diff --git a/.script/tests/KqlvalidationsTests/CustomTables/Garrison_ULTRARemote_Logs_CL.json b/.script/tests/KqlvalidationsTests/CustomTables/Garrison_ULTRARemote_Logs_CL.json
new file mode 100644
index 00000000000..79ffbaf8167
--- /dev/null
+++ b/.script/tests/KqlvalidationsTests/CustomTables/Garrison_ULTRARemote_Logs_CL.json
@@ -0,0 +1,49 @@
+{
+  "Name":"Garrison_ULTRARemoteLogs_CL",
+  "Properties":[
+    {
+      "name": "TimeGenerated",
+      "type": "datetime"
+    },
+    {
+      "name": "deviceEventClassId",
+      "type": "int"
+    },
+    {
+      "name": "name",
+      "type": "string"
+    },
+    {
+      "name": "start",
+      "type": "long"
+    },
+    {
+      "name": "request",
+      "type": "string"
+    },
+    {
+      "name": "requestContext",
+      "type": "string"
+    },
+    {
+      "name": "reason",
+      "type": "string"
+    },
+    {
+      "name": "dhost",
+      "type": "string"
+    },
+    {
+      "name": "devicePayloadId",
+      "type": "string"
+    },
+    {
+      "name": "suid",
+      "type": "string"
+    },
+    {
+      "name": "suser",
+      "type": "string"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/Logos/Garrison_Logomark.svg b/Logos/Garrison_Logomark.svg
new file mode 100644
index 00000000000..1451a9592ba
--- /dev/null
+++ b/Logos/Garrison_Logomark.svg
@@ -0,0 +1,4 @@
+<svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="512px" height="512px">
+<g><path fill="#21d861" d="M 242.5,42.5 C 323.165,41.4124 386.332,73.7457 432,139.5C 466.179,195.091 474.513,254.424 457,317.5C 436.483,380.352 395.983,425.185 335.5,452C 260.465,480.538 190.465,471.538 125.5,425C 76.8143,385.135 50.1476,333.635 45.5,270.5C 46.8333,270.5 48.1667,270.5 49.5,270.5C 59.3176,349.469 100.984,403.969 174.5,434C 243.633,456.105 306.3,444.438 362.5,399C 423.516,341.256 441.683,272.089 417,191.5C 389.393,122.897 339.226,81.7305 266.5,68C 182.72,59.4766 118.553,90.6433 74,161.5C 60.2919,186.124 52.1252,212.457 49.5,240.5C 48.1667,240.5 46.8333,240.5 45.5,240.5C 52.3751,160.858 90.7085,102.025 160.5,64C 186.557,51.487 213.891,44.3204 242.5,42.5 Z"/></g>
+<g><path fill="#46545c" d="M 223.5,87.5 C 286.172,84.4287 336.672,107.429 375,156.5C 379.942,163.383 384.109,170.717 387.5,178.5C 382.237,191.121 377.07,203.788 372,216.5C 371.592,218.41 370.425,219.41 368.5,219.5C 356.126,216.626 343.793,213.626 331.5,210.5C 307.382,167.606 270.715,148.773 221.5,154C 175.333,164.167 147.167,192.333 137,238.5C 131.681,289.706 151.847,326.873 197.5,350C 237.171,365.191 273.504,359.524 306.5,333C 317.117,322.76 325.783,311.093 332.5,298C 295.835,297.5 259.168,297.333 222.5,297.5C 222.5,278.167 222.5,258.833 222.5,239.5C 283.833,239.5 345.167,239.5 406.5,239.5C 410.035,300.57 388.368,350.403 341.5,389C 288.701,426.46 232.034,433.46 171.5,410C 106.872,378.948 73.2049,327.448 70.5,255.5C 73.2049,183.552 106.872,132.052 171.5,101C 188.305,93.9666 205.638,89.4666 223.5,87.5 Z"/></g>
+</svg>
diff --git a/Sample Data/GarrisonULTRARemoteLogs_IngestedLogs.csv b/Sample Data/GarrisonULTRARemoteLogs_IngestedLogs.csv
new file mode 100644
index 00000000000..889fdd85a76
--- /dev/null
+++ b/Sample Data/GarrisonULTRARemoteLogs_IngestedLogs.csv	
@@ -0,0 +1,6 @@
+"TimeGenerated [UTC]",deviceEventClassId,name,start,request,requestContext,reason,dhost,devicePayloadId,suid,suser,TenantId,Type,"_ResourceId"
+"15/10/2024, 13:48:49.443",1,"HTTP request",1729000129443,"ovxYqsOc>m}P,t<+cSMk9R(oL/I?*6)L>J&dNV/U@,#aK+QkLi~6jz%&#VLIGu+qfl)8mL~y3#J]>.U+p\faP[@VUL=h6^&=>gqE#AmRqM/8u.]+K>(V\21S[^{}>VFb$#+qn05$VdCV(+AZ(4st}#86odv[&\&ji$%Z2<w%}B+C7nXrL;1b2,a1uWM*shhXWw^@3;[8>LF|=}<GRupwlDs}GkIf4Ohd/+B/","[fTLB33$TC-f{&1B^#u-xnx7AwwUs,J-vg@y*XZm)P\/Ktsp1m1]UiopH*VEFlum=-a2D.5uyG3HNmq08GH7z5?\^gnX8]7FlNUr~iX^bb$u^uqI=EtXQ:KCr4q@AnnMtMsFHh*iu6?:=IQZEFW%z?6{B4jh2Uc6GqG-1Aas&R]<",,,58ce17a07ce75c1f,"316f5921-420a-49c5-b3ec-7d540ef01352","316f5921-420a-49c5-b3ec-7d540ef01352","021b4ebb-f69d-4e87-8082-e3b8b0c31520","Garrison_ULTRARemoteLogs_CL",
+"15/10/2024, 13:48:49.445",3,"HTTP request blocked",1729000129445,"-5kYl5DN%?xvnxA-tQlcDuAHB0t7Xlf9pseXQ7,P3ogw\y;]o<4emH\GPiuwg1TiqOhfjOUD2&T:>FWy}N,I^kG,L*VT4CRO&AebMD,mQYOpy@Y(%&%%|yZ><pg<LH@@&VKiL9w6&6a}yvzZ1>cs5n8KoUnM40poO9u,[_K@9U0RGJO/+ea*B+0I.qdD&31@+doOeeP~]Ei@ZI/^IvU8lsENC&Of1NqR>xf)","McdoQ4TLW8e(}71m*g9o_SJ.(N5+YS|h3?pX~>+CEY}w}J.W_9vfM~T^b;d^]*WZjEiyL87tU2u4/$S|u)IAoRE3#:/j3*]X%A]%)3Jhi(P<AzJ.+INpUy&$\Y(>@hIpJM7pN-$bxIa>3C/u%zH&omRb;^Z3vxyoFY{Z4XkwW,,(reason=category-arms",,,c8659f393a1979b2,"316f5921-420a-49c5-b3ec-7d540ef01352","316f5921-420a-49c5-b3ec-7d540ef01352","021b4ebb-f69d-4e87-8082-e3b8b0c31520","Garrison_ULTRARemoteLogs_CL",
+"15/10/2024, 13:48:49.443",0,"Page visit",1729000129443,"B-||Zw[8P?b+<bVM4T&/^?;hqjS][FE7?OhA(kYJvNF*Oh>.}mV[t32;Ampfg||?P-=vMV~fp~y,hy]\qXYj-H5zHt4O9K[%b8voqIz>-mq\G,fOq/x@&:2#}bN*7PhSqJ*Ygy:lHZh80[Y$iZ)<p~;dyZCTn#KLER&m@&J)zBpj",,,,0e72f8932c8f98d0,"316f5921-420a-49c5-b3ec-7d540ef01352","316f5921-420a-49c5-b3ec-7d540ef01352","021b4ebb-f69d-4e87-8082-e3b8b0c31520","Garrison_ULTRARemoteLogs_CL",
+"15/10/2024, 13:48:49.445",2,"Page visit blocked",1729000129445,"sM,r_eh,:nlO%GF8O0-Ww]|Md\dL-|GpwkB(&:FlvWhJk70T]q-upDDLJ(Qh*LT*GQdvi;Z:>J63$QJ8W\n;$+jG[);eGtWH3/2yC<}7~U,&~AD_GRUbegHUBlcZQLR$W%&A<8FX]Rcxgv+1DouBy|GZW#heN*I0%Y<fCgRYgW~c",,"category-arms",,405a2e1159c68d87,"316f5921-420a-49c5-b3ec-7d540ef01352","316f5921-420a-49c5-b3ec-7d540ef01352","021b4ebb-f69d-4e87-8082-e3b8b0c31520","Garrison_ULTRARemoteLogs_CL",
+"15/10/2024, 13:48:42.879",4,"Site visit",1729000122879,,,,"%s-P>UA?}[S<&qA+]-v\KoGSEo[dF#59p\/.d})pPJ1Kgb?MN}am%5[\5zu{E##)F",a0a7f49bd73fab31,"316f5921-420a-49c5-b3ec-7d540ef01352","316f5921-420a-49c5-b3ec-7d540ef01352","021b4ebb-f69d-4e87-8082-e3b8b0c31520","Garrison_ULTRARemoteLogs_CL",
diff --git a/Sample Data/GarrisonULTRARemoteLogs_RawLogs.json b/Sample Data/GarrisonULTRARemoteLogs_RawLogs.json
new file mode 100644
index 00000000000..b40e11501c8
--- /dev/null
+++ b/Sample Data/GarrisonULTRARemoteLogs_RawLogs.json	
@@ -0,0 +1,67 @@
+[
+  {
+    "TimeGenerated": "2024-10-15 14:39:09.323000+00:00",
+    "deviceEventClassId": 1,
+    "name": "HTTP request",
+    "start": 1729003149323,
+    "request": ">{XDI$K.&=nTA8ZtdJIf;>~})l9?6tjFH7QR*vns]x16ZZ%Ot[#qvtL^x^OIZ<n<Au-3ryqo&#{dB1hs?*gZ?9bBqf<dmTFNo(LU,amU)7L.0>EQ#(L~S-gP}B8#3]#pNV&Z9@ITYVS%wX|&A^u)+LNiU^Tt2N:tQiLUE,&4?fAg<Gq7plLs9bB<Ht5E|A(htf<KKn#XHbY\\vEqu{WuUarLc#1ymV+{ow:cN",
+    "requestContext": "$?aY?-s_%6fHrPlU61E,p8t&8%]vrpT-k[O~OPP4%,Mdm0WzoEhDfC%|LSIyt?CS=|9Mpto@-1}z4mLKP(Ao>6c(k<PFikbZnq[n@WbZZv\\M4xkUaGN*103}bg,);|O/$/xo:>DYl+)(h/_/f@:kT1r]hn]~hGf3%-#dxFOFT<*E",
+    "reason": "",
+    "dhost": "",
+    "devicePayloadId": "037dd6aad0e06621",
+    "suid": "cf7739fc-1056-4544-9ab4-a909c42416ec",
+    "suser": "cf7739fc-1056-4544-9ab4-a909c42416ec"
+  },
+  {
+    "TimeGenerated": "2024-10-15 14:39:09.325000+00:00",
+    "deviceEventClassId": 4,
+    "name": "Site visit",
+    "start": 1729003149325,
+    "request": "",
+    "requestContext": "",
+    "reason": "",
+    "dhost": "d?iC^MUFD9\\Bu1<.+3Q>)gj9gSO3+I8/{S}yNq>A&21?:sam-IN7(/i#qf^]FMs/~",
+    "devicePayloadId": "b8f6848a07290a8b",
+    "suid": "cf7739fc-1056-4544-9ab4-a909c42416ec",
+    "suser": "cf7739fc-1056-4544-9ab4-a909c42416ec"
+  },
+  {
+    "TimeGenerated": "2024-10-15 14:39:09.324000+00:00",
+    "deviceEventClassId": 3,
+    "name": "HTTP request blocked",
+    "start": 1729003149324,
+    "request": "/%m8\\62Nc9rfHa^7#|^z:e8cU:\\*G[s5KEG?K0Kw3|h.X0U)<RFTVqlzOzDSTtOp4tlW{vj>NjroRep6+a:<bYuXlk&m7EB6MIw{hlEcCCHB$nX)8+fNj>f^pP)R4xw~/X/1xA>*KW%el^M)kI)IH#@KGZtpGi.qeZ*&[JCcvOh*@XlFpZ=0xwJWoK>8_eofg,Jw%CZuY]i6{G:qcp[?&;^uLlg^h.tv8kHy",
+    "requestContext": "fW56)_up7Z;&4C7-~[3I[f52pO5#On5tBEV[pdW|;tfd6]fkr+y9rPffQg*]?0;3XU5sp3T<%8W_O-jnpjGF\\:q|s%&oZ%g~B}>H3U&)S<EleBZlk-,sma[hir6@Zi2%;W[8H.:_N9|LV^B~r>iR=Q*p,4$1\\3y[[0z465$JK$JYreason=category-arms",
+    "reason": "",
+    "dhost": "",
+    "devicePayloadId": "6b8c53f30783d5b5",
+    "suid": "cf7739fc-1056-4544-9ab4-a909c42416ec",
+    "suser": "cf7739fc-1056-4544-9ab4-a909c42416ec"
+  },
+  {
+    "TimeGenerated": "2024-10-15 14:39:09.322000+00:00",
+    "deviceEventClassId": 0,
+    "name": "Page visit",
+    "start": 1729003149322,
+    "request": "={AT@@yufoRzB60y<O^26Y$uT#;-^@Q,T+1FtUL;9%L_P2KBY$WNyk)(D3fp5F1,X/tSCrg^oMHB<F*W3?n(v&\\f@p<~dI(4z#{lP*x&Kt@?{F<I_qG<z2CysDF5*[QMBIUC^GThfpebu$.S4{i}]X*#o~k&a,ol8Z(Ju68fzj?P",
+    "requestContext": "",
+    "reason": "",
+    "dhost": "",
+    "devicePayloadId": "dc5f245768e1263b",
+    "suid": "cf7739fc-1056-4544-9ab4-a909c42416ec",
+    "suser": "cf7739fc-1056-4544-9ab4-a909c42416ec"
+  },
+  {
+    "TimeGenerated": "2024-10-15 14:39:12.570000+00:00",
+    "deviceEventClassId": 2,
+    "name": "Page visit blocked",
+    "start": 1729003152570,
+    "request": "?QBNHE^NK)l%g}.{Ur}lolTW\\Qc@R65_?_q,qCZo8@#fv>vi/GpaeEJuA@w)Ogfi#a+47y{YB|@u%\\)Y}TK/KaoqFmT[{hB[F8<smpOqVj?#W4u:]p-9d^6Wn;SSo%nXy]g._G#k6K}s4fbt?rtab[?2:d_7XSy<141-bJDt]hT~",
+    "requestContext": "",
+    "reason": "category-arms",
+    "dhost": "",
+    "devicePayloadId": "9300453ad15f2ef5",
+    "suid": "cf0b5b78-270e-416c-8b42-0cc91232af86",
+    "suser": "cf0b5b78-270e-416c-8b42-0cc91232af86"
+  }
+]
diff --git a/Sample Data/GarrisonULTRARemoteLogs_Schema.csv b/Sample Data/GarrisonULTRARemoteLogs_Schema.csv
new file mode 100644
index 00000000000..c84099d3883
--- /dev/null
+++ b/Sample Data/GarrisonULTRARemoteLogs_Schema.csv	
@@ -0,0 +1,15 @@
+ColumnName,ColumnOrdinal,DataType,ColumnType
+TimeGenerated,0,"System.DateTime",datetime
+deviceEventClassId,1,"System.Int32",int
+name,2,"System.String",string
+start,3,"System.Int64",long
+request,4,"System.String",string
+requestContext,5,"System.String",string
+reason,6,"System.String",string
+dhost,7,"System.String",string
+devicePayloadId,8,"System.String",string
+suid,9,"System.String",string
+suser,10,"System.String",string
+TenantId,11,"System.String",string
+Type,12,"System.String",string
+"_ResourceId",13,"System.String",string
diff --git a/Solutions/Garrison ULTRA/Data Connectors/GarrisonULTRARemoteLogs/GarrisonULTRARemoteLogs_ConnectorUI.json b/Solutions/Garrison ULTRA/Data Connectors/GarrisonULTRARemoteLogs/GarrisonULTRARemoteLogs_ConnectorUI.json
new file mode 100644
index 00000000000..e6f8c7397c3
--- /dev/null
+++ b/Solutions/Garrison ULTRA/Data Connectors/GarrisonULTRARemoteLogs/GarrisonULTRARemoteLogs_ConnectorUI.json	
@@ -0,0 +1,89 @@
+{
+    "id": "GarrisonULTRARemoteLogs",
+    "title": "Garrison ULTRA Remote Logs",
+    "publisher": "Garrison",
+    "descriptionMarkdown": "The [Garrison ULTRA](https://www.garrison.com/en/garrison-ultra-cloud-platform) Remote Logs connector allows you to ingest Garrison ULTRA Remote Logs into Microsoft Sentinel.",
+    "graphQueries": [
+        {
+            "metricName": "Total data received",
+            "legend": "Garrison_ULTRARemoteLogs_CL",
+            "baseQuery": "Garrison_ULTRARemoteLogs_CL"
+        }
+    ],
+    "sampleQueries": [
+        {
+            "description" : "Last 10 logs",
+            "query": "Garrison_ULTRARemoteLogs_CL\n | top 10 by TimeGenerated desc"
+        }
+    ],
+    "dataTypes": [
+        {
+            "name": "Garrison_ULTRARemoteLogs_CL",
+            "lastDataReceivedQuery": "Garrison_ULTRARemoteLogs_CL\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
+        }
+    ],
+    "connectivityCriterias": [
+        {
+            "type": "IsConnectedQuery",
+            "value": [
+                "Garrison_ULTRARemoteLogs_CL \n    |take 1\n   | project IsConnected = true  "
+            ]
+        }
+    ],
+    "availability": {
+        "status": 1,
+        "isPreview": false
+    },
+    "permissions": {
+        "resourceProvider": [
+            {
+                "provider": "Microsoft.OperationalInsights/workspaces",
+                "permissionsDisplayText": "read and write permissions on the workspace are required.",
+                "providerDisplayName": "Workspace",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                    "write": true,
+                    "read": true,
+                    "delete": true
+                }
+            },
+			{
+				"provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
+				"permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
+				"providerDisplayName": "Keys",
+				"scope": "Workspace",
+				"requiredPermissions": {
+					"action": true
+				}
+			}
+        ],
+        "customs": [
+            {
+                "name": "Garrison ULTRA",
+                "description": "To use this data connector you must have an active [Garrison ULTRA](https://www.garrison.com/en/garrison-ultra-cloud-platform) license."
+            }
+        ]
+    },
+    "instructionSteps": [
+		{
+			"title": "Deployment - Azure Resource Manager (ARM) Template",
+			"description": "These steps outline the automated deployment of the Garrison ULTRA Remote Logs data connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Frefs%2Fheads%2Fmaster%2FSolutions%2FGarrison%2520ULTRA%2FData%2520Connectors%2FGarrisonULTRARemoteLogs%2Fazuredeploy_DataCollectionResources.json) \t\t\t\n2. Provide the required details such as Resource Group, Microsoft Sentinel Workspace and ingestion configurations \n> **NOTE:** It is recommended to create a new Resource Group for deployment of these resources.\n3. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n4. Click **Purchase** to deploy."
+		}
+    ],
+    "metadata": {
+        "id": "919e2355-136a-4bbd-ade7-1956e5f61f83",
+        "version": "1.0.0",
+        "kind": "dataConnector",
+        "source": {
+            "kind": "solution",
+            "name": "Garrison ULTRA Remote Logs"
+        },
+        "author": {
+            "name": "Garrison"
+        },
+        "support": {
+            "tier": "developer",
+            "name": "Garrison"
+        }
+    }
+}
diff --git a/Solutions/Garrison ULTRA/Data Connectors/GarrisonULTRARemoteLogs/azuredeploy_DataCollectionResources.json b/Solutions/Garrison ULTRA/Data Connectors/GarrisonULTRARemoteLogs/azuredeploy_DataCollectionResources.json
new file mode 100644
index 00000000000..6b00896a035
--- /dev/null
+++ b/Solutions/Garrison ULTRA/Data Connectors/GarrisonULTRARemoteLogs/azuredeploy_DataCollectionResources.json	
@@ -0,0 +1,189 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "workspace-name": {
+      "defaultValue": "",
+      "type": "string",
+      "metadata": {
+        "description": "Name of Log Analytics workspace in which to deploy resources"
+      }
+    },
+    "workspace-region": {
+      "defaultValue": "",
+      "type": "string",
+      "metadata": {
+        "description": "Region of Log Analytics workspace in which to deploy resources (e.g. 'uksouth')"
+      }
+    }
+  },
+  "variables": {
+    "workspaceName": "[parameters('workspace-name')]",
+    "workspaceRegion": "[parameters('workspace-region')]",
+    "tableName": "Garrison_ULTRARemoteLogs_CL",
+    "dcrName": "gurl-dcr"
+  },
+  "resources": [
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/tables",
+      "apiVersion": "2022-10-01",
+      "name": "[concat(variables('workspaceName'), '/', variables('tableName'))]",
+      "location": "[variables('workspaceRegion')]",
+      "properties": {
+        "plan": "Analytics",
+        "retentionInDays": "-1",
+        "schema": {
+          "name": "[variables('tableName')]",
+          "description": "Custom table for storing Garrison ULTRA Remote Logs",
+          "displayName": "Garrison ULTRA Remote Logs",
+          "columns": [
+            {
+              "name": "TimeGenerated",
+              "type": "datetime",
+              "description": "Mandatory LA table field"
+            },
+            {
+              "name": "deviceEventClassId",
+              "type": "int",
+              "description": "The integer identifier of the event name"
+            },
+            {
+              "name": "name",
+              "type": "string",
+              "description": "The name of the event"
+            },
+            {
+              "name": "start",
+              "type": "long",
+              "description": "The start time of the event - milliseconds since epoch"
+            },
+            {
+              "name": "request",
+              "type": "string",
+              "description": "The URL of the page (for page visits) or resource (for background requests)"
+            },
+            {
+              "name": "requestContext",
+              "type": "string",
+              "description": "The URL of the page originating the request - for background HTTP requests"
+            },
+            {
+              "name": "reason",
+              "type": "string",
+              "description": "The reason given for blocking a request - for blocked events"
+            },
+            {
+              "name": "dhost",
+              "type": "string",
+              "description": "The hostname of the site visited - for site visits"
+            },
+            {
+              "name": "devicePayloadId",
+              "type": "string",
+              "description": "A unique ID for each event"
+            },
+            {
+              "name": "suid",
+              "type": "string",
+              "description": "The user ID associated with the event"
+            },
+            {
+              "name": "suser",
+              "type": "string",
+              "description": "The username associated with the event"
+            }
+          ]
+        },
+        "totalRetentionInDays": "-1"
+      }
+    },
+    {
+      "type": "Microsoft.Insights/dataCollectionRules",
+      "name": "[variables('dcrName')]",
+      "location": "[variables('workspaceRegion')]",
+      "apiVersion": "2023-03-11",
+      "kind": "Direct",
+      "properties": {
+        "streamDeclarations": {
+          "Custom-GarrisonULTRARemoteLogs": {
+            "columns": [
+              {
+                "name": "TimeGenerated",
+                "type": "datetime"
+              },
+              {
+                "name": "deviceEventClassId",
+                "type": "int"
+              },
+              {
+                "name": "name",
+                "type": "string"
+              },
+              {
+                "name": "start",
+                "type": "long"
+              },
+              {
+                "name": "request",
+                "type": "string"
+              },
+              {
+                "name": "requestContext",
+                "type": "string"
+              },
+              {
+                "name": "reason",
+                "type": "string"
+              },
+              {
+                "name": "dhost",
+                "type": "string"
+              },
+              {
+                "name": "devicePayloadId",
+                "type": "string"
+              },
+              {
+                "name": "suid",
+                "type": "string"
+              },
+              {
+                "name": "suser",
+                "type": "string"
+              }
+            ]
+          }
+        },
+        "destinations": {
+          "logAnalytics": [
+            {
+              "workspaceResourceId": "[resourceId('Microsoft.OperationalInsights/workspaces', variables('workspaceName'))]",
+              "name": "workspace"
+            }
+          ]
+        },
+        "dataFlows": [
+          {
+            "streams": [
+              "Custom-GarrisonULTRARemoteLogs"
+            ],
+            "destinations": [
+              "workspace"
+            ],
+            "outputStream": "[concat('Custom-', variables('tableName'))]"
+          }
+        ]
+      }
+    }
+  ],
+  "outputs": {
+    "dataCollectionRuleImmutableId": {
+      "type": "string",
+      "value": "[reference(resourceId('Microsoft.Insights/dataCollectionRules', variables('dcrName'))).immutableId]"
+    },
+    "dataCollectionRuleLogsIngestionEndpoint": {
+      "type": "string",
+      "value": "[reference(resourceId('Microsoft.Insights/dataCollectionRules', variables('dcrName'))).endpoints.logsIngestion]"
+    }
+  }
+}
diff --git a/Solutions/Garrison ULTRA/Data/Solution_GarrisonULTRARemoteLogs.json b/Solutions/Garrison ULTRA/Data/Solution_GarrisonULTRARemoteLogs.json
new file mode 100644
index 00000000000..264253260aa
--- /dev/null
+++ b/Solutions/Garrison ULTRA/Data/Solution_GarrisonULTRARemoteLogs.json	
@@ -0,0 +1,13 @@
+{
+  "Name": "Garrison ULTRA",
+  "Author": "Garrison - support.ultra@garrison.com",
+  "Logo": "<img src=\"https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FLogos%2FGarrison_Logomark.svg\" width=\"75px\" height=\"75px\">",
+  "Description": "The [Garrison ULTRA](https://www.garrison.com/garrison-ultra-cloud-platform) solution allows you ingest logs from Garrison ULTRA into Microsoft Sentinel.",
+  "Data Connectors": [
+    "Data Connectors/GarrisonULTRARemoteLogs/GarrisonULTRARemoteLogs_ConnectorUI.json"
+  ],
+  "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Garrison ULTRA",
+  "Version": "3.0.0",
+  "Metadata": "SolutionMetadata.json",
+  "TemplateSpec": true
+}
\ No newline at end of file
diff --git a/Solutions/Garrison ULTRA/Package/3.0.0.zip b/Solutions/Garrison ULTRA/Package/3.0.0.zip
new file mode 100644
index 00000000000..f73d87f8259
Binary files /dev/null and b/Solutions/Garrison ULTRA/Package/3.0.0.zip differ
diff --git a/Solutions/Garrison ULTRA/Package/createUiDefinition.json b/Solutions/Garrison ULTRA/Package/createUiDefinition.json
new file mode 100644
index 00000000000..6cf0112dad6
--- /dev/null
+++ b/Solutions/Garrison ULTRA/Package/createUiDefinition.json	
@@ -0,0 +1,85 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
+  "handler": "Microsoft.Azure.CreateUIDef",
+  "version": "0.1.2-preview",
+  "parameters": {
+    "config": {
+      "isWizard": false,
+      "basics": {
+        "description": "<img src=\"https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FLogos%2FGarrison_Logomark.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Garrison%20ULTRA/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Garrison ULTRA](https://www.garrison.com/garrison-ultra-cloud-platform) solution allows you ingest logs from Garrison ULTRA into Microsoft Sentinel.\n\n**Data Connectors:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "subscription": {
+          "resourceProviders": [
+            "Microsoft.OperationsManagement/solutions",
+            "Microsoft.OperationalInsights/workspaces/providers/alertRules",
+            "Microsoft.Insights/workbooks",
+            "Microsoft.Logic/workflows"
+          ]
+        },
+        "location": {
+          "metadata": {
+            "hidden": "Hiding location, we get it from the log analytics workspace"
+          },
+          "visible": false
+        },
+        "resourceGroup": {
+          "allowExisting": true
+        }
+      }
+    },
+    "basics": [
+      {
+        "name": "getLAWorkspace",
+        "type": "Microsoft.Solutions.ArmApiControl",
+        "toolTip": "This filters by workspaces that exist in the Resource Group selected",
+        "condition": "[greater(length(resourceGroup().name),0)]",
+        "request": {
+          "method": "GET",
+          "path": "[concat(subscription().id,'/providers/Microsoft.OperationalInsights/workspaces?api-version=2020-08-01')]"
+        }
+      },
+      {
+        "name": "workspace",
+        "type": "Microsoft.Common.DropDown",
+        "label": "Workspace",
+        "placeholder": "Select a workspace",
+        "toolTip": "This dropdown will list only workspace that exists in the Resource Group selected",
+        "constraints": {
+          "allowedValues": "[map(filter(basics('getLAWorkspace').value, (filter) => contains(toLower(filter.id), toLower(resourceGroup().name))), (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]",
+          "required": true
+        },
+        "visible": true
+      }
+    ],
+    "steps": [
+      {
+        "name": "dataconnectors",
+        "label": "Data Connectors",
+        "bladeTitle": "Data Connectors",
+        "elements": [
+          {
+            "name": "dataconnectors1-text",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "This Solution installs the data connector for Garrison ULTRA. You can get Garrison ULTRA custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
+            }
+          },
+          {
+            "name": "dataconnectors-link2",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "link": {
+                "label": "Learn more about connecting data sources",
+                "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
+              }
+            }
+          }
+        ]
+      }
+    ],
+    "outputs": {
+      "workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]",
+      "location": "[location()]",
+      "workspace": "[basics('workspace')]"
+    }
+  }
+}
diff --git a/Solutions/Garrison ULTRA/Package/mainTemplate.json b/Solutions/Garrison ULTRA/Package/mainTemplate.json
new file mode 100644
index 00000000000..ce92429cb81
--- /dev/null
+++ b/Solutions/Garrison ULTRA/Package/mainTemplate.json	
@@ -0,0 +1,375 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+  "contentVersion": "1.0.0.0",
+  "metadata": {
+    "author": "Garrison - support.ultra@garrison.com",
+    "comments": "Solution template for Garrison ULTRA"
+  },
+  "parameters": {
+    "location": {
+      "type": "string",
+      "minLength": 1,
+      "defaultValue": "[resourceGroup().location]",
+      "metadata": {
+        "description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`.  We instead use the `workspace-location` which is derived from the LA workspace"
+      }
+    },
+    "workspace-location": {
+      "type": "string",
+      "defaultValue": "",
+      "metadata": {
+        "description": "[concat('Region to deploy solution resources -- separate from location selection',parameters('location'))]"
+      }
+    },
+    "workspace": {
+      "defaultValue": "",
+      "type": "string",
+      "metadata": {
+        "description": "Workspace name for Log Analytics where Microsoft Sentinel is setup"
+      }
+    }
+  },
+  "variables": {
+    "email": "support.ultra@garrison.com",
+    "_email": "[variables('email')]",
+    "_solutionName": "Garrison ULTRA",
+    "_solutionVersion": "3.0.0",
+    "solutionId": "garrisontechnologyltd1725375696148.microsoft-sentinel-solution-garrison-ultra",
+    "_solutionId": "[variables('solutionId')]",
+    "uiConfigId1": "GarrisonULTRARemoteLogs",
+    "_uiConfigId1": "[variables('uiConfigId1')]",
+    "dataConnectorContentId1": "GarrisonULTRARemoteLogs",
+    "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
+    "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
+    "_dataConnectorId1": "[variables('dataConnectorId1')]",
+    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]",
+    "dataConnectorVersion1": "1.0.0",
+    "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
+    "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
+  },
+  "resources": [
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('dataConnectorTemplateSpecName1')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "Garrison ULTRA data connector with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('dataConnectorVersion1')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
+              "apiVersion": "2021-03-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+              "location": "[parameters('workspace-location')]",
+              "kind": "GenericUI",
+              "properties": {
+                "connectorUiConfig": {
+                  "id": "[variables('_uiConfigId1')]",
+                  "title": "Garrison ULTRA Remote Logs (using Azure Functions)",
+                  "publisher": "Garrison",
+                  "descriptionMarkdown": "The [Garrison ULTRA](https://www.garrison.com/en/garrison-ultra-cloud-platform) Remote Logs connector allows you to ingest Garrison ULTRA Remote Logs into Microsoft Sentinel.",
+                  "graphQueries": [
+                    {
+                      "metricName": "Total data received",
+                      "legend": "Garrison_ULTRARemoteLogs_CL",
+                      "baseQuery": "Garrison_ULTRARemoteLogs_CL"
+                    }
+                  ],
+                  "sampleQueries": [
+                    {
+                      "description": "Last 10 logs",
+                      "query": "Garrison_ULTRARemoteLogs_CL\n | top 10 by TimeGenerated desc"
+                    }
+                  ],
+                  "dataTypes": [
+                    {
+                      "name": "Garrison_ULTRARemoteLogs_CL",
+                      "lastDataReceivedQuery": "Garrison_ULTRARemoteLogs_CL\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
+                    }
+                  ],
+                  "connectivityCriterias": [
+                    {
+                      "type": "IsConnectedQuery",
+                      "value": [
+                        "Garrison_ULTRARemoteLogs_CL \n    |take 1\n   | project IsConnected = true  "
+                      ]
+                    }
+                  ],
+                  "availability": {
+                    "status": 1,
+                    "isPreview": false
+                  },
+                  "permissions": {
+                    "resourceProvider": [
+                      {
+                        "provider": "Microsoft.OperationalInsights/workspaces",
+                        "permissionsDisplayText": "read and write permissions on the workspace are required.",
+                        "providerDisplayName": "Workspace",
+                        "scope": "Workspace",
+                        "requiredPermissions": {
+                          "write": true,
+                          "read": true,
+                          "delete": true
+                        }
+                      },
+                      {
+                        "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
+                        "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
+                        "providerDisplayName": "Keys",
+                        "scope": "Workspace",
+                        "requiredPermissions": {
+                          "action": true
+                        }
+                      }
+                    ],
+                    "customs": [
+                      {
+                        "name": "Garrison ULTRA",
+                        "description": "To use this data connector you must have an active [Garrison ULTRA](https://www.garrison.com/en/garrison-ultra-cloud-platform) license."
+                      }
+                    ]
+                  },
+                  "instructionSteps": [
+                    {
+                      "description": "These steps outline the automated deployment of the Garrison ULTRA Remote Logs data connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Frefs%2Fheads%2Fmaster%2FSolutions%2FGarrison%2520ULTRA%2FData%2520Connectors%2FGarrisonULTRARemoteLogs%2Fazuredeploy_DataCollectionResources.json) \t\t\t\n2. Provide the required details such as Resource Group, Microsoft Sentinel Workspace and ingestion configurations \n> **NOTE:** It is recommended to create a new Resource Group for deployment of these resources.\n3. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n4. Click **Purchase** to deploy.",
+                      "title": "Deployment - Azure Resource Manager (ARM) Template"
+                    }
+                  ],
+                  "metadata": {
+                    "id": "919e2355-136a-4bbd-ade7-1956e5f61f83",
+                    "version": "1.0.0",
+                    "kind": "dataConnector",
+                    "source": {
+                      "kind": "solution",
+                      "name": "Garrison ULTRA Remote Logs"
+                    },
+                    "author": {
+                      "name": "Garrison"
+                    },
+                    "support": {
+                      "tier": "developer",
+                      "name": "Garrison"
+                    }
+                  }
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2023-04-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
+              "properties": {
+                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
+                "contentId": "[variables('_dataConnectorContentId1')]",
+                "kind": "DataConnector",
+                "version": "[variables('dataConnectorVersion1')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Garrison ULTRA",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Garrison",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Garrison",
+                  "email": "support.ultra@garrison.com",
+                  "tier": "Partner",
+                  "link": "https://support.ultra.garrison.com"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_dataConnectorContentId1')]",
+        "contentKind": "DataConnector",
+        "displayName": "Garrison ULTRA Remote Logs (using Azure Functions)",
+        "contentProductId": "[variables('_dataConnectorcontentProductId1')]",
+        "id": "[variables('_dataConnectorcontentProductId1')]",
+        "version": "[variables('dataConnectorVersion1')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
+      "dependsOn": [
+        "[variables('_dataConnectorId1')]"
+      ],
+      "location": "[parameters('workspace-location')]",
+      "properties": {
+        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
+        "contentId": "[variables('_dataConnectorContentId1')]",
+        "kind": "DataConnector",
+        "version": "[variables('dataConnectorVersion1')]",
+        "source": {
+          "kind": "Solution",
+          "name": "Garrison ULTRA",
+          "sourceId": "[variables('_solutionId')]"
+        },
+        "author": {
+          "name": "Garrison",
+          "email": "[variables('_email')]"
+        },
+        "support": {
+          "name": "Garrison",
+          "email": "support.ultra@garrison.com",
+          "tier": "Partner",
+          "link": "https://support.ultra.garrison.com"
+        }
+      }
+    },
+    {
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
+      "apiVersion": "2021-03-01-preview",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+      "location": "[parameters('workspace-location')]",
+      "kind": "GenericUI",
+      "properties": {
+        "connectorUiConfig": {
+          "title": "Garrison ULTRA Remote Logs (using Azure Functions)",
+          "publisher": "Garrison",
+          "descriptionMarkdown": "The [Garrison ULTRA](https://www.garrison.com/en/garrison-ultra-cloud-platform) Remote Logs connector allows you to ingest Garrison ULTRA Remote Logs into Microsoft Sentinel.",
+          "graphQueries": [
+            {
+              "metricName": "Total data received",
+              "legend": "Garrison_ULTRARemoteLogs_CL",
+              "baseQuery": "Garrison_ULTRARemoteLogs_CL"
+            }
+          ],
+          "dataTypes": [
+            {
+              "name": "Garrison_ULTRARemoteLogs_CL",
+              "lastDataReceivedQuery": "Garrison_ULTRARemoteLogs_CL\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
+            }
+          ],
+          "connectivityCriterias": [
+            {
+              "type": "IsConnectedQuery",
+              "value": [
+                "Garrison_ULTRARemoteLogs_CL \n    |take 1\n   | project IsConnected = true  "
+              ]
+            }
+          ],
+          "sampleQueries": [
+            {
+              "description": "Last 10 logs",
+              "query": "Garrison_ULTRARemoteLogs_CL\n | top 10 by TimeGenerated desc"
+            }
+          ],
+          "availability": {
+            "status": 1,
+            "isPreview": false
+          },
+          "permissions": {
+            "resourceProvider": [
+              {
+                "provider": "Microsoft.OperationalInsights/workspaces",
+                "permissionsDisplayText": "read and write permissions on the workspace are required.",
+                "providerDisplayName": "Workspace",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                  "write": true,
+                  "read": true,
+                  "delete": true
+                }
+              },
+              {
+                "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
+                "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
+                "providerDisplayName": "Keys",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                  "action": true
+                }
+              }
+            ],
+            "customs": [
+              {
+                "name": "Garrison ULTRA",
+                "description": "To use this data connector you must have an active [Garrison ULTRA](https://www.garrison.com/en/garrison-ultra-cloud-platform) license."
+              }
+            ]
+          },
+          "instructionSteps": [
+            {
+              "description": "These steps outline the automated deployment of the Garrison ULTRA Remote Logs data connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Frefs%2Fheads%2Fmaster%2FSolutions%2FGarrison%2520ULTRA%2FData%2520Connectors%2FGarrisonULTRARemoteLogs%2Fazuredeploy_DataCollectionResources.json) \t\t\t\n2. Provide the required details such as Resource Group, Microsoft Sentinel Workspace and ingestion configurations \n> **NOTE:** It is recommended to create a new Resource Group for deployment of these resources.\n3. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n4. Click **Purchase** to deploy.",
+              "title": "Deployment - Azure Resource Manager (ARM) Template"
+            }
+          ],
+          "id": "[variables('_uiConfigId1')]"
+        }
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages",
+      "apiVersion": "2023-04-01-preview",
+      "location": "[parameters('workspace-location')]",
+      "properties": {
+        "version": "3.0.0",
+        "kind": "Solution",
+        "contentSchemaVersion": "3.0.0",
+        "displayName": "Garrison ULTRA",
+        "publisherDisplayName": "Garrison",
+        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Garrison%20ULTRA/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://www.garrison.com/garrison-ultra-cloud-platform\">Garrison ULTRA</a> solution allows you ingest logs from Garrison ULTRA into Microsoft Sentinel.</p>\n<p><strong>Data Connectors:</strong> 1</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "contentKind": "Solution",
+        "contentProductId": "[variables('_solutioncontentProductId')]",
+        "id": "[variables('_solutioncontentProductId')]",
+        "icon": "<img src=\"https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FLogos%2FGarrison_Logomark.svg\" width=\"75px\" height=\"75px\">",
+        "contentId": "[variables('_solutionId')]",
+        "parentId": "[variables('_solutionId')]",
+        "source": {
+          "kind": "Solution",
+          "name": "Garrison ULTRA",
+          "sourceId": "[variables('_solutionId')]"
+        },
+        "author": {
+          "name": "Garrison",
+          "email": "[variables('_email')]"
+        },
+        "support": {
+          "name": "Garrison",
+          "email": "support.ultra@garrison.com",
+          "tier": "Partner",
+          "link": "https://support.ultra.garrison.com"
+        },
+        "dependencies": {
+          "operator": "AND",
+          "criteria": [
+            {
+              "kind": "DataConnector",
+              "contentId": "[variables('_dataConnectorContentId1')]",
+              "version": "[variables('dataConnectorVersion1')]"
+            }
+          ]
+        },
+        "firstPublishDate": "2024-10-04",
+        "providers": [
+          "Garrison"
+        ],
+        "categories": {
+          "domains": [
+            "Application",
+            "User Behavior (UEBA)"
+          ]
+        }
+      },
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('_solutionId'))]"
+    }
+  ],
+  "outputs": {}
+}
diff --git a/Solutions/Garrison ULTRA/Package/testParameters.json b/Solutions/Garrison ULTRA/Package/testParameters.json
new file mode 100644
index 00000000000..e55ec41a9ac
--- /dev/null
+++ b/Solutions/Garrison ULTRA/Package/testParameters.json	
@@ -0,0 +1,24 @@
+{
+  "location": {
+    "type": "string",
+    "minLength": 1,
+    "defaultValue": "[resourceGroup().location]",
+    "metadata": {
+      "description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`.  We instead use the `workspace-location` which is derived from the LA workspace"
+    }
+  },
+  "workspace-location": {
+    "type": "string",
+    "defaultValue": "",
+    "metadata": {
+      "description": "[concat('Region to deploy solution resources -- separate from location selection',parameters('location'))]"
+    }
+  },
+  "workspace": {
+    "defaultValue": "",
+    "type": "string",
+    "metadata": {
+      "description": "Workspace name for Log Analytics where Microsoft Sentinel is setup"
+    }
+  }
+}
diff --git a/Solutions/Garrison ULTRA/ReleaseNotes.md b/Solutions/Garrison ULTRA/ReleaseNotes.md
new file mode 100644
index 00000000000..8a3c2ffdab8
--- /dev/null
+++ b/Solutions/Garrison ULTRA/ReleaseNotes.md	
@@ -0,0 +1,3 @@
+| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                                                 |
+|-------------|--------------------------------|--------------------------------------------------------------------|
+| 3.0.0       | 22-11-2024                     | Initial Solution Release   |
\ No newline at end of file
diff --git a/Solutions/Garrison ULTRA/SolutionMetadata.json b/Solutions/Garrison ULTRA/SolutionMetadata.json
new file mode 100644
index 00000000000..42530d1b513
--- /dev/null
+++ b/Solutions/Garrison ULTRA/SolutionMetadata.json	
@@ -0,0 +1,19 @@
+{
+  "publisherId": "garrisontechnologyltd1725375696148",
+  "offerId": "microsoft-sentinel-solution-garrison-ultra",
+  "firstPublishDate": "2024-10-04",
+  "providers": ["Garrison"],
+  "categories": {
+    "domains": [
+      "Application",
+      "User Behavior (UEBA)"
+    ],
+    "verticals": []
+  },
+  "support": {
+    "name": "Garrison",
+    "email": "support.ultra@garrison.com",
+    "tier": "Partner",
+    "link": "https://support.ultra.garrison.com"
+  }
+}