafPolicyRuleSetsInnerRuleOverridesValue struct for WafPolicyRuleSetsInnerRuleOverridesValue
+type WafPolicyRuleSetsInnerRuleOverridesValue struct {
+	Action string `json:"action"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _WafPolicyRuleSetsInnerRuleOverridesValue WafPolicyRuleSetsInnerRuleOverridesValue
+
+// NewWafPolicyRuleSetsInnerRuleOverridesValue instantiates a new WafPolicyRuleSetsInnerRuleOverridesValue object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewWafPolicyRuleSetsInnerRuleOverridesValue(action string) *WafPolicyRuleSetsInnerRuleOverridesValue {
+	this := WafPolicyRuleSetsInnerRuleOverridesValue{}
+	this.Action = action
+	return &this
+}
+
+// NewWafPolicyRuleSetsInnerRuleOverridesValueWithDefaults instantiates a new WafPolicyRuleSetsInnerRuleOverridesValue object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewWafPolicyRuleSetsInnerRuleOverridesValueWithDefaults() *WafPolicyRuleSetsInnerRuleOverridesValue {
+	this := WafPolicyRuleSetsInnerRuleOverridesValue{}
+	return &this
+}
+
+// GetAction returns the Action field value
+func (o *WafPolicyRuleSetsInnerRuleOverridesValue) GetAction() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.Action
+}
+
+// GetActionOk returns a tuple with the Action field value
+// and a boolean to check if the value has been set.
+func (o *WafPolicyRuleSetsInnerRuleOverridesValue) GetActionOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.Action, true
+}
+
+// SetAction sets field value
+func (o *WafPolicyRuleSetsInnerRuleOverridesValue) SetAction(v string) {
+	o.Action = v
+}
+
+func (o WafPolicyRuleSetsInnerRuleOverridesValue) MarshalJSON() ([]byte, error) {
+	toSerialize,err := o.ToMap()
+	if err != nil {
+		return []byte{}, err
+	}
+	return json.Marshal(toSerialize)
+}
+
+func (o WafPolicyRuleSetsInnerRuleOverridesValue) ToMap() (map[string]interface{}, error) {
+	toSerialize := map[string]interface{}{}
+	toSerialize["action"] = o.Action
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return toSerialize, nil
+}
+
+func (o *WafPolicyRuleSetsInnerRuleOverridesValue) UnmarshalJSON(data []byte) (err error) {
+	// This validates that all required properties are included in the JSON object
+	// by unmarshalling the object into a generic map with string keys and checking
+	// that every required field exists as a key in the generic map.
+	requiredProperties := []string{
+		"action",
+	}
+
+	allProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(data, &allProperties)
+
+	if err != nil {
+		return err;
+	}
+
+	for _, requiredProperty := range(requiredProperties) {
+		if _, exists := allProperties[requiredProperty]; !exists {
+			return fmt.Errorf("no value given for required property %v", requiredProperty)
+		}
+	}
+
+	varWafPolicyRuleSetsInnerRuleOverridesValue := _WafPolicyRuleSetsInnerRuleOverridesValue{}
+
+	err = json.Unmarshal(data, &varWafPolicyRuleSetsInnerRuleOverridesValue)
+
+	if err != nil {
+		return err
+	}
+
+	*o = WafPolicyRuleSetsInnerRuleOverridesValue(varWafPolicyRuleSetsInnerRuleOverridesValue)
+
+	additionalProperties := make(map[string]interface{})
+
+	if err = json.Unmarshal(data, &additionalProperties); err == nil {
+		delete(additionalProperties, "action")
+		o.AdditionalProperties = additionalProperties
+	}
+
+	return err
+}
+
+type NullableWafPolicyRuleSetsInnerRuleOverridesValue struct {
+	value *WafPolicyRuleSetsInnerRuleOverridesValue
+	isSet bool
+}
+
+func (v NullableWafPolicyRuleSetsInnerRuleOverridesValue) Get() *WafPolicyRuleSetsInnerRuleOverridesValue {
+	return v.value
+}
+
+func (v *NullableWafPolicyRuleSetsInnerRuleOverridesValue) Set(val *WafPolicyRuleSetsInnerRuleOverridesValue) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableWafPolicyRuleSetsInnerRuleOverridesValue) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableWafPolicyRuleSetsInnerRuleOverridesValue) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableWafPolicyRuleSetsInnerRuleOverridesValue(val *WafPolicyRuleSetsInnerRuleOverridesValue) *NullableWafPolicyRuleSetsInnerRuleOverridesValue {
+	return &NullableWafPolicyRuleSetsInnerRuleOverridesValue{value: val, isSet: true}
+}
+
+func (v NullableWafPolicyRuleSetsInnerRuleOverridesValue) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableWafPolicyRuleSetsInnerRuleOverridesValue) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
+
+
diff --git a/internal/netlifyapi/model_waf_policy_update.go b/internal/netlifyapi/model_waf_policy_update.go
new file mode 100644
index 0000000..1de57b1
--- /dev/null
+++ b/internal/netlifyapi/model_waf_policy_update.go
@@ -0,0 +1,168 @@
+/*
+Netlify's API documentation
+
+Netlify is a hosting service for the programmable web. It understands your documents and provides an API to handle atomic deploys of websites, manage form submissions, inject JavaScript snippets, and much more. This is a REST-style API that uses JSON for serialization and OAuth 2 for authentication.   This document is an OpenAPI reference for the Netlify API that you can explore. For more detailed instructions for common uses, please visit the [online documentation](https://docs.netlify.com/api/get-started/). Visit our Community forum to join the conversation about [understanding and using Netlify’s API](https://community.netlify.com/t/common-issue-understanding-and-using-netlifys-api/160).   Additionally, we have two API clients for your convenience: - [Go Client](https://github.com/netlify/open-api#go-client) - [JS Client](https://github.com/netlify/js-client) 
+
+API version: 1.0
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package netlifyapi
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// checks if the WafPolicyUpdate type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &WafPolicyUpdate{}
+
+// WafPolicyUpdate struct for WafPolicyUpdate
+type WafPolicyUpdate struct {
+	PolicyId string `json:"policy_id"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _WafPolicyUpdate WafPolicyUpdate
+
+// NewWafPolicyUpdate instantiates a new WafPolicyUpdate object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewWafPolicyUpdate(policyId string) *WafPolicyUpdate {
+	this := WafPolicyUpdate{}
+	this.PolicyId = policyId
+	return &this
+}
+
+// NewWafPolicyUpdateWithDefaults instantiates a new WafPolicyUpdate object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewWafPolicyUpdateWithDefaults() *WafPolicyUpdate {
+	this := WafPolicyUpdate{}
+	return &this
+}
+
+// GetPolicyId returns the PolicyId field value
+func (o *WafPolicyUpdate) GetPolicyId() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.PolicyId
+}
+
+// GetPolicyIdOk returns a tuple with the PolicyId field value
+// and a boolean to check if the value has been set.
+func (o *WafPolicyUpdate) GetPolicyIdOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.PolicyId, true
+}
+
+// SetPolicyId sets field value
+func (o *WafPolicyUpdate) SetPolicyId(v string) {
+	o.PolicyId = v
+}
+
+func (o WafPolicyUpdate) MarshalJSON() ([]byte, error) {
+	toSerialize,err := o.ToMap()
+	if err != nil {
+		return []byte{}, err
+	}
+	return json.Marshal(toSerialize)
+}
+
+func (o WafPolicyUpdate) ToMap() (map[string]interface{}, error) {
+	toSerialize := map[string]interface{}{}
+	toSerialize["policy_id"] = o.PolicyId
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return toSerialize, nil
+}
+
+func (o *WafPolicyUpdate) UnmarshalJSON(data []byte) (err error) {
+	// This validates that all required properties are included in the JSON object
+	// by unmarshalling the object into a generic map with string keys and checking
+	// that every required field exists as a key in the generic map.
+	requiredProperties := []string{
+		"policy_id",
+	}
+
+	allProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(data, &allProperties)
+
+	if err != nil {
+		return err;
+	}
+
+	for _, requiredProperty := range(requiredProperties) {
+		if _, exists := allProperties[requiredProperty]; !exists {
+			return fmt.Errorf("no value given for required property %v", requiredProperty)
+		}
+	}
+
+	varWafPolicyUpdate := _WafPolicyUpdate{}
+
+	err = json.Unmarshal(data, &varWafPolicyUpdate)
+
+	if err != nil {
+		return err
+	}
+
+	*o = WafPolicyUpdate(varWafPolicyUpdate)
+
+	additionalProperties := make(map[string]interface{})
+
+	if err = json.Unmarshal(data, &additionalProperties); err == nil {
+		delete(additionalProperties, "policy_id")
+		o.AdditionalProperties = additionalProperties
+	}
+
+	return err
+}
+
+type NullableWafPolicyUpdate struct {
+	value *WafPolicyUpdate
+	isSet bool
+}
+
+func (v NullableWafPolicyUpdate) Get() *WafPolicyUpdate {
+	return v.value
+}
+
+func (v *NullableWafPolicyUpdate) Set(val *WafPolicyUpdate) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableWafPolicyUpdate) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableWafPolicyUpdate) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableWafPolicyUpdate(val *WafPolicyUpdate) *NullableWafPolicyUpdate {
+	return &NullableWafPolicyUpdate{value: val, isSet: true}
+}
+
+func (v NullableWafPolicyUpdate) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableWafPolicyUpdate) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
+
+
diff --git a/internal/netlifyapi/model_waf_policy_update_rule_sets_inner.go b/internal/netlifyapi/model_waf_policy_update_rule_sets_inner.go
new file mode 100644
index 0000000..3215fff
--- /dev/null
+++ b/internal/netlifyapi/model_waf_policy_update_rule_sets_inner.go
@@ -0,0 +1,340 @@
+/*
+Netlify's API documentation
+
+Netlify is a hosting service for the programmable web. It understands your documents and provides an API to handle atomic deploys of websites, manage form submissions, inject JavaScript snippets, and much more. This is a REST-style API that uses JSON for serialization and OAuth 2 for authentication.   This document is an OpenAPI reference for the Netlify API that you can explore. For more detailed instructions for common uses, please visit the [online documentation](https://docs.netlify.com/api/get-started/). Visit our Community forum to join the conversation about [understanding and using Netlify’s API](https://community.netlify.com/t/common-issue-understanding-and-using-netlifys-api/160).   Additionally, we have two API clients for your convenience: - [Go Client](https://github.com/netlify/open-api#go-client) - [JS Client](https://github.com/netlify/js-client) 
+
+API version: 1.0
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package netlifyapi
+
+import (
+	"encoding/json"
+)
+
+// checks if the WafPolicyUpdateRuleSetsInner type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &WafPolicyUpdateRuleSetsInner{}
+
+// WafPolicyUpdateRuleSetsInner struct for WafPolicyUpdateRuleSetsInner
+type WafPolicyUpdateRuleSetsInner struct {
+	ManagedId *string `json:"managed_id,omitempty"`
+	ExcludedPatterns []string `json:"excluded_patterns,omitempty"`
+	PassiveMode *bool `json:"passive_mode,omitempty"`
+	OverallThreshold *int64 `json:"overall_threshold,omitempty"`
+	CategoryThresholds map[string]int64 `json:"category_thresholds,omitempty"`
+	RuleOverrides map[string]interface{} `json:"rule_overrides,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _WafPolicyUpdateRuleSetsInner WafPolicyUpdateRuleSetsInner
+
+// NewWafPolicyUpdateRuleSetsInner instantiates a new WafPolicyUpdateRuleSetsInner object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewWafPolicyUpdateRuleSetsInner() *WafPolicyUpdateRuleSetsInner {
+	this := WafPolicyUpdateRuleSetsInner{}
+	return &this
+}
+
+// NewWafPolicyUpdateRuleSetsInnerWithDefaults instantiates a new WafPolicyUpdateRuleSetsInner object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewWafPolicyUpdateRuleSetsInnerWithDefaults() *WafPolicyUpdateRuleSetsInner {
+	this := WafPolicyUpdateRuleSetsInner{}
+	return &this
+}
+
+// GetManagedId returns the ManagedId field value if set, zero value otherwise.
+func (o *WafPolicyUpdateRuleSetsInner) GetManagedId() string {
+	if o == nil || IsNil(o.ManagedId) {
+		var ret string
+		return ret
+	}
+	return *o.ManagedId
+}
+
+// GetManagedIdOk returns a tuple with the ManagedId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WafPolicyUpdateRuleSetsInner) GetManagedIdOk() (*string, bool) {
+	if o == nil || IsNil(o.ManagedId) {
+		return nil, false
+	}
+	return o.ManagedId, true
+}
+
+// HasManagedId returns a boolean if a field has been set.
+func (o *WafPolicyUpdateRuleSetsInner) HasManagedId() bool {
+	if o != nil && !IsNil(o.ManagedId) {
+		return true
+	}
+
+	return false
+}
+
+// SetManagedId gets a reference to the given string and assigns it to the ManagedId field.
+func (o *WafPolicyUpdateRuleSetsInner) SetManagedId(v string) {
+	o.ManagedId = &v
+}
+
+// GetExcludedPatterns returns the ExcludedPatterns field value if set, zero value otherwise.
+func (o *WafPolicyUpdateRuleSetsInner) GetExcludedPatterns() []string {
+	if o == nil || IsNil(o.ExcludedPatterns) {
+		var ret []string
+		return ret
+	}
+	return o.ExcludedPatterns
+}
+
+// GetExcludedPatternsOk returns a tuple with the ExcludedPatterns field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WafPolicyUpdateRuleSetsInner) GetExcludedPatternsOk() ([]string, bool) {
+	if o == nil || IsNil(o.ExcludedPatterns) {
+		return nil, false
+	}
+	return o.ExcludedPatterns, true
+}
+
+// HasExcludedPatterns returns a boolean if a field has been set.
+func (o *WafPolicyUpdateRuleSetsInner) HasExcludedPatterns() bool {
+	if o != nil && !IsNil(o.ExcludedPatterns) {
+		return true
+	}
+
+	return false
+}
+
+// SetExcludedPatterns gets a reference to the given []string and assigns it to the ExcludedPatterns field.
+func (o *WafPolicyUpdateRuleSetsInner) SetExcludedPatterns(v []string) {
+	o.ExcludedPatterns = v
+}
+
+// GetPassiveMode returns the PassiveMode field value if set, zero value otherwise.
+func (o *WafPolicyUpdateRuleSetsInner) GetPassiveMode() bool {
+	if o == nil || IsNil(o.PassiveMode) {
+		var ret bool
+		return ret
+	}
+	return *o.PassiveMode
+}
+
+// GetPassiveModeOk returns a tuple with the PassiveMode field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WafPolicyUpdateRuleSetsInner) GetPassiveModeOk() (*bool, bool) {
+	if o == nil || IsNil(o.PassiveMode) {
+		return nil, false
+	}
+	return o.PassiveMode, true
+}
+
+// HasPassiveMode returns a boolean if a field has been set.
+func (o *WafPolicyUpdateRuleSetsInner) HasPassiveMode() bool {
+	if o != nil && !IsNil(o.PassiveMode) {
+		return true
+	}
+
+	return false
+}
+
+// SetPassiveMode gets a reference to the given bool and assigns it to the PassiveMode field.
+func (o *WafPolicyUpdateRuleSetsInner) SetPassiveMode(v bool) {
+	o.PassiveMode = &v
+}
+
+// GetOverallThreshold returns the OverallThreshold field value if set, zero value otherwise.
+func (o *WafPolicyUpdateRuleSetsInner) GetOverallThreshold() int64 {
+	if o == nil || IsNil(o.OverallThreshold) {
+		var ret int64
+		return ret
+	}
+	return *o.OverallThreshold
+}
+
+// GetOverallThresholdOk returns a tuple with the OverallThreshold field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WafPolicyUpdateRuleSetsInner) GetOverallThresholdOk() (*int64, bool) {
+	if o == nil || IsNil(o.OverallThreshold) {
+		return nil, false
+	}
+	return o.OverallThreshold, true
+}
+
+// HasOverallThreshold returns a boolean if a field has been set.
+func (o *WafPolicyUpdateRuleSetsInner) HasOverallThreshold() bool {
+	if o != nil && !IsNil(o.OverallThreshold) {
+		return true
+	}
+
+	return false
+}
+
+// SetOverallThreshold gets a reference to the given int64 and assigns it to the OverallThreshold field.
+func (o *WafPolicyUpdateRuleSetsInner) SetOverallThreshold(v int64) {
+	o.OverallThreshold = &v
+}
+
+// GetCategoryThresholds returns the CategoryThresholds field value if set, zero value otherwise.
+func (o *WafPolicyUpdateRuleSetsInner) GetCategoryThresholds() map[string]int64 {
+	if o == nil || IsNil(o.CategoryThresholds) {
+		var ret map[string]int64
+		return ret
+	}
+	return o.CategoryThresholds
+}
+
+// GetCategoryThresholdsOk returns a tuple with the CategoryThresholds field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WafPolicyUpdateRuleSetsInner) GetCategoryThresholdsOk() (map[string]int64, bool) {
+	if o == nil || IsNil(o.CategoryThresholds) {
+		return map[string]int64{}, false
+	}
+	return o.CategoryThresholds, true
+}
+
+// HasCategoryThresholds returns a boolean if a field has been set.
+func (o *WafPolicyUpdateRuleSetsInner) HasCategoryThresholds() bool {
+	if o != nil && !IsNil(o.CategoryThresholds) {
+		return true
+	}
+
+	return false
+}
+
+// SetCategoryThresholds gets a reference to the given map[string]int64 and assigns it to the CategoryThresholds field.
+func (o *WafPolicyUpdateRuleSetsInner) SetCategoryThresholds(v map[string]int64) {
+	o.CategoryThresholds = v
+}
+
+// GetRuleOverrides returns the RuleOverrides field value if set, zero value otherwise.
+func (o *WafPolicyUpdateRuleSetsInner) GetRuleOverrides() map[string]interface{} {
+	if o == nil || IsNil(o.RuleOverrides) {
+		var ret map[string]interface{}
+		return ret
+	}
+	return o.RuleOverrides
+}
+
+// GetRuleOverridesOk returns a tuple with the RuleOverrides field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WafPolicyUpdateRuleSetsInner) GetRuleOverridesOk() (map[string]interface{}, bool) {
+	if o == nil || IsNil(o.RuleOverrides) {
+		return map[string]interface{}{}, false
+	}
+	return o.RuleOverrides, true
+}
+
+// HasRuleOverrides returns a boolean if a field has been set.
+func (o *WafPolicyUpdateRuleSetsInner) HasRuleOverrides() bool {
+	if o != nil && !IsNil(o.RuleOverrides) {
+		return true
+	}
+
+	return false
+}
+
+// SetRuleOverrides gets a reference to the given map[string]interface{} and assigns it to the RuleOverrides field.
+func (o *WafPolicyUpdateRuleSetsInner) SetRuleOverrides(v map[string]interface{}) {
+	o.RuleOverrides = v
+}
+
+func (o WafPolicyUpdateRuleSetsInner) MarshalJSON() ([]byte, error) {
+	toSerialize,err := o.ToMap()
+	if err != nil {
+		return []byte{}, err
+	}
+	return json.Marshal(toSerialize)
+}
+
+func (o WafPolicyUpdateRuleSetsInner) ToMap() (map[string]interface{}, error) {
+	toSerialize := map[string]interface{}{}
+	if !IsNil(o.ManagedId) {
+		toSerialize["managed_id"] = o.ManagedId
+	}
+	if !IsNil(o.ExcludedPatterns) {
+		toSerialize["excluded_patterns"] = o.ExcludedPatterns
+	}
+	if !IsNil(o.PassiveMode) {
+		toSerialize["passive_mode"] = o.PassiveMode
+	}
+	if !IsNil(o.OverallThreshold) {
+		toSerialize["overall_threshold"] = o.OverallThreshold
+	}
+	if !IsNil(o.CategoryThresholds) {
+		toSerialize["category_thresholds"] = o.CategoryThresholds
+	}
+	if !IsNil(o.RuleOverrides) {
+		toSerialize["rule_overrides"] = o.RuleOverrides
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return toSerialize, nil
+}
+
+func (o *WafPolicyUpdateRuleSetsInner) UnmarshalJSON(data []byte) (err error) {
+	varWafPolicyUpdateRuleSetsInner := _WafPolicyUpdateRuleSetsInner{}
+
+	err = json.Unmarshal(data, &varWafPolicyUpdateRuleSetsInner)
+
+	if err != nil {
+		return err
+	}
+
+	*o = WafPolicyUpdateRuleSetsInner(varWafPolicyUpdateRuleSetsInner)
+
+	additionalProperties := make(map[string]interface{})
+
+	if err = json.Unmarshal(data, &additionalProperties); err == nil {
+		delete(additionalProperties, "managed_id")
+		delete(additionalProperties, "excluded_patterns")
+		delete(additionalProperties, "passive_mode")
+		delete(additionalProperties, "overall_threshold")
+		delete(additionalProperties, "category_thresholds")
+		delete(additionalProperties, "rule_overrides")
+		o.AdditionalProperties = additionalProperties
+	}
+
+	return err
+}
+
+type NullableWafPolicyUpdateRuleSetsInner struct {
+	value *WafPolicyUpdateRuleSetsInner
+	isSet bool
+}
+
+func (v NullableWafPolicyUpdateRuleSetsInner) Get() *WafPolicyUpdateRuleSetsInner {
+	return v.value
+}
+
+func (v *NullableWafPolicyUpdateRuleSetsInner) Set(val *WafPolicyUpdateRuleSetsInner) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableWafPolicyUpdateRuleSetsInner) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableWafPolicyUpdateRuleSetsInner) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableWafPolicyUpdateRuleSetsInner(val *WafPolicyUpdateRuleSetsInner) *NullableWafPolicyUpdateRuleSetsInner {
+	return &NullableWafPolicyUpdateRuleSetsInner{value: val, isSet: true}
+}
+
+func (v NullableWafPolicyUpdateRuleSetsInner) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableWafPolicyUpdateRuleSetsInner) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
+
+
diff --git a/internal/netlifyapi/model_waf_policy_update_rule_sets_inner_rule_overrides_value.go b/internal/netlifyapi/model_waf_policy_update_rule_sets_inner_rule_overrides_value.go
new file mode 100644
index 0000000..39e5556
--- /dev/null
+++ b/internal/netlifyapi/model_waf_policy_update_rule_sets_inner_rule_overrides_value.go
@@ -0,0 +1,155 @@
+/*
+Netlify's API documentation
+
+Netlify is a hosting service for the programmable web. It understands your documents and provides an API to handle atomic deploys of websites, manage form submissions, inject JavaScript snippets, and much more. This is a REST-style API that uses JSON for serialization and OAuth 2 for authentication.   This document is an OpenAPI reference for the Netlify API that you can explore. For more detailed instructions for common uses, please visit the [online documentation](https://docs.netlify.com/api/get-started/). Visit our Community forum to join the conversation about [understanding and using Netlify’s API](https://community.netlify.com/t/common-issue-understanding-and-using-netlifys-api/160).   Additionally, we have two API clients for your convenience: - [Go Client](https://github.com/netlify/open-api#go-client) - [JS Client](https://github.com/netlify/js-client) 
+
+API version: 1.0
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package netlifyapi
+
+import (
+	"encoding/json"
+)
+
+// checks if the WafPolicyUpdateRuleSetsInnerRuleOverridesValue type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &WafPolicyUpdateRuleSetsInnerRuleOverridesValue{}
+
+// WafPolicyUpdateRuleSetsInnerRuleOverridesValue struct for WafPolicyUpdateRuleSetsInnerRuleOverridesValue
+type WafPolicyUpdateRuleSetsInnerRuleOverridesValue struct {
+	Action *string `json:"action,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _WafPolicyUpdateRuleSetsInnerRuleOverridesValue WafPolicyUpdateRuleSetsInnerRuleOverridesValue
+
+// NewWafPolicyUpdateRuleSetsInnerRuleOverridesValue instantiates a new WafPolicyUpdateRuleSetsInnerRuleOverridesValue object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewWafPolicyUpdateRuleSetsInnerRuleOverridesValue() *WafPolicyUpdateRuleSetsInnerRuleOverridesValue {
+	this := WafPolicyUpdateRuleSetsInnerRuleOverridesValue{}
+	return &this
+}
+
+// NewWafPolicyUpdateRuleSetsInnerRuleOverridesValueWithDefaults instantiates a new WafPolicyUpdateRuleSetsInnerRuleOverridesValue object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewWafPolicyUpdateRuleSetsInnerRuleOverridesValueWithDefaults() *WafPolicyUpdateRuleSetsInnerRuleOverridesValue {
+	this := WafPolicyUpdateRuleSetsInnerRuleOverridesValue{}
+	return &this
+}
+
+// GetAction returns the Action field value if set, zero value otherwise.
+func (o *WafPolicyUpdateRuleSetsInnerRuleOverridesValue) GetAction() string {
+	if o == nil || IsNil(o.Action) {
+		var ret string
+		return ret
+	}
+	return *o.Action
+}
+
+// GetActionOk returns a tuple with the Action field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WafPolicyUpdateRuleSetsInnerRuleOverridesValue) GetActionOk() (*string, bool) {
+	if o == nil || IsNil(o.Action) {
+		return nil, false
+	}
+	return o.Action, true
+}
+
+// HasAction returns a boolean if a field has been set.
+func (o *WafPolicyUpdateRuleSetsInnerRuleOverridesValue) HasAction() bool {
+	if o != nil && !IsNil(o.Action) {
+		return true
+	}
+
+	return false
+}
+
+// SetAction gets a reference to the given string and assigns it to the Action field.
+func (o *WafPolicyUpdateRuleSetsInnerRuleOverridesValue) SetAction(v string) {
+	o.Action = &v
+}
+
+func (o WafPolicyUpdateRuleSetsInnerRuleOverridesValue) MarshalJSON() ([]byte, error) {
+	toSerialize,err := o.ToMap()
+	if err != nil {
+		return []byte{}, err
+	}
+	return json.Marshal(toSerialize)
+}
+
+func (o WafPolicyUpdateRuleSetsInnerRuleOverridesValue) ToMap() (map[string]interface{}, error) {
+	toSerialize := map[string]interface{}{}
+	if !IsNil(o.Action) {
+		toSerialize["action"] = o.Action
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return toSerialize, nil
+}
+
+func (o *WafPolicyUpdateRuleSetsInnerRuleOverridesValue) UnmarshalJSON(data []byte) (err error) {
+	varWafPolicyUpdateRuleSetsInnerRuleOverridesValue := _WafPolicyUpdateRuleSetsInnerRuleOverridesValue{}
+
+	err = json.Unmarshal(data, &varWafPolicyUpdateRuleSetsInnerRuleOverridesValue)
+
+	if err != nil {
+		return err
+	}
+
+	*o = WafPolicyUpdateRuleSetsInnerRuleOverridesValue(varWafPolicyUpdateRuleSetsInnerRuleOverridesValue)
+
+	additionalProperties := make(map[string]interface{})
+
+	if err = json.Unmarshal(data, &additionalProperties); err == nil {
+		delete(additionalProperties, "action")
+		o.AdditionalProperties = additionalProperties
+	}
+
+	return err
+}
+
+type NullableWafPolicyUpdateRuleSetsInnerRuleOverridesValue struct {
+	value *WafPolicyUpdateRuleSetsInnerRuleOverridesValue
+	isSet bool
+}
+
+func (v NullableWafPolicyUpdateRuleSetsInnerRuleOverridesValue) Get() *WafPolicyUpdateRuleSetsInnerRuleOverridesValue {
+	return v.value
+}
+
+func (v *NullableWafPolicyUpdateRuleSetsInnerRuleOverridesValue) Set(val *WafPolicyUpdateRuleSetsInnerRuleOverridesValue) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableWafPolicyUpdateRuleSetsInnerRuleOverridesValue) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableWafPolicyUpdateRuleSetsInnerRuleOverridesValue) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableWafPolicyUpdateRuleSetsInnerRuleOverridesValue(val *WafPolicyUpdateRuleSetsInnerRuleOverridesValue) *NullableWafPolicyUpdateRuleSetsInnerRuleOverridesValue {
+	return &NullableWafPolicyUpdateRuleSetsInnerRuleOverridesValue{value: val, isSet: true}
+}
+
+func (v NullableWafPolicyUpdateRuleSetsInnerRuleOverridesValue) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableWafPolicyUpdateRuleSetsInnerRuleOverridesValue) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
+
+
diff --git a/internal/provider/dns_zone_resource_test.go b/internal/provider/dns_zone_resource_test.go
index 3222d4e..9c6dd14 100644
--- a/internal/provider/dns_zone_resource_test.go
+++ b/internal/provider/dns_zone_resource_test.go
@@ -14,8 +14,8 @@ func TestAccDnsZone(t *testing.T) {
 	accTest(t, []resource.TestStep{
 		{
 			Config: `resource "netlify_dns_zone" "example" {
-	name      = "tfsoftsecretnetlifytestingexamplestore.com"
-	team_slug = "netlify-terraform-test"
+  name      = "tfsoftsecretnetlifytestingexamplestore.com"
+  team_slug = "netlify-terraform-test"
 }`,
 			Check: resource.ComposeAggregateTestCheckFunc(
 				resource.TestCheckResourceAttrSet("netlify_dns_zone.example", "id"),
diff --git a/internal/provider/managed_waf_rules_data_source.go b/internal/provider/managed_waf_rules_data_source.go
new file mode 100644
index 0000000..f5d27c5
--- /dev/null
+++ b/internal/provider/managed_waf_rules_data_source.go
@@ -0,0 +1,165 @@
+package provider
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+)
+
+var (
+	_ datasource.DataSource              = &managedWafRulesDataSource{}
+	_ datasource.DataSourceWithConfigure = &managedWafRulesDataSource{}
+)
+
+func NewManagedWafRulesDataSource() datasource.DataSource {
+	return &managedWafRulesDataSource{}
+}
+
+type managedWafRulesDataSource struct {
+	data NetlifyProviderData
+}
+
+type managedWafRulesDataSourceModel struct {
+	TeamID   types.String                 `tfsdk:"team_id"`
+	RuleSets map[string]managedWafRuleSet `tfsdk:"rule_sets"`
+}
+
+type managedWafRuleSet struct {
+	Definition managedWafRuleSetDefinition `tfsdk:"definition"`
+	Rules      []managedWafRule            `tfsdk:"rules"`
+}
+
+type managedWafRuleSetDefinition struct {
+	ID      types.String `tfsdk:"id"`
+	Type    types.String `tfsdk:"type"`
+	Version types.String `tfsdk:"version"`
+}
+
+type managedWafRule struct {
+	ID          types.String `tfsdk:"id"`
+	Description types.String `tfsdk:"description"`
+	Phase       types.String `tfsdk:"phase"`
+	Category    types.String `tfsdk:"category"`
+	Severity    types.String `tfsdk:"severity"`
+}
+
+func (d *managedWafRulesDataSource) Configure(_ context.Context, req datasource.ConfigureRequest, resp *datasource.ConfigureResponse) {
+	if req.ProviderData == nil {
+		return
+	}
+
+	data, ok := req.ProviderData.(NetlifyProviderData)
+	if !ok {
+		resp.Diagnostics.AddError(
+			"Unexpected Data Source Configure Type",
+			fmt.Sprintf("Expected NetlifyProviderData, got: %T. Please report this issue to the provider developers.", req.ProviderData),
+		)
+		return
+	}
+
+	d.data = data
+}
+
+func (d *managedWafRulesDataSource) Metadata(_ context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) {
+	resp.TypeName = req.ProviderTypeName + "_managed_waf_rules"
+}
+
+func (d *managedWafRulesDataSource) Schema(_ context.Context, _ datasource.SchemaRequest, resp *datasource.SchemaResponse) {
+	resp.Schema = schema.Schema{
+		Description: "Netlify managed WAF rule sets. This should be used when defining a WAF policy (netlify_waf_policy).",
+		Attributes: map[string]schema.Attribute{
+			"team_id": schema.StringAttribute{
+				Required: true,
+			},
+			"rule_sets": schema.MapNestedAttribute{
+				Computed: true,
+				NestedObject: schema.NestedAttributeObject{
+					Attributes: map[string]schema.Attribute{
+						"definition": schema.SingleNestedAttribute{
+							Computed: true,
+							Attributes: map[string]schema.Attribute{
+								"id": schema.StringAttribute{
+									Computed: true,
+								},
+								"type": schema.StringAttribute{
+									Computed: true,
+								},
+								"version": schema.StringAttribute{
+									Computed: true,
+								},
+							},
+						},
+						"rules": schema.ListNestedAttribute{
+							Computed: true,
+							NestedObject: schema.NestedAttributeObject{
+								Attributes: map[string]schema.Attribute{
+									"id": schema.StringAttribute{
+										Computed: true,
+									},
+									"description": schema.StringAttribute{
+										Computed: true,
+									},
+									"phase": schema.StringAttribute{
+										Computed: true,
+									},
+									"category": schema.StringAttribute{
+										Computed: true,
+									},
+									"severity": schema.StringAttribute{
+										Computed:    true,
+										Description: "notice, warning, error, critical",
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func (d *managedWafRulesDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) {
+	var config managedWafRulesDataSourceModel
+	resp.Diagnostics.Append(req.Config.Get(ctx, &config)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	data, _, err := d.data.client.WAFManagedRulesAPI.GetManagedWafRules(ctx, config.TeamID.ValueString()).Execute()
+	if err != nil {
+		resp.Diagnostics.AddError(
+			"Error reading Netlify WAF managed rules",
+			fmt.Sprintf("Could not read Netlify WAF managed rules for team %q: %q", config.TeamID.ValueString(), err.Error()),
+		)
+		return
+	}
+	config.RuleSets = make(map[string]managedWafRuleSet)
+	for name, ruleSet := range data.RuleSets {
+		config.RuleSets[name] = managedWafRuleSet{
+			Definition: managedWafRuleSetDefinition{
+				ID:      types.StringPointerValue(ruleSet.Definition.Id),
+				Type:    types.StringPointerValue(ruleSet.Definition.Type),
+				Version: types.StringPointerValue(ruleSet.Definition.Version),
+			},
+			Rules: make([]managedWafRule, len(ruleSet.Rules)),
+		}
+		for i, rule := range ruleSet.Rules {
+			config.RuleSets[name].Rules[i] = managedWafRule{
+				ID:          types.StringPointerValue(rule.Id),
+				Description: types.StringPointerValue(rule.Description),
+				Phase:       types.StringPointerValue(rule.Phase),
+				Category:    types.StringPointerValue(rule.Category),
+				Severity:    types.StringPointerValue(rule.Severity),
+			}
+		}
+	}
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, &config)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+}
diff --git a/internal/provider/managed_waf_rules_data_source_test.go b/internal/provider/managed_waf_rules_data_source_test.go
new file mode 100644
index 0000000..fb432aa
--- /dev/null
+++ b/internal/provider/managed_waf_rules_data_source_test.go
@@ -0,0 +1,27 @@
+package provider
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	"github.com/hashicorp/terraform-plugin-testing/terraform"
+)
+
+func TestAccDataManagedWafRules(t *testing.T) {
+	accTest(t, []resource.TestStep{
+		{
+			Config: `data "netlify_managed_waf_rules" "example" {
+  team_id = "66ae34e11a567e9092e3850f"
+}`,
+			Check: resource.ComposeTestCheckFunc(
+				resource.TestCheckResourceAttr("data.netlify_managed_waf_rules.example", "team_id", "66ae34e11a567e9092e3850f"),
+				resource.TestCheckResourceAttr("data.netlify_managed_waf_rules.example", "rule_sets.crs-basic.definition.id", "crs-basic"),
+				resource.TestCheckResourceAttr("data.netlify_managed_waf_rules.example", "rule_sets.crs-basic.rules.0.id", "913100"),
+				resource.TestCheckResourceAttr("data.netlify_managed_waf_rules.example", "rule_sets.crs-basic.rules.0.description", "Found User-Agent associated with security scanner"),
+				resource.TestCheckResourceAttr("data.netlify_managed_waf_rules.example", "rule_sets.crs-basic.rules.0.phase", "0"),
+				resource.TestCheckResourceAttr("data.netlify_managed_waf_rules.example", "rule_sets.crs-basic.rules.0.category", "reputation-scanner"),
+				resource.TestCheckResourceAttr("data.netlify_managed_waf_rules.example", "rule_sets.crs-basic.rules.0.severity", "critical"),
+			),
+		},
+	}, func(s *terraform.State) error { return nil })
+}
diff --git a/internal/provider/provider.go b/internal/provider/provider.go
index 11655c5..03504e8 100644
--- a/internal/provider/provider.go
+++ b/internal/provider/provider.go
@@ -216,12 +216,14 @@ func (p *NetlifyProvider) Resources(ctx context.Context) []func() resource.Resou
 		NewSiteCollaborationSettingsResource,
 		NewSiteDomainSettingsResource,
 		NewSiteMetricsSettingsResource,
+		NewWafPolicyResource,
 	}
 }
 
 func (p *NetlifyProvider) DataSources(ctx context.Context) []func() datasource.DataSource {
 	return []func() datasource.DataSource{
 		NewDnsZoneDataSource,
+		NewManagedWafRulesDataSource,
 		NewSiteDataSource,
 		NewSitesDataSource,
 		NewTeamDataSource,
diff --git a/internal/provider/site_build_settings_resource.go b/internal/provider/site_build_settings_resource.go
index 9165b5b..bc826b3 100644
--- a/internal/provider/site_build_settings_resource.go
+++ b/internal/provider/site_build_settings_resource.go
@@ -56,6 +56,8 @@ type siteBuildSettingsResourceModel struct {
 	FunctionsRegion types.String `tfsdk:"functions_region"`
 
 	PrettyURLs types.Bool `tfsdk:"pretty_urls"`
+
+	WafPolicyID types.String `tfsdk:"waf_policy_id"`
 }
 
 func (r *siteBuildSettingsResource) Metadata(_ context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) {
@@ -176,6 +178,10 @@ func (r *siteBuildSettingsResource) Schema(_ context.Context, _ resource.SchemaR
 				Computed: true,
 				Default:  booldefault.StaticBool(true),
 			},
+			"waf_policy_id": schema.StringAttribute{
+				Optional:    true,
+				Description: "See more details in the netlify_waf_policy resource.",
+			},
 		},
 	}
 }
@@ -285,6 +291,19 @@ func (r *siteBuildSettingsResource) read(ctx context.Context, state *siteBuildSe
 	state.BuildImage = types.StringValue(site.BuildImage)
 	state.FunctionsRegion = types.StringPointerValue(site.FunctionsRegion)
 	state.PrettyURLs = types.BoolPointerValue(site.ProcessingSettings.Html.PrettyUrls)
+
+	policy, resp, err := r.data.client.WAFPoliciesAPI.GetSiteWafPolicy(ctx, state.SiteID.ValueString()).Execute()
+	if resp.StatusCode == 204 || resp.StatusCode == 404 {
+		state.WafPolicyID = types.StringNull()
+	} else if err != nil {
+		diagnostics.AddError(
+			"Error reading site WAF policy",
+			fmt.Sprintf("Could not read site WAF policy for site %q: %q", state.SiteID.ValueString(), err.Error()),
+		)
+		return
+	} else {
+		state.WafPolicyID = types.StringValue(*policy.Id)
+	}
 }
 
 func (r *siteBuildSettingsResource) write(ctx context.Context, plan *siteBuildSettingsResourceModel, diagnostics *diag.Diagnostics) {
@@ -353,5 +372,39 @@ func (r *siteBuildSettingsResource) write(ctx context.Context, plan *siteBuildSe
 		return
 	}
 
+	// We're being a little defensive here and only updating the WAF policy if it has changed, to avoid problems for non-Enterprise customers.
+	// The update API call also purges some caches, so it's better to avoid it when possible.
+	wafPolicyChanged := false
+	wafUpdate := netlifyapi.WafPolicyUpdate{}
+	if !plan.WafPolicyID.IsNull() {
+		wafUpdate.PolicyId = plan.WafPolicyID.ValueString()
+	}
+	policy, resp, err := r.data.client.WAFPoliciesAPI.GetSiteWafPolicy(ctx, plan.SiteID.ValueString()).Execute()
+	if resp.StatusCode == 204 || resp.StatusCode == 404 {
+		wafPolicyChanged = !plan.WafPolicyID.IsNull()
+	} else if err != nil {
+		diagnostics.AddError(
+			"Error reading site WAF policy",
+			fmt.Sprintf("Could not read site WAF policy for site %q: %q", plan.SiteID.ValueString(), err.Error()),
+		)
+		return
+	} else {
+		wafPolicyChanged = plan.WafPolicyID.IsNull() || plan.WafPolicyID.ValueString() != *policy.Id
+	}
+	if wafPolicyChanged {
+		resp, err = r.data.client.WAFPoliciesAPI.UpdateSiteWafPolicy(ctx, plan.SiteID.ValueString()).WafPolicyUpdate(wafUpdate).Execute()
+		if err != nil {
+			diagnostics.AddError(
+				"Error updating site WAF policy",
+				fmt.Sprintf("Could not update site WAF policy for site %q: %q", plan.SiteID.ValueString(), err.Error()),
+			)
+		} else if resp.StatusCode == 204 {
+			diagnostics.AddError(
+				"Error updating site WAF policy",
+				fmt.Sprintf("Could not update site WAF policy for site %q: %q", plan.SiteID.ValueString(), "policy not found"),
+			)
+		}
+	}
+
 	plan.LastUpdated = types.StringValue(time.Now().Format(time.RFC850))
 }
diff --git a/internal/provider/site_build_settings_resource_test.go b/internal/provider/site_build_settings_resource_test.go
index 3344e54..74a594d 100644
--- a/internal/provider/site_build_settings_resource_test.go
+++ b/internal/provider/site_build_settings_resource_test.go
@@ -33,6 +33,20 @@ func TestAccSiteBuildSettings(t *testing.T) {
   publish_directory      = "dist"
   production_branch      = "main"
   branch_deploy_branches = ["preview", "staging"]
+  waf_policy_id          = netlify_waf_policy.example.id
+}
+
+resource "netlify_waf_policy" "example" {
+  team_id     = "66ae34e11a567e9092e3850f"
+  name        = "Terraform Policy"
+  description = "This is a test policy through Terraform"
+  rule_sets = [
+    {
+      managed_id        = "crs-basic",
+      passive_mode      = true,
+      overall_threshold = 5
+    }
+  ]
 }`,
 			Check: resource.ComposeAggregateTestCheckFunc(
 				resource.TestCheckResourceAttr("netlify_site_build_settings.example", "site_id", "49137d35-1470-4db1-810f-c185b8381cd3"),
@@ -42,6 +56,7 @@ func TestAccSiteBuildSettings(t *testing.T) {
 				resource.TestCheckResourceAttr("netlify_site_build_settings.example", "branch_deploy_branches.#", "2"),
 				resource.TestCheckResourceAttr("netlify_site_build_settings.example", "branch_deploy_branches.0", "preview"),
 				resource.TestCheckResourceAttr("netlify_site_build_settings.example", "branch_deploy_branches.1", "staging"),
+				resource.TestCheckResourceAttrSet("netlify_site_build_settings.example", "waf_policy_id"),
 			),
 		},
 		{
diff --git a/internal/provider/waf_policy_resource.go b/internal/provider/waf_policy_resource.go
new file mode 100644
index 0000000..2ab93da
--- /dev/null
+++ b/internal/provider/waf_policy_resource.go
@@ -0,0 +1,326 @@
+package provider
+
+import (
+	"context"
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/hashicorp/terraform-plugin-framework-validators/mapvalidator"
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/attr"
+	"github.com/hashicorp/terraform-plugin-framework/path"
+	"github.com/hashicorp/terraform-plugin-framework/resource"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/mapdefault"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/netlify/terraform-provider-netlify/internal/netlifyapi"
+)
+
+var (
+	_ resource.Resource                = &wafPolicyResource{}
+	_ resource.ResourceWithConfigure   = &wafPolicyResource{}
+	_ resource.ResourceWithImportState = &wafPolicyResource{}
+)
+
+func NewWafPolicyResource() resource.Resource {
+	return &wafPolicyResource{}
+}
+
+type wafPolicyResource struct {
+	data NetlifyProviderData
+}
+
+type wafPolicyResourceModel struct {
+	ID          types.String      `tfsdk:"id"`
+	TeamID      types.String      `tfsdk:"team_id"`
+	LastUpdated types.String      `tfsdk:"last_updated"`
+	Name        types.String      `tfsdk:"name"`
+	Description types.String      `tfsdk:"description"`
+	RuleSets    []wafRuleSetModel `tfsdk:"rule_sets"`
+}
+
+type wafRuleSetModel struct {
+	ManagedID          types.String                    `tfsdk:"managed_id"`
+	ExcludedPatterns   []types.String                  `tfsdk:"excluded_patterns"`
+	PassiveMode        types.Bool                      `tfsdk:"passive_mode"`
+	OverallThreshold   types.Int64                     `tfsdk:"overall_threshold"`
+	CategoryThresholds map[string]types.Int64          `tfsdk:"category_thresholds"`
+	RuleOverrides      map[string]wafRuleOverrideModel `tfsdk:"rule_overrides"`
+}
+
+type wafRuleOverrideModel struct {
+	Action types.String `tfsdk:"action"`
+}
+
+func (r *wafPolicyResource) Metadata(_ context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) {
+	resp.TypeName = req.ProviderTypeName + "_waf_policy"
+}
+
+func (r *wafPolicyResource) Configure(_ context.Context, req resource.ConfigureRequest, resp *resource.ConfigureResponse) {
+	if req.ProviderData == nil {
+		return
+	}
+
+	data, ok := req.ProviderData.(NetlifyProviderData)
+
+	if !ok {
+		resp.Diagnostics.AddError(
+			"Unexpected Resource Configure Type",
+			fmt.Sprintf("Expected NetlifyProviderData, got: %T. Please report this issue to the provider developers.", req.ProviderData),
+		)
+		return
+	}
+
+	r.data = data
+}
+
+// TODO: verify the required and optional properties.
+func (r *wafPolicyResource) Schema(_ context.Context, _ resource.SchemaRequest, resp *resource.SchemaResponse) {
+	resp.Schema = schema.Schema{
+		Description:         "Netlify Web Application Firewall (WAF) policy",
+		MarkdownDescription: "Netlify Web Application Firewall (WAF) policy. [Read more](https://docs.netlify.com/security/secure-access-to-sites/web-application-firewall/)",
+		Attributes: map[string]schema.Attribute{
+			"id": schema.StringAttribute{
+				Computed: true,
+				PlanModifiers: []planmodifier.String{
+					stringplanmodifier.UseStateForUnknown(),
+				},
+			},
+			"team_id": schema.StringAttribute{
+				Required: true,
+				PlanModifiers: []planmodifier.String{
+					stringplanmodifier.RequiresReplace(),
+				},
+			},
+			"last_updated": schema.StringAttribute{
+				Computed: true,
+			},
+			"name": schema.StringAttribute{
+				Required: true,
+			},
+			"description": schema.StringAttribute{
+				Required: true,
+			},
+			"rule_sets": schema.ListNestedAttribute{
+				Required: true,
+				NestedObject: schema.NestedAttributeObject{
+					Attributes: map[string]schema.Attribute{
+						"managed_id": schema.StringAttribute{
+							Required:    true,
+							Description: "The managed ID of the rule set. Currently, only crs-basic is supported.",
+							Validators: []validator.String{
+								stringvalidator.OneOf("crs-basic"),
+							},
+						},
+						"excluded_patterns": schema.ListAttribute{
+							Optional:    true,
+							ElementType: types.StringType,
+						},
+						"passive_mode": schema.BoolAttribute{
+							Required: true,
+						},
+						"overall_threshold": schema.Int64Attribute{
+							Required:    true,
+							Description: "Recommended default value is 5",
+						},
+						"category_thresholds": schema.MapAttribute{
+							Optional:    true,
+							Computed:    true,
+							ElementType: types.Int64Type,
+							Description: "Thresholds for each category, e.g. fixation, injection-generic, injection-java, injection-php, lfi, protocol, rce, reputation-scanner, rfi, sqli, ssrf, xss",
+							Default:     mapdefault.StaticValue(types.MapValueMust(types.Int64Type, map[string]attr.Value{})),
+							Validators: []validator.Map{
+								mapvalidator.KeysAre(stringvalidator.OneOf(
+									"fixation",
+									"injection-generic",
+									"injection-java",
+									"injection-php",
+									"lfi",
+									"protocol",
+									"rce",
+									"reputation-scanner",
+									"rfi",
+									"sqli",
+									"ssrf",
+									"xss",
+								)),
+							},
+						},
+						"rule_overrides": schema.MapNestedAttribute{
+							Optional: true,
+							Computed: true,
+							Default:  mapdefault.StaticValue(types.MapValueMust(types.ObjectType{AttrTypes: map[string]attr.Type{"action": types.StringType}}, map[string]attr.Value{})),
+							NestedObject: schema.NestedAttributeObject{
+								Attributes: map[string]schema.Attribute{
+									"action": schema.StringAttribute{
+										Required:    true,
+										Description: "log_only or none",
+										Validators: []validator.String{
+											stringvalidator.OneOf("log_only", "none"),
+										},
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func (r *wafPolicyResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) {
+	var plan wafPolicyResourceModel
+	resp.Diagnostics.Append(req.Plan.Get(ctx, &plan)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	policyId, _, err := r.data.client.WAFPoliciesAPI.CreateWafPolicy(ctx, plan.TeamID.ValueString()).WafPolicy(r.serializeWafPolicy(&plan)).Execute()
+	if err != nil {
+		resp.Diagnostics.AddError(
+			"Error creating WAF policy",
+			fmt.Sprintf("Could not create WAF policy (team ID %q): %q", plan.TeamID.ValueString(), err.Error()),
+		)
+		return
+	}
+	plan.ID = types.StringValue(policyId.PolicyId)
+	plan.LastUpdated = types.StringValue(time.Now().Format(time.RFC3339))
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, plan)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+}
+
+func (r *wafPolicyResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) {
+	var state wafPolicyResourceModel
+	resp.Diagnostics.Append(req.State.Get(ctx, &state)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	policy, _, err := r.data.client.WAFPoliciesAPI.GetWafPolicy(ctx, state.TeamID.ValueString(), state.ID.ValueString()).Execute()
+	if err != nil {
+		resp.Diagnostics.AddError(
+			"Error reading WAF policy",
+			fmt.Sprintf(
+				"Could not read WAF policy %q (team ID %q): %q",
+				state.ID.ValueString(),
+				state.TeamID.ValueString(),
+				err.Error(),
+			),
+		)
+		return
+	}
+
+	state.Name = types.StringValue(policy.Name)
+	state.Description = types.StringValue(policy.Description)
+	state.RuleSets = make([]wafRuleSetModel, len(policy.RuleSets))
+	for i, ruleSet := range policy.RuleSets {
+		state.RuleSets[i].ManagedID = types.StringPointerValue(ruleSet.ManagedId)
+		state.RuleSets[i].PassiveMode = types.BoolValue(ruleSet.PassiveMode != nil && *ruleSet.PassiveMode)
+		state.RuleSets[i].OverallThreshold = types.Int64Value(ruleSet.OverallThreshold)
+		state.RuleSets[i].CategoryThresholds = make(map[string]types.Int64)
+		for k, v := range ruleSet.CategoryThresholds {
+			state.RuleSets[i].CategoryThresholds[k] = types.Int64Value(v)
+		}
+		state.RuleSets[i].RuleOverrides = make(map[string]wafRuleOverrideModel)
+		for k, v := range ruleSet.RuleOverrides {
+			state.RuleSets[i].RuleOverrides[k] = wafRuleOverrideModel{
+				Action: types.StringValue(v.Action),
+			}
+		}
+	}
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, &state)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+}
+
+func (r *wafPolicyResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) {
+	var plan wafPolicyResourceModel
+	resp.Diagnostics.Append(req.Plan.Get(ctx, &plan)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	_, err := r.data.client.WAFPoliciesAPI.UpdateWafPolicy(ctx, plan.TeamID.ValueString(), plan.ID.ValueString()).WafPolicy(r.serializeWafPolicy(&plan)).Execute()
+	if err != nil {
+		resp.Diagnostics.AddError(
+			"Error updating WAF policy",
+			fmt.Sprintf("Could not update WAF policy %q (team ID %q): %q", plan.ID.ValueString(), plan.TeamID.ValueString(), err.Error()),
+		)
+		return
+	}
+	plan.LastUpdated = types.StringValue(time.Now().Format(time.RFC3339))
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, plan)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+}
+
+func (r *wafPolicyResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) {
+	var state wafPolicyResourceModel
+	resp.Diagnostics.Append(req.State.Get(ctx, &state)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	_, err := r.data.client.WAFPoliciesAPI.DeleteWafPolicy(ctx, state.TeamID.ValueString(), state.ID.ValueString()).Execute()
+	if err != nil {
+		resp.Diagnostics.AddError(
+			"Error deleting WAF policy",
+			fmt.Sprintf("Could not delete WAF policy %q (team ID %q): %q", state.ID.ValueString(), state.TeamID.ValueString(), err.Error()),
+		)
+		return
+	}
+}
+
+func (r *wafPolicyResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) {
+	idParts := strings.Split(req.ID, ":")
+
+	errorMessage := fmt.Sprintf("Expected import identifier in the formats: team_id,waf_policy_id. Got: %q", req.ID)
+
+	if len(idParts) == 2 {
+		if idParts[0] == "" || idParts[1] == "" {
+			resp.Diagnostics.AddError("Unexpected Import Identifier", errorMessage)
+			return
+		}
+		resp.Diagnostics.Append(resp.State.SetAttribute(ctx, path.Root("team_id"), idParts[0])...)
+		resp.Diagnostics.Append(resp.State.SetAttribute(ctx, path.Root("id"), idParts[1])...)
+	} else {
+		resp.Diagnostics.AddError("Unexpected Import Identifier", errorMessage)
+		return
+	}
+}
+
+func (r *wafPolicyResource) serializeWafPolicy(plan *wafPolicyResourceModel) netlifyapi.WafPolicy {
+	policy := netlifyapi.WafPolicy{
+		Name:        plan.Name.ValueString(),
+		Description: plan.Description.ValueString(),
+		RuleSets:    make([]netlifyapi.WafPolicyRuleSetsInner, len(plan.RuleSets)),
+	}
+	for i, ruleSet := range plan.RuleSets {
+		policy.RuleSets[i].ManagedId = ruleSet.ManagedID.ValueStringPointer()
+		policy.RuleSets[i].PassiveMode = ruleSet.PassiveMode.ValueBoolPointer()
+		policy.RuleSets[i].OverallThreshold = ruleSet.OverallThreshold.ValueInt64()
+		policy.RuleSets[i].CategoryThresholds = make(map[string]int64)
+		for k, v := range ruleSet.CategoryThresholds {
+			policy.RuleSets[i].CategoryThresholds[k] = v.ValueInt64()
+		}
+		policy.RuleSets[i].RuleOverrides = make(map[string]netlifyapi.WafPolicyRuleOverride)
+		for k, v := range ruleSet.RuleOverrides {
+			policy.RuleSets[i].RuleOverrides[k] = netlifyapi.WafPolicyRuleOverride{
+				Action: v.Action.ValueString(),
+			}
+		}
+	}
+	return policy
+}
diff --git a/internal/provider/waf_policy_resource_test.go b/internal/provider/waf_policy_resource_test.go
new file mode 100644
index 0000000..9576a15
--- /dev/null
+++ b/internal/provider/waf_policy_resource_test.go
@@ -0,0 +1,188 @@
+package provider
+
+import (
+	"context"
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	"github.com/hashicorp/terraform-plugin-testing/plancheck"
+	"github.com/hashicorp/terraform-plugin-testing/terraform"
+)
+
+func TestAccWafPolicy(t *testing.T) {
+	accTest(t, []resource.TestStep{
+		{
+			Config: `resource "netlify_waf_policy" "example" {
+  team_id     = "66ae34e11a567e9092e3850f"
+  name        = "Terraform Policy"
+  description = "This is a test policy through Terraform"
+  rule_sets = [
+    {
+      managed_id        = "crs-basic",
+      passive_mode      = true,
+      overall_threshold = 5,
+      category_thresholds = {
+        "fixation" = 8,
+      },
+      rule_overrides = {
+        "920100" = {
+          action = "log_only"
+        }
+      }
+    }
+  ]
+}`,
+			Check: resource.ComposeAggregateTestCheckFunc(
+				resource.TestCheckResourceAttrSet("netlify_waf_policy.example", "id"),
+				resource.TestCheckResourceAttr("netlify_waf_policy.example", "team_id", "66ae34e11a567e9092e3850f"),
+				resource.TestCheckResourceAttr("netlify_waf_policy.example", "name", "Terraform Policy"),
+				resource.TestCheckResourceAttr("netlify_waf_policy.example", "description", "This is a test policy through Terraform"),
+				resource.TestCheckResourceAttr("netlify_waf_policy.example", "rule_sets.0.managed_id", "crs-basic"),
+				resource.TestCheckResourceAttr("netlify_waf_policy.example", "rule_sets.0.passive_mode", "true"),
+				resource.TestCheckResourceAttr("netlify_waf_policy.example", "rule_sets.0.overall_threshold", "5"),
+				resource.TestCheckResourceAttr("netlify_waf_policy.example", "rule_sets.0.category_thresholds.fixation", "8"),
+				resource.TestCheckResourceAttr("netlify_waf_policy.example", "rule_sets.0.rule_overrides.920100.action", "log_only"),
+			),
+		},
+		{
+			ResourceName: "netlify_waf_policy.example",
+			ImportState:  true,
+			ImportStateIdFunc: func(s *terraform.State) (string, error) {
+				for _, m := range s.Modules {
+					if v, ok := m.Resources["netlify_waf_policy.example"]; ok {
+						return fmt.Sprintf("%s:%s", v.Primary.Attributes["team_id"], v.Primary.Attributes["id"]), nil
+					}
+				}
+				return "", fmt.Errorf("not found in TestAccWafPolicy import test step")
+			},
+			ImportStateVerify:       true,
+			ImportStateVerifyIgnore: []string{"last_updated"},
+		},
+		{
+			Config: `resource "netlify_waf_policy" "example" {
+  team_id     = "66ae34e11a567e9092e3850f"
+  name        = "Terraform Policy"
+  description = "This is a test policy through Terraform"
+  rule_sets = [
+    {
+      managed_id        = "crs-basic",
+      passive_mode      = false,
+      overall_threshold = 6,
+      category_thresholds = {
+        "fixation" = 9,
+      },
+      rule_overrides = {
+        "920100" = {
+          action = "log_only"
+        }
+        "920170" = {
+          action = "none"
+        }
+      }
+    }
+  ]
+}`,
+			ConfigPlanChecks: resource.ConfigPlanChecks{
+				PreApply: []plancheck.PlanCheck{
+					plancheck.ExpectResourceAction("netlify_waf_policy.example", plancheck.ResourceActionUpdate),
+				},
+			},
+			Check: resource.ComposeAggregateTestCheckFunc(
+				resource.TestCheckResourceAttrSet("netlify_waf_policy.example", "id"),
+				resource.TestCheckResourceAttr("netlify_waf_policy.example", "team_id", "66ae34e11a567e9092e3850f"),
+				resource.TestCheckResourceAttr("netlify_waf_policy.example", "name", "Terraform Policy"),
+				resource.TestCheckResourceAttr("netlify_waf_policy.example", "description", "This is a test policy through Terraform"),
+				resource.TestCheckResourceAttr("netlify_waf_policy.example", "rule_sets.0.managed_id", "crs-basic"),
+				resource.TestCheckResourceAttr("netlify_waf_policy.example", "rule_sets.0.passive_mode", "false"),
+				resource.TestCheckResourceAttr("netlify_waf_policy.example", "rule_sets.0.overall_threshold", "6"),
+				resource.TestCheckResourceAttr("netlify_waf_policy.example", "rule_sets.0.category_thresholds.fixation", "9"),
+				resource.TestCheckResourceAttr("netlify_waf_policy.example", "rule_sets.0.rule_overrides.920100.action", "log_only"),
+				resource.TestCheckResourceAttr("netlify_waf_policy.example", "rule_sets.0.rule_overrides.920170.action", "none"),
+			),
+		},
+	}, testAccWafPolicyDestroy)
+}
+
+func TestAccWafPolicyOnlyRequired(t *testing.T) {
+	accTest(t, []resource.TestStep{
+		{
+			Config: `resource "netlify_waf_policy" "example" {
+  team_id     = "66ae34e11a567e9092e3850f"
+  name        = "Terraform Policy"
+  description = "This is a test policy through Terraform"
+  rule_sets = [
+    {
+      managed_id        = "crs-basic",
+      passive_mode      = true,
+      overall_threshold = 5
+    }
+  ]
+}`,
+		},
+	}, testAccWafPolicyDestroy)
+}
+
+func TestAccWafPolicyOverrideByCategory(t *testing.T) {
+	accTest(t, []resource.TestStep{
+		{
+			Config: `resource "netlify_waf_policy" "example" {
+  team_id     = "66ae34e11a567e9092e3850f"
+  name        = "Terraform Policy"
+  description = "This is a test policy through Terraform"
+  rule_sets = [
+    {
+      managed_id        = "crs-basic",
+      passive_mode      = true,
+      overall_threshold = 5,
+      rule_overrides = {
+        for rule in local.crs_basic_rce_rules : rule.id => {
+          action = "log_only"
+        }
+      }
+    }
+  ]
+}
+
+locals {
+  crs_basic_rce_rules = flatten([
+    for rule_set_key, rule_set in data.netlify_managed_waf_rules.example.rule_sets :
+    [
+      for rule in rule_set.rules :
+      rule if rule_set_key == "crs-basic" && rule.category == "rce"
+    ]
+  ])
+}
+
+data "netlify_managed_waf_rules" "example" {
+  team_id = "66ae34e11a567e9092e3850f"
+}`,
+			Check: resource.ComposeAggregateTestCheckFunc(
+				resource.TestCheckResourceAttrSet("netlify_waf_policy.example", "id"),
+				resource.TestCheckResourceAttr("netlify_waf_policy.example", "team_id", "66ae34e11a567e9092e3850f"),
+				resource.TestCheckResourceAttr("netlify_waf_policy.example", "name", "Terraform Policy"),
+				resource.TestCheckResourceAttr("netlify_waf_policy.example", "description", "This is a test policy through Terraform"),
+				resource.TestCheckResourceAttr("netlify_waf_policy.example", "rule_sets.0.managed_id", "crs-basic"),
+				resource.TestCheckResourceAttr("netlify_waf_policy.example", "rule_sets.0.passive_mode", "true"),
+				resource.TestCheckResourceAttr("netlify_waf_policy.example", "rule_sets.0.overall_threshold", "5"),
+				resource.TestCheckResourceAttr("netlify_waf_policy.example", "rule_sets.0.rule_overrides.932175.action", "log_only"),
+				resource.TestCheckResourceAttr("netlify_waf_policy.example", "rule_sets.0.rule_overrides.932180.action", "log_only"),
+				resource.TestCheckNoResourceAttr("netlify_waf_policy.example", "rule_sets.0.rule_overrides.920500"),
+			),
+		},
+	}, testAccWafPolicyDestroy)
+}
+
+func testAccWafPolicyDestroy(s *terraform.State) error {
+	for _, m := range s.Modules {
+		if v, ok := m.Resources["netlify_waf_policy.example"]; ok {
+			policy, _, err := testAccProvider.client.WAFPoliciesAPI.GetWafPolicy(context.Background(), v.Primary.Attributes["team_id"], v.Primary.Attributes["id"]).Execute()
+			if err != nil {
+				//lint:ignore nilerr we expect an error to know it was not found
+				return nil
+			}
+			return fmt.Errorf("WAF policy still exists: %s (team ID: %s)", *policy.Id, v.Primary.Attributes["team_id"])
+		}
+	}
+	return fmt.Errorf("not found in testAccWafPolicyDestroy check destroy")
+}
diff --git a/openapi.json b/openapi.json
index 6a2c5a6..68d451e 100644
--- a/openapi.json
+++ b/openapi.json
@@ -7231,6 +7231,272 @@
           }
         }
       }
+    },
+    "/api/v1/accounts/{account_id}/waf/policies": {
+      "post": {
+        "tags": [
+          "WAF Policies"
+        ],
+        "operationId": "createWafPolicy",
+        "parameters": [
+          {
+            "name": "account_id",
+            "description": "The ID of the account",
+            "required": true,
+            "in": "path",
+            "schema": {
+              "type": "string"
+            }
+          }
+        ],
+        "requestBody": {
+          "required": true,
+          "content": {
+            "application/json": {
+              "schema": {
+                "$ref": "#/components/schemas/WafPolicy"
+              }
+            }
+          }
+        },
+        "responses": {
+          "200": {
+            "description": "WAF Policy created",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/WafPolicyUpdate"
+                }
+              }
+            }
+          }
+        },
+        "description": "Creates a new WAF policy for the account."
+      }
+    },
+    "/api/v1/sites/{site_id}/waf/policy": {
+      "put": {
+        "tags": [
+          "WAF Policies"
+        ],
+        "operationId": "updateSiteWafPolicy",
+        "parameters": [
+          {
+            "name": "site_id",
+            "description": "The ID of the site",
+            "required": true,
+            "in": "path",
+            "schema": {
+              "type": "string"
+            }
+          }
+        ],
+        "requestBody": {
+          "required": true,
+          "content": {
+            "application/json": {
+              "schema": {
+                "$ref": "#/components/schemas/WafPolicyUpdate"
+              }
+            }
+          }
+        },
+        "responses": {
+          "200": {
+            "description": "WAF Policy updated",
+            "content": {
+              "application/json": {}
+            }
+          }
+        },
+        "description": "Updates the WAF policy for the site."
+      },
+      "get": {
+        "tags": [
+          "WAF Policies"
+        ],
+        "operationId": "getSiteWafPolicy",
+        "parameters": [
+          {
+            "name": "site_id",
+            "description": "The ID of the site",
+            "required": true,
+            "in": "path",
+            "schema": {
+              "type": "string"
+            }
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "WAF Policy retrieved",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/WafPolicy"
+                }
+              }
+            }
+          },
+          "404": {
+            "description": "WAF Policy not found"
+          }
+        },
+        "description": "Retrieves the WAF policy for the site."
+      }
+    },
+    "/api/v1/accounts/{account_id}/waf/policies/{policy_id}": {
+      "get": {
+        "tags": [
+          "WAF Policies"
+        ],
+        "operationId": "getWafPolicy",
+        "parameters": [
+          {
+            "name": "account_id",
+            "description": "The ID of the account",
+            "required": true,
+            "in": "path",
+            "schema": {
+              "type": "string"
+            }
+          },
+          {
+            "name": "policy_id",
+            "description": "The ID of the WAF policy",
+            "required": true,
+            "in": "path",
+            "schema": {
+              "type": "string"
+            }
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "WAF Policy retrieved",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/WafPolicy"
+                }
+              }
+            }
+          }
+        },
+        "description": "Retrieves the WAF policy for the account."
+      },
+      "delete": {
+        "tags": [
+          "WAF Policies"
+        ],
+        "operationId": "deleteWafPolicy",
+        "parameters": [
+          {
+            "name": "account_id",
+            "description": "The ID of the account",
+            "required": true,
+            "in": "path",
+            "schema": {
+              "type": "string"
+            }
+          },
+          {
+            "name": "policy_id",
+            "description": "The ID of the WAF policy",
+            "required": true,
+            "in": "path",
+            "schema": {
+              "type": "string"
+            }
+          }
+        ],
+        "responses": {
+          "202": {
+            "description": "WAF Policy deleted",
+            "content": {
+              "application/json": {}
+            }
+          }
+        },
+        "description": "Deletes the WAF policy for the account."
+      },
+      "put": {
+        "tags": [
+          "WAF Policies"
+        ],
+        "operationId": "updateWafPolicy",
+        "parameters": [
+          {
+            "name": "account_id",
+            "description": "The ID of the account",
+            "required": true,
+            "in": "path",
+            "schema": {
+              "type": "string"
+            }
+          },
+          {
+            "name": "policy_id",
+            "description": "The ID of the WAF policy",
+            "required": true,
+            "in": "path",
+            "schema": {
+              "type": "string"
+            }
+          }
+        ],
+        "requestBody": {
+          "required": true,
+          "content": {
+            "application/json": {
+              "schema": {
+                "$ref": "#/components/schemas/WafPolicy"
+              }
+            }
+          }
+        },
+        "responses": {
+          "202": {
+            "description": "WAF Policy updated",
+            "content": {
+              "application/json": {}
+            }
+          }
+        },
+        "description": "Updates the WAF policy for the account."
+      }
+    },
+    "/api/v1/accounts/{account_id}/waf/managed": {
+      "get": {
+        "tags": [
+          "WAF Managed Rules"
+        ],
+        "operationId": "getManagedWafRules",
+        "parameters": [
+          {
+            "name": "account_id",
+            "description": "The ID of the account",
+            "required": true,
+            "in": "path",
+            "schema": {
+              "type": "string"
+            }
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Managed WAF rules retrieved",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/ManagedWafRules"
+                }
+              }
+            }
+          }
+        },
+        "description": "Retrieves the managed WAF rules for the account."
+      }
     }
   },
   "tags": [
@@ -14889,6 +15155,128 @@
             "type": "string"
           }
         }
+      },
+      "WafPolicy": {
+        "type": "object",
+        "properties": {
+          "id": {
+            "type": "string"
+          },
+          "name": {
+            "type": "string"
+          },
+          "description": {
+            "type": "string"
+          },
+          "rule_sets": {
+            "type": "array",
+            "items": {
+              "type": "object",
+              "properties": {
+                "managed_id": {
+                  "type": "string"
+                },
+                "excluded_patterns": {
+                  "type": "array",
+                  "items": {
+                    "type": "string"
+                  }
+                },
+                "passive_mode": {
+                  "type": "boolean"
+                },
+                "overall_threshold": {
+                  "type": "integer"
+                },
+                "category_thresholds": {
+                  "type": "object",
+                  "additionalProperties": {
+                    "type": "integer"
+                  }
+                },
+                "rule_overrides": {
+                  "type": "object",
+                  "additionalProperties": {
+                    "$ref": "#/components/schemas/WafPolicyRuleOverride"
+                  }
+                }
+              },
+              "required": ["overall_threshold"]
+            }
+          }
+        },
+        "required": ["name", "description", "rule_sets"]
+      },
+      "WafPolicyRuleOverride": {
+        "type": "object",
+        "properties": {
+          "action": {
+            "type": "string"
+          }
+        },
+        "required": ["action"]
+      },
+      "WafPolicyUpdate": {
+        "type": "object",
+        "properties": {
+          "policy_id": {
+            "type": "string"
+          }
+        },
+        "required": ["policy_id"]
+      },
+      "ManagedWafRules": {
+        "type": "object",
+        "properties": {
+          "rule_sets": {
+            "type": "object",
+            "additionalProperties": {
+              "$ref": "#/components/schemas/ManagedWafRuleSet"
+            }
+          }
+        }
+      },
+      "ManagedWafRuleSet": {
+        "type": "object",
+        "properties": {
+          "definition": {
+            "type": "object",
+            "properties": {
+              "id": {
+                "type": "string"
+              },
+              "type": {
+                "type": "string"
+              },
+              "version": {
+                "type": "string"
+              }
+            }
+          },
+          "rules": {
+            "type": "array",
+            "items": {
+              "type": "object",
+              "properties": {
+                "id": {
+                  "type": "string"
+                },
+                "description": {
+                  "type": "string"
+                },
+                "phase": {
+                  "type": "string"
+                },
+                "category": {
+                  "type": "string"
+                },
+                "severity": {
+                  "type": "string"
+                }
+              }
+            }
+          }
+        }
       }
     },
     "securitySchemes": {