A security rule object is a single object or collective unit that groups discrete
identities such as IP addresses, FQDN, or certificates. Typically, when creating a
policy object, you group objects that require similar permissions in the policy. For
example, if your organization uses a set of server IP addresses for authenticating
users, you can group the set of server IP addresses as a prefix list object and
reference that prefix list in one or more security rules. Group object allows you to
significantly reduce the administrative overhead in creating rules.