diff --git a/Packs/Okta/ModelingRules/OktaModelingRules_1_3/OktaModelingRules_1_3.xif b/Packs/Okta/ModelingRules/OktaModelingRules_1_3/OktaModelingRules_1_3.xif
index 36905a76c958..d5249aedfc53 100644
--- a/Packs/Okta/ModelingRules/OktaModelingRules_1_3/OktaModelingRules_1_3.xif
+++ b/Packs/Okta/ModelingRules/OktaModelingRules_1_3/OktaModelingRules_1_3.xif
@@ -2,11 +2,12 @@
 filter
     eventType in ("app.ad.api.user_import.account_locked","app.app_instance.csr.generate","app.app_instance.csr.publish","app.app_instance.csr.revoke","app.app_instance.provision_sync_job.completed","app.app_instance.provision_sync_job.failed","app.app_instance.provision_sync_job.started","app.audit_report.download.local.active","app.audit_report.download.local.deprov","app.audit_report.download.rogue.report","app.generic.unauth_app_access_attempt","app.inbound_del_auth.login_success","app.keys.clone","app.keys.generate","app.keys.rotate","app.ldap.password.change.failed","app.office365.api.change.domain.federation.success","app.office365.api.error.ad.user","app.office365.api.error.check.user.exists","app.office365.api.error.create.user","app.office365.api.error.deactivate.user","app.office365.api.error.download.custom.objects","app.office365.api.error.download.groups","app.office365.api.error.download.users","app.office365.api.error.endpoint.unavailable","app.office365.api.error.get.company.dirsync.failure","app.office365.api.error.get.company.dirsync.status.failure","app.office365.api.error.get.company.dirsync.status.pending","app.office365.api.error.get.object.ids.by.group.id","app.office365.api.error.group.create.failure","app.office365.api.error.group.create.failure.name.in.use","app.office365.api.error.group.delete.failure","app.office365.api.error.group.membership.update.assignment.failure","app.office365.api.error.group.membership.update.failure","app.office365.api.error.group.membership.update.group.not.found.failure","app.office365.api.error.group.membership.update.removal.failure","app.office365.api.error.group.update.failure","app.office365.api.error.group.update.failure.not.found","app.office365.api.error.import.profile","app.office365.api.error.no.endpoints.found","app.office365.api.error.push.password","app.office365.api.error.push.profile","app.office365.api.error.reactivate.user","app.office365.api.error.remove.domain.federation.failure","app.office365.api.error.remove.domain.federation.failure.access.denied","app.office365.api.error.remove.domain.federation.failure.domain.not.found","app.office365.api.error.revoke.refresh.token","app.office365.api.error.set.company.dirsync.failure","app.office365.api.error.set.company.dirsync.status.failure","app.office365.api.error.set.domain.federation.failure","app.office365.api.error.set.domain.federation.failure.access.denied","app.office365.api.error.set.domain.federation.failure.domain.default","app.office365.api.error.set.domain.federation.failure.domain.not.found","app.office365.api.error.sync.contact","app.office365.api.error.sync.finalize","app.office365.api.error.sync.group","app.office365.api.error.sync.not.activated","app.office365.api.error.sync.set.attribute","app.office365.api.error.sync.user","app.office365.api.error.unable.to.create.graph.client","app.office365.api.error.validate.admin.creds","app.office365.api.error.validate.creds","app.office365.api.error.validate.creds.unknown.exception","app.office365.api.error.x-ms-forwarded-client-ip-header.absent","app.office365.api.remove.domain.federation.success","app.office365.api.set.domain.federation.success","app.office365.api.sync.complete","app.office365.api.sync.heartbeat.sent","app.office365.api.sync.job.complete","app.office365.api.sync.job.complete.contact","app.office365.api.sync.job.complete.group","app.office365.api.sync.job.complete.user","app.office365.clientplatform.conversion.job.processing.app.instance","app.office365.clientplatform.conversion.job.skipping.migration","app.office365.dirsync.skipping.conflict-object","app.office365.dirsync.skipping.critical-system-object","app.office365.dirsync.skipping.non-security-group-invalid-mail","app.office365.dirsync.skipping.reserved-attribute-value","app.office365.dirsync.skipping.systemmailbox","app.office365.dirsync.skipping.without-name-and-displayname","app.office365.error.importing.user","app.office365.graph.api.error.no.mailbox.found","app.office365.graph.api.error.rate-limit.exceeded","app.office365.graph.api.error.service.principal.creation.failed","app.office365.service.principal.cleanup.job.complete","app.office365.service.principal.cleanup.job.invalid.credentials","app.office365.service.principal.cleanup.job.processing","app.office365.service.principal.cleanup.job.skipping.missing.creds","app.office365.service.principal.cleanup.job.skipping.no.service.principal","app.office365.service.principal.cleanup.job.unable.to.delete.service.principal","app.office365.user.delete.success","app.office365.user.lifecycle.action.failed","app.office365.user.remove.licenses.success","app.radius.agent.listener.failed","app.radius.agent.listener.succeeded","app.radius.agent.port_inaccessible","app.radius.agent.port_reaccessible","app.radius.info_access.no_permission","app.radius.info_access.partial_permission","app.realtimesync.import.details.add_user","app.realtimesync.import.details.delete_user","app.realtimesync.import.details.update_user","app.saml.sensitive.attribute.update","app.user_management.grouppush.mapping.created.from.rule","app.user_management.grouppush.mapping.created.from.rule.error.duplicate","app.user_management.grouppush.mapping.created.from.rule.error.validation","app.user_management.grouppush.mapping.created.from.rule.errors","app.user_management.grouppush.mapping.okta.users.ignored","app.user_management.push_new_user_success","app.user_management.update_from_master_failed","app.user_management.user_group_import.create_failure","app.user_management.user_group_import.delete_success","app.user_management.user_group_import.update_failure","app.user_management.user_group_import.upsert_fail","app.user_management.user_group_import.upsert_success","application.configuration.disable_delauth_outbound","application.configuration.disable_fed_broker_mode","application.configuration.enable_delauth_outbound","application.configuration.enable_fed_broker_mode","application.configuration.reset_logo","application.configuration.update","application.configuration.update_api_credentials_for_pass_change","application.configuration.update_logo","application.lifecycle.activate","application.lifecycle.create","application.lifecycle.deactivate","application.lifecycle.delete","application.lifecycle.update","application.policy.sign_on.deny_access","application.policy.sign_on.rule.create","application.policy.sign_on.rule.delete","application.policy.sign_on.update","application.provision.field_mapping_rule.change","application.provision.group.add","application.provision.group.import","application.provision.group.remove","application.provision.group.update","application.provision.group.verify_exists","application.provision.group_membership.add","application.provision.group_membership.import","application.provision.group_membership.remove","application.provision.group_membership.update","application.provision.group_push.activate_mapping","application.provision.group_push.delete_appgroup","application.provision.group_push.mapping.and.groups.deleted.rule.deleted","application.provision.group_push.mapping.app.group.renamed","application.provision.group_push.mapping.app.group.renamed.failed","application.provision.group_push.mapping.created","application.provision.group_push.mapping.created.from.rule.warning.duplicate.name","application.provision.group_push.mapping.created.from.rule.warning.duplicate.name.tobecreated","application.provision.group_push.mapping.created.from.rule.warning.upsertGroup.duplicate.name","application.provision.group_push.mapping.deactivated.source.group.renamed","application.provision.group_push.mapping.deactivated.source.group.renamed.failed","application.provision.group_push.mapping.update.or.delete.failed","application.provision.group_push.mapping.update.or.delete.failed.with.error","application.provision.group_push.push_memberships","application.provision.group_push.pushed","application.provision.group_push.removed","application.provision.group_push.updated","application.provision.integration.call_api","application.provision.user.activate","application.provision.user.deactivate","application.provision.user.deprovision","application.provision.user.import","application.provision.user.import_profile","application.provision.user.password","application.provision.user.push","application.provision.user.push_okta_password","application.provision.user.push_password","application.provision.user.push_profile","application.provision.user.reactivate","application.provision.user.sync","application.provision.user.verify_exists","application.registration_policy.lifecycle.create","application.registration_policy.lifecycle.update","application.user_membership.add","application.user_membership.approve","application.user_membership.change_password","application.user_membership.change_username","application.user_membership.deprovision","application.user_membership.provision","application.user_membership.remove","application.user_membership.restore","application.user_membership.restore_password","application.user_membership.revoke","application.user_membership.show_password","application.user_membership.update","credential.register","credential.revoke","device.enrollment.create","device.lifecycle.activate","device.lifecycle.deactivate","device.lifecycle.delete","device.lifecycle.suspend","device.lifecycle.unsuspend","device.platform.add","device.platform.delete","device.platform.update","device.user.add","device.user.remove","directory.app_user_profile.update","directory.mapping.update","directory.non_default_user_profile.create","directory.user_profile.update","event_hook.activated","event_hook.created","event_hook.deactivated","event_hook.deleted","event_hook.delivery","event_hook.updated","event_hook.verified","group.application_assignment.add","group.application_assignment.remove","group.application_assignment.update","group.lifecycle.create","group.lifecycle.delete","group.privilege.grant","group.privilege.revoke","group.profile.update","group.user_membership.add","group.user_membership.remove","group.user_membership.rule.add_exclusion","group.user_membership.rule.deactivated","iam.resourceset.bindings.add","iam.resourceset.bindings.delete","iam.resourceset.create","iam.resourceset.delete","iam.resourceset.resources.add","iam.resourceset.resources.delete","iam.role.create","iam.role.delete","iam.role.permissions.add","iam.role.permissions.delete","inline_hook.activated","inline_hook.created","inline_hook.deactivated","inline_hook.deleted","inline_hook.executed","master_application.user_membership.add","mim.createEnrollment.ANDROID","mim.createEnrollment.IOS","mim.createEnrollment.OSX","mim.createEnrollment.UNKNOWN","mim.createEnrollment.WINDOWS","network_zone.rule.disabled","omm.app.VPN.settings.changed","omm.app.WIFI.settings.changed","omm.app.eas.cert_based.settings.changed","omm.app.eas.disabled","omm.app.eas.settings.changed","omm.cma.created","omm.cma.deleted","omm.cma.updated","omm.enrollment.changed","pki.ca.add","pki.ca.delete","pki.cert.bind","pki.cert.issue","pki.cert.lifecycle.activate","pki.cert.lifecycle.delete","pki.cert.lifecycle.hold","pki.cert.lifecycle.revoke","pki.cert.lifecycle.suspend","pki.cert.renew","pki.cert.revoke","policy.evaluate_sign_on","policy.execute.user.start","policy.lifecycle.activate","policy.lifecycle.create","policy.lifecycle.deactivate","policy.lifecycle.delete","policy.lifecycle.overwrite","policy.lifecycle.update","policy.mapping.create","policy.rule.action.execute","policy.rule.activate","policy.rule.add","policy.rule.deactivate","policy.rule.delete","policy.rule.invalidate","policy.rule.update","policy.scheduled.execute","scheduled_action.user_suspension.canceled","scheduled_action.user_suspension.completed","scheduled_action.user_suspension.scheduled","scheduled_action.user_suspension.updated","security.authenticator.lifecycle.activate","security.authenticator.lifecycle.deactivate","security.device.add_request_blacklist_policy","security.device.remove_request_blacklist_policy","security.device.temporarily_disable_blacklisting","security.request.blocked","security.threat.configuration.update","security.threat.detected","security.voice.add_country_blacklist","security.voice.remove_country_blacklist","security.zone.make_blacklist","security.zone.remove_blacklist","self_service.disabled","self_service.enabled","system.agent.ad.connect","system.agent.ad.create","system.agent.ad.deactivate","system.agent.ad.delete","system.agent.ad.import_ou","system.agent.ad.import_user","system.agent.ad.invoke_dir","system.agent.ad.reactivate","system.agent.ad.read_dirsync","system.agent.ad.read_ldap","system.agent.ad.read_schema","system.agent.ad.read_topology","system.agent.ad.realtimesync","system.agent.ad.reset_user_password","system.agent.ad.start","system.agent.ad.unlock_user_account","system.agent.ad.update","system.agent.ad.update_user","system.agent.ad.upgrade","system.agent.ad.upload_iwa_log","system.agent.ad.upload_log","system.agent.ad.write_ldap","system.agent.auto_update","system.agent.connector.connect","system.agent.connector.deactivate","system.agent.connector.delete","system.agent.connector.reactivate","system.agent.ldap.change_user_password","system.agent.ldap.create_user_JIT","system.agent.ldap.disconnect","system.agent.ldap.reconnect","system.agent.ldap.reset_user_password","system.agent.ldap.unlock_user_account","system.agent_pools.auto_update","system.api_token.create","system.api_token.enable","system.api_token.revoke","system.brand.update","system.captcha.create","system.captcha.delete","system.captcha.update","system.custom_error.update","system.custom_signin.update","system.custom_url_domain.cert_renew","system.custom_url_domain.cert_upload","system.custom_url_domain.delete","system.custom_url_domain.initiate","system.directory.debugger.extend","system.directory.debugger.grant","system.directory.debugger.query_executed","system.directory.debugger.revoke","system.email.template.create","system.email.template.delete","system.email.template.update","system.idp.lifecycle.activate","system.idp.lifecycle.create","system.idp.lifecycle.deactivate","system.idp.lifecycle.delete","system.idp.lifecycle.update","system.import.clear.unconfirmed.users.summary","system.import.complete","system.import.complete_batch","system.import.custom_object.complete","system.import.custom_object.create","system.import.custom_object.delete","system.import.custom_object.update","system.import.download.complete","system.import.download.start","system.import.group.complete","system.import.group.create","system.import.group.delete","system.import.group.start","system.import.group.update","system.import.group_membership.complete","system.import.implicit_deletion.complete","system.import.implicit_deletion.start","system.import.import_profile","system.import.import_provisioning_info","system.import.membership_processing.complete","system.import.membership_processing.start","system.import.object_creation.complete","system.import.object_creation.start","system.import.roadblock","system.import.roadblock.reschedule_and_resume","system.import.roadblock.resume","system.import.roadblock.updated","system.import.start","system.import.user.complete","system.import.user.create","system.import.user.delete","system.import.user.match","system.import.user.start","system.import.user.suspend","system.import.user.unsuspend","system.import.user.unsuspend_after_confirm","system.import.user.update","system.import.user.update_user_lifecycle_from_master","system.import.user_csv.complete","system.import.user_csv.start","system.import.user_matching.complete","system.import.user_matching.start","system.iwa.create","system.iwa.go_offline","system.iwa.go_online","system.iwa.promote_primary","system.iwa.remove","system.iwa.update","system.iwa.use_default","system.ldapi.bind","system.ldapi.search","system.ldapi.unbind","system.log_stream.lifecycle.activate","system.log_stream.lifecycle.create","system.log_stream.lifecycle.deactivate","system.log_stream.lifecycle.delete","system.log_stream.lifecycle.update","system.mfa.factor.activate","system.mfa.factor.deactivate","system.org.captcha.activate","system.org.captcha.deactivate","system.org.lifecycle.create","system.org.rate_limit.warning","system.org.task.remove","system.theme.update","task.lifecycle.activate","task.lifecycle.create","task.lifecycle.deactivate","task.lifecycle.delete","task.lifecycle.update","user.account.access_super_user_app","user.account.lock","user.account.lock.limit","user.account.privilege.grant","user.account.privilege.revoke","user.account.report_suspicious_activity_by_enduser","user.account.reset_password","user.account.unlock","user.account.unlock_by_admin","user.account.unlock_failure","user.account.unlock_token","user.account.update_password","user.account.update_primary_email","user.account.update_profile","user.account.update_secondary_email","user.account.update_user_type","user.account.use_token","user.credential.enroll","user.identity_snapshot.attestation.create","user.lifecycle.activate","user.lifecycle.create","user.lifecycle.deactivate","user.lifecycle.delete.completed","user.lifecycle.delete.initiated","user.lifecycle.jit.error.read_only","user.lifecycle.password_mass_expiry","user.lifecycle.reactivate","user.lifecycle.suspend","user.lifecycle.unsuspend","user.mfa.attempt_bypass","user.mfa.factor.activate","user.mfa.factor.deactivate","user.mfa.factor.reset_all","user.mfa.factor.suspend","user.mfa.factor.unsuspend","user.mfa.factor.update","user.mfa.okta_verify","user.mfa.okta_verify.deny_push","user.mfa.okta_verify.deny_push_upgrade_needed","user.session.access_admin_app","user.session.clear","user.session.end","user.session.expire","user.session.impersonation.end","user.session.impersonation.extend","user.session.impersonation.grant","user.session.impersonation.initiate","user.session.impersonation.revoke","user.session.start","workflows.user.connection.create","workflows.user.connection.delete","workflows.user.connection.reauthorize","workflows.user.connection.revoke","workflows.user.flow.activate","workflows.user.flow.create","workflows.user.flow.deactivate","workflows.user.flow.delete","workflows.user.flow.export","workflows.user.flow.import","workflows.user.flow.save","workflows.user.table.create","workflows.user.table.delete","workflows.user.table.export","workflows.user.table.import","workflows.user.table.update","workflows.user.table.view","zone.activate","zone.create","zone.deactivate","zone.delete","zone.make_blacklist","zone.remove_blacklist","zone.update","system.push.send_factor_verify_push")
 | alter
-    outcome_result = json_extract_scalar(outcome, "$.result")
+    outcome_result = json_extract_scalar(outcome, "$.result"),
+    user_type = json_extract_scalar(actor, "$.type")
 | alter
-    xdm.target.user.identifier = json_extract_scalar(actor, "$.id"),
-    xdm.target.user.user_type = json_extract_scalar(actor, "$.type"),
-    xdm.target.user.username = json_extract_scalar(actor, "$.alternateId"),
+    xdm.source.user.identifier = json_extract_scalar(actor, "$.id"),
+    xdm.source.user.user_type = if(user_type in("User"), XDM_CONST.USER_TYPE_REGULAR, user_type in("SystemPrincipal"), XDM_CONST.USER_TYPE_SERVICE_ACCOUNT,user_type in("IP address"), XDM_CONST.USER_TYPE_MACHINE_ACCOUNT, to_string(user_type)),
+    xdm.source.user.username = json_extract_scalar(actor, "$.alternateId"),
     xdm.target.cloud.zone = json_extract_scalar(client, "$.zone"),
     xdm.source.ipv4 = json_extract_scalar(client,"$.ipAddress"),
     xdm.target.ipv4="",
@@ -14,19 +15,26 @@ filter
     xdm.target.port=to_integer(0),
     xdm.source.location.city = json_extract_scalar(client, "$.geographicalContext.city"),
     xdm.source.location.country = json_extract_scalar(client, "$.geographicalContext.country"),
+    xdm.source.location.latitude = to_float(json_extract_scalar(client, "$.geographicalContext.geolocation.lat")),
+    xdm.source.location.longitude = to_float(json_extract_scalar(client, "$.geographicalContext.geolocation.lon")),
     xdm.event.type = eventType,
     xdm.event.outcome = if(outcome_result="SUCCESS", XDM_CONST.OUTCOME_SUCCESS, outcome_result="FAILURE", XDM_CONST.OUTCOME_FAILED, outcome_result="ALLOW", XDM_CONST.OUTCOME_SUCCESS, outcome_result="DENY", XDM_CONST.OUTCOME_FAILED, outcome_result="CHALLENGE", XDM_CONST.OUTCOME_PARTIAL, XDM_CONST.OUTCOME_UNKNOWN),
     xdm.event.outcome_reason = json_extract_scalar(outcome, "$.reason"),
     xdm.target.resource.id = arraystring (arraymap (json_extract_array (`target`,"$."), json_extract_scalar ("@element", "$.alternateId")),","),
-    xdm.target.resource.type = arraystring (arraymap (json_extract_array (`target`,"$."), json_extract_scalar ("@element", "$.type")),",")
+    xdm.target.resource.type = arraystring (arraymap (json_extract_array (`target`,"$."), json_extract_scalar ("@element", "$.type")),","),
+    xdm.source.user_agent = json_extract_scalar(client, "$.userAgent.rawUserAgent"),
+    xdm.source.host.os = json_extract_scalar(client, "$.userAgent.os"),
+    xdm.source.process.name = json_extract_scalar(client, "$.userAgent.browser"),
+    xdm.event.id = uuid,
+    xdm.source.asn.as_name =  json_extract_scalar(securityContext,"$.asOrg")
     //First and last name extraction
     | alter displayName = json_extract_scalar(actor, "$.displayName")
     | alter
         lastName = arrayindex(regextract(displayName, "\s([\S]*)"),0),
         firstName= arrayindex(regextract(displayName, "([\S]*)\s"),0)
     | alter
-        xdm.target.user.first_name = firstName,
-        xdm.target.user.last_name = lastName;
+        xdm.source.user.first_name = firstName,
+        xdm.source.user.last_name = lastName;
 
 filter
     eventType in ("app.access_request.approver.approve","app.access_request.approver.deny","app.access_request.delete","app.access_request.deny","app.access_request.expire","app.access_request.grant","app.access_request.request","app.kerberos_rich_client.account_not_found","app.kerberos_rich_client.instance_not_found","app.kerberos_rich_client.multiple_accounts_found","app.kerberos_rich_client.user_authentication_successful","app.oauth2.admin.consent.grant","app.oauth2.admin.consent.revoke","app.oauth2.as.authorize","app.oauth2.as.authorize.code","app.oauth2.as.authorize.implicit.access_token","app.oauth2.as.authorize.implicit.id_token","app.oauth2.as.authorize.scope_denied","app.oauth2.as.consent.grant","app.oauth2.as.consent.revoke","app.oauth2.as.consent.revoke.implicit.as","app.oauth2.as.consent.revoke.implicit.client","app.oauth2.as.consent.revoke.implicit.scope","app.oauth2.as.consent.revoke.implicit.user","app.oauth2.as.consent.revoke.user","app.oauth2.as.consent.revoke.user.client","app.oauth2.as.evaluate.claim","app.oauth2.as.interact.interaction_code","app.oauth2.as.interact.interaction_handle","app.oauth2.as.key.rollover","app.oauth2.as.token.detect_reuse","app.oauth2.as.token.grant","app.oauth2.as.token.grant.access_token","app.oauth2.as.token.grant.device_secret","app.oauth2.as.token.grant.id_token","app.oauth2.as.token.grant.refresh_token","app.oauth2.as.token.revoke","app.oauth2.authorize","app.oauth2.authorize.code","app.oauth2.authorize.implicit.access_token","app.oauth2.authorize.implicit.id_token","app.oauth2.client.lifecycle.activate","app.oauth2.client.lifecycle.create","app.oauth2.client.lifecycle.deactivate","app.oauth2.client.lifecycle.delete","app.oauth2.client.lifecycle.update","app.oauth2.client_id_rate_limit_warning","app.oauth2.consent.grant","app.oauth2.interact.interaction_code","app.oauth2.interact.interaction_handle","app.oauth2.invalid_client_credentials","app.oauth2.invalid_client_ids","app.oauth2.key.rollover","app.oauth2.signon","app.oauth2.token.detect_reuse","app.oauth2.token.grant","app.oauth2.token.grant.access_token","app.oauth2.token.grant.id_token","app.oauth2.token.grant.refresh_token","app.oauth2.token.revoke","app.oauth2.token.revoke.implicit.as","app.oauth2.token.revoke.implicit.client","app.oauth2.token.revoke.implicit.user","app.office365.graph.api.error.service.principal.msgraph.authentication.failure","application.integration.authentication_failure","oauth2.as.activated","oauth2.as.created","oauth2.as.deactivated","oauth2.as.deleted","oauth2.as.updated","oauth2.claim.created","oauth2.claim.deleted","oauth2.claim.updated","oauth2.scope.created","oauth2.scope.deleted","oauth2.scope.updated","system.agent.ldap.realtimesync","system.agent.ldap.update_user","system.agent.ldap.update_user_password","system.iwa_agentless.auth","system.iwa_agentless.redirect","system.iwa_agentless.update","system.iwa_agentless.user.not_found","system.iwa_agentless_kerberos.update","user.authentication.auth","user.authentication.auth_via_AD_agent","user.authentication.auth_via_IDP","user.authentication.auth_via_LDAP_agent","user.authentication.auth_via_inbound_SAML","user.authentication.auth_via_inbound_delauth","user.authentication.auth_via_iwa","user.authentication.auth_via_mfa","user.authentication.auth_via_radius","user.authentication.auth_via_richclient","user.authentication.auth_via_social","user.authentication.authenticate","user.authentication.slo","user.authentication.sso","user.authentication.verify","user.import.password")
@@ -40,9 +48,16 @@ filter
     xdm.target.port=to_integer(0),
     xdm.source.location.city = json_extract_scalar(client, "$.geographicalContext.city"),
     xdm.source.location.country = json_extract_scalar(client, "$.geographicalContext.country"),
+    xdm.source.location.latitude = to_float(json_extract_scalar(client, "$.geographicalContext.geolocation.lat")),
+    xdm.source.location.longitude = to_float(json_extract_scalar(client, "$.geographicalContext.geolocation.lon")),
     xdm.network.session_id = json_extract_scalar(authenticationContext, "$.externalSessionId"),
     xdm.event.type = eventType,
     xdm.event.outcome = if(outcome_result="SUCCESS",XDM_CONST.OUTCOME_SUCCESS, outcome_result="FAILURE", XDM_CONST.OUTCOME_FAILED, outcome_result="ALLOW", XDM_CONST.OUTCOME_SUCCESS, outcome_result="DENY", XDM_CONST.OUTCOME_FAILED, outcome_result="CHALLENGE", XDM_CONST.OUTCOME_PARTIAL, XDM_CONST.OUTCOME_UNKNOWN),
     xdm.event.outcome_reason = json_extract_scalar(outcome, "$.reason"),
     xdm.target.host.device_id = arraystring (arraymap (json_extract_array (`target`,"$."), json_extract_scalar ("@element", "$.alternateId")),","),
-    xdm.target.host.device_category = arraystring (arraymap (json_extract_array (`target`,"$."), json_extract_scalar ("@element", "$.type")),",");
\ No newline at end of file
+    xdm.target.host.device_category = arraystring (arraymap (json_extract_array (`target`,"$."), json_extract_scalar ("@element", "$.type")),","),
+    xdm.source.user_agent = json_extract_scalar(client, "$.userAgent.rawUserAgent"),
+    xdm.source.host.os = json_extract_scalar(client, "$.userAgent.os"),
+    xdm.source.process.name = json_extract_scalar(client, "$.userAgent.browser"),
+    xdm.event.id = uuid,
+    xdm.source.asn.as_name =  json_extract_scalar(securityContext,"$.asOrg");
\ No newline at end of file
diff --git a/Packs/Okta/ReleaseNotes/3_1_10.md b/Packs/Okta/ReleaseNotes/3_1_10.md
new file mode 100644
index 000000000000..a8063856909c
--- /dev/null
+++ b/Packs/Okta/ReleaseNotes/3_1_10.md
@@ -0,0 +1,4 @@
+#### Modeling Rules
+##### Okta Modeling Rule
+- Added fields to Modeling Rules as part of the xdm network story creation.
+- Modified user related fields from "target" to "source".
diff --git a/Packs/Okta/pack_metadata.json b/Packs/Okta/pack_metadata.json
index 8ca705e57be7..e6bd1301e10d 100644
--- a/Packs/Okta/pack_metadata.json
+++ b/Packs/Okta/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Okta",
     "description": "Integration with Okta's cloud-based identity management service.",
     "support": "xsoar",
-    "currentVersion": "3.1.9",
+    "currentVersion": "3.1.10",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",