diff --git a/Packs/Ataya/.pack-ignore b/Packs/Ataya/.pack-ignore
new file mode 100644
index 000000000000..e69de29bb2d1
diff --git a/Packs/Ataya/.secrets-ignore b/Packs/Ataya/.secrets-ignore
new file mode 100644
index 000000000000..443628aaf57b
--- /dev/null
+++ b/Packs/Ataya/.secrets-ignore
@@ -0,0 +1,2 @@
+https://www.ataya.io
+https://ataya-harmony.com
diff --git a/Packs/Ataya/Author_image.png b/Packs/Ataya/Author_image.png
new file mode 100644
index 000000000000..0367466d3410
Binary files /dev/null and b/Packs/Ataya/Author_image.png differ
diff --git a/Packs/Ataya/Classifiers/classifier-Ataya_-_Incoming_Mapper.json b/Packs/Ataya/Classifiers/classifier-Ataya_-_Incoming_Mapper.json
new file mode 100644
index 000000000000..8ee2413245a4
--- /dev/null
+++ b/Packs/Ataya/Classifiers/classifier-Ataya_-_Incoming_Mapper.json
@@ -0,0 +1,97 @@
+{
+ "description": "Ataya Harmony fields for use in Integration Playbooks about 5G UE registration.",
+ "feed": false,
+ "id": "Ataya - Incoming Mapper",
+ "mapping": {
+ "Ataya": {
+ "dontMapEventToLabels": false,
+ "internalMapping": {
+ "Ataya_ID": {
+ "simple": "sessioninfo.id"
+ },
+ "Ataya_IMEI": {
+ "complex": {
+ "accessor": "imei",
+ "filters": [],
+ "root": "sessionInfo.info",
+ "transformers": []
+ }
+ },
+ "Ataya_IMSI": {
+ "complex": {
+ "accessor": "imsi",
+ "filters": [],
+ "root": "sessionInfo.clientID",
+ "transformers": []
+ }
+ },
+ "Event Type": {
+ "complex": {
+ "filters": [],
+ "root": "eventType",
+ "transformers": []
+ }
+ },
+ "Source IP": {
+ "complex": {
+ "accessor": "ip",
+ "filters": [],
+ "root": "sessionInfo",
+ "transformers": []
+ }
+ }
+ }
+ },
+ "dbot_classification_incident_type_all": {
+ "dontMapEventToLabels": false,
+ "internalMapping": {
+ "Ataya_ID": {
+ "complex": {
+ "accessor": "id",
+ "filters": [],
+ "root": "sessionInfo",
+ "transformers": []
+ }
+ },
+ "Ataya_IMEI": {
+ "complex": {
+ "accessor": "imei",
+ "filters": [],
+ "root": "sessionInfo.info",
+ "transformers": []
+ }
+ },
+ "Ataya_IMSI": {
+ "complex": {
+ "accessor": "imsi",
+ "filters": [],
+ "root": "sessionInfo.clientID",
+ "transformers": []
+ }
+ },
+ "Event Type": {
+ "complex": {
+ "filters": [],
+ "root": "eventType",
+ "transformers": []
+ }
+ },
+ "Source IP": {
+ "complex": {
+ "accessor": "ip",
+ "filters": [],
+ "root": "sessionInfo",
+ "transformers": []
+ }
+ },
+ "name": {
+ "simple": "Ataya ${eventType} Incident ${sessionInfo.clientName} ${sessionInfo.info.imei}"
+ }
+ }
+ }
+ },
+ "name": "Ataya - Incoming Mapper",
+ "type": "mapping-incoming",
+ "version": -1,
+ "fromVersion": "6.9.0"
+}
\ No newline at end of file
diff --git a/Packs/Ataya/IncidentFields/incidentfield-Ataya_ID.json b/Packs/Ataya/IncidentFields/incidentfield-Ataya_ID.json
new file mode 100644
index 000000000000..37523af5ad6a
--- /dev/null
+++ b/Packs/Ataya/IncidentFields/incidentfield-Ataya_ID.json
@@ -0,0 +1,27 @@
+{
+ "associatedToAll": true,
+ "caseInsensitive": true,
+ "cliName": "atayaid",
+ "closeForm": false,
+ "content": true,
+ "editForm": true,
+ "group": 0,
+ "hidden": false,
+ "id": "incident_atayaid",
+ "isReadOnly": false,
+ "locked": false,
+ "name": "Ataya_ID",
+ "neverSetAsRequired": false,
+ "openEnded": false,
+ "ownerOnly": false,
+ "required": false,
+ "sla": 0,
+ "system": false,
+ "threshold": 72,
+ "type": "shortText",
+ "unmapped": false,
+ "unsearchable": true,
+ "useAsKpi": false,
+ "version": -1,
+ "fromVersion": "6.9.0"
+}
diff --git a/Packs/Ataya/IncidentFields/incidentfield-Ataya_IMEI.json b/Packs/Ataya/IncidentFields/incidentfield-Ataya_IMEI.json
new file mode 100644
index 000000000000..92e78941f89e
--- /dev/null
+++ b/Packs/Ataya/IncidentFields/incidentfield-Ataya_IMEI.json
@@ -0,0 +1,27 @@
+{
+ "associatedToAll": true,
+ "caseInsensitive": true,
+ "cliName": "atayaimei",
+ "closeForm": false,
+ "content": true,
+ "editForm": true,
+ "group": 0,
+ "hidden": false,
+ "id": "incident_atayaimei",
+ "isReadOnly": false,
+ "locked": false,
+ "name": "Ataya_IMEI",
+ "neverSetAsRequired": false,
+ "openEnded": false,
+ "ownerOnly": false,
+ "required": false,
+ "sla": 0,
+ "system": false,
+ "threshold": 72,
+ "type": "shortText",
+ "unmapped": false,
+ "unsearchable": true,
+ "useAsKpi": false,
+ "version": -1,
+ "fromVersion": "6.9.0"
+}
diff --git a/Packs/Ataya/IncidentFields/incidentfield-Ataya_IMSI.json b/Packs/Ataya/IncidentFields/incidentfield-Ataya_IMSI.json
new file mode 100644
index 000000000000..e00e434e7f69
--- /dev/null
+++ b/Packs/Ataya/IncidentFields/incidentfield-Ataya_IMSI.json
@@ -0,0 +1,27 @@
+{
+ "associatedToAll": true,
+ "caseInsensitive": true,
+ "cliName": "atayaimsi",
+ "closeForm": false,
+ "content": true,
+ "editForm": true,
+ "group": 0,
+ "hidden": false,
+ "id": "incident_atayaimsi",
+ "isReadOnly": false,
+ "locked": false,
+ "name": "Ataya_IMSI",
+ "neverSetAsRequired": false,
+ "openEnded": false,
+ "ownerOnly": false,
+ "required": false,
+ "sla": 0,
+ "system": false,
+ "threshold": 72,
+ "type": "shortText",
+ "unmapped": false,
+ "unsearchable": true,
+ "useAsKpi": false,
+ "version": -1,
+ "fromVersion": "6.9.0"
+}
diff --git a/Packs/Ataya/IncidentTypes/incidenttype-Ataya.json b/Packs/Ataya/IncidentTypes/incidenttype-Ataya.json
new file mode 100644
index 000000000000..50b026c00947
--- /dev/null
+++ b/Packs/Ataya/IncidentTypes/incidenttype-Ataya.json
@@ -0,0 +1,54 @@
+{
+ "autorun": true,
+ "color": "#F8E7A5",
+ "days": 0,
+ "daysR": 0,
+ "default": false,
+ "detached": false,
+ "disabled": false,
+ "extractSettings": {
+ "fieldCliNameToExtractSettings": {
+ "atayaeventtype": {
+ "extractAsIsIndicatorTypeId": "",
+ "extractIndicatorTypesIDs": [],
+ "isExtractingAllIndicatorTypes": false
+ },
+ "atayaimei": {
+ "extractAsIsIndicatorTypeId": "",
+ "extractIndicatorTypesIDs": [],
+ "isExtractingAllIndicatorTypes": false
+ },
+ "atayaimsi": {
+ "extractAsIsIndicatorTypeId": "",
+ "extractIndicatorTypesIDs": [],
+ "isExtractingAllIndicatorTypes": false
+ },
+ "atayaip": {
+ "extractAsIsIndicatorTypeId": "",
+ "extractIndicatorTypesIDs": [],
+ "isExtractingAllIndicatorTypes": false
+ },
+ "eventtype": {
+ "extractAsIsIndicatorTypeId": "",
+ "extractIndicatorTypesIDs": [],
+ "isExtractingAllIndicatorTypes": false
+ }
+ },
+ "mode": "All"
+ },
+ "hours": 0,
+ "hoursR": 0,
+ "id": "Ataya",
+ "layout": "Ataya Incident Layout",
+ "locked": false,
+ "name": "Ataya",
+ "onChangeRepAlg": 0,
+ "playbookId": "Ataya - Securely logging device access to network",
+ "readonly": false,
+ "reputationCalc": 0,
+ "system": false,
+ "version": -1,
+ "weeks": 0,
+ "weeksR": 0,
+ "fromVersion": "6.9.0"
+}
\ No newline at end of file
diff --git a/Packs/Ataya/Integrations/Ataya/Ataya.py b/Packs/Ataya/Integrations/Ataya/Ataya.py
new file mode 100644
index 000000000000..ac388860f323
--- /dev/null
+++ b/Packs/Ataya/Integrations/Ataya/Ataya.py
@@ -0,0 +1,110 @@
+import demistomock as demisto # noqa: F401
+from CommonServerPython import * # noqa: F401
+import urllib3
+
+# Disable insecure warnings
+urllib3.disable_warnings()
+
+''' CONSTANTS '''
+
+''' CLIENT CLASS '''
+
+
+class Client(BaseClient):
+ def __init__(self, api_key: str, base_url: str, proxy: bool, verify: bool):
+ super().__init__(base_url=base_url, proxy=proxy, verify=verify)
+ self.api_key = api_key
+
+ self._headers = {
+ 'Content-Type': 'application/json',
+ 'x-api-key': self.api_key
+ }
+
+ def getNode(self):
+ return self._http_request(method='GET', url_suffix='api/v1/mgmt/5gc/networks/default/nodes')
+
+ def assignUser(self, imsi):
+ return self._http_request(method='PUT', url_suffix='api/v1/mgmt/5gc/clientAction/setstatus',
+ json_data={"status": "assigned", "resources": [imsi]})
+
+
+''' HELPER FUNCTIONS '''
+
+
+def test_module(client: Client) -> str:
+ """
+ Tests API connectivity and authentication'
+ Returning 'ok' indicates that connection to the service is successful.
+ Raises exceptions if something goes wrong.
+ """
+
+ try:
+ response = client.getNode()
+
+ success = demisto.get(response, 'count') # Safe access to response['count']
+ if success < 1:
+ return f'Unexpected result from the service: success={success} (expected success > 1)'
+
+ return 'ok'
+
+ except Exception as e:
+ exception_text = str(e).lower()
+ if 'forbidden' in exception_text or 'authorization' in exception_text:
+ return 'Authorization Error: make sure API Key is correctly set'
+ else:
+ raise e
+
+
+''' COMMAND FUNCTIONS '''
+
+
+def assign_command(client: Client, imsi=""):
+ if imsi == "":
+ raise DemistoException('the imsi argument cannot be empty.')
+
+ response = client.assignUser(imsi=imsi)
+ userStatus = demisto.get(response, 'status')
+
+ if userStatus == 'unassigned':
+ raise DemistoException('Assign User Fail', res=response)
+
+ return f'User {imsi} {userStatus}'
+
+
+''' MAIN FUNCTION '''
+
+
+def main() -> None: # pragma: no cover
+ params = demisto.params()
+ args = demisto.args()
+ command = demisto.command()
+
+ base_url = params.get('url')
+ api_key = params.get('apiToken', {}).get('password')
+ verify = not params.get('insecure', False)
+ proxy = params.get('proxy', False)
+
+ try:
+ client = Client(api_key=api_key, base_url=base_url,
+ verify=verify, proxy=proxy)
+ if command == 'test-module':
+ # This is the call made when clicking the integration Test button.
+ return_results(test_module(client))
+
+ elif command == 'ataya-assign-user':
+ return_results(assign_command(client, **args))
+
+ else:
+ raise NotImplementedError(f"command {command} is not implemented.")
+
+ except Exception as e:
+ demisto.error(traceback.format_exc()) # print the traceback
+ return_error("\n".join(("Failed to execute {command} command.",
+ "Error:",
+ str(e))))
+
+
+''' ENTRY POINT '''
+
+if __name__ in ('__main__', '__builtin__', 'builtins'):
+ main()
diff --git a/Packs/Ataya/Integrations/Ataya/Ataya.yml b/Packs/Ataya/Integrations/Ataya/Ataya.yml
new file mode 100644
index 000000000000..9aa0c794bb45
--- /dev/null
+++ b/Packs/Ataya/Integrations/Ataya/Ataya.yml
@@ -0,0 +1,49 @@
+category: Utilities
+commonfields:
+ id: Ataya Harmony
+ version: -1
+configuration:
+- display: Harmony URL
+ name: url
+ required: true
+ type: 0
+- display: ""
+ displaypassword: API Token
+ hiddenusername: true
+ name: apiToken
+ required: true
+ section: Connect
+ type: 9
+- advanced: true
+ defaultvalue: "false"
+ display: Trust any certificate (not secure)
+ name: insecure
+ required: false
+ section: Connect
+ type: 8
+- advanced: true
+ defaultvalue: "false"
+ display: Use system proxy settings
+ name: proxy
+ required: false
+ section: Connect
+ type: 8
+description: Use the Ataya Harmony integration to assign client which has not yet under assigned status by client imsi.
+display: Ataya Harmony
+name: Ataya Harmony
+script:
+ commands:
+ - arguments:
+ - name: imsi
+ required: true
+ description: the cilient imsi which need to be assigned.
+ description: approve user to access external network.
+ name: ataya-assign-user
+ dockerimage: demisto/python3:3.10.13.80014
+ runonce: false
+ script: ''
+ subtype: python3
+ type: python
+fromversion: 6.9.0
+tests:
+- No tests (auto formatted)
diff --git a/Packs/Ataya/Integrations/Ataya/Ataya_description.md b/Packs/Ataya/Integrations/Ataya/Ataya_description.md
new file mode 100644
index 000000000000..e593228d7f00
--- /dev/null
+++ b/Packs/Ataya/Integrations/Ataya/Ataya_description.md
@@ -0,0 +1,6 @@
+### Generate an API key
+
+1. Login to Ataya Harmony management web
+2. Go to Organization -> Setting
+3. Click the **+ API Access Key**
+4. Copy and paste the key
\ No newline at end of file
diff --git a/Packs/Ataya/Integrations/Ataya/Ataya_image.png b/Packs/Ataya/Integrations/Ataya/Ataya_image.png
new file mode 100644
index 000000000000..ce2d274247ae
Binary files /dev/null and b/Packs/Ataya/Integrations/Ataya/Ataya_image.png differ
diff --git a/Packs/Ataya/Integrations/Ataya/Ataya_test.py b/Packs/Ataya/Integrations/Ataya/Ataya_test.py
new file mode 100644
index 000000000000..9ab18f09ed96
--- /dev/null
+++ b/Packs/Ataya/Integrations/Ataya/Ataya_test.py
@@ -0,0 +1,93 @@
+import pytest
+from CommonServerPython import DemistoException
+
+from Ataya import Client, assign_command
+
+
+MOCK_URL = "http://123-fake-api.com"
+
+MOCK_IMSI = "46666610000001"
+
+MOCK_ASSIGN_USER_RESPONSE = {
+ "status": "assigned",
+ "resources": [MOCK_IMSI]
+}
+
+MOCK_UNASSIGN_USER_RESPONSE = {
+ "status": "unassigned",
+ "resources": [MOCK_IMSI]
+}
+
+MOCK_GET_NODE_RESPONSE = {
+ "count": 1
+}
+
+
+def test_assign_command(requests_mock):
+ requests_mock.put(
+ f'{MOCK_URL}/api/v1/mgmt/5gc/clientAction/setstatus', json=MOCK_ASSIGN_USER_RESPONSE)
+ client = Client(
+ api_key="123456789",
+ base_url=MOCK_URL,
+ proxy=False,
+ verify=False
+ )
+
+ result = assign_command(client=client, imsi=MOCK_IMSI)
+ assert MOCK_ASSIGN_USER_RESPONSE['status'] in result
+
+
+def test_assign_command_exception():
+
+ client = Client(
+ api_key="123456789",
+ base_url=MOCK_URL,
+ proxy=False,
+ verify=False
+ )
+
+ with pytest.raises(DemistoException, match="the imsi argument cannot be empty."):
+ assign_command(client=client)
+
+
+def test_assign_command_assign_fail(requests_mock):
+ requests_mock.put(
+ f'{MOCK_URL}/api/v1/mgmt/5gc/clientAction/setstatus', json=MOCK_UNASSIGN_USER_RESPONSE)
+ client = Client(
+ api_key="123456789",
+ base_url=MOCK_URL,
+ proxy=False,
+ verify=False
+ )
+
+ with pytest.raises(DemistoException, match="Assign User Fail"):
+ assign_command(client=client, imsi=MOCK_IMSI)
+
+
+def test_get_node_api(requests_mock):
+ requests_mock.get(
+ f'{MOCK_URL}/api/v1/mgmt/5gc/networks/default/nodes', json=MOCK_GET_NODE_RESPONSE)
+ client = Client(
+ api_key="123456789",
+ base_url=MOCK_URL,
+ proxy=False,
+ verify=False
+ )
+
+ result = client.getNode()
+ assert result['count'] > 0
+
+
+def test_module_command(requests_mock):
+
+ from Ataya import test_module
+ requests_mock.get(
+ f'{MOCK_URL}/api/v1/mgmt/5gc/networks/default/nodes', json=MOCK_GET_NODE_RESPONSE)
+ client = Client(
+ api_key="123456789",
+ base_url=MOCK_URL,
+ proxy=False,
+ verify=False
+ )
+
+ test_module(client=client)
diff --git a/Packs/Ataya/Integrations/Ataya/README.md b/Packs/Ataya/Integrations/Ataya/README.md
new file mode 100644
index 000000000000..a0cb2c41e1c2
--- /dev/null
+++ b/Packs/Ataya/Integrations/Ataya/README.md
@@ -0,0 +1,36 @@
+# Ataya Harmony
+Use the Ataya Harmony integration, we can achieve the security access control which assign the user through the api access token.
+## Configure Ataya Harmony on Cortex XSOAR
+
+1. Navigate to **Settings** > **Integrations**.
+2. Search for Ataya Harmony .
+3. Click **Add instance** to create and configure a new integration instance.
+
+ | **Parameter** | **Description** | **Required** |
+ | --- | --- | --- |
+ | Harmony URL | e.g., https://ataya-harmony.com | True |
+ | API Token | Access token generated by Harmony organization setting page | True |
+ | Trust any certificate (not secure) | | False |
+ | Use system proxy settings | | False |
+
+
+4. Click **Test** to validate the URLs, token, and connection.
+
+## Commands
+You can execute these commands from the Cortex XSOAR CLI, or in a playbook.
+
+### ataya-assign-user
+***
+After assign the user on ataya harmony, user can successfully register to harmony
+
+#### Base Command
+
+`ataya-assign-user`
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| imsi | A user imsi which need to be assigned | Required |
+
+#### Command Example
+```!ataya-assign-user imsi="001010000000001"```
diff --git a/Packs/Ataya/Integrations/Ataya/command_examples b/Packs/Ataya/Integrations/Ataya/command_examples
new file mode 100644
index 000000000000..5481c4c319b4
--- /dev/null
+++ b/Packs/Ataya/Integrations/Ataya/command_examples
@@ -0,0 +1 @@
+!assign-user imsi="001010000000001"
diff --git a/Packs/Ataya/Layouts/layoutscontainer-Ataya_Incident_Layout.json b/Packs/Ataya/Layouts/layoutscontainer-Ataya_Incident_Layout.json
new file mode 100644
index 000000000000..a87fb3ca49df
--- /dev/null
+++ b/Packs/Ataya/Layouts/layoutscontainer-Ataya_Incident_Layout.json
@@ -0,0 +1,403 @@
+{
+ "detailsV2": {
+ "tabs": [
+ {
+ "id": "summary",
+ "name": "Legacy Summary",
+ "type": "summary"
+ },
+ {
+ "id": "caseinfoid",
+ "name": "Incident Info",
+ "sections": [
+ {
+ "displayType": "ROW",
+ "h": 2,
+ "i": "caseinfoid-fce71720-98b0-11e9-97d7-ed26ef9e46c8",
+ "isVisible": true,
+ "items": [
+ {
+ "endCol": 2,
+ "fieldId": "type",
+ "height": 22,
+ "id": "incident-type-field",
+ "index": 1,
+ "sectionItemType": "field",
+ "startCol": 0
+ },
+ {
+ "endCol": 2,
+ "fieldId": "severity",
+ "height": 22,
+ "id": "incident-severity-field",
+ "index": 2,
+ "sectionItemType": "field",
+ "startCol": 0
+ },
+ {
+ "endCol": 2,
+ "fieldId": "owner",
+ "height": 22,
+ "id": "incident-owner-field",
+ "index": 3,
+ "sectionItemType": "field",
+ "startCol": 0
+ },
+ {
+ "endCol": 2,
+ "fieldId": "sourcebrand",
+ "height": 22,
+ "id": "incident-sourceBrand-field",
+ "index": 4,
+ "sectionItemType": "field",
+ "startCol": 0
+ },
+ {
+ "endCol": 2,
+ "fieldId": "sourceinstance",
+ "height": 22,
+ "id": "incident-sourceInstance-field",
+ "index": 5,
+ "sectionItemType": "field",
+ "startCol": 0
+ },
+ {
+ "endCol": 2,
+ "fieldId": "playbookid",
+ "height": 22,
+ "id": "incident-playbookId-field",
+ "index": 5,
+ "sectionItemType": "field",
+ "startCol": 0
+ }
+ ],
+ "maxW": 3,
+ "minH": 1,
+ "moved": false,
+ "name": "Case Details",
+ "static": false,
+ "w": 1,
+ "x": 0,
+ "y": 0
+ },
+ {
+ "h": 2,
+ "i": "caseinfoid-61263cc0-98b1-11e9-97d7-ed26ef9e46c8",
+ "maxW": 3,
+ "minH": 1,
+ "moved": false,
+ "name": "Notes",
+ "static": false,
+ "type": "notes",
+ "w": 1,
+ "x": 2,
+ "y": 0
+ },
+ {
+ "displayType": "ROW",
+ "h": 2,
+ "i": "caseinfoid-6aabad20-98b1-11e9-97d7-ed26ef9e46c8",
+ "maxW": 3,
+ "minH": 1,
+ "moved": false,
+ "name": "Work Plan",
+ "static": false,
+ "type": "workplan",
+ "w": 1,
+ "x": 1,
+ "y": 0
+ },
+ {
+ "displayType": "ROW",
+ "h": 2,
+ "i": "caseinfoid-7ce69dd0-a07f-11e9-936c-5395a1acf11e",
+ "maxW": 3,
+ "minH": 1,
+ "moved": false,
+ "name": "Indicators",
+ "query": "",
+ "queryType": "input",
+ "static": false,
+ "type": "indicators",
+ "w": 2,
+ "x": 0,
+ "y": 4
+ },
+ {
+ "displayType": "CARD",
+ "h": 2,
+ "i": "caseinfoid-ac32f620-a0b0-11e9-b27f-13ae1773d289",
+ "items": [
+ {
+ "endCol": 1,
+ "fieldId": "occurred",
+ "height": 22,
+ "id": "incident-occurred-field",
+ "index": 0,
+ "sectionItemType": "field",
+ "startCol": 0
+ },
+ {
+ "endCol": 1,
+ "fieldId": "dbotmodified",
+ "height": 22,
+ "id": "incident-modified-field",
+ "index": 1,
+ "sectionItemType": "field",
+ "startCol": 0
+ },
+ {
+ "endCol": 2,
+ "fieldId": "dbotduedate",
+ "height": 22,
+ "id": "incident-dueDate-field",
+ "index": 2,
+ "sectionItemType": "field",
+ "startCol": 0
+ },
+ {
+ "endCol": 2,
+ "fieldId": "dbotcreated",
+ "height": 22,
+ "id": "incident-created-field",
+ "index": 0,
+ "sectionItemType": "field",
+ "startCol": 1
+ },
+ {
+ "endCol": 2,
+ "fieldId": "dbotclosed",
+ "height": 22,
+ "id": "incident-closed-field",
+ "index": 1,
+ "sectionItemType": "field",
+ "startCol": 1
+ }
+ ],
+ "maxW": 3,
+ "minH": 1,
+ "moved": false,
+ "name": "Timeline Information",
+ "static": false,
+ "w": 1,
+ "x": 2,
+ "y": 2
+ },
+ {
+ "displayType": "ROW",
+ "h": 2,
+ "i": "caseinfoid-88e6bf70-a0b1-11e9-b27f-13ae1773d289",
+ "isVisible": true,
+ "items": [
+ {
+ "endCol": 2,
+ "fieldId": "dbotclosed",
+ "height": 22,
+ "id": "incident-dbotClosed-field",
+ "index": 0,
+ "sectionItemType": "field",
+ "startCol": 0
+ },
+ {
+ "endCol": 2,
+ "fieldId": "closereason",
+ "height": 22,
+ "id": "incident-closeReason-field",
+ "index": 1,
+ "sectionItemType": "field",
+ "startCol": 0
+ },
+ {
+ "endCol": 2,
+ "fieldId": "closenotes",
+ "height": 22,
+ "id": "incident-closeNotes-field",
+ "index": 2,
+ "sectionItemType": "field",
+ "startCol": 0
+ }
+ ],
+ "maxW": 3,
+ "minH": 1,
+ "moved": false,
+ "name": "Closing Information",
+ "static": false,
+ "w": 1,
+ "x": 2,
+ "y": 4
+ },
+ {
+ "displayType": "CARD",
+ "h": 2,
+ "i": "caseinfoid-e54b1770-a0b1-11e9-b27f-13ae1773d289",
+ "isVisible": true,
+ "items": [
+ {
+ "endCol": 2,
+ "fieldId": "details",
+ "height": 22,
+ "id": "incident-details-field",
+ "index": 0,
+ "sectionItemType": "field",
+ "startCol": 0
+ }
+ ],
+ "maxW": 3,
+ "minH": 1,
+ "moved": false,
+ "name": "Investigation Data",
+ "static": false,
+ "w": 1,
+ "x": 1,
+ "y": 2
+ },
+ {
+ "displayType": "ROW",
+ "h": 2,
+ "hideName": false,
+ "i": "caseinfoid-83be88a0-e9e8-11ed-9314-61e884feb460",
+ "items": [
+ {
+ "dropEffect": "move",
+ "endCol": 2,
+ "fieldId": "eventtype",
+ "height": 22,
+ "id": "2285c530-3a79-11ee-b0f8-8dcebe47cfac",
+ "index": 0,
+ "listId": "caseinfoid-83be88a0-e9e8-11ed-9314-61e884feb460",
+ "sectionItemType": "field",
+ "startCol": 0
+ },
+ {
+ "dropEffect": "move",
+ "endCol": 2,
+ "fieldId": "sourceip",
+ "height": 22,
+ "id": "4faa1690-7c57-11ee-826e-4bb0fd730d05",
+ "index": 1,
+ "listId": "caseinfoid-83be88a0-e9e8-11ed-9314-61e884feb460",
+ "sectionItemType": "field",
+ "startCol": 0
+ },
+ {
+ "endCol": 2,
+ "fieldId": "atayaimei",
+ "height": 22,
+ "id": "928e9b50-e9e7-11ed-9314-61e884feb460",
+ "index": 2,
+ "sectionItemType": "field",
+ "startCol": 0
+ },
+ {
+ "endCol": 2,
+ "fieldId": "atayaimsi",
+ "height": 22,
+ "id": "9b8e8800-e9e7-11ed-9314-61e884feb460",
+ "index": 3,
+ "sectionItemType": "field",
+ "startCol": 0
+ }
+ ],
+ "maxW": 3,
+ "minH": 1,
+ "moved": false,
+ "name": "Ataya Section",
+ "static": false,
+ "w": 1,
+ "x": 0,
+ "y": 2
+ }
+ ],
+ "type": "custom"
+ },
+ {
+ "id": "warRoom",
+ "name": "War Room",
+ "type": "warRoom"
+ },
+ {
+ "id": "workPlan",
+ "name": "Work Plan",
+ "type": "workPlan"
+ }
+ ]
+ },
+ "edit": {
+ "sections": [
+ {
+ "description": "",
+ "fields": [
+ {
+ "fieldId": "incident_name",
+ "isVisible": true
+ },
+ {
+ "fieldId": "incident_eventtype",
+ "isVisible": true
+ },
+ {
+ "fieldId": "incident_atayaimei",
+ "isVisible": true
+ },
+ {
+ "fieldId": "incident_atayaimsi",
+ "isVisible": true
+ },
+ {
+ "fieldId": "incident_occurred",
+ "isVisible": true
+ },
+ {
+ "fieldId": "incident_reminder",
+ "isVisible": true
+ },
+ {
+ "fieldId": "incident_owner",
+ "isVisible": true
+ },
+ {
+ "fieldId": "incident_roles",
+ "isVisible": true
+ },
+ {
+ "fieldId": "incident_type",
+ "isVisible": true
+ },
+ {
+ "fieldId": "incident_severity",
+ "isVisible": true
+ },
+ {
+ "fieldId": "incident_labels",
+ "isVisible": true
+ },
+ {
+ "fieldId": "incident_phase",
+ "isVisible": true
+ },
+ {
+ "fieldId": "incident_details",
+ "isVisible": true
+ },
+ {
+ "fieldId": "incident_attachment",
+ "isVisible": true
+ }
+ ],
+ "isVisible": true,
+ "name": "Basic Information",
+ "query": null,
+ "queryType": "",
+ "readOnly": false,
+ "type": ""
+ }
+ ]
+ },
+ "group": "incident",
+ "id": "Ataya Incident Layout",
+ "name": "Ataya Incident Layout",
+ "system": false,
+ "version": -1,
+ "fromVersion": "6.9.0",
+ "description": ""
+}
\ No newline at end of file
diff --git a/Packs/Ataya/Playbooks/Ataya_-_Securely_logging_device_access_to_network.yml b/Packs/Ataya/Playbooks/Ataya_-_Securely_logging_device_access_to_network.yml
new file mode 100644
index 000000000000..330f81e82342
--- /dev/null
+++ b/Packs/Ataya/Playbooks/Ataya_-_Securely_logging_device_access_to_network.yml
@@ -0,0 +1,493 @@
+id: Ataya - Securely logging device access to network
+version: -1
+name: Ataya - Securely logging device access to network
+description: With this playbook, we can enable Identity-Aware Security Across Multiaccess Networks.
+starttaskid: "0"
+tasks:
+ "0":
+ id: "0"
+ taskid: 42dfc20c-14c3-4e5e-86d4-1cd61e2f0498
+ type: start
+ task:
+ id: 42dfc20c-14c3-4e5e-86d4-1cd61e2f0498
+ version: -1
+ name: ""
+ iscommand: false
+ brand: ""
+ description: ''
+ nexttasks:
+ '#none#':
+ - "13"
+ separatecontext: false
+ continueonerrortype: ""
+ view: |-
+ {
+ "position": {
+ "x": 510,
+ "y": 50
+ }
+ }
+ note: false
+ timertriggers: []
+ ignoreworker: false
+ skipunavailable: false
+ quietmode: 0
+ isoversize: false
+ isautoswitchedtoquietmode: false
+ "2":
+ id: "2"
+ taskid: 0b1ec360-a643-4937-8708-58a2bd799e34
+ type: regular
+ task:
+ id: 0b1ec360-a643-4937-8708-58a2bd799e34
+ version: -1
+ name: Close Investigation
+ description: commands.local.cmd.close.inv
+ script: Builtin|||closeInvestigation
+ type: regular
+ iscommand: true
+ brand: Builtin
+ nexttasks:
+ '#none#':
+ - "9"
+ scriptarguments:
+ closeNotes:
+ simple: Session has been successfully updated by User ID
+ separatecontext: false
+ continueonerrortype: ""
+ view: |-
+ {
+ "position": {
+ "x": 500,
+ "y": 1070
+ }
+ }
+ note: false
+ timertriggers: []
+ ignoreworker: false
+ skipunavailable: false
+ quietmode: 0
+ isoversize: false
+ isautoswitchedtoquietmode: false
+ "3":
+ id: "3"
+ taskid: a2dddb43-ea33-4c3b-8f40-8949303725c1
+ type: regular
+ task:
+ id: a2dddb43-ea33-4c3b-8f40-8949303725c1
+ version: -1
+ name: Create and Update User ID
+ description: Login user on PAN NGFW by User ID.
+ script: '|||pan-os'
+ type: regular
+ iscommand: true
+ brand: ""
+ nexttasks:
+ '#none#':
+ - "2"
+ scriptarguments:
+ cmd:
+ simple: " \n 1.0 \n update \n \n \n \n \n \n \n"
+ type:
+ simple: user-id
+ separatecontext: false
+ continueonerrortype: ""
+ view: |-
+ {
+ "position": {
+ "x": 50,
+ "y": 895
+ }
+ }
+ note: false
+ timertriggers: []
+ ignoreworker: false
+ skipunavailable: false
+ quietmode: 0
+ isoversize: false
+ isautoswitchedtoquietmode: false
+ "4":
+ id: "4"
+ taskid: ba940b24-c0f6-418d-8242-420e0ee522d1
+ type: condition
+ task:
+ id: ba940b24-c0f6-418d-8242-420e0ee522d1
+ version: -1
+ name: Event Type Inspection for Session Control
+ description: Check the action type of 5G UE sessions.
+ type: condition
+ iscommand: false
+ brand: ""
+ nexttasks:
+ '#default#':
+ - "2"
+ create:
+ - "3"
+ delete:
+ - "6"
+ separatecontext: false
+ conditions:
+ - label: create
+ condition:
+ - - operator: isEqualString
+ left:
+ value:
+ simple: incident.eventtype
+ iscontext: true
+ right:
+ value:
+ simple: create
+ ignorecase: true
+ - operator: isEqualString
+ left:
+ value:
+ simple: incident.eventtype
+ iscontext: true
+ right:
+ value:
+ simple: modify
+ ignorecase: true
+ - label: delete
+ condition:
+ - - operator: isEqualString
+ left:
+ value:
+ simple: incident.eventtype
+ iscontext: true
+ right:
+ value:
+ simple: delete
+ ignorecase: true
+ continueonerrortype: ""
+ view: |-
+ {
+ "position": {
+ "x": 265,
+ "y": 720
+ }
+ }
+ note: false
+ timertriggers: []
+ ignoreworker: false
+ skipunavailable: false
+ quietmode: 0
+ isoversize: false
+ isautoswitchedtoquietmode: false
+ "6":
+ id: "6"
+ taskid: c6eb7979-d297-497c-8913-e9e7b7197877
+ type: regular
+ task:
+ id: c6eb7979-d297-497c-8913-e9e7b7197877
+ version: -1
+ name: Remove User ID
+ description: Logout user on PAN NGFW by User ID.
+ script: '|||pan-os'
+ type: regular
+ iscommand: true
+ brand: ""
+ nexttasks:
+ '#none#':
+ - "2"
+ scriptarguments:
+ cmd:
+ simple: " \n 1.0 \n update \n \n \n \n \n \n \n"
+ type:
+ simple: user-id
+ separatecontext: false
+ continueonerrortype: ""
+ view: |-
+ {
+ "position": {
+ "x": 500,
+ "y": 895
+ }
+ }
+ note: false
+ timertriggers: []
+ ignoreworker: false
+ skipunavailable: false
+ quietmode: 0
+ isoversize: false
+ isautoswitchedtoquietmode: false
+ "8":
+ id: "8"
+ taskid: 28da22af-b157-49cd-863e-813073de9bcf
+ type: condition
+ task:
+ id: 28da22af-b157-49cd-863e-813073de9bcf
+ version: -1
+ name: Is Panorama Integration Enabled?
+ description: Returns 'yes' if integration brand is available. Otherwise returns 'no'
+ scriptName: IsIntegrationAvailable
+ type: condition
+ iscommand: false
+ brand: ""
+ nexttasks:
+ "no":
+ - "2"
+ "yes":
+ - "4"
+ scriptarguments:
+ brandname:
+ simple: Panorama
+ results:
+ - brandInstances
+ separatecontext: false
+ continueonerrortype: ""
+ view: |-
+ {
+ "position": {
+ "x": 397.5,
+ "y": 545
+ }
+ }
+ note: false
+ timertriggers: []
+ ignoreworker: false
+ skipunavailable: false
+ quietmode: 0
+ isoversize: false
+ isautoswitchedtoquietmode: false
+ "9":
+ id: "9"
+ taskid: 01fc0b8c-5012-455a-8ef1-297c88fd5b25
+ type: title
+ task:
+ id: 01fc0b8c-5012-455a-8ef1-297c88fd5b25
+ version: -1
+ name: Done
+ type: title
+ iscommand: false
+ brand: ""
+ description: ''
+ separatecontext: false
+ continueonerrortype: ""
+ view: |-
+ {
+ "position": {
+ "x": 837.5,
+ "y": 1245
+ }
+ }
+ note: false
+ timertriggers: []
+ ignoreworker: false
+ skipunavailable: false
+ quietmode: 0
+ isoversize: false
+ isautoswitchedtoquietmode: false
+ "10":
+ id: "10"
+ taskid: c4260f09-0689-46c1-8174-64baa8ab7f48
+ type: collection
+ task:
+ id: c4260f09-0689-46c1-8174-64baa8ab7f48
+ version: -1
+ name: Pause for review the unassigned device
+ description: ""
+ type: collection
+ iscommand: false
+ brand: ""
+ nexttasks:
+ '#none#':
+ - "11"
+ separatecontext: false
+ continueonerrortype: ""
+ view: |-
+ {
+ "position": {
+ "x": 1072.5,
+ "y": 895
+ }
+ }
+ note: false
+ timertriggers: []
+ ignoreworker: false
+ message:
+ to:
+ simple: Administrator
+ subject:
+ simple: Needs approval
+ body:
+ simple: The unassigned device need to be approved.
+ methods:
+ - email
+ format: ""
+ bcc:
+ cc:
+ timings:
+ retriescount: 2
+ retriesinterval: 360
+ completeafterreplies: 1
+ completeafterv2: true
+ completeaftersla: false
+ form:
+ questions:
+ - id: "0"
+ label: ""
+ labelarg:
+ simple: |-
+ Should the client be approved to access the network?
+ ID: ${incident.atayaid}
+ required: false
+ gridcolumns: []
+ defaultrows: []
+ type: singleSelect
+ options: []
+ optionsarg:
+ - simple: "Yes"
+ - simple: "No"
+ fieldassociated: ""
+ placeholder: ""
+ tooltip: ""
+ readonly: false
+ title: New device needs approval
+ description: ""
+ sender: ""
+ expired: false
+ totalanswers: 0
+ skipunavailable: false
+ quietmode: 0
+ isoversize: false
+ isautoswitchedtoquietmode: false
+ "11":
+ id: "11"
+ taskid: 8d964650-d075-442c-8f73-7d3e10c3c8f9
+ type: regular
+ task:
+ id: 8d964650-d075-442c-8f73-7d3e10c3c8f9
+ version: -1
+ name: Approve the Unassigned Device
+ description: approve user to access external network
+ script: '|||ataya-assign-user'
+ type: regular
+ iscommand: true
+ brand: ""
+ nexttasks:
+ '#none#':
+ - "9"
+ scriptarguments:
+ imsi:
+ simple: ${incident.atayaid}
+ separatecontext: false
+ continueonerrortype: ""
+ view: |-
+ {
+ "position": {
+ "x": 1072.5,
+ "y": 1070
+ }
+ }
+ note: false
+ timertriggers: []
+ ignoreworker: false
+ skipunavailable: false
+ quietmode: 0
+ isoversize: false
+ isautoswitchedtoquietmode: false
+ "12":
+ id: "12"
+ taskid: d5fa5d19-0ac4-4458-87e2-4210f71beb94
+ type: condition
+ task:
+ id: d5fa5d19-0ac4-4458-87e2-4210f71beb94
+ version: -1
+ name: Is Reject Event Type Detected?
+ description: Check the action of 5G UE sessions.
+ type: condition
+ iscommand: false
+ brand: ""
+ nexttasks:
+ '#default#':
+ - "8"
+ Authentication:
+ - "10"
+ separatecontext: false
+ conditions:
+ - label: Authentication
+ condition:
+ - - operator: isEqualString
+ left:
+ value:
+ simple: incident.eventtype
+ iscontext: true
+ right:
+ value:
+ simple: reject
+ ignorecase: true
+ continueonerrortype: ""
+ view: |-
+ {
+ "position": {
+ "x": 397.5,
+ "y": 370
+ }
+ }
+ note: false
+ timertriggers: []
+ ignoreworker: false
+ skipunavailable: false
+ quietmode: 0
+ isoversize: false
+ isautoswitchedtoquietmode: false
+ "13":
+ id: "13"
+ taskid: fa949a0f-bd5b-41e8-8b9a-411c672d0986
+ type: condition
+ task:
+ id: fa949a0f-bd5b-41e8-8b9a-411c672d0986
+ version: -1
+ name: Is Ataya Harmony Integration Enabled?
+ description: Returns 'yes' if integration brand is available. Otherwise returns 'no'
+ scriptName: IsIntegrationAvailable
+ type: condition
+ iscommand: false
+ brand: ""
+ nexttasks:
+ "no":
+ - "2"
+ "yes":
+ - "12"
+ scriptarguments:
+ brandname:
+ simple: Ataya Harmony
+ results:
+ - brandInstances
+ separatecontext: false
+ continueonerrortype: ""
+ view: |-
+ {
+ "position": {
+ "x": 510,
+ "y": 195
+ }
+ }
+ note: false
+ timertriggers: []
+ ignoreworker: false
+ skipunavailable: false
+ quietmode: 0
+ isoversize: false
+ isautoswitchedtoquietmode: false
+view: |-
+ {
+ "linkLabelsPosition": {
+ "12_8_#default#": 0.81,
+ "4_3_create": 0.71,
+ "4_6_delete": 0.84
+ },
+ "paper": {
+ "dimensions": {
+ "height": 1260,
+ "width": 1402.5,
+ "x": 50,
+ "y": 50
+ }
+ }
+ }
+inputs: []
+outputs: []
+tests:
+- No tests (auto formatted)
+fromversion: 6.9.0
diff --git a/Packs/Ataya/Playbooks/Ataya_-_Securely_logging_device_access_to_network_README.md b/Packs/Ataya/Playbooks/Ataya_-_Securely_logging_device_access_to_network_README.md
new file mode 100644
index 000000000000..bd45ecd498b8
--- /dev/null
+++ b/Packs/Ataya/Playbooks/Ataya_-_Securely_logging_device_access_to_network_README.md
@@ -0,0 +1,39 @@
+With this playbook, we can enable Identity-Aware Security Across Multiaccess Networks.
+
+## Dependencies
+
+This playbook uses the following sub-playbooks, integrations, and scripts.
+
+### Sub-playbooks
+
+This playbook does not use any sub-playbooks.
+
+### Integrations
+
+* Ataya
+
+### Scripts
+
+* IsIntegrationAvailable
+
+### Commands
+
+* pan-os
+* closeInvestigation
+* ataya-assign-user
+
+## Playbook Inputs
+
+---
+There are no inputs for this playbook.
+
+## Playbook Outputs
+
+---
+There are no outputs for this playbook.
+
+## Playbook Image
+
+---
+
+
diff --git a/Packs/Ataya/README.md b/Packs/Ataya/README.md
new file mode 100644
index 000000000000..4afadc63db7e
--- /dev/null
+++ b/Packs/Ataya/README.md
@@ -0,0 +1,46 @@
+# Ataya Harmony Interface for Cortex XSOAR of Palo Alto Networks
+
+## Summary
+The Webhook interface can be enabled in the Ataya's Harmony Platform. Once done, the Ataya's 5G core network will publish the clients’ session events to XSOAR, which can notify the Palo Alto firewall gateway to apply the desired policy to the client connections.
+
+## Requirement
+The following content is necessary for complete the integration.
+- Ataya Harmony
+- Generic Webhook
+- Palo Alto Networks PAN-OS
+
+## Configuration
+The configuration instruction of Generic Webhook application and Ataya Harmony Platform.
+
+### Generic Webhook
+1. Choose _Ataya_ as the incident type
+2. Choose _Ataya Mapping_ as the incident type
+3. Configure the webhook server setting (listen port and credentials)
+
+### Palo Alto Networks PAN-OS
+1. Configure the server URL and the API key of the NGFW
+
+### Ataya Harmony
+1. Configure the Harmony URL and the API access Token
+
+## How to generate token from Ataya Harmony
+
+### Webhook Token
+1. Login to Ataya Harmony
+2. Navigate to **Organization** > **Setting** > **Webhook**.
+3. Right-click **+Webhook**, and fill the configuration related to Generic Webhook server.
+
+#### Supported Published Events
+- Session Create
+- Session Modification
+- Session Delete
+- Session EventType
+
+### API Access Token
+1. Login to Ataya Harmony
+2. Navigate to **Organization** > **Setting** > **API Access Control**.
+3. Right-click **+API Access Key**, and fill the configuration related to API Access Token.
+
+_Check [Ataya Inc.](https://www.ataya.io/) for product details on Ataya Harmony Platform_
+
+[](https://www.ataya.io/)
diff --git a/Packs/Ataya/doc_files/Ataya_-_Securely_logging_device_access_to_network.png b/Packs/Ataya/doc_files/Ataya_-_Securely_logging_device_access_to_network.png
new file mode 100644
index 000000000000..60b1214bbc50
Binary files /dev/null and b/Packs/Ataya/doc_files/Ataya_-_Securely_logging_device_access_to_network.png differ
diff --git a/Packs/Ataya/pack_metadata.json b/Packs/Ataya/pack_metadata.json
new file mode 100644
index 000000000000..1ef865c803ac
--- /dev/null
+++ b/Packs/Ataya/pack_metadata.json
@@ -0,0 +1,22 @@
+{
+ "name": "Ataya",
+ "description": "Integrate with Ataya Harmony for manage the 5G UE session",
+ "support": "partner",
+ "currentVersion": "1.0.0",
+ "author": "Ataya Inc.",
+ "url": "https://ataya.io",
+ "email": "",
+ "categories": [
+ "Network Security"
+ ],
+ "tags": [
+ "Network"
+ ],
+ "useCases": [],
+ "keywords": [],
+ "marketplaces": [
+ "xsoar",
+ "marketplacev2"
+ ],
+ "githubUser": "tony19911010"
+}