Legal Terms & Conditions

Last update May 24, 2018


GENERAL TERMS APPLICABLE TO ALL OFFERINGS

SCHEDULES

  Product Schedules

  Subscription Schedules

  Support Schedules

These terms and conditions (the “Agreement”) govern the purchase and use of FireEye Offerings by the Customer listed on the Order or Statement of Work that incorporates this Agreement.

Structure and Order of Precedence.  The General Terms Applicable to all FireEye Offerings (“General Terms”) provide the terms under which the Customer may use FireEye’s various Offerings.  The specific rights for the Customer to use and receive Products, Support Services or Subscriptions or otherwise engage with specific FireEye Offerings are set forth in the applicable  ”Schedule”.  In the event of conflict between any of the General Terms and a Schedule, the Schedule will govern.

If you have arrived at this page via a link provided during the process of installing your FireEye Product, you acknowledge that by proceeding with the installation of that Product, you agree to be bound by this Agreement as it applies to Products. If this Agreement is considered an offer, acceptance Is expressly limited to the terms of this Agreement. If you do not unconditionally agree to the foregoing, discontinue the installation process. If you proceed with installation, you are representing and warranting that you are authorized to bind the Customer.


General Terms Applicable to all FireEye Offerings

1.        DEFINITIONS.

1.1     
“Content Feed” means all intelligence and content feeds associated with Products and Subscriptions, which may consist of inbound and outbound feeds that are part of FireEye’s Dynamic Threat Intelligence (DTI) Cloud, downloads of Indicators for use with Products and Subscriptions, and/or intelligence provided as part of Advanced Threat Intelligence (ATI).

1.2      “Deliverables” means the written reports that are created specifically for Customer as a result of the Professional Services provided hereunder.

1.3      “Documentation” means the user manuals generally provided in writing by FireEye to end users of the Products and Subscriptions in electronic format, as amended from time to time by FireEye.

1.4      “FireEye” means (i) FireEye, Inc., a Delaware corporation with its principal place of business at 1440 McCarthy Blvd., Milpitas, CA, 95035 with respect to Offerings  that are shipped to, deployed or rendered inside of North America (including the United States, Mexico, Canada and the Caribbean), Central America and South America (collectively, the “Americas”); or (ii) with respect to all Offerings that are shipped to, deployed or rendered outside of the Americas, FireEye Ireland Limited, a company incorporated under the laws of Ireland with principal place of business at 2 Park Place, City Gate Park, Mahon, Cork, Ireland.

1.5      "FireEye Materials" means all FireEye proprietary materials, Deliverables, intellectual property related to Products or Subscriptions, (such as all rights in any software incorporated into a Product or Subscription, copyrights, and patent, trade secret and trademark rights related to Products, and screens associated with Products or Subscriptions), Documentation, any hardware and/or software used by FireEye in performing Services or providing Subscriptions, Content Feeds, FireEye’s processes and methods (including any forensic investigation processes and methods), Indicators of Compromise, materials distributed by FireEye during Training, and any FireEye templates and/or forms, including report and presentation templates and forms.  FireEye Materials does not include Third Party Materials.

1.6       "Indicators of Compromise" or "Indicators" means specifications of anomalies, configurations, or other conditions that FireEye can identify within an information technology infrastructure, used by FireEye in performing Professional Services and providing Subscriptions.

1.7       “Intellectual Property Rights” means copyrights (including, without limitation, the exclusive right to use, reproduce, modify, distribute, publicly display and publicly perform the copyrighted work), trademark rights (including, without limitation, trade names, trademarks, service marks, and trade dress), patent rights (including, without limitation, the exclusive right to make, use and sell), trade secrets, moral rights, right of publicity, authors’ rights, contract and licensing rights, goodwill and all other intellectual property rights as may exist now and/or hereafter come into existence and all renewals and extensions thereof, regardless of whether such rights arise under the law of the United States or any other state, country or jurisdiction.

1.8       “Offerings” means, collectively, Products, Subscriptions, Training, Professional Services and Support Services.

1.9       “Order” means a written purchase order or similar ordering document, signed or submitted to FireEye by Customer and approved by FireEye, under which Customer agrees to purchase Offerings.

1.10     “Products” means the FireEye software and hardware appliances (which may include embedded software or firmware components) as described in the Product Schedule to this Agreement.

1.11     “Professional Services” means, collectively, those security consulting services provided by FireEye under a Statement of Work and/or set forth on an Order, which may consist of Product-related services such as deployment, configuration or installation services; proactive security consulting such as penetration testing, vulnerability assessments or compromise assessments; or incident response or other remediative services.

1.12     "Service" or "Services" means the Professional Services, Support Services and Training.

1.13     "Statement of Work" or “SOW” means a mutually agreed-upon document between FireEye and Customer, describing Professional Services, rates and timelines (if applicable) for those Professional Services, and incorporating this Agreement.

1.14     “Subscription” means a service provided by FireEye for a fixed term, under which FireEye provides access to certain features, functionality, and/or information, as described in the applicable Schedule for each Subscription attached to this Agreement.

1.15     “Support Services” means the Product and Subscription support and maintenance services provided by FireEye with respect to each Product and Subscription, as described in the applicable Schedule for each Product or Subscription.

1.16     “Third Party Materials” means software or other components that are licensed to FireEye by third parties for use in FireEye’s Offerings.

1.17     “Training” means training in the use of Products or Subscriptions, or on security-related topics in general, provided by FireEye.

2.        ORDERS AND STATEMENTS OF WORK.

2.1.      Orders.  Customer may purchase Offerings by submitting an Order.  If accepted by FireEye, the “Order Effective Date” will be the date of the Order.  All Orders will be governed by this Agreement. For clarity, FireEye will not be obligated to ship any Product, or provide any Services, Training or Subscriptions until Customer has issued a valid Order for those Offerings.

2.2.      Statements of Work.  Each Statement of Work will incorporate and be governed by this Agreement.  The “Statement of Work Effective Date” will be the date both Customer and FireEye have agreed to the Statement of Work, either by executing the Statement of Work or by issuing and accepting an Order for the Professional Services described on the Statement of Work.  For clarity, FireEye will not be obligated to perform any Professional Services until a SOW describing those Professional Services has been agreed by both parties or an Order listing those Professional Services has been accepted by FireEye. 

3.        FEES AND PAYMENT.

3.1      Fees and Expenses. Customer agrees to purchase the Offerings for the prices set forth in each Order and/or Statement of Work, as applicable (“Fees”).  If Customer purchases through a FireEye partner (such as an authorized reseller or distributor, collectively, “FireEye Partners”), all fees and other procurement and delivery terms shall be agreed between Customer and the applicable partner. Customer shall reimburse FireEye for all expenses incurred so long as such expenses are directly attributable to the Services or Subscriptions performed for or provided to Customer.  FireEye will provide appropriate vouching documentation for all expenses exceeding $25. 

3.2      Payment. If Customer purchases directly from FireEye, Customer will make full payment in the currency specified in FireEye’s invoice, without set-off and in immediately available funds, within thirty (30) days of the date of each invoice.  All Fees are non-cancelable and non-refundable.  All Fees described on an Order and in a Statement of Work will be fully invoiced in advance, unless otherwise agreed by FireEye.  Any partial shipments delivered by FireEye may be invoiced or delivered individually. If any payment is more than fifteen (15) days late, FireEye may, without limiting any remedies available to FireEye, terminate the applicable Order or Statement of Work or suspend performance until payment is made current.  Customer will pay interest on all delinquent amounts at the lesser of 1.5% per month or the maximum rate permitted by applicable law. 

3.3      Taxes. All Fees are exclusive of all present and future sales, use, excise, value added, goods and services, withholding and other taxes, and all customs duties and tariffs now or hereafter claimed or imposed by any governmental authority upon the Offerings which shall be invoiced to and paid by the Customer.  If Customer is required by law to make any deduction or withholding on any payments due to FireEye, Customer will notify FireEye and will pay FireEye any additional amounts necessary to ensure that the net amount FireEye receives, after any deduction or withholding, equals the amount FireEye would have received if no deduction or withholding had been required.  Additionally, Customer will provide to FireEye evidence, to the reasonable satisfaction of FireEye, showing that the withheld or deducted amounts have been paid to the relevant governmental authority.  For purposes of calculating sales and similar taxes, FireEye will use the address set forth on the Order or Statement of Work, as applicable, as the jurisdiction to which Offerings and shipments are delivered unless Customer has otherwise notified FireEye in writing as of the Order Effective Date or Statement of Work Effective Date, as applicable. Customer will provide tax exemption certificates or direct-pay letters to FireEye on or before the Order Effective Date or Statement of Work Effective Date, as applicable.

3.4      Increases. FireEye reserves the right to increase Fees at any time, although increases in Fees for Subscriptions or Support Services will not go into effect until the next Renewal Subscription Term or Renewal Support Term, as applicable.

4.        TITLE AND RISK OF LOSS; INSPECTION.  All hardware, including hardware components of Products and any hardware provided for use with Subscriptions, is shipped FOB Origin from FireEye’s designated manufacturing facility or point of origin, and title to such hardware and the risk of loss of or damage to the hardware shall pass to Customer at time of FireEye’s delivery of such hardware to the carrier.  FireEye is authorized to designate a carrier pursuant to FireEye’s standard shipping practices unless otherwise specified in writing by Customer.  Customer must provide written notice to FireEye within five (5) days of delivery of the Products of any non-conformity with the Order, e.g., delivery of the wrong Product or incorrect quantities.

5.        TERMS APPLICABLE TO SPECIFIC OFFERINGS.  Products, Support and Subscriptions are governed by these General Terms and the applicable Schedule for each Offering. Evaluations, Training, and Professional Services are governed by these General Terms, including the applicable sections below.  

5.1.     Evaluations. If Customer receives a Product or Subscription for evaluation purposes (“Evaluation Offerings”) then Customer may use the Evaluation Offerings for its own internal evaluation purposes for a period of up to thirty (30) days from the date of receipt of the Evaluation Offerings (the “Evaluation Period”).  Customer and FireEye may, upon mutual written agreement (including via email), extend the Evaluation Period. If the Evaluation Offering includes hardware components, Customer will return the hardware within ten (10) days of the end of the Evaluation Period, and if Customer does not return the hardware within this period, Customer shall be invoiced for the then-current list price for the applicable Evaluation Offering. Customer acknowledges that title to hardware components of Evaluation Offerings remains with FireEye at all times, and that Evaluation Offerings may be used and/or refurbished units. If the Evaluation Offering does not include hardware components, Evaluator must delete all software and other components (including Documentation) related to the Evaluation Offering at the end of the Evaluation Period, and confirm those deletions in writing to FireEye, or the Evaluator shall be invoiced for the then-current list price for the Evaluation Offering.  If the Evaluation Offering is a Subscription, Evaluator understands that FireEye may disable access to the Subscription automatically at the end of the Evaluation Period, without notice to Evaluator. EVALUATION OFFERINGS ARE PROVIDED “AS IS”, AND TO THE EXTENT PERMITTED BY APPLICABLE LAW, FIREEYE DISCLAIMS ALL WARRANTIES RELATING TO THE EVALUATION OFFERINGS, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTIES AGAINST INFRINGEMENT OF THIRD PARTY RIGHTS, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

5.2.     Training. Training delivery dates and location for such Training will be mutually agreed upon by the parties. If an Order does not specify such dates and/or locations, then the parties will mutually agree upon the dates and locations for Training.  Customer must request rescheduling of Training no less than two (2) weeks in advance of the scheduled start date.  FireEye will use reasonable efforts to reschedule the Training, subject to availability, and Customer will pay any expenses associated with the rescheduling, including any expenses associated with cancelling or changing travel plans.  If Customer cancels attendance at a public Training class, Customer must notify FireEye no later than two (2) business days before the date of the Training class.  If Customer timely notifies FireEye of the cancellation, FireEye will issue Customer a credit for the amount paid for that public Training class, which Customer may apply toward another public Training class held within one (1) year of the date of the Order on which the cancelled Training class was included.  Customer may substitute a named attendee at a public Training class, but Customer will notify FireEye in advance of any such substitution.  FireEye reserves the right to refuse admittance to public Training classes to any person, for any reason, and if FireEye refuses admittance, FireEye will refund the amount paid for that person’s attendance at the public Training class.  FireEye does not refund or credit Fees paid for attendees who do not attend Training classes or who leave before a Training class concludes. Training may not be recorded. If Customer purchases a block of Training hours (for example, 10 hours of Training), then Customer must use those hours within one (1) year of the effective date of the applicable Order.  All Training must be scheduled and conducted within one (1) year of the date of the applicable Order for that Training.

5.3.      Professional Services.

5.3.1.   Deliverables. Subject to Customer’s timely payment of applicable fees, and subject to thisthe Agreement and each applicable SOW, Customer shall have a perpetual, non-exclusive, nontransferable, right and license to use, display and reproduce the Deliverables for its internal business purposes. Deliverables may not be shared with any third party other than law enforcement agencies. In no event may Deliverables be used for sales or marketing activities.  

5.3.2.   Customer-Owned Property. Customer is and will remain, at all times, the sole and exclusive owner of the Customer-Owned Property (including, without limitation, any modification, compilation, derivative work of, and all intellectual property and proprietary rights contained in or pertaining thereto).  FireEye will return or destroy all Customer-Owned Property upon the termination or expiration of the applicable SOW or Order. “Customer-Owned Property” means any technology, software, algorithms, formulas, techniques or know-how and other tangible and intangible items that were owned by Customer, or developed by or for Customer prior to the SOW Effective Date that are provided by Customer to FireEye for incorporation into or used in connection with the development of the Deliverables or performance of Professional Services.

5.3.3.   Customer Responsibilities. If the Services require the installation and use of FireEye equipment or software, Customer will facilitate the installation and shall provide physical space, electrical power, Internet connectivity and physical access as reasonably determined and communicated by FireEye.

5.3.4.   Litigation Expenses. If FireEye is required by applicable law, legal process or government action to produce information, documents or personnel as witnesses with respect to the Professional Services or this Agreement, such as by responding to one or more subpoenas, Customer shall reimburse FireEye for any time and expenses (including without limitation reasonable external and internal legal costs) incurred to respond to the request, unless FireEye is itself a party to the proceeding or the subject of the investigation.

6.        INTELLECTUAL PROPERTY

6.1.     Ownership of FireEye Materials; Restrictions.  All Intellectual Property Rights in FireEye Materials, Products, Deliverables, Documentation, and Subscriptions belong exclusively to FireEye and its licensors. Customer will not (and will not allow any third party to): (i) disassemble,  decompile,  reverse  compile,  reverse engineer or attempt to discover any source code or underlying ideas or algorithms of any FireEye Materials (except to the limited extent that applicable law prohibits reverse engineering restrictions); (ii) sell,  resell,  distribute, sublicense or otherwise transfer, the  FireEye Materials, or  make the functionality of the FireEye Materials available to any other party through any means (unless otherwise FireEye has provided prior written consent),  (iii) without the express prior written consent of FireEye, conduct any benchmarking or comparative study or analysis involving the FireEye Materials (“Benchmarking”) for any reason or purpose except, to the limited extent absolutely necessary, to determine the suitability of Products or Subscriptions to interoperate with  Customer’s internal computer systems; (iv) disclose or publish to any third party any Benchmarking or any other information related thereto; (v) use the FireEye Materials or any Benchmarking in connection with the development of products, services or subscriptions that compete with the FireEye Materials; or (vi) reproduce, alter,  modify or create derivatives of the FireEye Materials. Between Customer and FireEye, FireEye shall retain all rights and title in and to any Indicators of Compromise FireEye developed by or for FireEye in the course of providing Subscriptions or performing Services. 

6.2.     Third Party Materials.  Customer acknowledges that Products and Subscriptions may include Third Party Materials.  FireEye represents that these Third Party Materials will not diminish the license rights provided herein or limit Customer’s ability to use the Products and Subscriptions in accordance with the applicable Documentation, and neither the inclusion of Third Party Materials in any Product or Subscription or use of Third Party Materials in performance of Services will create any obligation on the part of Customer to license Customer’s software or products under any open source or similar license. 

7.        WARRANTIES.

7.1.     Product Warranty.  FireEye warrants to Customer that during the one (1) year period following the shipment of the Products, the Products will perform substantially in accordance with the applicable Documentation. The warranty stated in this Section 7.1 shall not apply if the Product has: (i) been subjected to abuse, misuse, neglect, negligence, accident, improper testing, improper installation, improper storage, improper handling or use contrary to any instructions issued by FireEye; (ii) been repaired or altered by persons other than FireEye; (iii) not been installed, operated, repaired and maintained in accordance with the Documentation; or (iv) been used with any third party software or hardware which has not been previously approved in writing by FireEye.  If during the one-year Product warranty period: (a) FireEye is notified promptly in writing upon discovery of any error in a Product, including a detailed description of such alleged error; (b) such Product is returned, transportation charges prepaid, to FireEye’s designated manufacturing facility in accordance with FireEye’s then-current return procedures, as set forth by FireEye from time to time; and (c) FireEye’s inspections and tests determine that the Product contains errors and has not been subjected to any of the conditions set forth in 7.1(i)-(iv) above, then, as Customer’s sole remedy and FireEye’s sole obligation under the foregoing warranty, FireEye shall, at FireEye’s option, repair or replace without charge such Product.  Any Product that has either been repaired or replaced under this warranty shall have warranty coverage for the remaining warranty period.  Replacement parts used in the repair of a Product may be new or equivalent to new.

7.2.     Services Warranty.  FireEye warrants to Customer that Services will be performed in a professional manner in accordance with industry standards for like services.  If Customer believes the warranty stated in this Section has been breached, Customer must notify FireEye of the breach no later than thirty (30) days following the date the Services were performed, and FireEye will promptly correct or re-perform the Services, at FireEye’s expense.

7.3.     Subscription Warranty.  FireEye warrants to Customer the Subscriptions will be provided in a professional manner in accordance with industry standards for similar subscriptions.  If Customer believes the warranty stated in this Section has been breached, Customer must notify FireEye of the breach no later than thirty (30) days following the date the warranty was allegedly breached, and FireEye will promptly correct the non-conformity, at FireEye’s expense.

7.4.     Remedies Exclusive.  Except for any Service Level Credits described in applicable Schedules, the remedies stated in Sections 7.1-7.3 above are the sole remedies, and FireEye’s sole obligation, with respect to Products, Subscriptions and Services that fail to comply with the foregoing warranties.   

7.5.     Disclaimer of Warranties.  EXCEPT FOR THE EXPRESS WARRANTIES SET FORTH HEREIN, ALL PRODUCTS, SUBSCRIPTIONS, FIREEYE MATERIALS, DELIVERABLES AND SERVICES ARE PROVIDED ON AN “AS IS” BASIS WITHOUT ANY WARRANTY WHATSOEVER.  FIREEYE AND ITS SUPPLIERS EXPRESSLY DISCLAIM, TO THE MAXIMUM EXTENT PERMISSIBLE UNDER APPLICABLE LAW, ALL WARRANTIES, EXPRESS, IMPLIED AND STATUTORY, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, NONINFRINGEMENT, OR ARISING FROM COURSE OF PERFORMANCE, DEALING, USAGE OR TRADE.  FIREEYE ALSO MAKES NO WARRANTY REGARDING NONINTERRUPTION OF USE OR FREEDOM FROM BUGS, AND MAKES NO WARRANTY THAT PRODUCTS, FIREEYE MATERIALS, DELIVERABLES, SERVICES OR SUBSCRIPTIONS WILL BE ERROR-FREE.

8.        INFRINGEMENT INDEMNITY.

8.1.     Indemnity. FireEye shall defend Customer, and its officers, directors and employees, against any third party action alleging that the FireEye Materials infringes a valid U.S. patent or copyright issued as of the date of delivery or performance, as applicable, and FireEye shall pay all settlements entered into, and all final judgments and costs (including reasonable attorneys’ fees) finally awarded against such party in connection with such action.  If the FireEye Materials, or parts thereof, become, or in FireEye’s opinion may become, the subject of an infringement claim, FireEye may, at its option: (i) procure for Customer the right to continue using the applicable FireEye Materials; (ii) modify or replace such FireEye Materials with a substantially equivalent non-infringing FireEye Materials; or (iii) require the return of such FireEye Materials or cease providing affected Product, Subscriptions, Deliverables or Services, and refund to Customer, with respect to Products, a pro-rata portion of the purchase price of such Products based on a three-year straight line amortization of the purchase price, and with respect to Subscriptions, a portion of any pre-paid Fees for such Subscriptions, pro rated for any unused Subscription Term, and with respect to Services, any pre-paid Fees for Services that have not been delivered. THIS SECTION 8.1 STATES THE ENTIRE LIABILITY OF FIREEYE AND CUSTOMER’S SOLE REMEDY WITH RESPECT TO ANY INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS BY THE OFFERINGS, FIREEYE MATERIALS, OR DELIVERABLES.

8.2.     Exceptions. FireEye shall have no indemnification obligations with respect to any action arising out of: (i) the use of any Product, Subscription, Deliverable, or Service, or any part thereof, in combination with software or other products not supplied by FireEye; (ii) any modification of the Products, Subscriptions, Deliverables, or Services not performed or expressly authorized by FireEye; or (iii) the use of any the Products, Subscriptions, Deliverables, or Services other than in accordance with this Agreement and applicable Documentation.

8.3.     Indemnification Process. The indemnification obligations shall be subject to Customer: (i) notifying FireEye within ten (10) days of receiving notice of any threat or claim in writing of such action; (ii) giving FireEye exclusive control and authority over the defense or settlement of such action; (iii) not entering into any settlement or compromise of any such action without FireEye’s prior written consent; and (iv) providing reasonable assistance requested by FireEye.

9.        LIMITATION OF LIABILITY.

9.1.     Consequential Damages Waiver.  EXCEPT FOR LIABILITY ARISING UNDER A BREACH OF ANY INTELLECTUAL PROPERTY RIGHT OF FIREEYE, OR THE INDEMNIFICATION OBLIGATIONS SET FORTH IN SECTION 8 (INFRINGEMENT INDEMNITY),  IN NO EVENT WILL FIREEYE BE LIABLE FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES OF ANY KIND, INCLUDING BUT NOT LIMITED TO ANY LOST PROFITS AND LOST SAVINGS, HOWEVER CAUSED, WHETHER FOR BREACH OR REPUDIATION OF CONTRACT, TORT, BREACH OF WARRANTY, NEGLIGENCE, OR OTHERWISE, WHETHER OR NOT FIREEYE WAS ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGES.

9.2.     Limitation of Monetary Damages.  EXCEPT FOR LIABILITY ARISING UNDER A BREACH OF ANY INTELLECTUAL PROPERTY RIGHT OF FIREEYE, PAYMENT OBLIGATIONS OF CUSTOMER, AND THE INDEMNIFICATION OBLIGATIONS SET FORTH IN SECTION 8 (INFRINGEMENT INDEMNITY), AND NOTWITHSTANDING ANY OTHER PROVISIONS OF THIS AGREEMENT OR ANY ORDER OR STATEMENT OF WORK, FIREEYE’S TOTAL LIABILITY ARISING OUT OF THIS AGREEMENT, THE OFFERINGS, THE FIREEYE MATERIALS AND DELIVERABLES SHALL BE LIMITED TO THE TOTAL AMOUNTS RECEIVED BY FIREEYE FOR THE RELEVANT OFFERINGS DURING THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE FIRST OCCURRENCE OF THE EVENTS GIVING RISE TO SUCH LIABILITY.

9.3.      Applicability.  THE LIMITATIONS AND EXCLUSIONS CONTAINED HEREIN WILL APPLY ONLY TO THE MAXIMUM EXTENT PERMISSIBLE UNDER APPLICABLE LAW, AND NOTHING HEREIN PURPORTS TO LIMIT EITHER PARTY’S LIABILITY IN A MANNER THAT WOULD BE UNENFORCEABLE OR VOID AS AGAINST PUBLIC POLICY IN THE APPLICABLE JURISDICTION.

9.4        SAFETY Act.  FireEye and Customer hereby mutually waive and release each other from any and all liabilities relating to any claims for losses or damages of any kind (including, but not limited to, business interruption losses) arising out of an Act of Terrorism as defined by the Support Anti-Terrorism By Fostering Effective Technologies Act of 2002 (“SAFETY Act”)(6 U.S.C. §§ 441-444). FireEye and Customer further agree to be solely responsible to the full extent of any and all losses they may sustain, or for any and all losses their respective employees, officers, or agents may sustain, resulting from an Act of Terrorism as defined by 6 U.S.C. §§ 441-444 when FireEye’s Multi-Vector Virtual Execution Engine and any subscriptions, cloud services platform or associated services (the “Qualified Anti-Terrorism Technology”) are utilized in defense against, response to, or recovery from an Act of Terrorism.    

10.       Compliance with Law; U.S. Government Restricted Rights.

10.1.    Compliance with Law. Each party will comply with all laws and regulations applicable to it with respect to the Offerings. , including all export control regulations and restrictions that may apply to the Offerings. Customer will not export any FireEye Materials to any countries embargoed by the United States (currently including Cuba, Iran, North Korea, Sudan and Syria). Each Party acknowledges that it is familiar with and will comply with the provisions of the U.S. Foreign Corrupt Practices Act ("the FCPA") and the U.K. Bribery Act of 2010 (“UKBA”), as applicable, and each party agrees that no action it takes will constitute a bribe, influence payment, kickback, or other payment that violates the FCPA, the UKBA, or any other applicable anticorruption or anti-bribery law.

10.2.    U.S. Government Restricted Rights. The Offerings, Deliverables and Documentation are “commercial items”, “commercial computer software” and “commercial computer software documentation,” pursuant to DFAR Section 227.7202 and FAR Section 12.212, as applicable.  All Offerings and FireEye Materials are and were developed solely at private expense.  Any use, modification, reproduction, release, performance, display or disclosure of the Offerings, FireEye Materials and Documentation by the United States Government shall be governed solely by this Agreement and shall be prohibited except to the extent expressly permitted by this Agreement.

11.       CONFIDENTIAL INFORMATION.

11.1.    Confidential Information. “Confidential Information” means the non-public information that is exchanged between the parties, provided that such information is: (i) identified as confidential at the time of disclosure by the disclosing party (“Discloser”); or (ii) disclosed under circumstances that would indicate to a reasonable person that the information should be treated as confidential by the party receiving such information (“Recipient”). The terms of any commercial transaction between the parties (including pricing related to the Offerings) shall be considered Confidential Information.

11.2.    Maintenance of Confidentiality.  Each party agrees that it shall: (i) take reasonable measures to protect the Confidential Information by using the same degree of care, but no less than a reasonable degree of care, to prevent the unauthorized use, dissemination or publication of the Confidential Information as the Recipient uses to protect its own confidential information of a like nature;  (ii) limit disclosure to those persons within Recipient’s organization with a need to know and who have previously agreed in writing, prior to receipt of Confidential Information either as a condition of their employment or in order to obtain the Confidential Information, to obligations similar to the provisions hereof; (iii) not copy, reverse engineer, disassemble, create any works from, or decompile any prototypes, software or other tangible objects which embody the other party's Confidential Information and/or which are provided to the party hereunder; and (iv) comply with, and obtain all required authorizations arising from, all U.S. and other applicable export control laws or regulations..  Confidential Information shall not be used or reproduced in any form except as required to accomplish the purposes and intent of an Order or Statement of Work.  Any reproduction of Confidential Information shall be the property of Discloser and shall contain all notices of confidentiality contained on the original Confidential Information.

11.3.    Exceptions.  The parties agree that the foregoing shall not apply to any information that Recipient can evidence: (i) is or becomes publicly known and made generally available through no improper action or inaction of Recipient; (ii) was already in its possession or known by it prior to disclosure by Discloser to Recipient; (iii) is independently developed by Recipient without use of or reference to any Confidential Information; or (iv) was rightfully disclosed to it by, or obtained from, a third party.  Recipient may make disclosures required by law or court order provided that Recipient: (a) uses diligent efforts to limit disclosure and to obtain, if possible, confidential treatment or a protective order; (b) has given prompt advance notice to Discloser of such required disclosure; and (c) has allowed Discloser to participate in the proceedings.

11.4.    Injunctive Relief.  Each party will retain all right, title and interest to such party’s Confidential Information.  The parties acknowledge that a violation of the Recipient’s obligations with respect to Confidential Information may cause irreparable harm to the Discloser for which a remedy at law would be inadequate.  Therefore, in addition to all remedies available at law, Discloser shall be entitled to seek an injunction or other equitable remedies in all legal proceedings in the event of any threatened or actual violation of any or all of the provisions hereof.

11.5.   Return of Confidential Information.  Within thirty (30) days after the date when all Orders and SOWs have expired or been terminated, or after any request for return of Confidential Information, each party will return to the other party or destroy all of such other party’s Confidential Information, at such other party’s discretion, and, upon request, provide such other party with an officer’s certificate attesting to such return and/or destruction, as appropriate. 

11.6.   Privacy. If FireEye is a data processor under this Agreement, and in accordance with applicable data protection laws, including but not limited to the EU General Data Protection Regulation (GDPR), FireEye agrees that it will:

11.6.1  only deal with and process personal data controlled by Customer in compliance with, and subject to, the instructions received from Customer and in compliance with this Agreement and will not use or process the personal data for purposes other than those permitted by the Customer, anticipated by the Documentation for the Offerings, or for the purpose of research and development of FireEye’s Offerings;

11.6.2  adopt and maintain appropriate (including organizational and technical) security measures in processing Customer’s personal data in order to protect against unauthorized or accidental access, loss, alteration, disclosure or destruction of such data, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing;

11.6.3  take all reasonable steps to ensure that (i) persons employed by it, and (ii) other persons engaged at its place of work, are aware of and comply with applicable data privacy laws and regulations;

11.6.4  provide to Customer, upon request, a list of current sub-processors that may handle personal data at FireEye’s direction;

11.6.5  FireEye may process or otherwise transfer any personal information in or to any country outside of the country of origination, including such countries with less restrictive data protection laws, to the extent necessary for the provision of the Offerings. If required and where applicable, FireEye will enter into mutually agreed-upon country-specific data transfer mechanisms, including the Privacy Shield framework and the EU Standard Contractual Clauses as approved by the European Commission, to help ensure an adequate level of data protection for the personal data that will be processed or transferred. FireEye does not react to Do Not Track signals because there is no standard for how those signals are sent; and

11.6.6  customer agrees it is responsible for obtaining any applicable consents from data subjects for Customer’s use of FireEye to process Customer’s data.

12.       TERM AND TERMINATION.

12.1.    Term. This Agreement will become effective on the Effective Date and will continue in effect for a period of one (1) year (the “Initial Term” of the Agreement). This Agreement will renew for additional periods of one (1) year each (each, a “Renewal Term” and together with the Initial Term, the “Term” of this Agreement) unless either party notifies the other of its intent not to renew this Agreement by giving the other party notice of non-renewal no later than sixty (60) days prior to the end of the then-current Term. The term of each Order will be as set forth below or in the applicable Schedule, and the term of each SOW will be as set forth in the applicable SOW.

12.1.1  Products.  Products will be licensed according to the applicable Schedule, for the period of time stated on the Order (e.g., if the Order lists a Product as being provided for “3Y,” the license for that Product is provided for three years from the date of the Order). If no period of time is stated on the Order, then the Product is licensed perpetually, unless otherwise terminated as set forth herein.

12.1.2  Support Services.  Support Services will begin (i) for Products that include hardware, ten (10) days from the date of shipment of the associated Product; (ii) for Subscriptions that include Support Services, and virtual or software-only Products, ten days following the Order Effective Date, and will continue for the period of time stated on the Order(“Initial Support Term”). Unless otherwise stated on the Order, the Support Services will automatically renew for additional periods of one (1) year each (each, a “Renewal Support Term” and together with the Initial Support Term, the “Support Term”), unless either party notifies the other of its intention not to renew Support Services at least sixty (60) days prior to the expiration of the then-current Support Term. Customer may terminate Support at any time, for convenience, on thirty (30) days’ written notice to FireEye.  If Customer terminates Support Services for convenience before the end of the then-current Support Term, Customer will pay any remaining fees owing for the remainder of the then-current Support Term within thirty (30) days of the effective date of termination.

12.1.3  Subscriptions.  The term of each Subscription will begin on or shortly after the Order Effective Date (as determined by FireEye) and will continue in effect for the period of time stated in the Order (“Initial Subscription Term”).  Unless otherwise stated on the Order, the Subscription will automatically renew after its Initial Subscription Term for additional periods of one (1) year each (each, a “Renewal Subscription Term” and together with the Initial Subscription Term, the “Subscription Term”), unless either party notifies the other of its intention not to renew that Subscription at least sixty (60) days prior to the expiration of the then-current Subscription Term. Customer may terminate a Subscription at any time, for convenience, on thirty (30) days’ written notice to FireEye.  If Customer terminates a Subscription for convenience before the end of the then-current Subscription Term, Customer will pay any remaining fees owing for the remainder of the then-current Subscription Term within thirty (30) days of the effective date of termination.

12.1.4  Professional Services; Statements of Work.  Professional Services described on an Order will be provided at mutually agreed-upon times, and will continue until complete, unless otherwise terminated as set forth herein.  The term of each SOW will be as set forth in that SOW.  If no term is expressed in an SOW, then the term of that SOW will begin on the SOW Effective Date and continue until the Professional Services described in that SOW are complete or the SOW is earlier terminated as set forth herein.  Unless otherwise stated in a SOW, Customer may terminate a SOW at any time for convenience by giving FireEye at least thirty (30) days’ written notice of its intent to terminate the SOW.  If Customer terminates an SOW for convenience as set forth in this Section, Customer will pay any amounts owing for Professional Services and Deliverables provided under that SOW up to and including the date of termination. Customer may request that FireEye suspend performing Professional Services during the term of a Statement of Work, and FireEye will suspend such Professional Services within 24 hours of Customer’s request.  Customer acknowledges that any such suspension will not affect Customer’s obligation to pay fees for Professional Services rendered through the date of suspension, and that resumption of Professional Services may be delayed if FireEye redeploys personnel to other engagements during the period of suspension.

12.2.   Termination for Material Breach.  Either party may terminate any Order or any SOW upon written notice of a material breach of the applicable Order or SOW by the other party as provided below, subject to a thirty (30) day cure period (“Cure Period”).  If the breaching party has failed to cure the breach within the Cure Period after the receipt by the breaching party of written notice of such breach, the non‑breaching party may give a second notice to the breaching party terminating the applicable Order or SOW.  Termination of any particular Order or SOW under this Section will not be deemed a termination of any other Order or SOW, unless the notice of termination states that another Order or SOW is also terminated.  Notwithstanding the foregoing, the Cure Period applicable to a breach by Customer of any payment obligations under any Order or any SOW will be fifteen (15) days. Notwithstanding the foregoing, this Agreement shall terminate automatically in the event Customer has breached any license restriction and, in FireEye’s determination, that breach cannot be adequately cured within the Cure Period.

12.3.    Effect of Termination.  Termination or expiration of any Order or SOW will not be deemed a termination or expiration of any other Orders or SOWs in effect as of the date of termination or expiration, and this Agreement will continue to govern and be effective as to those outstanding Orders and SOWs until those Orders and SOWs have expired or terminated by their own terms or as set forth herein.  The provisions of Section 3 (Payment), Section 6 (Intellectual Property), Section 7.5 (Disclaimer of Warranties), 9 (Limitation of Liability), 10 (Compliance with Law; U.S. Government Restricted Rights), 11 (Confidential Information), and 13 (Miscellaneous), and all accrued payment obligations, shall survive the termination of all Orders and SOWs and the relationship between FireEye and Customer.

13.       MISCELLANEOUS.

13.1.    Assignment. Customer may not assign any Order or Statement of Work, or any rights or obligations thereunder, in whole or in part, without FireEye’s prior written consent, and any such assignment or transfer shall be null and void.  FireEye shall have the right to assign all or part of an Order or Statement of Work without Customer’s approval.  Subject to the foregoing, each Order and Statement of Work shall be binding on and inure to the benefit of the parties’ respective successors and permitted assigns.

13.2.    Entire Agreement.  This Agreement along with any Order, Statement of Work and the Schedules attached hereto is the entire agreement of the parties with respect to the Offerings and supersedes all previous or contemporaneous communications, representations, proposals, commitments, understandings and agreements, whether written or oral, between the parties regarding the subject matter thereof.  FireEye does not accept, expressly or impliedly and FireEye hereby rejects and deems deleted any additional or different terms or conditions that Customer presents, including, but not limited to, any terms or conditions contained or referenced in any order, acceptance, acknowledgement, or other document, or established by trade usage or prior course of dealing.  This Agreement may be amended only in writing signed by authorized representatives of both parties.

13.3.    Force Majeure.  Neither party will be liable to the other for any delay or failure to perform any obligation under this Agreement (except for a failure to pay fees) if the delay or failure is due to unforeseen events, which occur after the signing of this Agreement and which are beyond the reasonable control of the parties, such as strikes, blockade, war, terrorism, riots, natural disasters, refusal of license by the government or other governmental agencies, in so far as such an event prevents or delays the affected party from fulfilling its obligations and such party is not able to prevent or remove the force majeure at reasonable cost.

13.4.     Governing Law.  This Agreement shall be deemed to have been made in, and shall be construed pursuant to the laws of the State of California and the United States without regard to conflicts of laws provisions thereof, and without regard to the United Nations Convention on the International Sale of Goods or the Uniform Computer Information Transactions Act.  Any legal suit, action or proceeding arising out of or relating to the Offerings, the FireEye Materials, this Agreement, an Order or a Statement of Work will be commenced exclusively in a federal court in the Northern District of California or in state court in Santa Clara County, California, and each party hereto irrevocably submits to the jurisdiction and venue of any such court in any such suit, action or proceeding.

13.5.     Independent Contractors.  The parties are independent contractors.  Nothing in these Terms, any Order or any Statement of Work shall be construed to create a partnership, joint venture or agency relationship between the parties.  Customer shall make no representations or warranties on behalf of FireEye.

13.6.    Language.  This Agreement and each Order and Statement of Work are in the English language only, which shall be controlling in all respects.  All communications, notices, and Documentation to be furnished hereunder shall be in the English language only.

13.7.     Notices.  All notices required to be sent hereunder shall be in writing, addressed to receiving party’s current business contact, if known, with a cc: to the General Counsel/Legal Department of the receiving party, and sent to the party’s address as listed in this Agreement, or as updated by either party by written notice.  Notices shall be effective upon receipt and shall be deemed to be received as follows: (i) if personally delivered by courier, when delivered; or (ii) if mailed by first class mail, or the local equivalent, on the fifth business day after posting with the proper address.

13.8.     Severability.  If any provision of this Agreement is held to be illegal, invalid or unenforceable under the laws of any jurisdiction, the provision will be enforced to the maximum extent permissible so as to effect the intent of the parties, and the remaining provisions of this Agreement will remain in full force and effect.

13.9.    Third Party Rights.  Other than as expressly set out in this Agreement, this Agreement does not create any rights for any person who is not a party to it and no person who is not a party to this Agreement may enforce any of its terms or rely on any exclusion or limitation contained in it.

13.10.   Waiver.  The waiver of a breach of any provision of this Agreement shall not constitute a waiver of any other provision or any subsequent breach.

13.11.   Equal Opportunity.  FireEye is committed to the provisions outlined in the Equal Opportunity Clauses of Executive Order 11246, the Rehabilitation Act of 1973, the Vietnam Era Veterans Readjustment Act of 1974, the Jobs for Veterans Act of 2003, as well as any other regulations pertaining to these orders.

Back To Top


 

Product Schedule
(FIREEYE NX, EX, AX, PX, FX, HX, SECURITY ORCHESTRATOR™, MVX SMART GRID, AND CENTRAL MANAGEMENT SERIES (CMS) PRODUCTS)

In addition to the General Terms Applicable to all Offerings, which govern this Schedule, the following terms apply to the FireEye NX, EX, AX, PX, FX, HX, Security Orchestrator, MVX Smart Grid, and Central Management Series (CMS) Products, including any add-on features such as FireEye Advanced Threat Intelligence (ATI), and including both hardware-based, cloud and virtual implementations.

1.        Grant of License and Restrictions. Subject to the terms hereof, payment of all fees, and any applicable user/use limitations, FireEye grants Customer a personal,  nonsublicensable, nonexclusive, right to use the Product, in accordance with the Agreement and this Product Schedule. Customer will maintain the copyright notice and any other notices that appear on the Product, including any interfaces related to the Product.  With respect to the FireEye HX Series Product, Customer may install the “agent” software component of the Product on the number of Nodes stated on the applicable Order.  With respect to the FireEye EX Series Product, Customer may use the Product in connection with the number of attached URL engines  (i.e., email accounts) (“Attached URL Engines”) stated on the applicable Order.  FireEye reserves the right to audit Customer’s use of the Product to ensure compliance with this Agreement.  “Nodes” are endpoint computing devices owned or controlled by Customer (such as laptops, workstations, and servers), on which Customer installs the agent software.  Updates, preview features, Content Feeds, access to portals,  and/or Support Services are not necessarily provided with the Software, may require additional payment or include additional terms and conditions, and may be provided on a “preview” basis for a limited period at no additional charge but then licensed for an additional fee at a later date. Customer acknowledges that Third Party Software distributed with the Products may be subject to separate license terms, and specifically, if the Oracle™ Java® software is included within the Product, that software is subject to the license found at http://www.oracle.com/technetwork/java/javase/terms/license/index.html.   

2.        Content Feeds.  Subject to Customer’s payment in full of all associated fees for the applicable FireEye Content Feed, as set forth on the applicable Order, FireEye shall grant a limited, non-exclusive, personal, non-transferable, non-sublicenseable right to use the Content Feed as set forth in the Documentation for the applicable Product, for Customer’s internal business purposes during the active Support Term for the applicable Product. FireEye shall not disclose to any third party any personally identifiable data or Customer Confidential Information in connection with the Content Feed unless expressly authorized to do so by Customer.  The Content Feeds available to the Customer for purchase with respect to the Products may include:

2.1      FireEye Dynamic Threat Intelligence™ (DTI™) – The DTI Content Feed (currently available only for customers who have purchased the FireEye NX, EX, AX, HX and FX Product) provides continual, updated information to the Product about threats.

2.2.     FireEye Advanced Threat Intelligence™ (ATI™) – The ATI Content Feed (currently available only for customers who have purchased the FireEye NX or EX Product) provides contextual information about malware detected in Customer’s environment, such as information regarding threat groups associated with certain malware, industry verticals in which FireEye has observed certain threat groups operate and in which certain malware is used, and relative frequency of observation of various threats and malware.

3.        Cloud MVX Products. If Customer has purchased the Cloud MVX version of a Product, and subject to Customer’s payment in full of all associated fees, then the analysis performed by the Product will be available through Cloud MVX during the active Support Term for the applicable Product.

4.        Support Services.  Subject to Customer’s payment in full of all associated fees for FireEye Support Services, FireEye shall provide Support Services for the Products as set forth in the Support Schedule, as may be updated by FireEye in its discretion.

Back To Top



Subscription Schedule
FIREEYE MANAGED DEFENSE

In addition to the General Terms Applicable to all Offerings, which govern this Schedule, the following terms govern the FireEye Managed Defense – Continuous Vigilance (Managed Defense) Subscription. (the “Managed Defense Subscription” or “Subscription”).

1.      DEFINITIONS.

1.1.    “Alert” means an alert generated by a Product, ETP Subscription, FireEye Helix Subscription, or TAP Subscription that FireEye has determined is potentially malicious based on its characteristics, and that is ingested into the Managed Defense analysis infrastructure.

1.2.    “Covered System” means (i) a computing device (to the extent supported by FireEye) that Customer specifies as within the scope of the Managed Defense Subscription, and if the Customer has purchased the HX Product or FireEye Helix Subscription, on which a software agent has been installed to support Managed Defense Subscription delivery, or (ii) a computing device (to the extent supported by FireEye) whose network traffic is observable to support Managed Defense Subscription delivery; (iii) with respect to ETP Subscriptions or EX Product, mailboxes monitored to support Managed Defense Subscription delivery; or (iv) any computing device that both Customer and FireEye agree is within scope of the Managed Defense Subscription.

1.3.    “Enabling Hardware” means additional hardware appliances that will be used by FireEye in providing the Subscription, and may include log collection and analysis equipment.

1.4.    “Managed Defense Supported Technology” means the Products, Subscriptions, and Enabling Hardware monitored through the Managed Defense Subscription.

1.5.    “Managed Defense Reports” means the written reports relating to Alerts that FireEye creates and makes available to Customer through the Managed Defense Subscription.

1.6.    “Nodes” or “Node Band” refers to number of Covered Systems within the Customer environment, which is reflected on the Subscription Order.

1.7.  “Suppressed Alerts” means Alerts that are to be excluded from investigation and reporting because they a) relate to previously reported incidents that have not been resolved by the Customer; b) relate to Covered Systems that were identified as compromised and where required resolution steps have not been completed by the Customer; c) are not identified as being supported by Managed Defense in the Managed Defense Service Description; or d) have been requested to be excluded by the Customer.

2.      Scope of Managed Defense – Continuous Vigilance (CV) Services.  During the Subscription Term, FireEye will provide the Managed Defense Subscription as set forth in this Section 2, according to the Node Band purchased by Customer as set forth in the Subscription Order. All services Customer requests that are not described in this Section 2 will be performed at mutually agreed upon rates as set forth in Statements of Work.  If the number of Nodes exceeds the Node Band reflected in the Subscription Order by more than ten percent (10%), FireEye will notify Customer in writing, and will issue an invoice for the next higher Node Band at FireEye’s then-current rates pro-rated for the remaining portion of the then-current Subscription Term.

2.1.   Onboarding. The first phase of the Managed Defense Subscription is “Onboarding,” during which FireEye will work with Customer to deploy, connect, and test the Managed Defense Supported Technology that will be monitored through the Managed Defense Subscription (“Onboarding”). During Onboarding, FireEye will do the following:

    a)     Designate a Managed Defense Service Transition Manager who will work in conjunction with the Customer.

    b)     Create and deliver account details for Managed Defense Portal access, conduct training, collect implementation requirements, establish agreed-upon installation timelines, and provide Documentation for the Managed Defense Subscription.

    c)     Assist Customer with setup and configuration of the Managed Defense Supported Technology, and test whether FireEye can receive Alerts with supporting artifacts, and can monitor the Customer’s Covered Systems.

    d)     For Managed Defense Supported Technology that has been appropriately configured, conduct baseline monitoring activities for up to 14 days. The intent of the baseline is to identify any Covered Systems known to be compromised and identify active attacks occurring in the Customer’s environment, and provide the Customer with any recommended steps to remediate these issues.

    e)     Validate monitoring and alerting activity for each Managed Defense Supported Technology.

2.2.    Alert Analysis

For each validated Managed Defense Supported Technology, FireEye will conduct the following monitoring, investigation and reporting activities:

    a)     Classification of Alerts. Alerts are automatically ingested into the Managed Defense infrastructure as they are generated by the applicable Managed Defense Supported Technology. Once ingested, FireEye will classify the Alert as requiring further analysis or requiring no further analysis as set forth in the table below.

    b)     If an Alert is classified as requiring no further analysis, then a severity level assignment will be applied to the Alert and a Managed Defense Report will be published to the Managed Defense Portal as set forth in the table below, based on the severity level.

    c)     Initial Investigation. If an Alert is classified as requiring further analysis, then FireEye will begin analysis of that Alert promptly. FireEye analysts will perform an initial analysis of the Customer’s Covered Systems to determine if the Alert is a true or false positive, benign or suspicious activity.

    d)     Managed Defense Reports. If FireEye’s investigation determines that the Alert indicates a true compromise, FireEye will assign a “High” “Medium” or “Low” severity level. FireEye will publish a Managed Defense Report to the Portal related to that Alert as set forth in the table below.

    e)     Alerts that are investigated but are found to be benign or a false positive will be reported as an informational report.

     f)     Regardless of whether FireEye’s investigation determines that an Alert indicates a true compromise, FireEye will publish a Managed Defense Report on the Alert to the Managed Defense Portal as set forth in the table below, based on the severity level of the Managed Defense Report (High, Medium, Low). Customer acknowledges that in some cases, when FireEye’s investigation is not complete, a Managed Defense Report may provide only an update of current status of the Alert investigation.

Managed Defense Report Severity Level

Target Time to Classify Alert as Requiring Further Analysis or No Further Analysis (from time of ingestion)

Target Time to Publish Managed Defense Report (from time FireEye assigns severity level)

High

30 minutes

1 hour

Medium

30 minutes

4 hours

Low

30 minutes

24 hours

    g)     Extended Investigations; Multiple Related Alerts. When FireEye has identified a true positive or suspicious activity, FireEye analysts may perform an extended investigation, and/or may aggregate and review multiple Alerts from related Covered Systems to determine the extent of activity related to the Alert. FireEye analysts may append results from the extended investigation or subsequent Alert investigations to the initial Managed Defense Report if FireEye determines that additional or subsequent Alerts are related, and in such cases, FireEye will not be required to issue a separate Managed Defense Report for each such related Alert.

    h)     Non-Remediable Alerts. FireEye has no obligation to notify the Customer or generate a new Managed Defense Report on new Alerts that are directly related to previous investigations or known compromises where a Managed Defense Report has been published and FireEye has provided recommended remediation steps, when the Customer has acknowledged the Managed Defense Report but chooses not to or cannot remediate the cause of these Alerts.

     i)     Alert Priority. FireEye may re-prioritize Alerts, regardless of their severity classification, to provide focus to Alerts that FireEye determines may have the largest impact to the Customer’s environment.

     j)     Continuity of Monitoring. All monitoring, investigation and reporting activities described in this Section 2.2 will be provided on a 24/7/365 basis.

2.3.    Threat Assessment Manager Responsibilities. FireEye will assign a Threat Assessment Manager (TAM) to Customer’s account to assist in the ongoing delivery of the Managed Defense Subscription. TAMs will schedule routine meetings, deliver related documentation and training specific to the delivery of the Managed Defense Subscription. TAMs have no obligation to engage in activities or respond to inquiries that are otherwise the responsibility of standard FireEye Support such as Product-related troubleshooting or configuration questions.

2.4.    Hunting.  FireEye will conduct periodic proactive hunting techniques on Covered Systems to look for additional indicators of malicious or attacker activity. When FireEye’s investigation reveals a compromise, FireEye will assign a severity classification and publish a Managed Defense Report to the Managed Defense Portal as set forth in the table in 2.2 above, according to the severity classification.

2.5.    System Health Monitoring and Notification. For Customers who have purchased the FireEye EX, FX, HX, NX, NX Smart Sensor, or PX Product, FireEye will provide Customer with notification of system health issues such as connectivity problems.  

2.6.    Containment.  When the Customer has purchased the FireEye Helix Subscription or HX Product, FireEye may, when appropriate, recommend containment of the target Covered System from the Customer’s network. Containment must be executed by the Customer.

2.7.    Portal Access.  Appliance Health Monitoring and Managed Defense Reports will be provided via an online portal (“Managed Defense Portal”), and FireEye will provide login credentials to the Customer to enable access to the Managed Defense Portal. Service levels for the Managed Defense Portal are as set forth in Section 3 below.

2.8.    Incident Response (IR) Services Retainer. During the Subscription Term, if Customer requires incident response (IR) Professional Services, Customer will have access to FireEye’s 24/7/365 IR intake procedures. FireEye will provide contact information and details of this service shortly after the Order Effective Date. If Customer requires IR Professional Services, FireEye will respond, triage and determine the need for Incident Professional Services, and if FireEye determines that IR Professional Services are necessary, FireEye will assign an IR Responder to work with Customer, including, as necessary, for onsite assistance. All IR Professional Services will be performed using the Managed Defense Supported Technology, and will be charged on a time and materials basis, invoiced monthly in arrears, at agreed upon hourly rates.

2.9.    FireEye iSIGHT Intelligence Portal.  During the Subscription Term, FireEye will provide access to a FireEye iSIGHT Intelligence Portal (“FIIP”), subject to the following:

    a)     Permitted Use; Reports.  Customer may access, view and use FIIP and content appearing on FIIP (“FIIP Content”) solely for internal use.  Customer understands and acknowledges that the FIIP Content available through the Managed Defense Subscription is more limited than that available to customers who purchase a full iSIGHT Subscription. FIIP Content is FireEye Material. Subject to Customer’s payment obligations, FireEye grants to Customer a limited, non-exclusive right to use FIIP Content internally for Customer’s own business purposes.

    b)     Additional Use Limitations.  Customer may appoint up to twenty (20) users of FIIP at any time. Each day, all users on Customer’s account may collectively make up to (A) one hundred twenty five (125) queries of IP addresses and domain names and (B) one hundred twenty five (125) queries of malware.  Customer may request additional queries, to be evaluated by FireEye on a case-by-case basis.

    c)     User Content.  “User Content” means any communications, images, sounds, and all the material and information that Customer or anyone using Customer’s account contributes to or through FIIP (e.g., comments to FIIP Content, suspected malware that Customer uploads to FIIP).  Customer grants FireEye a perpetual, irrevocable, worldwide, paid-up, non-exclusive, license, including the right to sublicense to third parties, and right to reproduce, fix, adapt, modify, translate, reformat, create derivative works from, publish, distribute, sell, license, transmit, publicly display, publicly perform, or provide access to electronically, broadcast, display, perform, and use and practice such User Content as well as all modified and derivative works thereof.  Customer represents that Customer has all necessary rights to grant the license referenced in the preceding sentence.  FireEye may use and disclose any of the information it collects about its customers’ use of FIIP to the extent such information is de-identified.

    d)     Restrictions. Customer may not access FIIP by any means other than through the interface that is provided or approved by FireEye. Customer will not collect any information from or through FIIP using any automated means, including without limitation any script, spider, “screen scraping,” or “database scraping” application, and Customer will not damage, disable, overburden, or impair FIIP or interfere with any other party’s use and enjoyment of FIIP.

2.10. Reseller and Partner Purchases.  If Customer receives the Subscription via a FireEye authorized services or support partner (a “Partner”), Customer agrees that the Subscription and Managed Defense Reports may be delivered to Customer through the Partner. Notwithstanding any other confidentiality obligations between the parties, Customer authorizes FireEye to disclose information related to the Subscription and Customer Data to Partner.

2.11. Managed Defense for ICS.  If Customer has purchased the additional ICS Monitoring feature of the Managed Defense Subscription (“ICS Monitoring Subscription”), the following terms will govern the ICS Monitoring Subscription: (a) FireEye will, in addition to the services described in Sections 2.1-2.6 of these Managed Defense Terms, monitor Customer’s TAP Subscription for malicious activity based on custom rules developed by FireEye in consultation with the Customer; (b) FireEye will perform additional hunting activities tailored to the Customer’s environment; (c) Alerts resulting from the activities described in (a)-(b) will be published to the Managed Defense Portal as set forth in Section 2.2 above; and (d) additional Enabling Hardware will be provided (“ICS Enabling Hardware”). The ICS Enabling Hardware constitutes Third Party Material, and the hardware components of such ICS Enabling Hardware must be returned to FireEye or the relevant third party upon termination or expiration of the Managed Defense Subscription Term. Customer acknowledges that the third party owner of the ICS Enabling Hardware is a third party beneficiary of the right to enforce the obligation to return the ICS Enabling Hardware as set forth above. The Subscription Term for the ICS Monitoring Subscription will be the same as the Managed Defense Subscription Term. 

3.      Customer Responsibilities. Customer acknowledges and agrees that FireEye’s ability to successfully deliver the Managed Defense Subscription is dependent on the Customer’s ability to meet its responsibilities as outlined herein.

3.1   FireEye will have no liability for any failure to deliver the Managed Defense Subscription that may arise due to Customer’s refusal or failure to perform its responsibilities.

    a)     Installation Requirements. Customer will be responsible for the following: (i) providing network architecture diagrams, physical, and logical access to Customer’s environment for the sole purpose of deploying and configuring Managed Defense Supported Technology; (ii) upgrading pre-existing Managed Defense Supported Technology to the minimum software version as referenced within the Managed Defense Service Description for each product or service; (iii) providing confirmation that all Managed Defense Supported Technology within the Customer’s environment has been successfully configured and connected to their network according to the individual Product’s or Subscription’s System Administration Guide and the configurations supported as noted in the FireEye Support Portal; (iv) providing the ability to establish a persistent connection to the Customer’s network within the designated port range corresponding to the country from which the Managed Defense Subscription will be delivered as referenced within the Managed Defense Quick Start Guide.

    b)     Compromised Systems. Customer recognizes that the Managed Defense Subscription is not an alternative to an incident response engagement for an environment that is compromised prior to the start of the Managed Defense Subscription.

    c)     Credential Security. Customer will be responsible for the following: (i) providing accurate information to FireEye for provisioning access to (and removal of) Customer personnel access to the Managed Defense Portal; (ii) implementing and adhering to strong password standards; (iii) providing accurate information to FireEye for domain whitelisting; and (iv) reporting any security issues related to the Subscription (including the Managed Defense Portal) to FireEye immediately.

    d)     Network Segment Exclusion: Customer must notify FireEye if specific network segments will not require Managed Defense monitoring. Customer must provide detailed information regarding the specific network segment range when possible. Examples: guest networks, testing environments, etc.

    e)     Remediating Known Compromises. Customer must make a reasonable effort to remediate any known compromises reported by FireEye or third party vendors. FireEye may choose to suppress alerts generated by known compromised systems until such time the compromise is remediated.

3.2.    Exclusions. Notwithstanding anything else contained in these Terms to the contrary, FireEye shall have no obligation or responsibility to provide the Managed Defense Subscription for (i) Products that the Customer (or FireEye or another third party on Customer’s behalf) has configured with a one-way feed of FireEye’s Dynamic Threat Intelligence (DTI) Content Feed; (ii) Managed Defense Supported Technology that has been declared end of support or that are not currently supported; (iii) Managed Defense Supported Technology that has no active Support Service in place; (iv) Managed Defense Supported Technology for which software updates have not been applied; (v) Products that have not been installed and deployed; or (vi) Managed Defense Supported Technology that is misconfigured or incorrectly deployed, which prevents the Managed Defense Supported Technology from monitoring the Covered Systems. Customer acknowledges that to facilitate FireEye’s efficient performance of the Managed Defense Subscription, FireEye may control some features and functionality of the Managed Defense Supported Technology, and that such features or functionality may not be available for Customer’s independent use during the Subscription Term.

4.      Managed Defense Portal Availability

4.1        Uptime. FireEye shall undertake commercially reasonable efforts to ensure the Managed Defense Portal availability for 99.9% of the time during each calendar month.

    a)      “Service Outage” means the Managed Defense Portal is not available due to a failure or a disruption in the Managed Defense Portal that is not the result of Scheduled Maintenance, Emergency Maintenance, a force majeure event or of the act or omission of Customer.

    b)     “Scheduled Maintenance Period" is the period during which weekly scheduled maintenance of the Managed Defense Portal may be performed.

    c)      "Emergency Maintenance" means any time outside of Scheduled Maintenance that FireEye requires to apply critical patches or fixes or undertake other urgent maintenance. If Emergency Maintenance is required, FireEye will notify Customer, to the extent possible under the circumstances, and provide the expected time frame of the Emergency Maintenance and availability of the Managed Defense Portal during the Emergency Maintenance.

    d)     "System Availability" means the number of minutes in any calendar month minus the aggregate number of minutes of all Service Outages that occur during that calendar month.

4.2.       Remedy

    a)      If the Managed Defense Portal does not meet the monthly service availability defined in 4.1, FireEye will provide a credit to the Customer in accordance to the table below (“Credit”) for a validated Service Level Claim (defined below). The percent of Managed Defense Portal availability per calendar month (in the table below) is equal to the result, expressed as a percentage, of the number of minutes of System Availability in a calendar month divided by the total number of minutes in the calendar month.

Percent of Managed Defense Portal Availability per Calendar Month

Service Credit

<99.9%

2%

<99.0%

5%

<98.0%

10%

    b)      For determining the Credit, the duration of a Service Outage will be measured as the time starting when Customer experiences a disruption in availability of the Managed Defense Portal and ending when a successful solution or workaround allowing for full restoration of the Managed Defense Portal is provided by FireEye to Customer.  Customer must notify FireEye in writing of any Service Outage no later than fifteen (15) days after the calendar month in which the Service Outage occurred (“Service Level Claim”) to be entitled to a Credit for that Service Outage.

    c)     Any Credits earned by Customer hereunder will be applied to the Subscription Fees owed by Customer for the next Subscription Term for which the Credit applies. If Credits cannot be applied to future Subscription Fees because the Subscription Term has terminated for non-renewal or for a material uncured breach by Customer, such credits shall become null and void. If Credits cannot be applied to future Subscription Fees because the Subscription Term has terminated due to a material uncured breach by FireEye, FireEye will promptly pay Customer the amount of the Credit. Customer shall not be entitled to receive a Credit that exceeds 10% of its prorated monthly Subscription Fee for a Service Outage for the applicable calendar month.

Back To Top


Subscription Schedule
FIREEYE NETWORK SECURITY – NX EDITION
FIREEYE NETWORK SECURITY – SMARTVISION EDITION

In addition to the General Terms Applicable to all Offerings, which govern this Schedule, the following terms govern the FireEye Network Security – NX Edition and FireEye Network Security – SmartVision Edition Subscriptions (each, a “FireEye Network Security Subscription”).

  1. Grant of License. Subject to the terms of this Agreement and payment of all fees, FireEye grants Customer, for the duration of the Subscription Term, a personal, nonsublicensable, nonexclusive, right to install software components of the FireEye Network Security Subscription and use the FireEye Network Security Subscription as described in its Documentation. The Subscription includes, for the duration of the Subscription Term: (i) a non-exclusive license to install and use, in accordance with the Documentation for the Subscription, virtual appliances provided by FireEye (FireEye will determine the number and type of virtual appliance needed after consultation with the customer); (ii) access to FireEye’s DTI Content Feed in 2-way mode; and (iii) Platinum Support Services (or Government Platinum Support Services, if applicable) as described in the Support Schedule. Virtual appliances are FireEye Materials.

  2. Additional Features. Customer may, for additional fees, upgrade the Content Feed to 1-way or offline mode, and may upgrade Support Services to Platinum Priority Plus or Government Platinum Priority Plus (as described in the Support Schedule). Additional updates, preview features, Content Feeds and/or Support Services may require additional payment or include additional terms and conditions, and may be provided on a “preview” basis for a limited period at no additional charge but then licensed for an additional fee at a later date.

  3. Limitations. FireEye will determine which edition is appropriate based on the Customer’s size and environment.
    1. Enterprise Edition. Enterprise Edition versions of the Subscription are licensed according to the aggregate network throughput anticipated in the Customer’s environment, expressed in Mbps (“Throughput”), as shown on the Subscription Order. Exceeding the purchased volume of Throughput may result in degraded performance.
    2. Per-User Edition. Per-User Edition versions of the Subscription are licensed according to the number of Users in Customer’s environment, as shown on the Subscription Order. For purposes of this Schedule, “Users” means any person whose network traffic is monitored by the Subscription. Customer’s Throughput for the Per-User Edition of the Subscription may not exceed 1 Mbps per User, averaged over all Users (“User Throughput Limit”). Exceeding the purchased User Throughput Limit may result in degraded performance.

  4. True Up. FireEye reserves the right to audit Customer’s use of the Subscription to ensure compliance with this Agreement.  If at any point during the Subscription Term, Customer’s Throughput or User Throughput Limit, as applicable, exceeds the purchased Throughput or User Throughput Limit in three (3) or more calendar days in any consecutive thirty-day period, FireEye may issue a true-up invoice for the pro-rated difference between the fees already paid for that Subscription Term and FireEye’s list prices for the excess Throughput or User Throughput Limit for that thirty-day period, pro-rated to reflect that thirty-day period and the remainder of the Subscription Term.  FireEye will apply any discounts that were applied to initial fees to FireEye’s list prices for any true-up invoice.  The fees for any renewal Subscription Term will be quoted at the volume of Throughput or User Throughput Limit associated with the actual Throughput for the immediately preceding year of the Subscription Term. At the end of each Subscription Term, FireEye may true-up fees for that Subscription Term, and if the average monthly Throughput or User Throughput Limit (as applicable) for that Subscription Term exceeds the maximum Throughput or User Throughput Limit (as applicable) for which Customer previously paid fees, then FireEye will issue a true-up invoice reflecting the difference between the fees already paid for that Subscription Term and the fees for the Customer’s actual Throughput or User Throughput Limit, as applicable.

  5. Hardware. Customer may purchase hardware appliances for use with the FireEye Network Security Subscription, on either a subscription or perpetual license basis. In either case, hardware is shipped FOB Origin, and title to and risk of loss of the hardware passes to the Customer upon delivery to the carrier. Customers purchasing hardware on a perpetual license basis will receive a perpetual, personal, nonsublicensable, nonexclusive right to use the software installed on the hardware. Customers purchasing hardware on a subscription license basis will receive a personal, nonsublicensable, nonexclusive right to use the software installed on the hardware during the Subscription Term, which will be a minimum of three (3) years.

  6. Helix Portal Access. As part of the FireEye Network Security Subscription, Customer will be entitled to access the FireEye Helix portal (“Helix Portal”), where Customer can view alerts and other information. The Helix Portal may be used to monitor up to 250,000 alerts per day. Use in excess of this limit may result in degraded performance of the Helix Portal.

Back To Top


Subscription Schedule
FIREEYE EMAIL SECURITY – SERVER EDITION

In addition to the General Terms Applicable to all Offerings, which govern this Schedule, the following terms govern the FireEye Email Security Subscription – Server Edition (the “FireEye Email Security Subscription”).

  1. Grant of License. Subject to the terms of this Agreement and payment of all fees, FireEye grants Customer, for the duration of the Subscription Term, a personal, nonsublicensable, nonexclusive, right to install software components of the FireEye Email Security Subscription and use the FireEye Email Security Subscription as described in its Documentation. The Subscription includes, for the duration of the Subscription Term: (i) a non-exclusive license use the Subscription, in accordance with the Documentation for the Subscription, to monitor up to the purchased number of Mailboxes as shown on the Subscription Order; (ii) access to FireEye’s DTI Content Feed in 2-way mode; and (iii) Platinum Support Services (or Government Platinum Support Services, if applicable) as described in the Support Schedule. For purposes of this Schedule, “Mailboxes” means email mailboxes in the Customer’s environment that are monitored by the Subscription.

  2. Additional Features. Customer may, for additional fees, upgrade the Content Feed to 1-way or offline mode, and may upgrade Support Services to Platinum Priority Plus or Government Platinum Priority Plus (as described in the Support Schedule). Additional updates, preview features, Content Feeds and/or Support Services may require additional payment or include additional terms and conditions, and may be provided on a “preview” basis for a limited period at no additional charge but then licensed for an additional fee at a later date.

  3. Limitations. FireEye will determine which edition is appropriate based on the Customer’s size and environment.
    1. Enterprise Edition. Enterprise Edition versions of the Subscription are licensed according to the number of Mailboxes purchased. Exceeding the purchased volume of Mailboxes may result in degraded performance.
    2. Per-User Edition. Per-User Edition versions of the Subscription are licensed according to the number of Users in Customer’s environment. For purposes of this Schedule, “Users” means any person for whom a Mailbox is monitored by the Subscription. Customer may use the Subscription to monitor up to 1.5 Mailboxes per User, averaged across all Users (“User Mailbox Limit”). Exceeding the purchased Per-User Mailbox Limit may result in degraded performance.

  4. True Up. FireEye reserves the right to audit Customer’s use of the Subscription to ensure compliance with this Agreement. If at any point during the Subscription Term, Customer’s Mailboxes or User Mailbox Limit, as applicable, exceeds the purchased number of Mailboxes or the User Mailbox Limit in three (3) or more calendar days in any consecutive thirty-day period, FireEye may issue a true-up invoice for the pro-rated difference between the fees already paid for that Subscription Term and FireEye’s list prices for the excess Mailboxes or User Mailbox Limit for that thirty-day period, pro-rated to reflect that thirty-day period and the remainder of the Subscription Term. FireEye will apply any discounts that were applied to initial fees to FireEye’s list prices for any true-up invoice. The fees for any renewal Subscription Term will be quoted at the volume of Mailboxes or User Mailbox Limit associated with the actual Mailboxes for the immediately preceding year of the Subscription Term. At the end of each Subscription Term, FireEye may true-up fees for that Subscription Term, and if the average monthly Mailboxes or User Mailbox Limit (as applicable) for that Subscription Term exceeds the maximum Mailboxes or User Mailbox Limit (as applicable) for which Customer previously paid fees, then FireEye will issue a true-up invoice reflecting the difference between the fees already paid for that Subscription Term and the fees for the Customer’s actual Mailboxes or User Mailbox Limit, as applicable.

  5. Hardware. Customer may purchase hardware appliances for use with the FireEye Email Security Subscription, on either a subscription or perpetual license basis. In either case, hardware is shipped FOB Origin, and title to and risk of loss of the hardware passes to the Customer upon delivery to the carrier. Customers purchasing hardware on a perpetual license basis will receive a perpetual, personal, nonsublicensable, nonexclusive right to use the software installed on the hardware. Customers purchasing hardware on a subscription license basis will receive a personal, nonsublicensable, nonexclusive right to use the software installed on the hardware during the Subscription Term, which will be a minimum of three (3) years.

  6. Helix Portal Access. As part of the FireEye Email Security Subscription, Customer will be entitled to access the FireEye Helix portal (“Helix Portal”), where Customer can view alerts and other information. The Helix Portal may be used to monitor up to 250,000 alerts per day. Use in excess of this limit may result in degraded performance of the Helix Portal.

 

Back To Top


Subscription Schedule
FIREEYE ENDPOINT SECURITY – ESSENTIAL
FIREEYE ENDPOINT SECURITY – POWER EDITION

In addition to the General Terms Applicable to all Offerings, which govern this Schedule, the following terms govern the FireEye Endpoint Security – Essential Edition Subscription and the FireEye Endpoint Security – Power Edition Subscription (each, the “FireEye Endpoint Security Subscription”).

  1. Grant of License. Subject to the terms of this Agreement and payment of all fees, FireEye grants Customer, for the duration of the Subscription Term, a personal, nonsublicensable, nonexclusive, right to install software components of the FireEye Endpoint Security Subscription and use the FireEye Endpoint Security Subscription as described in its Documentation. The Subscription includes, for the duration of the Subscription Term: (i) a non-exclusive license to install and use, in accordance with the Documentation for the Subscription, the software agent on up to the purchased number of Endpoints as shown on the Subscription Order; (ii) a non-exclusive license to install and use, in accordance with the Documentation for the Subscription, virtual appliances provided by FireEye (FireEye will determine the number and type of virtual appliance needed after consultation with the customer); (iii) access to FireEye’s DTI Content Feed in 2-way mode; and (iv) Platinum Support Services (or Government Platinum Support Services, if applicable) as described in the Support Schedule. For purposes of this Schedule, “Endpoints” means computing devices on which the software agent provided with the Subscription is installed. Software agents and virtual appliances are FireEye Materials.

  2. Additional Features. Customer may, for additional fees, upgrade the Content Feed to 1-way or offline mode, and may upgrade Support Services to Platinum Priority Plus or Government Platinum Priority Plus (as described in the Support Schedule). Additional updates, preview features, Content Feeds and/or Support Services may require additional payment or include additional terms and conditions, and may be provided on a “preview” basis for a limited period at no additional charge but then licensed for an additional fee at a later date.

  3. Limitations. FireEye will determine which edition is appropriate based on the Customer’s size and environment.
    1. Enterprise Edition. Enterprise Edition versions of the Subscription are licensed according to the number of Endpoints purchased. Exceeding the purchased volume of Endpoints may result in degraded performance.
    2. Per-User Edition. Per-User Edition versions of the Subscription are licensed according to the number of Users in Customer’s environment. For purposes of this Schedule, “Users” means any person whose computing activity is monitored by the Subscription. Customer may use the Subscription to monitor up to 1.5 Endpoints per User, averaged over all Users (“User Endpoint Limit”). Exceeding the purchased User Endpoint Limit may result in degraded performance.

  4. True Up. FireEye reserves the right to audit Customer’s use of the Subscription to ensure compliance with this Agreement. If at any point during the Subscription Term, Customer’s Endpoints or User Endpoint Limit, as applicable, exceed the purchased number of Endpoints or User Endpoint Limit in three (3) or more days in any consecutive thirty-day period, FireEye may issue a true-up invoice for the pro-rated difference between the fees already paid for that Subscription Term and FireEye’s list prices for the excess Endpoints or User Endpoint Limit for that thirty-day period, pro-rated to reflect that thirty-day period and the remainder of the Subscription Term. FireEye will apply any discounts that were applied to initial fees to FireEye’s list prices for any true-up invoice. The fees for any renewal Subscription Term will be quoted at the volume of Endpoints or User Endpoint Limit associated with the actual Endpoints for the immediately preceding year of the Subscription Term. At the end of each Subscription Term, FireEye may true-up fees for that Subscription Term, and if the average monthly Endpoints or User Endpoint Limit (as applicable) for that Subscription Term exceeds the maximum Endpoints or User Endpoint Limit (as applicable) for which Customer previously paid fees, then FireEye will issue a true-up invoice reflecting the difference between the fees already paid for that Subscription Term and the fees for the Customer’s actual Endpoints or User Endpoint Limit, as applicable.

  5. Hardware. Customer may purchase hardware appliances for use with the FireEye Endpoint Security Subscription, on either a subscription or perpetual license basis. In either case, hardware is shipped FOB Origin, and title to and risk of loss of the hardware passes to the Customer upon delivery to the carrier. Customers purchasing hardware on a perpetual license basis will receive a perpetual, personal, nonsublicensable, nonexclusive right to use the software installed on the hardware. Customers purchasing hardware on a subscription license basis will receive a personal, nonsublicensable, nonexclusive right to use the software installed on the hardware during the Subscription Term, which will be a minimum of three (3) years.

  6. Helix Portal Access. As part of the FireEye Endpoint Security Subscription, Customer will be entitled to access the FireEye Helix portal (“Helix Portal”), where Customer can view alerts and other information. The Helix Portal may be used to monitor up to 250,000 alerts per day. Use in excess of this limit may result in degraded performance of the Helix Portal.

 

Back To Top


Subscription Schedule
FIREEYE THREAT ANALYTICS
FIREEYE THREAT ANALYTICS PLATFORM

In addition to the General Terms Applicable to all Offerings, which govern this Schedule, the following terms govern the Threat Analytics and FireEye Threat Analytics Platform Subscriptions (individually and collectively, “TAP Subscriptions”), including purchase and support of TAP Cloud Collector™ Appliances and Support.

1.         TAP Software, Alerts

1.1.1    TAP Software and Hardware.  As part of the TAP Subscription, FireEye may deliver to Customer one or more software files (individually and collectively, “TAP Software”), and/or one or more “Cloud Collector” hardware appliances (“Cloud Collector Appliances”), which may contain TAP Software.  Subject to full payment of all Fees associated with the TAP Subscription, FireEye grants to Customer a non-exclusive, limited right and license to install and run the TAP Software during the Subscription Term solely for purposes of using the TAP Subscription in accordance with the Documentation for the TAP Subscription.

1.1.2    Access; Customer Logs.  FireEye will provide Customer with credentials to enable access to the TAP Subscription.  Using the TAP Software, and subject to payment of Fees for the TAP Subscription and any Cloud Collector Appliances, Customer may upload Customer Logs to the TAP portal (“TAP Portal”).  “Customer Logs” means any communications, logs and other content and information that Customer or anyone using Customer’s account contributes to or through the TAP Portal. Customer grants to FireEye a perpetual, irrevocable, worldwide, paid-up, non-exclusive license and right to reproduce, modify, create derivative works from, publish, distribute, sell, sub-license, transmit, publicly display and provide access to Customer Logs, for purposes of enhancing FireEye’s products and services, so long as (i) FireEye ensures that any Customer Confidential Information is removed from Customer Logs, and (ii) FireEye’s use of Customer Logs does not in any way identify Customer or its employees or in any other way allow a third party to identify Customer as the source of the Customer Logs.  Customer Logs are Customer’s property, and other than the licenses granted in herein, FireEye does not obtain any ownership rights in Customer Logs. FireEye will retain Customer Logs for a period of thirteen (13) months from the earlier of the date the Customer Log was received and the end of the Helix Subscription Term.

1.1.3    TAP Alerts. Some features of the TAP Subscription may generate alerts of suspected malicious activity (each, a “TAP Alert”).  TAP Alerts are FireEye Materials.  FireEye hereby grants to Customer a limited, non-exclusive right to use TAP Alerts, and reproduce and distribute those TAP Alerts internally for Customer’s own business purposes. 

1.1.4    Cloud Collector Management.  If Customer has installed Cloud Collectors in connection with the TAP Subscription, then FireEye will continuously monitor the Customer’s Cloud Collector Appliances or Cloud Collector TAP Software for system health issues such as monitoring to ensure proper throughput and relay of data.

1.1.5    Support.  Subject to Customer’s payment in full of all associated fees for FireEye Support Services, FireEye shall provide Support Services for the TAP Subscription as set forth in the Support Schedule, as may be updated by FireEye in its discretion.

2.         Event Volume; True-Up

2.1.1     Fees for the TAP Subscription are divided into “Tiers” based on the volume of events processed through the TAP Subscription per second (“Event Volume”).  If at any point during the Subscription Term, Customer’s Event Volume exceeds the Tier upon which Customer’s TAP Subscription Fees were based, FireEye will not guarantee that Customer Logs in excess of the purchased Tier will be ingested and processed by the TAP Subscription. In times of Event Volume in excess of the paid Tier, Customer Logs will enter a queue.  Excessive queueing may cause Customer Logs to be lost from the queue. If at any point during the Subscription Term, Customer’s average Event Volume for any consecutive thirty-day period exceeds the Tier upon which Customer’s TAP Subscription Fees were based, FireEye may issue a true-up invoice for the pro-rated difference between the Fees already paid for that Subscription Term and FireEye’s list prices for the Fees for the Tier associated with Customer’s actual Event Volume for that thirty-day period, pro-rated to reflect that thirty-day period and the remainder of the Subscription Term.  FireEye will apply any discounts that were applied to initial Fees to FireEye’s list prices for any true-up invoice.  Until such time that the True Up invoice is paid in full, the TAP Subscription will continue to ingest and process only the Event Volume of the purchased Tier, allowing any excess Customer Logs to enter queueing conditions. The Tier for any Renewal Subscription Term will be the Tier associated with the actual Event Volume for the immediately preceding Subscription Term.

2.1.2     At the end of the Initial Subscription Term and each Renewal Subscription Term, FireEye may true-up Fees for that Subscription Term, and if the average monthly Event Volume for that Subscription Term exceeds the maximum Event Volume for the Tier for which Customer previously paid Fees, then (a) FireEye will issue a true-up invoice reflecting the difference between the Fees already paid for that Subscription Term and the Fees for the Tier associated with Customer’s actual Event Volume.

3.         TAP Portal Availability

3.1        FireEye shall undertake commercially reasonable efforts to ensure the TAP Portal availability for 99.9% of the time during each calendar month.

3.1.1     “Service Outage” is where the TAP Portal is not available due to a failure or a disruption in TAP Portal that is not the result Scheduled Maintenance, Emergency Maintenance, a force majeure event or of the act or omission of Customer.

3.1.2     “Scheduled Maintenance Period" is the period during which weekly scheduled maintenance of the TAP Portal may be performed.

3.1.3     "Emergency Maintenance" means any time outside of Scheduled Maintenance that FireEye is required to apply critical patches or fixes or undertake other urgent maintenance. If Emergency Maintenance is required, FireEye will contact Customer and provide the expected time frame of the Emergency Maintenance and availability of the TAP Portal during the Emergency Maintenance.

3.1.4     "System Availability" means the number of minutes in any calendar month minus the aggregate number of minutes of all Service Outages that occur during that calendar month.

3.2.       Remedy

3.2.1     In the event that the TAP Portal does not meet the monthly service availability defined in 6.1, FireEye will provide a credit to the Customer in accordance to the table below (“Credit”) for a validated SLA Claim (defined below).

Percent of TAP Portal Availability per Calendar Month

Service Credit

<99.9%

2%

<99.0%

5%

<98.0%

10%

3.2.2     For determining the Credit, the duration of a Service Outage will be measured as the time starting when Customer experiences unavailability of the TAP Portal and ending when a successful solution or workaround allowing for full restoration of the TAP Portal is provided by FireEye to Customer.  Customer must notify FireEye in writing of any Service Outage no later than fifteen (15) days after the date the Service Outage occurred (“SLA Claim”) to be entitled to a Credit for that Service Outage.

3.2.3     Any Credits earned by Customer hereunder will be applied to the Subscription Fees owed by Customer for the next Subscription Term for which the Credit applies. If Credits cannot be applied to future Subscription Fees because the Subscription Term has terminated for non-renewal or for a material uncured breach by Customer, such credits shall become null and void. If Credits cannot be applied to future Subscription Fees because the Subscription Term has terminated due to a material uncured breach by FireEye, FireEye will promptly pay Customer the amount of the Credit.

3.2.4     Customer shall not be entitled to receive a Credit that exceeds 10% of its prorated monthly Subscription Fee for a Service Outage for the applicable calendar month.

4.         FireEye iSIGHT® Intelligence Portal (FIIP).  During the Subscription Term, FireEye will provide access to a FireEye iSIGHT Intelligence Portal (FIIP), subject to the following:

  1. Permitted Use; Reports. Customer may view and use FIIP and content appearing on FIIP (“FIIP Content”) solely for internal use. Customer understands and acknowledges that the FIIP Content available through the TAP Subscription is more limited than that available to customers who purchase a full iSIGHT Subscription. Some features of FIIP may allow Customer to generate a report (each, a “FIIP Report”). FIIP Reports and FIIP Content are FireEye Materials. Subject to Customer’s payment obligations, FireEye grants to Customer a limited, non-exclusive right to produce FIIP Reports and FIIP Content using FIIP, and reproduce and distribute those FIIP Reports and FIIP Content internally for Customer’s own business purposes.
  2. Additional Use Limitations. Customer may appoint up to fifteen (15) users of FIIP at any time. Each day, all users on Customer’s account may collectively make up to (A) one hundred (100) queries of IP addresses and domain names, and (ii) one hundred (100) queries of malware. Customer may request additional queries, to be evaluated by FireEye on a case by case basis.
  3. User Content. “User Content” means any communications, images, sounds, and all the material and information that Customer or anyone using Customer’s account contributes to or through FIIP (e.g., comments to FIIP Content, suspected malware that Customer uploads to FIIP). Customer hereby grants FireEye a perpetual, irrevocable, worldwide, paid-up, non-exclusive, license, including the right to sublicense to third parties, and right to reproduce, fix, adapt, modify, translate, reformat, create derivative works from, publish, distribute, sell, license, transmit, publicly display, publicly perform, or provide access to electronically, broadcast, display, perform, and use and practice such User Content as well as all modified and derivative works thereof. Customer represents that Customer has all necessary rights to grant the license referenced in the preceding sentence. FireEye may use and disclose any of the information it collects about its customers’ use of FIIP, including the CTI platform, to the extent such information is de-identified.
  4. Restrictions. Customer may not access FIIP by any means other than through the interface that is provided or approved by FireEye. Customer will not collect any information from or through FIIP using any automated means, including without limitation any script, spider, “screen scraping,” or “database scraping” application, and Customer will not damage, disable, overburden, or impair FIIP or interfere with any other party’s use and enjoyment of FIIP.
  5. Customer acknowledges that some optional features and content appearing on FIIP may require payment of additional fees.

 

Back To Top



Subscription Schedule
FIREEYE EMAIL THREAT PREVENTION (ETP)
FIREEYE EMAIL SECURITY – CLOUD EDITION

In addition to the General Terms Applicable to all Offerings, which govern this Schedule, the following terms govern the Email Threat Prevention Subscription and the FireEye Email Security – Cloud Edition.

1.         Definitions.

“Email Subscription" means the scanning, filtering, and delivery of email by the FireEye Email Threat Prevention Subscription or the FireEye Email Security – Cloud Edition Subscription.

“Customer Data” means data and information originated by Customer that Customer submits to the Email Subscription.

“Customer Representatives” means any employee of Customer to whom Customer provides access to the Email Subscriptions (or any component thereof) for use on behalf of and for the benefit of the Customer and for Customer’s internal business purposes, subject to all the terms and conditions of this Agreement.

“Licensed Inboxes” means the number of email inboxes Customer may have at any time that are registered to the Email Subscription; which maximum number shall be based on the Subscription fees paid by Customer and identified on the relevant purchase order from Customer as approved and invoiced by FireEye. 

2.        Right of Access and Use.   During the Subscription Term, and subject to the terms of this Agreement, FireEye grants to Customer a non-exclusive right to permit those Customer Representatives authorized by Customer to access and use the Email Subscription on Customer's behalf in compliance with the terms of this Agreement and the Documentation for the Email Subscription.  Notwithstanding anything else herein, the number of email inboxes Customer may register to the Email Subscription may not exceed the number of Licensed Inboxes. For Customers who have purchased the Per-User version of the FireEye Email Security – Cloud Edition Subscription, the Email Subscription is licensed according to the number of Users in Customer’s environment. For purposes of this section, “Users” means any person for whom a Licensed Inbox is monitored by the Email Subscription. Customer may use the Email Subscription to monitor up to 1.5 Licensed Inboxes per User, averaged across all Users (“User Inbox Limit”). Exceeding the purchased Per-User Inbox Limit or the Licensed Inboxes purchased may result in degraded performance and/or additional fees.

3.        Restrictions.  Except as otherwise expressly permitted under this Agreement, Customer agrees that it shall not, nor shall it permit any third party to, (a) use the Email Subscription (or any portion thereof) in excess of or beyond the Subscription Term, the Licensed Inbox quantity, and/or other restrictions/limitations described in this Agreement; use the Email Subscription to store or transmit infringing, libelous, or otherwise unlawful or tortious material, or to store or transmit material in violation of third-party privacy or other rights; or (d) interfere with or disrupt the integrity or performance of the Email Subscription or third-party data contained therein. Unless Customer has purchased the AV/AS version of the Email Subscription, Customer shall route email through a commercially available secure email gateway for anti-spam scanning prior to relay through the FireEye network.  FireEye may, in its discretion, limit the volume of email traffic flowing through the Email Subscription to help avoid Service Outages (as defined below). No rights or licenses are granted other than as expressly and unambiguously set forth herein.

4.        Support Services.  Subject to Customer’s payment in full of all associated fees for FireEye Support Services, FireEye shall provide Support Services for the Email Subscription as set forth in The Support Schedule, as may be updated by FireEye in its discretion. Customers purchasing the FireEye Email Security – Cloud Edition will also be entitled to access the FireEye Helix portal (“Helix Portal”), where Customer can view alerts and other information. The Helix Portal may be used to monitor up to 250,000 alerts per day. Use in excess of this limit may result in degraded performance of the Helix Portal.

5.        Inbox Count Increases; Reporting; Invoice.  If the number of inboxes that Customer have registered to the Email Subscription (“Actual Inbox Count”) exceeds Customer’s then current Licensed Inbox count or if Customer wishes to increase the Licensed Inbox count, then Customer shall notify FireEye (or the applicable FireEye Partner) and submit an Order for the incremental Subscription Fees due, and upon receipt of such Order, the Licensed Inbox count shall be amended to reflect this change.  Upon written request, Customer will provide FireEye a report identifying (i) the Actual Inbox Count; and (ii) any other information reasonably requested by FireEye at the time as it relates to the use of the Email Subscription to determine compliance with the terms of this Agreement.  FireEye and/or its Authorized Resellers may invoice Customer if it learns of any shortfalls, i.e. that the Licensed Inbox Count is below the Actual Inbox Count.  The fees charged to Customer for increases in License Inbox counts will be based on the then-current Subscription Term pricing.

6.         Email Subscription Availability

6.1       FireEye shall undertake commercially reasonable efforts to ensure the Email Subscription is available (i.e., not experiencing a Service Outage) for 99.9% of the time during each calendar month.

6.1.1    “Service Outage” is a period of time, other than Excused Outage Time, where the Email Subscription is not processing and delivering email due to a failure or a disruption in the Email Subscriptions.

6.1.2    “Excused Outage Time” means a Service Outage that occurs (a) during a Scheduled Maintenance Period; (b) during Emergency Maintenance; (c) during a force majeure event; or (d) due to the act or omission of Customer.

6.1.3    “Scheduled Maintenance Period" is the period of up to six (6) hours, occurring between the hours of 6 p.m. Pacific time on Friday and midnight Pacific time on Sunday, during which scheduled maintenance of the Email Subscriptions may be performed. FireEye shall use commercially reasonable efforts to provide no less than 2 weeks’ notice of a Scheduled Maintenance Period to Customer.

6.1.4    "Emergency Maintenance" means any time outside of a Scheduled Maintenance Period that FireEye requires to apply critical patches or fixes or undertake other urgent maintenance. If Emergency Maintenance is required, FireEye will provide notice to Customer in advance, to the extent possible under the circumstances, or if advance notice is not possible, contemporaneously or as soon thereafter as possible, and provide the expected time frame of the Emergency Maintenance and availability of the Email Subscription during the Emergency Maintenance.

6.1.4    "System Availability" means the total number of minutes in any calendar month minus the number of minutes of Service Outages that occur during that calendar month.

6.2.      Remedy

6.2.1    If the Email Subscription does not meet the monthly service availability defined in 6.1, FireEye will provide a credit to the Customer in accordance to the table below (“Credit”) for a validated SLA Claim (defined below). The percent of System Availability per calendar month (in the table below) is equal to the result, expressed as a percentage, of the number of minutes of System Availability in a calendar month divided by the total number of minutes in the calendar month.

Percent of System Availability per Calendar Month

Service Credit

<99.9%

25%

<99.0%

50%

<98.0%

100%

6.2.2    For determining the Credit, the duration of a Service Outage will be measured as the time starting when the ETP Subscription stops functioning and ending when a successful solution or workaround allowing for the restoration of the ETP Subscription is provided by FireEye.  Customer must notify FireEye in writing of any Service Outage no later than fifteen (15) days after the date the Service Outage occurred (“SLA Claim”) to be entitled to a Credit for that Service Outage.

6.2.3    Any Credits earned by Customer hereunder will be applied to the Subscription Fees owed by Customer for the next Subscription Term for which the Credit applies. If Credits cannot be applied to future Subscription Fees because the Subscription Term has terminated for non-renewal or for a material uncured breach by Customer, such credits shall become null and void. If Credits cannot be applied to future Subscription Fees because the Subscription Term has terminated due to a material uncured breach by FireEye, FireEye will promptly pay Customer the amount of the Credit.

6.2.4    Customer shall not be entitled to receive a Credit that exceeds 100% of its prorated monthly Subscription Fee for a Service Outage for the applicable calendar month.

 

Back To Top


Subscription Schedule
FIREEYE HELIX

In addition to the General Terms Applicable to all Offerings, which govern this Schedule, the following terms govern the FireEye Helix Subscription.

1.  Helix Subscription. FireEye Helix is a Subscription that allows centralized, cloud-based portal access to functionality provided by several FireEye Products and Subscriptions. As part of the Helix Subscription, Customer will be provided access to the FireEye Helix portal (“Helix Portal”), where Customer can view alerts and other information. The Helix Subscription provides network monitoring via the FireEye the Cloud MVX Product, endpoint monitoring via the FireEye Cloud HX Product, monitoring of both FireEye and third-party products via the Threat Analytics Platform Subscription, and aggregation of alerts via the FireEye Cloud CMS Product. Customer may also view alerts from some other FireEye Products that Customer has separately purchased via the FireEye Helix Subscription, but not all FireEye Products and Subscriptions will be accessible through the Helix portal.

FireEye will provide the Customer with credentials allowing access to the Helix Portal on or about the effective date of the Order for the Helix Subscription. The Helix Subscription will provide: (a) if purchased, aggregate network traffic throughput through the Cloud MVX Product in the number of Mbps covered by the tier of Helix Subscription purchased; (b) if purchased, endpoint security via a cloud-hosted virtual instance of the FireEye HX endpoint Product, up to the number of Nodes that correspond with the tier of Helix Subscription purchased (“Nodes” means endpoint computing devices owned or controlled by Customer, such as laptops, workstations, and servers, on which Customer installs the FireEye HX endpoint agent software); (c) if purchased, analysis of Customer Logs (as defined below) via the FireEye Threat Analytics Platform (TAP), up to the number of events per second (EPS) that correspond with the tier of Helix Subscription purchased.  In some cases an Order for the FireEye Helix Subscription may note that the Subscription does not include one or more of the above features (such as when the Customer has already separately purchased one of these features).

2.   Helix Software, Alerts

2.1       As part of the Helix Subscription, FireEye may deliver to Customer one or more software files, including an endpoint “Agent” software, “Virtual NX” (Sensor) software and “Cloud Collector” software (individually and collectively, “Helix Software”). Subject to full payment of all fees associated with the Helix Subscription, FireEye grants to Customer a non-exclusive, limited right and license to install and run the Helix Software during the Helix Subscription Term solely for purposes of using and accessing the Helix Subscription in accordance with its Documentation. Customer may install the virtual NX sensor software, endpoint Agent Helix Software on the number of Nodes corresponding with the tier of Helix Subscription purchased.

2.2       Access; Customer Logs.  Using the Helix Software, and subject to payment of fees for the Helix Subscription, Customer may upload Customer Logs to the Helix Subscription. “Customer Logs” means any communications, logs and other content and information that Customer or anyone using Customer’s account contributes to or through the Helix Subscription using the Cloud Collector Helix Software. Customer grants to FireEye a perpetual, irrevocable, worldwide, paid-up, non-exclusive license and right to reproduce, modify, create derivative works from, publish, distribute, sell, sub-license, transmit, publicly display and provide access to Customer Logs, for purposes of enhancing FireEye’s products and services, so long as (i) FireEye ensures that any Customer Confidential Information is removed from Customer Logs, and (ii) FireEye’s use of Customer Logs does not in any way identify Customer or its employees or in any other way allow a third party to identify Customer as the source of the Customer Logs.  Customer Logs are Customer’s property, and other than the licenses granted in herein, FireEye does not obtain any ownership rights in Customer Logs.  As part of the Helix Subscription, FireEye will retain Customer Logs for a period of thirteen (13) months from the earlier of the date the Customer Log was received and the end of the Helix Subscription Term.

2.3       Alerts. The Helix Subscription will aggregate and display alerts from the various sources included within the Helix Subscription, and other FireEye products as applicable (each, a “Helix Alert”). Helix Alerts are FireEye Materials.  FireEye grants to Customer a limited, non-exclusive right to use Helix Alerts, and reproduce and distribute those Helix Alerts internally for Customer’s own business purposes.

3.  Event Volume; True-Up

3.1       Fees for the Helix Subscription are divided into “tiers” based on three metrics: (i) the volume of events processed per second (EPS or “Event Volume”); (ii) aggregate network throughput (“Network Throughput”); and (iii) number of Helix Software Agents installed (“Node Count”) (collectively “Tier Metrics”).  If at any point during the Subscription Term, Customer’s average Event Volume, Network Throughput, or Node Count, for any consecutive thirty-day period, exceeds the Tier upon which Customer’s Helix Subscription Fees were based, FireEye may issue a true-up invoice for the pro-rated difference between the fees already paid for that Subscription Term and FireEye’s list prices for the fees for the Tier associated with Customer’s actual Tier Metrics for that thirty-day period, pro-rated to reflect that thirty-day period and the remainder of the Subscription Term.  FireEye will apply any discounts that were applied to initial fees to FireEye’s list prices for any true-up invoice.  If at any point during the Subscription Term, Customer’s Event Volume exceeds the Tier upon which Customer’s Helix Subscription fees were based, FireEye will not guarantee that Customer Logs in excess of the purchased Tier will be ingested and processed by the Helix Subscription. In times of Event Volume in excess of the paid Tier, Customer Logs will enter a queue.  Excessive queueing may cause Customer Logs to be lost from the queue. Until such time that the true up invoice is paid in full, the Helix Subscription will continue to ingest and process only the Event Volume, Network Throughput, and Node Count of the purchased Tier. The Tier for any renewal Subscription Term will be the Tier associated with the actual Event Volume, Node Count and Network Throughput for the immediately preceding year of the Subscription Term.

3.2       At the end of the each Subscription Term, FireEye may true-up fees for that Subscription Term, and if the average monthly Event Volume, Node Count or Network Throughput for that Subscription Term exceeds the maximum Tier Metrics for the Tier for which Customer previously paid fees, then FireEye will issue a true-up invoice reflecting the difference between the fees already paid for that Subscription Term and the fees for the Tier associated with Customer’s  actual Tier Metrics.

4.         Helix Support.  Subject to Customer’s payment in full of all associated fees for FireEye Support Services, FireEye shall provide Support Services for the FireEye Helix Subscription as set forth in the Support Schedule, as may be updated by FireEye in its discretion.

5.         Customer Responsibilities. Customer will be responsible for (a) providing accurate information to FireEye for provisioning access to (and removal of) Customer personnel access to the Helix Portal; (b) implementing and adhering to strong password standards; (c) providing accurate information to FireEye for domain whitelisting; (d) reporting any security issues related to the Subscription (including the Helix Portal) to FireEye immediately; and (e) backing up, storing securely off the Helix cloud, applying Updates to the Cloud Collector, NX, Cloud CMS, Cloud HX/HXD and HX Agent Product components of the Helix Subscription.

6.         Helix Portal Availability

6.1       FireEye shall undertake commercially reasonable efforts to ensure the Helix Portal availability for 99.9% of the time during each calendar month.

6.1.1    “Service Outage” is where the Helix Portal is not available due to a failure or a disruption in Helix Portal that is not the result of Scheduled Maintenance, Emergency Maintenance, a force majeure event or of the act or omission of Customer.

6.1.2    “Scheduled Maintenance Period" is the period during which weekly scheduled maintenance of the Helix Portal may be performed, or a maintenance window otherwise mutually agreed upon by FireEye and Customer.

6.1.3    "Emergency Maintenance" means any time outside of Scheduled Maintenance that FireEye requires to apply critical patches or fixes or undertake other urgent maintenance. If Emergency Maintenance is required, FireEye will notify Customer, to the extent possible under the circumstances, and provide the expected time frame of the Emergency Maintenance and availability of the Helix Portal during the Emergency Maintenance.

6.1.4    "System Availability" means the number of minutes in any calendar month minus the aggregate number of minutes of all Service Outages that occur during that calendar month.

6.2.      Remedy

6.2.1    In the event that the Helix Portal does not meet the monthly service availability defined in 6.1, FireEye will provide a credit to the Customer in accordance to the table below (“Credit”) for a validated SLA Claim (defined below). The Percent of Helix Portal availability per calendar month (in the table below) is equal to the result, expressed as a percentage, of the number of minutes of System Availability in a calendar month divided by the total number of minutes in the calendar month.

Percent of Helix Portal Availability per Calendar Month

Service Credit

<99.9%

2%

<99.0%

5%

<98.0%

10%

6.2.2    For determining the Credit, the duration of a Service Outage will be measured as the time starting when Customer experiences unavailability of the Helix Portal and ending when a successful solution or workaround allowing for full restoration of the Helix Portal is provided by FireEye to Customer.  Customer must notify FireEye in writing of any Service Outage no later than fifteen (15) calendar? days after the date the Service Outage occurred (“SLA Claim”) to be entitled to a Credit for that Service Outage.

6.2.3    Any Credits earned by Customer hereunder will be applied to the Subscription Fees owed by Customer for the next Subscription Term for which the Credit applies. If Credits cannot be applied to future Subscription Fees because the Subscription Term has terminated for non-renewal or for a material uncured breach by Customer, such credits shall become null and void. If Credits cannot be applied to future Subscription Fees because the Subscription Term has terminated due to a material uncured breach by FireEye, FireEye will promptly pay Customer the amount of the Credit.

6.2.4    Customer shall not be entitled to receive a Credit that exceeds 10% of its prorated monthly Subscription Fee for a Service Outage for the applicable calendar month.

 

Back To Top


Subscription Schedule
FIREEYE ISIGHT INTELLIGENCE

In addition to the General Terms Applicable to all Offerings, which govern this Schedule, the following terms govern the FireEye iSIGHT Intelligence Subscription (“iSIGHT” or “iSIGHT Subscription”). FireEye will provide the iSIGHT Subscription purchased by the Customer, as shown on the Order.

1.        Definitions

1.1      “Access Method(s)” or “Access Methods” means, individually and collectively, the FireEye iSIGHT Intelligence Portal (“FIIP”), Application Programming Interface (“API”), Browser Plugin, iSIGHT App for Splunk, access keys, or any other method provided by FireEye for Customer to access the iSIGHT Subscription.

1.2      “Analysis Tools” means analysis tools which provide contextual information about domain names, IP addresses, and threats or which analyze uploaded files and provide a report related to the uploaded file.

1.3       “Analyst Access” means a request made by Customer to FireEye for additional research or information about a specific piece of Content, such as an Indicator.

1.4       “Application” is a software program the Customer creates that is designed to access the Content, which includes the features of the API but adds significant functionality beyond that provided by the API.

1.5       “Application Programming Interface” or “API” means the latest version of the iSIGHT Application Programming Interface software made generally available by FireEye.

1.6       “Browser Plugin” means the iSIGHT Browser Plugin which a Customer may install on Google Chrome and other supported browsers that allows the Customer to access and view the Content.

1.7       “Content” means the cyber threat intelligence data and any Reports, Indicators of Compromise, Threat Media Highlights, trends, events, information, documentation or functionality provided in connection with the relevant iSIGHT Subscription.

1.8       “Cyber crime Intelligence” means an iSIGHT Subscription that provides intelligence and technical analysis enabling Customer to provide improved responses to abuses of computer systems, cyber crime operations, and the targeting of victims’ money, goods, or services.

1.9       “Cyber Espionage Intelligence” means an iSIGHT Subscription that provides intelligence analysis concentrating on adversaries that target corporate and government entities to collect information for strategic advantage.

1.10     “End Users” means the Customer’s employees.

1.11     “Executive Intelligence” means an iSIGHT Subscription that provides organizational risks conveyed to decision makers for better informed security investment and strategy, and includes intelligence analysis on industries, regions, and threats targeting enterprise networks.

1.12    “Fusion Intelligence” means an iSIGHT Subscription that provides situational awareness through analysis into ongoing, past, and predictive threat activity, and includes all intelligence reporting from Cyber crime Intelligence, Cyber Espionage Intelligence, Operational Intelligence, as well as intelligence related to critical infrastructure and hacktivism.

1.13     “iSIGHT App for Splunk” means the application provided by FireEye, which a Customer may install on Splunk, that allows the Customer to access and view the Content in accordance with this Agreement. The iSIGHT App for Splunk includes the latest version of the iSIGHT App for Splunk software, its documentation and any html embedded code.

1.14     “iSIGHT Subscription(s)” or “iSIGHT Subscription” means the FireEye iSIGHT Intelligence Subscription(s) purchased by Customer as described on the applicable Order, including all Content, Access Methods, Analysis Tools and Threat Media Highlights available with the iSIGHT Subscription purchased.

1.15     “iSIGHT Intelligence Enablement” means the enablement services purchased by Customer, which supplement the iSIGHT Subscription(s), as described in Section 3 below.

1.16     “Operational Intelligence” means an iSIGHT Subscription that provides alert prioritization, enabled through access to FireEye’s full library of malware reports, actor overviews and indicator reporting.

1.17     “Threat Media Highlights” means a feature of an iSIGHT Subscription that provides delivery of a daily email that tracks current security stories, answers inbound questions from business executives and includes proactive analyses of important events to executives and board members by correlating highlights with iSIGHT Intelligence reports giving a detailed understanding of the security landscape.

1.18     “Vulnerability Intelligence” means an iSIGHT Subscription that provides intelligence on vulnerabilities in products and published software, which aids in prioritization decisions for patching and mitigation strategies, and includes threat intelligence analysis related to critical infrastructure.

2.         License; Access to iSIGHT Subscription and Content. 

2.1.      Grant of Limited License. During the Subscription Term, FireEye grants to Customer in accordance with the terms of this Agreement and iSIGHT Subscription(s) purchased, a limited, worldwide, revocable, non-exclusive, non-transferable, non-assignable, non-sublicensable royalty-free right and license to use the Access Methods to access Content for Customer’s internal use only. All Access Methods and Content is FireEye Material and FireEye Confidential Information as defined in the Agreement. Additional licenses for the Browser Plugin and the iSIGHT App for Splunk purchased through third parties (such as the Chrome WebStore and Splunk) will be valid through the Subscription Term. Customer will not interfere with, restrict or inhibit any other customer from using the Access Methods or Content or disrupt any services offered by FireEye through any medium.

2.2.      Limitations. The iSIGHT Subscription(s) can be used only by End Users who have a need to know within Customer’s organization, typically defined as a person or group that has a direct role in securing information system or networks. Use of the Access Methods and access to the iSIGHT Subscription(s) and the Content by Customer’s End Users is provided through access keys or login credentials. Access keys and login credentials may not be shared between End Users. Customer may not establish group accounts. FireEye reserves the right to discontinue offering particular Access Methods or to modify the Access Methods at any time in its sole discretion. FireEye reserves the right to limit the number and/or frequency of requests for Content made through the Access Methods in its sole discretion. Customer will not exceed any usage limits established by FireEye. In addition to any other rights under this Agreement, FireEye may utilize technical measures to prevent over-usage or to stop usage of any Access Methods or any Application after any usage limitations are exceeded.

2.3.      Customer Submissions. Customer agrees that certain information and data that will be provided by Customer to FireEye through the iSIGHT Subscription(s), such as malware submitted for analysis, is not owned by Customer. Such submissions may be used, aggregated, analyzed and shared by FireEye to enhance the products and services FireEye provides to its customers.

3.        iSIGHT Intelligence Enablement.

3.1.     All iSIGHT Subscriptions include the following:

  1. Platinum Support as set forth in the Support Schedule, as may be updated by FireEye in its discretion, for issues related to keys, FIIP provisioning and access, customer support portal provisioning and access, and API provisioning and access;
  2. Customer intelligence requirements collected and maintained by our Intelligence Requirements team;
  3. API technical integration advisement; and
  4. Intelligence report clarifications for information published in FIIP.

3.2      Subject to Customer’s payment in full of all associated fees, FireEye will provide iSIGHT Intelligence Enablement services per the purchased level described below.

3.2.1   Level Two - Intelligence Coordination. Customers purchasing Level Two - Intelligence Coordination will receive the following:

  1. A designated IAM, who will serve as Customer’s point of contact at FireEye related to the iSIGHT Subscription;
  2. Analyst Access requests as shown on the Order (the time needed to respond to an Analyst Access request will vary depending on the complexity or requirements within each customer request); and
  3. Delivery of a formal business review twice yearly, to be scheduled at mutually agreed upon times.

3.2.2   Level Three - Intelligence Optimization. Customers purchasing Level Three - Intelligence Optimization will receive the following, in addition to the items provided under Level Two as described above:

  1. Designated Intelligence Optimization Analyst (“IOA”) to manage all intelligence-related threat profile entitlements;
  2. One (1) quarterly custom threat intelligence report delivered by the IOA upon request;
  3. One (1) annual custom strategic workshop or custom threat intelligence briefing by the IOA upon request; and
  4. Monthly Analyst-to-Analyst calls delivered by the IOA, if requested, and to be scheduled at mutually agreed upon times.

 

Back To Top


Support Schedule
SUPPORT SERVICES APPLICABLE FOR CERTAIN FIREEYE OFFERINGS

In addition to the General Terms Applicable to all Offerings, which govern this Schedule the following terms will govern the Support Services provided with respect to FireEye Products, ETP Subscriptions, FireEye Helix Subscriptions, and TAP Subscriptions (“Supported Offerings”).

1.        Support Purchased Separately from the SUPPORTED OFFERINGS.  In the event Customer has purchased the Supported Offerings and pass-through Support Services from FireEye through a FireEye authorized reseller (a "Reseller"), Customer will be entitled to all the rights herein set forth related to the level of Support Service requested and paid for by it, provided Customer: (a) is the original purchaser of the Supported Offerings, (b) has provided true, accurate, current and complete information to FireEye included with its purchase; and (c) has maintained and updated this information to keep it true, accurate, current, and complete.

2.        SUPPORT SERVICES PROVIDED BY FIREEYE.

FireEye offers a range of programs for the support of its Supported Offerings as described below (“Support Programs”).  Customer shall be entitled to receive the Support Services specified on the applicable support invoice and described below to the extent that Customer has paid in full the applicable Fees for Support Services.

2.1      Software Maintenance Services – include each of the following:

Software Updates.  During the Support Term, FireEye shall provide Customer notification of bug fixes, maintenance patches and new releases which may contain minor enhancements to the features or functions of the Supported Offerings (“Updates”).  FireEye may designate a particular release of the Supported Offeringsas an Update at its sole discretion.  With respect to Products (which, for purposes of this Schedule only, includes any TAP Cloud Collector appliances), Customer may obtain Updates either through delivery of a machine-readable copy pursuant to instructions contained in the document notifying Customer of an available Update or by downloading the Update from FireEye’s server via the Internet.  FireEye reserves the right to impose additional charges for releases of Supported Offerings (i) that provide major enhancements to the features or functions of the Supported Offerings, as determined by FireEye at its sole discretion; or, (ii) that provide additional features or perform additional functions not provided or performed by the Supported Offerings. 

Software Error Corrections.  During the Support Term, FireEye shall use commercially reasonable efforts to correct any reproducible programming error in the software associated with the Supported Offeringsattributable to FireEye, employing a level of effort commensurate with the severity of the error, provided, however, that FireEye shall have no obligation to correct all errors in the Supported Offerings.  Upon identification of any programming error, Customer shall notify FireEye of such error in writing and shall provide FireEye with enough information to locate and reproduce the error.  FireEye shall not be responsible for correcting any errors not attributable to FireEye.  Errors attributable to FireEye shall be those that are reproducible by FireEye on unmodified Supported Offerings. If it is found that a particular error is fixed in the most current Supported Offerings release, then FireEye shall have no obligation to fix the error in any prior Supported Offerings release and Customer will need to upgrade to the current Supported Offering release in order to obtain the fix.

2.2      Support Programs

(a)  Platinum Support includes all of the services set forth above under Software Maintenance Service (section 2.1) and additionally:

  • Email, Live Chat, Web or Telephone Support.  During the Support Term, FireEye shall provide Customer technical email, live chat, web or telephone support for the Supported Offerings twenty-four (24) hours per day, 365 days a year.  FireEye’s support technician shall only be obligated to respond to Customer’s fifteen (15) designated contacts.
  • FireEye shall use commercially reasonable efforts to respond to the request for support as detailed in the Initial Response Times table found at https://www.fireeye.com/support/programs.html regarding use or installation of the Supported Offering that is communicated to FireEye via one of the mechanisms above to the attention of FireEye’s support engineers.
  • Product Replacement. During the term of this Agreement, Customer shall have the right to return to FireEye any defective Product subject to the limited warranty. Additionally, FireEye will fulfill the following Advance Replacement provisions below.
  • Advance Replacement.  Prior to any return as to which Advance Replacement applies, Customer shall verify that said Product is defective by logging a Support request via one of the mechanisms described above and in accordance with FireEye’s RMA procedures, including providing the part number, serial number, quantity and reason for return, an explanation of all failure symptoms and other relevant information. Upon confirmation by FireEye of a defect, Customer shall obtain from FireEye an RMA number.  FireEye shall ship via a recognized express courier service a replacement Product to Customer to arrive no later than next business day after FireEye’s issuance of an RMA number, provided the RMA number was issued prior to the business day cutoff time local to the defective Product, provided the replacement does not require any custom pre-configuration, and provided no external-to-FireEye circumstances prevent the delivery.  The replacement Product may be a new or reconditioned Product (of equivalent or better quality) at FireEye’s sole discretion.  FireEye shall pay the shipping costs to ship the replacement Product to Customer, but Customer shall bear any and all risk of loss of or damage to said Product at all times after said Product is made available by FireEye to the common carrier.  The support service will transfer from the defective Product to the replacement Product. Within five (5) business days after Customer receives the replacement Product from FireEye, Customer shall package said defective Product in its original packing material or equivalent, write the RMA number on the outside of the package and return said defective Product, at FireEye’s cost provided Customer utilizes FireEye’s designated courier service and properly packages the defective Product according to FireEye’s instructions, shipped properly insured, FOB FireEye’s designated facility (except that FireEye shall pay for shipping). Customer shall enclose with the returned Product the applicable RMA form, and any other documentation or information requested by FireEye customer support.  Customer shall assume any and all risk of loss of or damage to such Product during shipping.  Title to the defective Product shall pass to FireEye upon FireEye’s receipt thereof.  When a replacement Product is provided and Customer fails to return the defective Product to FireEye within ten (10) business days after Customer receives the replacement Product from FireEye, FireEye may charge Customer, and Customer shall pay for the replacement Product at the then-current list price.
  •  

(b)  Platinum Priority Plus Support iincludes all of the services set forth above under Platinum Support [section 2.2(a)] and additionally:

  • Access to Support. Customer will be provided with direct priority access to Level 2 Advanced Support Engineering who shall respond to Customer’s unlimited number of designated contacts. A Designated Support Engineer (DSE) point of contact, who is available during Customer’s business hours (for single Customer site if Product(s) installed at multiple Customer sites), will be made available to be the focal point of contact within FireEye, to project manage Customer’s technical issues.
  • Onsite Support. Onsite visits for problem assistance at DSE’s sole discretion.
  • Reporting. FireEye will supply Customer with monthly reports detailing technical support provided during the previous month. Quarterly business reviews will also be conducted.

(c)  Government Support, if available, includes all of the services set forth above under Platinum Support [section 2.2(a)] and additionally:

  • Email, Live Chat, Web or Telephone Support.  For the specified country, access to citizens of that country for the fulfillment of Level 1, 2 and 3 technical support requests.

(d)  Government Priority Plus Support includes all of the services set forth above under Government Support [section 2.2(c)] and additionally:

  • Access to Support. Customer will be provided with direct priority access to Level 2 Advanced Engineering support who are citizens of that country and shall respond to Customer’s unlimited number of designated contacts. A Designated Support Engineer (DSE) point of contact who is a citizen of that country and available during Customer’s business hours (for single Customer site if Product(s) installed at multiple Customer sites), will be made available to be the focal point of contact within FireEye, to project manage Customer’s technical issues.
  • Onsite Support. Onsite visits for problem assistance at DSE’s sole discretion.
  • Reporting. FireEye will supply Customer with monthly reports detailing technical support provided during the previous month. Quarterly business reviews will also be scheduled.

(e)   Special Services.  FireEye agrees to use commercially reasonable efforts to respond to any requests by Customer for support services not specifically provided for above.  Customer acknowledges that all such services provided by FireEye shall be at FireEye's discretion and then-current fees and policies.

3.        CUSTOMER RESPONSIBILITIES.

3.1      Requesting Support Services. When requesting Support Services from FireEye under this Agreement, Customer should have the following information available to provide to FireEye, if requested:  (i) detailed problem description, including operating system (“OS”) version, Product model and serial number(s), of the affected Supported Offering, and a detailed description of the troubleshooting that has already been done to try to resolve the problem; (ii) detailed system log files; (iii) configuration and login details to allow FireEye access as needed to the Products via the Internet for the purpose of providing support services and permissions needed in order for FireEye to conduct such remote access; (iv) a detailed description of changes to the environment; and (v) Customer’s unique ID, Account ID, or other unique customer identifier as assigned to Customer by FireEye.  Customer acknowledges and agrees that failure to have any or all information or access available as needed by FireEye in order to provide the Support Services may result in delays in FireEye’s response, may hinder FireEye’s ability to perform the Support Services and/or may cause incorrect Support Program fulfillment. FireEye will not be responsible for any such delays and inability to perform due to causes not due to FireEye.

3.2       Customer AssistanceCustomer agrees to:  (i) ensure that their site complies with any and all applicable FireEye published system environmental specifications; (ii) follow FireEye’s procedures when requesting Support Services; (iii) provide FireEye reasonable access to all necessary personnel to answer questions or resolve problems reported by Customer regarding the Supported Offerings; (iv) promptly implement all Updates and error corrections provided by FireEye under this Agreement; (v) maintain FireEye supported versions of required third party software, if any; and (v) notify FireEye promptly of any relocation of the Products from the location to which the Products were originally shipped. Customer agrees to use reasonable efforts to resolve internally any support questions prior to requesting Support Services pursuant to this Agreement.  During the Support Term, FireEye, which information may include personal information such as email addresses, may obtain information regarding Customer’s use of the Supported Offerings and communications with FireEye and Customer agrees that, as a condition to FireEye’s provision of Support Services, FireEye may use statistical data generated regarding Customer’s use of the Supported Offerings and communications with FireEye so long as the source or content of such communications and any personal data collected is not being disclosed to third parties.

3.3      Contact People. Customer shall appoint the specified number of individuals (depending upon the Support Program purchased) within Customer's organization to serve as contacts between Customer and FireEye and to receive support through FireEye's telephone support center.  Customer’s contacts shall have been adequately trained on the Products and shall have sufficient technical expertise, training and experience.  All of Customer's support inquiries shall be initiated through these contacts.

4.     EXCLUSIONS.  Notwithstanding anything else contained in this Agreement to the contrary, FireEye shall have no obligation or responsibility to provide any Support Services relating to problems arising out of or related to (i) Customer's failure to implement all Updates to the Supported Offeringswhich are made available to Customer under this Agreement; (ii) the failure to provide a suitable installation environment; (iii) any alteration, modification, enhancement or addition to the Products performed by parties other than FireEye; (iv) use of the Supported Offeringsin a manner, or for a purpose, for which they were not designed; (v) accident, abuse, neglect, unauthorized repair, inadequate maintenance or misuse of the Products; or relocation of the Products (including without limitation damage caused by use of other than FireEye shipping containers), (vi) operation of the Products outside of environmental specifications; (vii) interconnection of the Supported Offerings with other products not supplied by FireEye; (viii) use of the Supported Offerings on any systems other than the specified hardware platform for such Supported Offerings; or (ix) introduction of data into any database used by the Supported Offerings by any means other than the use of the software associated with the Supported Offerings.  Notwithstanding anything else contained in this Agreement to the contrary, FireEye will support all generally available ("GA") versions of the FireEye OS, for a minimum of one (1) year from GA release date, regardless of the number of supported OS GA versions.  FireEye will also support the two (2) most current OS GA versions, regardless of the elapsed time from GA release date.  If available, and at FireEye’s sole discretion, support for any other OS versions or for other problems not covered under this Agreement may be obtained at FireEye's then-current fees and policies for such services. FireEye’s complete end of life policy can be found on the supported products web page.

5.        Lapsed Support and Upgraded Support.

5.1      Lapsed Support.  After any lapse of Support Services, the parties subsequently may elect to reinstate such Support Services for Supported Offerings for which the Support Services lapsed pursuant to the terms and conditions set forth in this Agreement; provided, however, that (i) Customer agrees to pay for the period of time that has lapsed as well as any renewal term, and (ii) with respect to Products, such Products must be in good working condition, as solely determined by FireEye or its designee.

5.2      Support Program Upgrade. At any time during the Term, Customer may upgrade to FireEye's next level of Support Services by (i) notifying FireEye of Customer's desire to upgrade; (ii) acknowledging in writing the then-current terms and conditions for the relevant Support Services; and (iii) paying FireEye the additional Support Fee owed in connection with such upgraded Support Services.

 

Back To Top