Legal Terms & Conditions

Last update August 4, 2020


GENERAL TERMS APPLICABLE TO ALL OFFERINGS

SCHEDULES

FireEye Solutions

 Mandiant Solutions

 

These terms and conditions (the “Agreement”) govern the purchase and use of FireEye Offerings by the Customer listed on the Order or Statement of Work that incorporates this Agreement.

Structure and Order of Precedence. The General Terms Applicable to all FireEye Offerings (“General Terms”) provide the terms under which the Customer may use FireEye’s various Offerings. The specific rights for the Customer to use and receive Products, Support Services or Subscriptions or otherwise engage with specific FireEye Offerings are set forth in the applicable ”Schedule."  In the event of conflict between any of the General Terms and a Schedule, the Schedule will govern.

If you have arrived at this page via a link provided during the process of installing your FireEye Product, you acknowledge that by proceeding with the installation of that Product, you agree to be bound by this Agreement as it applies to Products. If this Agreement is considered an offer, acceptance Is expressly limited to the terms of this Agreement. If you do not unconditionally agree to the foregoing, discontinue the installation process. If you proceed with installation, you are representing and warranting that you are authorized to bind the Customer.


General Terms Applicable to all FireEye Offerings

1.        DEFINITIONS.

1.1     
“Content Feed” means all intelligence and content feeds associated with Products and Subscriptions, which may consist of inbound and outbound feeds that are part of FireEye’s Dynamic Threat Intelligence (DTI) Cloud, downloads of Indicators for use with Products and Subscriptions, and/or intelligence provided as part of Advanced Threat Intelligence (ATI).

1.2      “Deliverables” means the written reports that are created specifically for Customer as a result of the Professional Services provided hereunder.

1.3      “Documentation” means the user manuals generally provided in writing by FireEye to end users of the Products and Subscriptions in electronic format, as amended from time to time by FireEye.

1.4      “FireEye” means (i) FireEye, Inc., a Delaware corporation with its principal place of business at 601 McCarthy Blvd., Milpitas, CA, 95035 with respect to Offerings  that are shipped to, deployed or rendered inside of North America (including the United States, Mexico, Canada and the Caribbean), Central America and South America (collectively, the “Americas”); or (ii) with respect to all Offerings that are shipped to, deployed or rendered outside of the Americas, FireEye Ireland Limited, a company incorporated under the laws of Ireland with principal place of business at 2 Park Place, City Gate Park, Mahon, Cork, Ireland. FireEye includes the operating divisions “Mandiant,” and references to “Mandiant in this Agreement, any Order, or any Statement of Work will be deemed references to the applicable FireEye entity as described in this Section 1.4.

1.5      "FireEye Materials" means all FireEye proprietary materials, Deliverables, intellectual property related to Products or Subscriptions, (such as all rights in any software incorporated into a Product or Subscription, copyrights, and patent, trade secret and trademark rights related to Products, and screens associated with Products or Subscriptions), Documentation, any hardware and/or software used by FireEye in performing Services or providing Subscriptions, Content Feeds, FireEye’s processes and methods (including any forensic investigation processes and methods), Indicators of Compromise, materials distributed by FireEye during Training, and any FireEye templates and/or forms, including report and presentation templates and forms.  FireEye Materials does not include Third Party Materials.

1.6       "Indicators of Compromise" or "Indicators" means specifications of anomalies, configurations, or other conditions that FireEye can identify within an information technology infrastructure, used by FireEye in performing Professional Services and providing Subscriptions.

1.7       “Intellectual Property Rights” means copyrights (including, without limitation, the exclusive right to use, reproduce, modify, distribute, publicly display and publicly perform the copyrighted work), trademark rights (including, without limitation, trade names, trademarks, service marks, and trade dress), patent rights (including, without limitation, the exclusive right to make, use and sell), trade secrets, moral rights, right of publicity, authors’ rights, contract and licensing rights, goodwill and all other intellectual property rights as may exist now and/or hereafter come into existence and all renewals and extensions thereof, regardless of whether such rights arise under the law of the United States or any other state, country or jurisdiction.

1.8       “Offerings” means, collectively, Products, Subscriptions, Training, Professional Services and Support Services.

1.9       “Order” means a written purchase order or similar ordering document, signed or submitted to FireEye by Customer and approved by FireEye, under which Customer agrees to purchase Offerings.

1.10     “Products” means the FireEye software and hardware appliances (which may include embedded software or firmware components) as described in the Product Schedule to this Agreement.

1.11     “Professional Services” means, collectively, those security consulting services provided by FireEye under a Statement of Work and/or set forth on an Order, which may consist of Product-related services such as deployment, configuration or installation services; proactive security consulting such as penetration testing, vulnerability assessments or compromise assessments; or incident response or other remediative services.

1.12     "Service" or "Services" means the Professional Services, Support Services and Training.

1.13     "Statement of Work" or “SOW” means a mutually agreed-upon document between FireEye and Customer, describing Professional Services, rates and timelines (if applicable) for those Professional Services, and incorporating this Agreement.

1.14     “Subscription” means a service provided by FireEye for a fixed term, under which FireEye provides access to certain features, functionality, and/or information, as described in the applicable Schedule for each Subscription attached to this Agreement.

1.15     “Support Services” means the Product and Subscription support and maintenance services provided by FireEye with respect to each Product and Subscription, as described in the applicable Schedule for each Product or Subscription.

1.16     “Third Party Materials” means software or other components that are licensed to FireEye by third parties for use in FireEye’s Offerings.

1.17     “Training” means training in the use of Products or Subscriptions, or on security-related topics in general, provided by FireEye.

2.        ORDERS AND STATEMENTS OF WORK.

2.1.      Orders.  Customer may purchase Offerings by submitting an Order.  If accepted by FireEye, the “Order Effective Date” will be the date of the Order.  All Orders will be governed by this Agreement. For clarity, FireEye will not be obligated to ship any Product, or provide any Services, Training or Subscriptions until Customer has issued a valid Order for those Offerings. Orders for Offerings will be invoiced by the relevant FireEye entity as described in Section 1.4 above, regardless of the entity that issued the quote or the entity to whom an Order is addressed. 

2.2.      Statements of Work.  Each Statement of Work will incorporate and be governed by this Agreement.  The “Statement of Work Effective Date” will be the date both Customer and FireEye have agreed to the Statement of Work, either by executing the Statement of Work or by issuing and accepting an Order for the Professional Services described on the Statement of Work.  For clarity, FireEye will not be obligated to perform any Professional Services until a SOW describing those Professional Services has been agreed by both parties or an Order listing those Professional Services has been accepted by FireEye. 

3.        FEES AND PAYMENT.

3.1      Fees and Expenses. Customer agrees to purchase the Offerings for the prices set forth in each Order and/or Statement of Work, as applicable (“Fees”).  If Customer purchases through a FireEye partner (such as an authorized reseller or distributor, collectively, “FireEye Partners”), all fees and other procurement and delivery terms shall be agreed between Customer and the applicable partner. Customer shall reimburse FireEye for all expenses incurred so long as such expenses are directly attributable to the Services or Subscriptions performed for or provided to Customer.  FireEye will provide appropriate vouching documentation for all expenses exceeding $25. 

3.2      Payment. If Customer purchases directly from FireEye, Customer will make full payment in the currency specified in FireEye’s invoice, without set-off and in immediately available funds, within thirty (30) days of the date of each invoice.  All Fees are non-cancelable and non-refundable.  All Fees described on an Order and in a Statement of Work will be fully invoiced in advance, unless otherwise agreed by FireEye.  Any partial shipments delivered by FireEye may be invoiced or delivered individually. If any payment is more than fifteen (15) days late, FireEye may, without limiting any remedies available to FireEye, terminate the applicable Order or Statement of Work or suspend performance until payment is made current, and all payments then due will accelerate and become immediately due and payable. Customer will pay interest on all delinquent amounts at the lesser of 1.5% per month or the maximum rate permitted by applicable law. 

3.3      Taxes. All Fees are exclusive of all present and future sales, use, excise, value added, goods and services, withholding and other taxes, and all customs duties and tariffs now or hereafter claimed or imposed by any governmental authority upon the Offerings which shall be invoiced to and paid by the Customer.  If Customer is required by law to make any deduction or withholding on any payments due to FireEye, Customer will notify FireEye and will pay FireEye any additional amounts necessary to ensure that the net amount FireEye receives, after any deduction or withholding, equals the amount FireEye would have received if no deduction or withholding had been required.  Additionally, Customer will provide to FireEye evidence, to the reasonable satisfaction of FireEye, showing that the withheld or deducted amounts have been paid to the relevant governmental authority.  For purposes of calculating sales and similar taxes, FireEye will use the address set forth on the Order or Statement of Work, as applicable, as the jurisdiction to which Offerings and shipments are delivered unless Customer has otherwise notified FireEye in writing as of the Order Effective Date or Statement of Work Effective Date, as applicable. Customer will provide tax exemption certificates or direct-pay letters to FireEye on or before the Order Effective Date or Statement of Work Effective Date, as applicable.

3.4      Increases. FireEye reserves the right to increase Fees at any time, although increases in Fees for Subscriptions or Support Services will not go into effect until the next Renewal Subscription Term or Renewal Support Term, as applicable.

4.        TITLE AND RISK OF LOSS; INSPECTION.  All hardware, including hardware components of Products and any hardware provided for use with Subscriptions, is shipped FOB Origin from FireEye’s designated manufacturing facility or point of origin, and title to such hardware and the risk of loss of or damage to the hardware shall pass to Customer at time of FireEye’s delivery of such hardware to the carrier.  FireEye is authorized to designate a carrier pursuant to FireEye’s standard shipping practices unless otherwise specified in writing by Customer.  Customer must provide written notice to FireEye within five (5) days of delivery of the Products of any non-conformity with the Order, e.g., delivery of the wrong Product or incorrect quantities.

5.        TERMS APPLICABLE TO SPECIFIC OFFERINGS.  Products, Support and Subscriptions are governed by these General Terms and the applicable Schedule for each Offering. Evaluations, Training, and Professional Services are governed by these General Terms, including the applicable sections below.  

5.1.     Evaluations, Free Offerings, Preview Features, Beta Features.  If Customer receives a Product or Subscription for evaluation purposes (“Evaluation Offerings”) then Customer may use the Evaluation Offerings for its own internal evaluation purposes for a period of up to thirty (30) days from the date of receipt of the Evaluation Offerings (the “Evaluation Period”). Customer and FireEye may, upon mutual written agreement (including via email), extend the Evaluation Period. If the Evaluation Offering includes hardware components, Customer will return the hardware within ten (10) days of the end of the Evaluation Period, and if Customer does not return the hardware within this period, Customer shall be invoiced for the then-current list price for the applicable Evaluation Offering. Customer acknowledges that title to hardware components of Evaluation Offerings remains with FireEye at all times, and that Evaluation Offerings may be used and/or refurbished units. Customer must delete all software and other components (including Documentation) related to the Evaluation Offering at the end of the Evaluation Period, and confirm those deletions in writing to FireEye, or Customer will be invoiced for the then-current list price for the Evaluation Offering.  If the Evaluation Offering is a Subscription, Customer understands that FireEye may disable access to the Subscription automatically at the end of the Evaluation Period, without notice to Customer. Free offerings, preview features and beta features or products may be provided with respect to an existing Offering or on a stand-alone basis, for a limited time, at no additional charge but then licensed for an additional fee at a later date. All such free, preview and beta features or products are considered “Unpaid Offerings,”, and FireEye may discontinue providing such Unpaid Offerings at any time. EVALUATION OFFERINGS AND UNPAID OFFERINGS ARE PROVIDED “AS IS”, AND TO THE EXTENT PERMITTED BY APPLICABLE LAW, FIREEYE DISCLAIMS ALL WARRANTIES RELATING TO THE EVALUATION OFFERINGS AND FREE OFFERINGS, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTIES AGAINST INFRINGEMENT OF THIRD PARTY RIGHTS, MERCHANTABILITY, ACCURACY, AND FITNESS FOR A PARTICULAR PURPOSE.

5.2.   Training.  Training delivery dates and location for such Training will be mutually agreed upon by the parties. If an Order does not specify such dates and/or locations, then the parties will mutually agree upon the dates and locations for Training. Customer must request rescheduling of private Training no less than two (2) weeks in advance of the scheduled start date, and any such rescheduled training must be held within one (1) year of the date of the Order on which the original Training was included. FireEye will use reasonable efforts to reschedule the Training, subject to availability, and Customer will pay any expenses associated with the rescheduling, including any expenses associated with cancelling or changing travel plans.  If Customer cancels attendance at a public Training class, Customer must notify FireEye no later than two (2) weeks before the date of the public Training class. If Customer timely notifies FireEye of the cancellation, FireEye will issue Customer a credit for the amount paid for that public Training class, which Customer may apply toward another public Training class of the same duration held within one (1) year of the date of the Order on which the cancelled Training class was included. Customer may substitute a named attendee at a public Training class, but Customer will notify FireEye in advance of any such substitution. FireEye reserves the right to refuse admittance to public Training classes to any person, for any reason, and if FireEye refuses admittance, FireEye will refund the amount paid for that person’s attendance at the public Training class. FireEye does not refund or credit Fees paid for attendees who do not attend Training or who leave before Training concludes. FireEye reserves the right to cancel public Training classes for any reason. Training may not be recorded. All Training must be scheduled and conducted within one (1) year of the date of the applicable Order for that Training.

5.3.      Professional Services.

5.3.1.   Deliverables. Subject to Customer’s timely payment of applicable fees, and subject to the Agreement and each applicable SOW, Customer shall have a perpetual, non-exclusive, nontransferable, right and license to use, display and reproduce the Deliverables for its internal business purposes. Deliverables may not be shared with any third party other than law enforcement agencies. In no event may Deliverables be used for sales or marketing activities.  

5.3.2.   Customer-Owned Property. Customer is and will remain, at all times, the sole and exclusive owner of the Customer-Owned Property (including, without limitation, any modification, compilation, derivative work of, and all intellectual property and proprietary rights contained in or pertaining thereto).  FireEye will return or destroy all Customer-Owned Property upon the termination or expiration of the applicable SOW or Order. “Customer-Owned Property” means any technology, software, algorithms, formulas, techniques or know-how and other tangible and intangible items that were owned by Customer, or developed by or for Customer prior to the SOW Effective Date that are provided by Customer to FireEye for incorporation into or used in connection with the development of the Deliverables or performance of Professional Services.

5.3.3.   Customer Responsibilities. If the Services require the installation and use of FireEye equipment or software, Customer will facilitate the installation and shall provide physical space, electrical power, Internet connectivity and physical access as reasonably determined and communicated by FireEye.

5.3.4.   Litigation Expenses. If FireEye is required by applicable law, legal process or government action to produce information, documents or personnel as witnesses with respect to the Professional Services or this Agreement, such as by responding to one or more subpoenas, Customer shall reimburse FireEye for any time and expenses (including without limitation reasonable external and internal legal costs) incurred to respond to the request, unless FireEye is itself a party to the proceeding or the subject of the investigation.

6.        INTELLECTUAL PROPERTY

6.1.     Ownership of FireEye Materials; Restrictions.  All Intellectual Property Rights in FireEye Materials, Products, Deliverables, Documentation, and Subscriptions belong exclusively to FireEye and its licensors. Customer will not (and will not allow any third party to): (i) disassemble,  decompile,  reverse  compile,  reverse engineer or attempt to discover any source code or underlying ideas or algorithms of any FireEye Materials (except to the limited extent that applicable law prohibits reverse engineering restrictions); (ii) sell,  resell,  distribute, sublicense or otherwise transfer, the  FireEye Materials, or  make the functionality of the FireEye Materials available to any other party through any means (unless otherwise FireEye has provided prior written consent),  (iii) without the express prior written consent of FireEye, conduct any benchmarking or comparative study or analysis involving the FireEye Materials (“Benchmarking”) for any reason or purpose except, to the limited extent absolutely necessary, to determine the suitability of Products or Subscriptions to interoperate with  Customer’s internal computer systems; (iv) disclose or publish to any third party any Benchmarking or any other information related thereto; (v) use the FireEye Materials or any Benchmarking in connection with the development of products, services or subscriptions that compete with the FireEye Materials; or (vi) reproduce, alter,  modify or create derivatives of the FireEye Materials. Between Customer and FireEye, FireEye shall retain all rights and title in and to any Indicators of Compromise FireEye developed by or for FireEye in the course of providing Subscriptions or performing Services. FireEye may audit Customer’s use of Offerings to ensure compliance with the terms of this Agreement.

6.2.     Third Party Materials.  Customer acknowledges that Products and Subscriptions may include Third Party Materials.  FireEye represents that these Third Party Materials will not diminish the license rights provided herein or limit Customer’s ability to use the Products and Subscriptions in accordance with the applicable Documentation, and neither the inclusion of Third Party Materials in any Product or Subscription or use of Third Party Materials in performance of Services will create any obligation on the part of Customer to license Customer’s software or products under any open source or similar license.

6.3.     Aggregated Data. Customer grants FireEye a non-exclusive, perpetual, irrevocable, fully-paid-up, royalty free license to use data derived from use of the Offerings (the “Aggregated Data”) for FireEye’s business purposes, including the provision of Offerings to FireEye’s other customers; provided the Aggregated Data is combined with similar data from other customers and not identifiable to Customer. The Aggregated Data will not be considered Customer Confidential Information.

7.        WARRANTIES.

7.1.     Product Warranty.  FireEye warrants to Customer that during the one (1) year period following the shipment of the Products, the Products will perform substantially in accordance with the applicable Documentation. The warranty stated in this Section 7.1 shall not apply if the Product has: (i) been subjected to abuse, misuse, neglect, negligence, accident, improper testing, improper installation, improper storage, improper handling or use contrary to any instructions issued by FireEye; (ii) been repaired or altered by persons other than FireEye; (iii) not been installed, operated, repaired and maintained in accordance with the Documentation; or (iv) been used with any third party software or hardware which has not been previously approved in writing by FireEye.  If during the one-year Product warranty period: (a) FireEye is notified promptly in writing upon discovery of any error in a Product, including a detailed description of such alleged error; (b) such Product is returned, transportation charges prepaid, to FireEye’s designated manufacturing facility in accordance with FireEye’s then-current return procedures, as set forth by FireEye from time to time; and (c) FireEye’s inspections and tests determine that the Product contains errors and has not been subjected to any of the conditions set forth in 7.1(i)-(iv) above, then, as Customer’s sole remedy and FireEye’s sole obligation under the foregoing warranty, FireEye shall, at FireEye’s option, repair or replace without charge such Product.  Any Product that has either been repaired or replaced under this warranty shall have warranty coverage for the remaining warranty period.  Replacement parts used in the repair of a Product may be new or equivalent to new.

7.2.     Services Warranty.  FireEye warrants to Customer that Services will be performed in a professional manner in accordance with industry standards for like services.  If Customer believes the warranty stated in this Section has been breached, Customer must notify FireEye of the breach no later than thirty (30) days following the date the Services were performed, and FireEye will promptly correct or re-perform the Services, at FireEye’s expense.

7.3.     Subscription Warranty.  FireEye warrants to Customer the Subscriptions will be provided in a professional manner in accordance with industry standards for similar subscriptions.  If Customer believes the warranty stated in this Section has been breached, Customer must notify FireEye of the breach no later than thirty (30) days following the date the warranty was allegedly breached, and FireEye will promptly correct the non-conformity, at FireEye’s expense.

7.4.     Remedies Exclusive.  Except for any Service Level Credits described in applicable Schedules, the remedies stated in Sections 7.1-7.3 above are the sole remedies, and FireEye’s sole obligation, with respect to Products, Subscriptions and Services that fail to comply with the foregoing warranties.   

7.5.     Disclaimer of Warranties.  EXCEPT FOR THE EXPRESS WARRANTIES SET FORTH HEREIN, ALL PRODUCTS, SUBSCRIPTIONS, FIREEYE MATERIALS, DELIVERABLES AND SERVICES ARE PROVIDED ON AN “AS IS” BASIS WITHOUT ANY WARRANTY WHATSOEVER.  FIREEYE AND ITS SUPPLIERS EXPRESSLY DISCLAIM, TO THE MAXIMUM EXTENT PERMISSIBLE UNDER APPLICABLE LAW, ALL WARRANTIES, EXPRESS, IMPLIED AND STATUTORY, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, NONINFRINGEMENT, OR ARISING FROM COURSE OF PERFORMANCE, DEALING, USAGE OR TRADE.  FIREEYE ALSO MAKES NO WARRANTY REGARDING NONINTERRUPTION OF USE OR FREEDOM FROM BUGS, AND MAKES NO WARRANTY THAT PRODUCTS, FIREEYE MATERIALS, DELIVERABLES, SERVICES OR SUBSCRIPTIONS WILL BE ERROR-FREE.

8.        INFRINGEMENT INDEMNITY.

8.1.     Indemnity. FireEye shall defend Customer, and its officers, directors and employees, against any third party action alleging that the FireEye Materials infringes a valid U.S. patent or copyright issued as of the date of delivery or performance, as applicable, and FireEye shall pay all settlements entered into, and all final judgments and costs (including reasonable attorneys’ fees) finally awarded against such party in connection with such action.  If the FireEye Materials, or parts thereof, become, or in FireEye’s opinion may become, the subject of an infringement claim, FireEye may, at its option: (i) procure for Customer the right to continue using the applicable FireEye Materials; (ii) modify or replace such FireEye Materials with a substantially equivalent non-infringing FireEye Materials; or (iii) require the return of such FireEye Materials or cease providing affected Product, Subscriptions, Deliverables or Services, and refund to Customer, with respect to Products, a pro-rata portion of the purchase price of such Products based on a three-year straight line amortization of the purchase price, and with respect to Subscriptions, a portion of any pre-paid Fees for such Subscriptions, pro rated for any unused Subscription Term, and with respect to Services, any pre-paid Fees for Services that have not been delivered. THIS SECTION 8.1 STATES THE ENTIRE LIABILITY OF FIREEYE AND CUSTOMER’S SOLE REMEDY WITH RESPECT TO ANY INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS BY THE OFFERINGS, FIREEYE MATERIALS, OR DELIVERABLES.

8.2.     Exceptions. FireEye shall have no indemnification obligations with respect to any action arising out of: (i) the use of any Product, Subscription, Deliverable, or Service, or any part thereof, in combination with software or other products not supplied by FireEye; (ii) any modification of the Products, Subscriptions, Deliverables, or Services not performed or expressly authorized by FireEye; or (iii) the use of any the Products, Subscriptions, Deliverables, or Services other than in accordance with this Agreement and applicable Documentation.

8.3.     Indemnification Process. The indemnification obligations shall be subject to Customer: (i) notifying FireEye within ten (10) days of receiving notice of any threat or claim in writing of such action; (ii) giving FireEye exclusive control and authority over the defense or settlement of such action; (iii) not entering into any settlement or compromise of any such action without FireEye’s prior written consent; and (iv) providing reasonable assistance requested by FireEye.

9.        LIMITATION OF LIABILITY.

9.1.     Consequential Damages Waiver.  EXCEPT FOR LIABILITY ARISING UNDER THE INDEMNIFICATION OBLIGATIONS SET FORTH IN SECTION 8 (INFRINGEMENT INDEMNITY),  IN NO EVENT WILL FIREEYE BE LIABLE FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES OF ANY KIND, INCLUDING BUT NOT LIMITED TO ANY LOST PROFITS AND LOST SAVINGS, HOWEVER CAUSED, WHETHER FOR BREACH OR REPUDIATION OF CONTRACT, TORT, BREACH OF WARRANTY, NEGLIGENCE, OR OTHERWISE, WHETHER OR NOT FIREEYE WAS ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGES.

9.2.     Limitation of Monetary Damages.  EXCEPT FOR LIABILITY ARISING UNDER THE INDEMNIFICATION OBLIGATIONS SET FORTH IN SECTION 8 (INFRINGEMENT INDEMNITY), AND NOTWITHSTANDING ANY OTHER PROVISIONS OF THIS AGREEMENT OR ANY ORDER OR STATEMENT OF WORK, FIREEYE’S TOTAL LIABILITY ARISING OUT OF THIS AGREEMENT, THE OFFERINGS, THE FIREEYE MATERIALS AND DELIVERABLES SHALL BE LIMITED TO THE TOTAL AMOUNTS RECEIVED BY FIREEYE FOR THE RELEVANT OFFERINGS DURING THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE FIRST OCCURRENCE OF THE EVENTS GIVING RISE TO SUCH LIABILITY.

9.3.      Applicability.  THE LIMITATIONS AND EXCLUSIONS CONTAINED HEREIN WILL APPLY ONLY TO THE MAXIMUM EXTENT PERMISSIBLE UNDER APPLICABLE LAW, AND NOTHING HEREIN PURPORTS TO LIMIT EITHER PARTY’S LIABILITY IN A MANNER THAT WOULD BE UNENFORCEABLE OR VOID AS AGAINST PUBLIC POLICY IN THE APPLICABLE JURISDICTION.

9.4        SAFETY Act.  FireEye and Customer hereby mutually waive and release each other from any and all liabilities relating to any claims for losses or damages of any kind (including, but not limited to, business interruption losses) arising out of an Act of Terrorism as defined by the Support Anti-Terrorism By Fostering Effective Technologies Act of 2002 (“SAFETY Act”)(6 U.S.C. §§ 441-444). FireEye and Customer further agree to be solely responsible to the full extent of any and all losses they may sustain, or for any and all losses their respective employees, officers, or agents may sustain, resulting from an Act of Terrorism as defined by 6 U.S.C. §§ 441-444 when FireEye’s Multi-Vector Virtual Execution Engine and any subscriptions, cloud services platform or associated services (the “Qualified Anti-Terrorism Technology”) are utilized in defense against, response to, or recovery from an Act of Terrorism.    

10.       Compliance with Law; U.S. Government Restricted Rights.

10.1.    Compliance with Law. Each party will comply with all laws and regulations applicable to it with respect to the Offerings, including all export control regulations and restrictions that may apply to the Offerings. Customer will not export any FireEye Materials to any countries embargoed by the United States (currently including Cuba, Iran, North Korea, Sudan and Syria). Each Party acknowledges that it is familiar with and will comply with the provisions of the U.S. Foreign Corrupt Practices Act ("the FCPA") and the U.K. Bribery Act of 2010 (“UKBA”), as applicable, and each party agrees that no action it takes will constitute a bribe, influence payment, kickback, or other payment that violates the FCPA, the UKBA, or any other applicable anticorruption or anti-bribery law.

10.2.    U.S. Government Restricted Rights. The Offerings, Deliverables and Documentation are “commercial items”, “commercial computer software” and “commercial computer software documentation,” pursuant to DFAR Section 227.7202 and FAR Section 12.212, as applicable.  All Offerings and FireEye Materials are and were developed solely at private expense.  Any use, modification, reproduction, release, performance, display or disclosure of the Offerings, FireEye Materials and Documentation by the United States Government shall be governed solely by this Agreement and shall be prohibited except to the extent expressly permitted by this Agreement.

11.       CONFIDENTIAL INFORMATION.

11.1.    Confidential Information. “Confidential Information” means the non-public information that is exchanged between the parties, provided that such information is: (i) identified as confidential at the time of disclosure by the disclosing party (“Discloser”); or (ii) disclosed under circumstances that would indicate to a reasonable person that the information should be treated as confidential by the party receiving such information (“Recipient”). The terms of any commercial transaction between the parties (including pricing related to the Offerings) shall be considered Confidential Information.

11.2.    Maintenance of Confidentiality.  Each party agrees that it shall: (i) take reasonable measures to protect the Confidential Information by using the same degree of care, but no less than a reasonable degree of care, to prevent the unauthorized use, dissemination or publication of the Confidential Information as the Recipient uses to protect its own confidential information of a like nature;  (ii) limit disclosure to those persons within Recipient’s organization with a need to know and who have previously agreed in writing, prior to receipt of Confidential Information either as a condition of their employment or in order to obtain the Confidential Information, to obligations similar to the provisions hereof; (iii) not copy, reverse engineer, disassemble, create any works from, or decompile any prototypes, software or other tangible objects which embody the other party's Confidential Information and/or which are provided to the party hereunder; and (iv) comply with, and obtain all required authorizations arising from, all U.S. and other applicable export control laws or regulations. Confidential Information shall not be used or reproduced in any form except as required to accomplish the purposes and intent of an Order or Statement of Work. Any reproduction of Confidential Information shall be the property of Discloser and shall contain all notices of confidentiality contained on the original Confidential Information.

11.3.    Exceptions.  The parties agree that the foregoing shall not apply to any information that Recipient can evidence: (i) is or becomes publicly known and made generally available through no improper action or inaction of Recipient; (ii) was already in its possession or known by it prior to disclosure by Discloser to Recipient; (iii) is independently developed by Recipient without use of or reference to any Confidential Information; or (iv) was rightfully disclosed to it by, or obtained from, a third party.  Recipient may make disclosures required by law or court order provided that Recipient: (a) uses diligent efforts to limit disclosure and to obtain, if possible, confidential treatment or a protective order; (b) has given prompt advance notice to Discloser of such required disclosure; and (c) has allowed Discloser to participate in the proceedings.

11.4.    Injunctive Relief.  Each party will retain all right, title and interest to such party’s Confidential Information.  The parties acknowledge that a violation of the Recipient’s obligations with respect to Confidential Information may cause irreparable harm to the Discloser for which a remedy at law would be inadequate.  Therefore, in addition to all remedies available at law, Discloser shall be entitled to seek an injunction or other equitable remedies in all legal proceedings in the event of any threatened or actual violation of any or all of the provisions hereof.

11.5.   Return of Confidential Information.  Within thirty (30) days after the date when all Orders and SOWs have expired or been terminated, or after any request for return of Confidential Information, each party will return to the other party or destroy all of such other party’s Confidential Information, at such other party’s discretion, and, upon request, provide such other party with an officer’s certificate attesting to such return and/or destruction, as appropriate. Notwithstanding the foregoing, each party may retain additional copies of, or computer records or files containing, the Confidential Information of the other party that have been created by that party’s electronic archiving and back-up procedures, to the extent created and retained in a manner consistent with the Receiving Party's standard procedures.

11.6.   Privacy. If FireEye is a data processor under this Agreement, and in accordance with applicable data protection laws, including but not limited to the EU General Data Protection Regulation (GDPR), FireEye agrees that it will:

11.6.1  process personal data controlled by Customer when authorized by the Customer and in compliance with this Agreement and will not use or process the personal data for purposes other than those permitted by the Customer, anticipated by the Documentation for the Offerings, or for the purpose of research and development of FireEye’s Offerings;

11.6.2  adopt and maintain appropriate (including organizational and technical) security measures in processing Customer’s personal data in order to protect against unauthorized or accidental access, loss, alteration, disclosure or destruction of such data, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing;

11.6.3  take all reasonable steps to ensure that (i) persons employed by it, and (ii) other persons engaged at its place of work, are aware of and comply with applicable data privacy laws and regulations;

11.6.4  provide Customer access to a list of current sub-processors that may handle personal data at FireEye’s direction.

11.6.5  FireEye may process or otherwise transfer any personal information in or to any country outside of the country of origination, including such countries with less restrictive data protection laws, to the extent necessary for the provision of the Offerings. If required and where applicable, FireEye will enter into mutually agreed-upon country-specific data transfer mechanisms, and FireEye has entered into the EU Standard Contractual Clauses as approved by the European Commission, to help ensure an adequate level of data protection for any personal data that will be processed or transferred. FireEye does not react to Do Not Track signals because there is no standard for how those signals are sent; and

11.6.6  Customer agrees it is responsible for obtaining any applicable consents from data subjects for Customer’s use of FireEye to process Customer’s data.

12.       TERM AND TERMINATION.

12.1.    Term. This Agreement will become effective on the Effective Date and will continue in effect for a period of one (1) year (the “Initial Term” of the Agreement). This Agreement will renew for additional periods of one (1) year each (each, a “Renewal Term” and together with the Initial Term, the “Term” of this Agreement) unless either party notifies the other of its intent not to renew this Agreement by giving the other party notice of non-renewal no later than sixty (60) days prior to the end of the then-current Term. The term of each Order will be as set forth below or in the applicable Schedule, and the term of each SOW will be as set forth in the applicable SOW.

12.1.1  Products.  Products will be licensed according to the applicable Schedule, for the period of time stated on the Order (the “Product Term” e.g., if the Order lists a Product as being provided for “3Y,” the license for that Product is provided for three years from the date of the Order). If no period of time is stated on the Order, then the Product Term is perpetual, unless otherwise terminated as set forth herein. If Customer purchases a Product for a non-perpetual fixed Product Term, then the Customer may terminate the license for convenience at any time, on thirty (30) days’ written notice to FireEye. If Customer terminates the Product Term for convenience before the end of the then-current Product Term, Customer will pay any remaining fees owing for the remainder of the then-current Product Term within thirty (30) days of the effective date of termination.

12.1.2  Support Services. Support Services will begin on or shortly after the Order Effective Date (as determined by FireEye) and will continue in effect for the period of time stated in the Order (“Initial Support Term”). Unless otherwise stated on the Order, the Support Services will automatically renew for additional periods of one (1) year each (each, a “Renewal Support Term” and together with the Initial Support Term, the “Support Term”), unless either party notifies the other of its intention not to renew Support Services at least sixty (60) days prior to the expiration of the then-current Support Term. Customer may terminate Support at any time, for convenience, on thirty (30) days’ written notice to FireEye. If Customer terminates Support Services for convenience before the end of the then-current Support Term, Customer will pay any remaining fees owing for the remainder of the then-current Support Term within thirty (30) days of the effective date of termination.

12.1.3  Subscriptions.  The term of each Subscription will begin on or shortly after the Order Effective Date (as determined by FireEye) and will continue in effect for the period of time stated in the Order (“Initial Subscription Term”).  Unless otherwise stated on the Order, the Subscription will automatically renew after its Initial Subscription Term for additional periods of one (1) year each (each, a “Renewal Subscription Term” and together with the Initial Subscription Term, the “Subscription Term”), unless either party notifies the other of its intention not to renew that Subscription at least sixty (60) days prior to the expiration of the then-current Subscription Term. Customer may terminate a Subscription at any time, for convenience, on thirty (30) days’ written notice to FireEye.  If Customer terminates a Subscription for convenience before the end of the then-current Subscription Term, Customer will pay any remaining fees owing for the remainder of the then-current Subscription Term within thirty (30) days of the effective date of termination.

12.1.4  Professional Services; Statements of Work.  Professional Services described on an Order will be provided at mutually agreed-upon times, and will continue until complete, unless otherwise terminated as set forth herein.  The term of each SOW will be as set forth in that SOW.  If no term is expressed in an SOW, then the term of that SOW will begin on the SOW Effective Date and continue until the Professional Services described in that SOW are complete or the SOW is earlier terminated as set forth herein.  Unless otherwise stated in a SOW, Customer may terminate a SOW at any time for convenience by giving FireEye at least thirty (30) days’ written notice of its intent to terminate the SOW.  If Customer terminates an SOW for convenience as set forth in this Section, Customer will pay any amounts owing for Professional Services and Deliverables provided under that SOW up to and including the date of termination. Customer may request that FireEye suspend performing Professional Services during the term of a Statement of Work, and FireEye will suspend such Professional Services within 24 hours of Customer’s request.  Customer acknowledges that any such suspension will not affect Customer’s obligation to pay fees for Professional Services rendered through the date of suspension, and that resumption of Professional Services may be delayed if FireEye redeploys personnel to other engagements during the period of suspension.

12.2.   Termination for Material Breach.  Either party may terminate any Order or any SOW upon written notice of a material breach of the applicable Order or SOW by the other party as provided below, subject to a thirty (30) day cure period (“Cure Period”).  If the breaching party has failed to cure the breach within the Cure Period after the receipt by the breaching party of written notice of such breach, the non‑breaching party may give a second notice to the breaching party terminating the applicable Order or SOW.  Termination of any particular Order or SOW under this Section will not be deemed a termination of any other Order or SOW, unless the notice of termination states that another Order or SOW is also terminated.  Notwithstanding the foregoing, the Cure Period applicable to a breach by Customer of any payment obligations under any Order or any SOW will be fifteen (15) days. Notwithstanding the foregoing, this Agreement shall terminate automatically in the event Customer has breached any license restriction and, in FireEye’s determination, that breach cannot be adequately cured within the Cure Period.

12.3.    Effect of Termination.  Termination or expiration of any Order or SOW will not be deemed a termination or expiration of any other Orders or SOWs in effect as of the date of termination or expiration, and this Agreement will continue to govern and be effective as to those outstanding Orders and SOWs until those Orders and SOWs have expired or terminated by their own terms or as set forth herein.  The provisions of Section 3 (Payment), Section 6 (Intellectual Property), Section 7.5 (Disclaimer of Warranties), 9 (Limitation of Liability), 10 (Compliance with Law; U.S. Government Restricted Rights), 11 (Confidential Information), and 13 (Miscellaneous), and all accrued payment obligations, shall survive the termination of all Orders and SOWs and the relationship between FireEye and Customer.

13.       MISCELLANEOUS.

13.1.    Assignment. Customer may not assign any Order or Statement of Work, or any rights or obligations thereunder, in whole or in part, without FireEye’s prior written consent, and any such assignment or transfer shall be null and void.  FireEye shall have the right to assign all or part of an Order or Statement of Work without Customer’s approval.  Subject to the foregoing, each Order and Statement of Work shall be binding on and inure to the benefit of the parties’ respective successors and permitted assigns.

13.2.    Entire Agreement.  This Agreement along with any Order, Statement of Work and the Schedules attached hereto is the entire agreement of the parties with respect to the Offerings and supersedes all previous or contemporaneous communications, representations, proposals, commitments, understandings and agreements, whether written or oral, between the parties regarding the subject matter thereof.  FireEye does not accept, expressly or impliedly and FireEye hereby rejects and deems deleted any additional or different terms or conditions that Customer presents, including, but not limited to, any terms or conditions contained or referenced in any order, acceptance, acknowledgement, or other document, or established by trade usage or prior course of dealing.  This Agreement may be amended only in writing signed by authorized representatives of both parties.

13.3.    Force Majeure.  Neither party will be liable to the other for any delay or failure to perform any obligation under this Agreement (except for a failure to pay fees) if the delay or failure is due to events which are beyond the reasonable control of the parties, such as strikes, blockade, war, terrorism, riots, natural disasters, refusal of license by the government or other governmental agencies, in so far as such an event prevents or delays the affected party from fulfilling its obligations and such party is not able to prevent or remove the force majeure at reasonable cost.

13.4.     Governing Law.  This Agreement shall be deemed to have been made in, and shall be construed pursuant to the laws of the State of California and the United States without regard to conflicts of laws provisions thereof, and without regard to the United Nations Convention on the International Sale of Goods or the Uniform Computer Information Transactions Act.  Any legal suit, action or proceeding arising out of or relating to the Offerings, the FireEye Materials, this Agreement, an Order or a Statement of Work will be commenced exclusively in a federal court in the Northern District of California or in state court in Santa Clara County, California, and each party hereto irrevocably submits to the jurisdiction and venue of any such court in any such suit, action or proceeding.

13.5.     Independent Contractors.  The parties are independent contractors.  Nothing in these Terms, any Order or any Statement of Work shall be construed to create a partnership, joint venture or agency relationship between the parties.  Customer shall make no representations or warranties on behalf of FireEye.

13.6.    Language.  This Agreement and each Order and Statement of Work are in the English language only, which shall be controlling in all respects.  All communications, notices, and Documentation to be furnished hereunder shall be in the English language only.

13.7.     Notices.  All notices required to be sent hereunder shall be in writing, addressed to receiving party’s current business contact, if known, with a cc: to the General Counsel/Legal Department of the receiving party, and sent to the party’s address as listed in this Agreement, or as updated by either party by written notice.  Notices shall be effective upon receipt and shall be deemed to be received as follows: (i) if personally delivered by courier, when delivered; or (ii) if mailed by first class mail, or the local equivalent, on the fifth business day after posting with the proper address.

13.8.     Severability.  If any provision of this Agreement is held to be illegal, invalid or unenforceable under the laws of any jurisdiction, the provision will be enforced to the maximum extent permissible so as to effect the intent of the parties, and the remaining provisions of this Agreement will remain in full force and effect.

13.9.    Third Party Rights.  Other than as expressly set out in this Agreement, this Agreement does not create any rights for any person who is not a party to it and no person who is not a party to this Agreement may enforce any of its terms or rely on any exclusion or limitation contained in it.

13.10.   Waiver.  The waiver of a breach of any provision of this Agreement shall not constitute a waiver of any other provision or any subsequent breach.

13.11.   Equal Opportunity.  FireEye is committed to the provisions outlined in the Equal Opportunity Clauses of Executive Order 11246, the Rehabilitation Act of 1973, the Vietnam Era Veterans Readjustment Act of 1974, the Jobs for Veterans Act of 2003, as well as any other regulations pertaining to these orders.

Back To Top


SCHEDULE FIREEYE
SOLUTIONS - PRODUCTS

FireEye Network Security (NX), FireEye Email Security – Server Edition (EX), FireEye Endpoint Security (HX), FireEye File Analysis (FX), FireEye Detection on Demand, FireEye Central Management Series, FireEye AX, FireEye VX, FireEye Cloud MVX, FireEye Network Forensics (PX), FireEye Cloudvisory

In addition to the General Terms Applicable to all Offerings, which govern this Schedule, the following terms apply to the above-referenced FireEye Products, including hardware-based, cloud and virtual implementations.

1.        Grant of License and Restrictions. Subject to payment of all fees, and any applicable user/use limitations as set forth below, FireEye grants Customer a personal, nonsublicensable, nonexclusive, right, during the Product Term, in accordance with the Agreement and this Product Schedule to (i) install software and hardware components of the Product (including any virtual appliances provided as part of the Product) as set forth in the Documentation; (ii) use the Product as set forth in the Documentation for the Customer’s internal use only. All Products, Documentation, Content Feeds, reports, alerts, and intelligence and content made available through the Products are FireEye Materials. Customer will maintain the copyright notice and any other notices that appear on the Product, including any interfaces related to the Product. Certain Products will be subject to usage and licensing limitations as set forth below (“Usage Restrictions”):

  • FireEye Network Security (NX) – Customers purchasing FireEye Network Security (NX) on a subscription basis may purchase either an Enterprise Edition version or a Per-User Edition version. Enterprise Edition versions are licensed according to the aggregate network throughput anticipated in the Customer’s environment, expressed in Mbps (“Throughput”), as shown on the Order.  Per-User Edition versions of the Subscription are licensed according to the number of Users in Customer’s environment, as shown on the Order. “Users” means any person whose network traffic is monitored by the Product. Customer’s Throughput for the Per-User Edition of the FireEye Network Security Product may not exceed 1 Mbps per User, averaged over all Users (“User Throughput Limit”).
  • FireEye Email Security – Server Edition (EX)  – Customers purchasing FireEye Email Security – Server Edition (EX) on a perpetual license basis may use the Product in connection with the number of attach/URL engines (i.e., email accounts) (“Attach/URL Engines”) stated on the applicable Order. Customers purchasing FireEye Email Security – Server Edition (EX) on a subscription basis may purchase either an Enterprise Edition version or a Per-User Edition version. Enterprise Edition versions are licensed according to the number of mailboxes in the Customer’s environment that are monitored by the Product (“Mailboxes”). Per-User Edition versions are licensed according to the number of Users in Customer’s environment. “Users” means any person for whom a Mailbox is monitored by the Subscription. Customers purchasing Per-User Edition versions may use the Subscription to monitor up to 1.5 Mailboxes per User, averaged across all Users (“User Mailbox Limit”).
  • FireEye Endpoint Security (HX) - With respect to the FireEye Endpoint Security (HX) Product, Customer may install the “agent” software component of the Product on the number of Endpoints (or “Nodes”) stated on the applicable Order. “Nodes” or “Endpoints” are computing devices owned or controlled by Customer (such as laptops, workstations, and servers), on which Customer installs the agent software. Customers purchasing FireEye Endpoint Security on a subscription basis may purchase either an Enterprise Edition version or a Per-User Edition Version. Enterprise Edition versions of the Product are licensed according to the number of Endpoints purchased. Per-User Edition versions of the Product are licensed according to the number of Users in Customer’s environment. “Users” means any person whose computing activity is monitored by the Product. Customer may use the Subscription to monitor up to 1.5 Endpoints per User, averaged over all Users (“User Endpoint Limit”).
  • FireEye Cloudvisory – Customers purchasing FireEye Cloudvisory on a Subscription basis may use the Product for (i) up to the level of Workloads purchased, as set forth on the applicable Order; (ii) when purchasing a cloud-based deployment, up to 500GB of storage (excess storage may be subject to additional fees). For purposes of this Schedule, “Workloads” means cloud services supported by cloud platform providers, which are included on the list of supported Workloads provided by FireEye, which may be updated from time to time in FireEye’s discretion.
  • FireEye Detection on Demand – with respect to FireEye Detection on Demand, Customer may purchase either on a total Submissions basis, or a Per-User basis. Customers purchasing a total number of Submissions may use the Product for up to the number of submissions purchased, as stated on the applicable Order, during the Product Term stated on the Order (if no Product Term is stated on the Order, the Product Term will be one (1) year from the date of the Order). Customer purchasing on a Per-User basis may use the Product for up to twenty (20) submissions per User per month of the Product Term, aggregated across all of Customer’s Users. “Submissions” are files or other artefacts submitted to the Product by Customer for processing. FireEye reserves the right to limit the volume of submissions within a specific time period in its sole discretion to ensure performance of the Product.
  • FireEye File Analysis (FX) – Customers purchasing FireEye File Analysis (FX) on a subscription basis may use the Product to scan up to the maximum capacity of files as stated in the Documentation.

Exceeding the limitations set forth above or in the Documentation may result in degraded performance. FireEye may use technical measures to prevent over-usage or to stop usage after any usage limitations are exceeded. FireEye reserves the right to audit Customer’s use of the Products to ensure compliance with this Agreement. Updates, preview features, Content Feeds, access to portals, and/or Support Services are not necessarily provided with the Products, may require additional payment or include additional terms and conditions, and may be provided on a “preview” basis for a limited period at no additional charge but then licensed for an additional fee at a later date. Customer acknowledges that Third Party Software distributed with the Products may be subject to separate license terms, and specifically, if the Oracle™ Java® software is included within the Product, that software is subject to the license found here.   

2.        Content Feeds.  Subject to Customer’s payment in full of all associated fees for the applicable FireEye Content Feed, as set forth on the applicable Order, FireEye shall grant a limited, non-exclusive, personal, non-transferable, non-sublicenseable right to use the Content Feed as set forth in the Documentation for the applicable Product, for Customer’s internal business purposes during the active Support Term for the applicable Product. FireEye shall not disclose to any third party any personally identifiable data or Customer Confidential Information in connection with the Content Feed unless expressly authorized to do so by Customer.  The Content Feeds available to the Customer for purchase with respect to the Products may include FireEye Dynamic Threat Intelligence or Advanced Threat Intelligence (ATI), as described in the Documentation. Customers purchasing subscription-based versions of FireEye Network Security, FireEye Email Security – Server Edition, FireEye Endpoint Security, and FireEye File Analysis will receive access to the DTI Content Feed in 2-way mode, and may upgrade the DTI Content Feed to 1-way or offline mode upon payment of additional fees.

3.        Support Services. Subject to Customer’s payment in full of all associated fees for FireEye Support Services, FireEye shall provide Support Services for the Products as set forth at FireEye’s Support Programs and Terms page, as may be updated by FireEye in its discretion. Customers purchasing subscription-based versions of FireEye Network Security, FireEye Email Security – Server Edition, FireEye Endpoint Security, and FireEye File Analysis will receive access to Platinum Support Services (or Government Platinum Support Services, if applicable), and may upgrade to Platinum Plus Support Services (or Government Platinum Plus Support Services, if applicable) upon payment of additional fees.

4.         Helix Portal Access. Customers purchasing subscription-based versions of FireEye Network Security, FireEye Email Security – Server Edition, FireEye Endpoint Security, and FireEye File Analysis will receive access to the FireEye Helix portal (“Helix Portal”), where the Customer can view alerts and other information. The Helix Portal may be used to monitor up to 250,000 alerts per day, and up to 100 Events per Second. Use in excess of this limit may result in degraded performance of the Helix Portal.

5.         Hardware. Customer may purchase hardware appliances for use with subscription versions of FireEye Network Security, FireEye Email Security – Server Edition, FireEye Endpoint Security, and FireEye File Analysis, on either a subscription or perpetual license basis. In either case, hardware is shipped FOB Origin, and title to and risk of loss of the hardware passes to the Customer upon delivery to the carrier. Customers purchasing hardware on a perpetual license basis will receive a perpetual, personal, nonsublicensable, nonexclusive right to use the software installed on the hardware. Customers purchasing hardware on a subscription license basis will receive a personal, nonsublicensable, nonexclusive right to use the software installed on the hardware during the Product Term, which will be a minimum of three (3) years.

6.         True Up. FireEye reserves the right to audit Customer’s use of the Products to ensure compliance with this Agreement.  If at any point during the Product Term, Customer’s usage exceeds the purchased limits as set forth above or on the applicable Order in three (3) or more calendar days in any consecutive thirty-day period, FireEye may issue a true-up invoice for the pro-rated difference between the fees already paid for that Product Term and FireEye’s list prices for the excess usage, pro-rated to reflect that thirty-day period and the remainder of the Product Term.  The fees for any renewal Product Term will be quoted at the usage associated with the actual usage for the immediately preceding year of the Product Term. At the end of each Product Term, FireEye may true-up fees for that Product Term, and if the average monthly usage for that Product Term exceeds the purchased usage limits, then FireEye will issue a true-up invoice reflecting the difference between the fees already paid for that Product Term and the fees for the Customer’s actual usage.

Back To Top


SCHEDULE: FIREEYE SOLUTIONS
FIREEYE HELIX SUBSCRIPTION
FIREEYE THREAT ANALYTICS SUBSCRIPTION
FIREEYE THREAT ANALYTICS PLATFORM SUBSCRIPTION

In addition to the General Terms Applicable to all Offerings, which govern this Schedule, the following terms govern the FireEye Helix, FireEye Threat Analytics and FireEye Threat Analytics Platform Subscriptions (individually and collectively, “Helix Subscriptions”), including purchase and support of TAP Cloud Collector™ Appliances and Support.

1.  Helix Software, Alerts

1.1.1     Helix Software and Hardware.  As part of the Helix Subscription, FireEye may deliver to Customer one or more software files (individually and collectively, “Helix Software”), and/or one or more “Cloud Collector” hardware appliances (“Cloud Collector Appliances”), which may contain Helix Software.  Subject to full payment of all Fees associated with the Helix Subscription, FireEye grants to Customer a non-exclusive, limited right and license to install and run the Helix Software during the Subscription Term solely for purposes of using the Helix Subscription in accordance with the Documentation for the Helix Subscription.

1.1.2     Access; Customer Logs.  FireEye will provide Customer with credentials to enable access to the Helix Subscription. Using the Helix Software, and subject to payment of Fees for the Helix Subscription and any Cloud Collector Appliances, Customer may upload Customer Logs to the Helix portal (“Helix Portal”).  Service Levels for the Helix Portal will be as set forth on FireEye’s Service Levels for Subscriptions page. “Customer Logs” means any communications, logs and other content and information that Customer or anyone using Customer’s account contributes to or through the Helix Portal. Customer grants to FireEye a perpetual, irrevocable, worldwide, paid-up, non-exclusive license and right to reproduce, modify, create derivative works from, publish, distribute, sell, sub-license, transmit, publicly display and provide access to Customer Logs, for purposes of enhancing FireEye’s products and services, so long as (i) FireEye ensures that any Customer Confidential Information is removed from Customer Logs, and (ii) FireEye’s use of Customer Logs does not in any way identify Customer or its employees or in any other way allow a third party to identify Customer as the source of the Customer Logs.  Customer Logs are Customer’s property, and other than the licenses granted in herein, FireEye does not obtain any ownership rights in Customer Logs. FireEye will retain Customer Logs for a period of thirteen (13) months from the earlier of the date the Customer Log was received and the end of the Helix Subscription Term.

1.1.3     Helix Alerts. Some features of the Helix Subscription may generate alerts of suspected malicious activity (each, a “Helix Alert”).  Helix Alerts are FireEye Materials.  FireEye hereby grants to Customer a limited, non-exclusive right to use Helix Alerts, and reproduce and distribute those Helix Alerts internally for Customer’s own business purposes.

1.1.4     Cloud Collector Management.  If Customer has installed Cloud Collectors in connection with the Helix Subscription, then FireEye will continuously monitor the Customer’s Cloud Collector Appliances or Cloud Collector Helix Software for system health issues such as monitoring to ensure proper throughput and relay of data.

1.1.5     Support.  Subject to Customer’s payment in full of all associated fees for FireEye Support Services, FireEye shall provide Support Services for the Helix Subscription as set forth at FireEye’s Support Programs and Terms page, which may be updated by FireEye in its discretion. If Customer requests FireEye to create or assist with creating custom parsers for use with the Subscription, then upon mutual agreement, FireEye will accommodate that request at the rates quoted at the time of the request.

2.  Event Volume; True-Up

2.1       Fees for the Helix Subscription are divided into “Tiers” based on the volume of events processed through the Helix Subscription per second (“Event Volume”).  If at any point during the Subscription Term, Customer’s Event Volume exceeds the Tier upon which Customer’s Helix Subscription Fees were based, FireEye will not guarantee that Customer Logs in excess of the purchased Tier will be ingested and processed by the Helix Subscription. In times of Event Volume in excess of the paid Tier, Customer Logs will enter a queue.  Excessive queueing may cause Customer Logs to be lost from the queue.  If at any point during the Subscription Term, Customer’s average Event Volume for any consecutive thirty-day period exceeds the Tier upon which Customer’s Helix Subscription Fees were based, FireEye may issue a true-up invoice for the pro-rated difference between the Fees already paid for that Subscription Term and FireEye’s list prices for the Fees for the Tier associated with Customer’s actual Event Volume for that thirty-day period, pro-rated to reflect that thirty-day period and the remainder of the Subscription Term.  Until such time that the True Up invoice is paid in full, the Helix Subscription will continue to ingest and process only the Event Volume of the purchased Tier, allowing any excess Customer Logs to enter queueing conditions. The Tier for any Renewal Subscription Term will be the Tier associated with the actual Event Volume for the immediately preceding Subscription Term.

2.2       At the end of the Initial Subscription Term and each Renewal Subscription Term, FireEye may true-up Fees for that Subscription Term, and if the average monthly Event Volume for that Subscription Term exceeds the maximum Event Volume for the Tier for which Customer previously paid Fees, then (a) FireEye will issue a true-up invoice reflecting the difference between the Fees already paid for that Subscription Term and the Fees for the Tier associated with Customer’s actual Event Volume.

3.         Mandiant Advantage Threat Intelligence Portal (Intelligence Portal).  During the Subscription Term, FireEye will provide access to the Mandiant Advantage Threat Intelligence Portal (”Intelligence Portal”), subject to the following:

            i.     Permitted Use; Reports.  Customer may view and use the Intelligence Portal and content appearing on the Intelligence Portal (“Intelligence Portal Content”) solely for internal use.  Customer understands and acknowledges that the Intelligence Portal Content available through the Helix Subscription is more limited than that available to customers who purchase a full Intelligence Subscription. Some features of the Intelligence Portal may allow Customer to generate a report (each, an “Intelligence Portal Report”).  Intelligence Portal Reports and Intelligence Portal Content are FireEye Materials.  Subject to Customer’s payment obligations, FireEye grants to Customer a limited, non-exclusive right to produce Intelligence Portal Reports and Intelligence Portal Content using the Intelligence Portal, and reproduce and distribute those Intelligence Portal Reports and Intelligence Portal Content internally for Customer’s own business purposes. 

           ii.      Additional Use Limitations.  Customer may appoint up to fifteen (15) users of the Intelligence Portal at any time. Each day, all users on Customer’s account may collectively make up to (A) one hundred (100) queries of IP addresses and domain names, and (ii) one hundred (100) queries of malware.  Customer may request additional queries, to be evaluated by FireEye on a case by case basis.

          iii.       User Content.  “User Content” means any communications, images, sounds, and all the material and information that Customer or anyone using Customer’s account contributes to or through the Intelligence Portal (e.g., comments to Intelligence Portal Content, suspected malware that Customer uploads to the Intelligence Portal).  Customer hereby grants FireEye a perpetual, irrevocable, worldwide, paid-up, non-exclusive, license, including the right to sublicense to third parties, and right to reproduce, fix, adapt, modify, translate, reformat, create derivative works from, publish, distribute, sell, license, transmit, publicly display, publicly perform, or provide access to electronically, broadcast, display, perform, and use and practice such User Content as well as all modified and derivative works thereof.  Customer represents that Customer has all necessary rights to grant the license referenced in the preceding sentence.  FireEye may use and disclose any of the information it collects about its customers’ use of the Intelligence Portal, including the CTI platform, to the extent such information is de-identified.

         iv.        Restrictions. Customer may not access the Intelligence Portal by any means other than through the interface that is provided or approved by FireEye. Customer will not collect any information from or through the Intelligence Portal using any automated means, including without limitation any script, spider, “screen scraping,” or “database scraping” application, and Customer will not damage, disable, overburden, or impair the Intelligence Portal or interfere with any other party’s use and enjoyment of the Intelligence Portal.

          v.        Customer acknowledges that some optional features and content appearing on the Intelligence Portal may require payment of additional fees.

Back To Top


SCHEDULE – FIREEYE SOLUTIONS
FIREEYE EMAIL THREAT PREVENTION (ETP) SUBSCRIPTION
FIREEYE EMAIL SECURITY – CLOUD EDITION SUBSCRIPTION

In addition to the General Terms Applicable to all Offerings, which govern this Schedule, the following terms govern the Email Threat Prevention Subscription and the FireEye Email Security – Cloud Edition Subscription. 

1.         Definitions.

“Email Subscription" means the scanning, filtering, and delivery of email by the FireEye Email Threat Prevention Subscription or the FireEye Email Security – Cloud Edition Subscription. 

“Customer Data” means data and information originated by Customer that Customer submits to the Email Subscription.

“Customer Representatives” means any employee of Customer to whom Customer provides access to the Email Subscriptions (or any component thereof) for use on behalf of and for the benefit of the Customer and for Customer’s internal business purposes, subject to all the terms and conditions of this Agreement.

“Licensed Inboxes” means the number of email inboxes Customer may have at any time that are registered to the Email Subscription; which maximum number shall be based on the Subscription fees paid by Customer and identified on the relevant purchase order from Customer as approved and invoiced by FireEye. 

2.         Right of Access and Use.  During the Subscription Term, and subject to the terms of this Agreement, FireEye grants to Customer a non-exclusive right to permit those Customer Representatives authorized by Customer to access and use the Email Subscription on Customer's behalf in compliance with the terms of this Agreement and the Documentation for the Email Subscription.  Notwithstanding anything else herein, the number of email inboxes Customer may register to the Email Subscription may not exceed the number of Licensed Inboxes. Service Levels for the Email Subscription will be as set forth on FireEye’s Service Levels for Subscriptions page.

3.         Restrictions.  Except as otherwise expressly permitted under this Agreement, Customer agrees that it shall not, nor shall it permit any third party to, (a) use the Email Subscription (or any portion thereof) in excess of or beyond the Subscription Term, the Licensed Inbox quantity, and/or other restrictions/limitations described in this Agreement; use the Email Subscription to store or transmit infringing, libelous, or otherwise unlawful or tortious material, or to store or transmit material in violation of third-party privacy or other rights; or (d) interfere with or disrupt the integrity or performance of the Email Subscription or third-party data contained therein. Unless Customer has purchased the AV/AS version of the Email Subscription, Customer shall route email through a commercially available secure email gateway for anti-spam scanning prior to relay through the FireEye network.  FireEye may, in its discretion, limit the volume of email traffic flowing through the Email Subscription to help avoid Service Outages (as defined below). No rights or licenses are granted other than as expressly and unambiguously set forth herein. 

4.         Support Services.  Subject to Customer’s payment in full of all associated fees for FireEye Support Services, FireEye shall provide Support Services for the Email Subscription as set forth at FireEye’s Support Programs and Terms page, as may be updated by FireEye in its discretion.

5.         True Up.  FireEye reserves the right to audit Customer’s use of the Email Subscription to ensure compliance with this Agreement.  If at any point during the Subscription Term, Customer’s usage exceeds the purchased limits as set forth above or on the applicable Order in three (3) or more calendar days in any consecutive thirty-day period, FireEye may issue a true-up invoice for the pro-rated difference between the fees already paid for that Subscription Term and FireEye’s list prices for the excess usage, pro-rated to reflect that thirty-day period and the remainder of the Subscription Term.  The fees for any renewal Subscription Term will be quoted at the usage associated with the actual usage for the immediately preceding year of the Subscription Term. At the end of each Subscription Term, FireEye may true-up fees for that Subscription Term, and if the average monthly usage for that Subscription Term exceeds the purchased usage limits, then FireEye will issue a true-up invoice reflecting the difference between the fees already paid for that Subscription Term and the fees for the Customer’s actual usage.

Back To Top


SCHEDULE: MANDIANT SOLUTIONS
MANDIANT SECURITY VALIDATION PRODUCT
VALIDATION ON DEMAND
(VERODIN SECURITY INSTRUMENTATION PLATFORM)

In addition to the General Terms Applicable to all Offerings, which govern this Schedule, the following terms govern the Mandiant Security Validation Product (fka “Verodin Security Instrumentation Platform”), including any hardware-based, software-based, and cloud implementations, and including the Validation on Demand Product (each, “Security Validation” or the “Security Validation Product”).

1.     Grant of License and Restrictions. Subject to the terms hereof, payment of all fees, and any applicable user/use limitations, Mandiant grants Customer a personal, nonsublicensable, nonexclusive, right to use the Security Validation Product (excluding Web Services, which are licensed pursuant to Section 4), in accordance with the Agreement and this Product Schedule, and as set forth in the Documentation for the Security Validation Product, solely for Customer’s internal business purposes and solely in connection with any designated associated hardware Products. Customer will maintain the copyright notice and any other notices that appear on the Security Validation Product, including any interfaces related to the Security Validation Product. The Security Validation Product shall only be used for the licensed number of actors, networks, instances or hosts for which Customer has paid the applicable fees. Customers purchasing the Validation on Demand version of the Security Validation Product are licensed to use one (1) actor to conduct one (1) assessment, as set forth in the Documentation, and such use must occur within one (1) year from the date of the Order for the Validation on Demand Security Validation Product. The term of the license shall begin on or shortly after the Order Effective Date (as determined by Mandiant) and will continue in effect for the period of time stated in the Order. With regard to any firmware (software embedded in and provided with a hardware Product; as opposed to stand-alone software), Mandiant grants Customer a limited, non-transferable, non-exclusive license to use the firmware solely in connection with Customer’s use of the related hardware Product. Customer may not distribute the firmware in any form, or to use the firmware except as it is embedded in the non-volatile memory component(s) of the hardware components of the Product. All software Products, including embedded software, are licensed, not sold, for a fixed term, and are not perpetually licensed.      

2.     Security Content. The Security Validation Products may include access to certain defined files, URLs, IP addresses, file hashes, commands, network traffic samples and other artifacts that can be malicious and/or represent real attacker behavior (“Security Content”). Security Content is obtained from a variety of sources. Mandiant grants to Customer a limited, non-transferable, as-is, non-exclusive license to use the Security Content solely in connection with the Security Validation Product and for no other purpose. FIREEYE MAKES NO REPRESENTATIONS OR WARRANTIES WITH REGARD TO THE SECURITY CONTENT AND DOES NOT GUARANTEE OR WARRANT THAT THE SECURITY CONTENT WILL COVER ALL POSSIBLE CONDITIONS, ENVIRONMENTS OR CONTROLS. SECURITY CONTENT IS OBTAINED FROM A VARIETY OF SOURCES, WHICH MAY INCLUDE KNOWN THREAT ACTORS. Any Security Content obtained or licensed from a third party and furnished through Mandiant or which Customer procures on its own will be deemed Third Party Materials under this Agreement.  Mandiant may make available an exchange (the “Exchange”) through which Customer may obtain, download, or access certain Security Content furnished by third parties, including other Mandiant customers. In addition, Customer, itself, may elect to participate in the Exchange by electing to upload Security Content that it creates or procures. Use of the Exchange is entirely voluntary and subject to the Exchange terms and conditions as well as any specific terms and conditions of the third parties furnishing the Security Content. Any Security Content obtained through the Exchange will be deemed Third Party Materials under this Agreement. TO THE MAXIMUM EXTENT ALLOWED BY LAW, FIREEYE AND ITS LICENSORS WILL NOT BE LIABLE FOR ANY LOSSES, LIABILITIES, DAMAGES, JUDGMENTS, OR OTHER COSTS WITH RESPECT TO THE SECURITY CONTENT, WHETHER ARISING BY CONTRACT, TORT OR OTHERWISE. CUSTOMER ASSUMES ALL RISK ASSOCIATED WITH USE OF THE SECURITY CONTENT, AND ACKNOWLEDGES THAT FIREEYE HAS NO OBLIGATION TO ENSURE SECURITY CONTENT WILL OPERATE AS INTENDED. CUSTOMER UNDERSTANDS THAT SECURITY CONTENT INCLUDES LIVE MALWARE, INCLUDING RANSOMWARE, AND THAT USE OF THE SECURITY CONTENT IN WAYS NOT STRICTLY DESCRIBED IN THE DOCUMENTATION MAY CAUSE DAMAGE TO CUSTOMER’S ENVIRONMENT.

3.     Warranty. Mandiant warrants to Customer that during the thirty (30) day period following the shipment of the Security Validation Product, the Security Validation Product will perform substantially in accordance with the applicable Documentation. The warranty stated in this Section 3 shall not apply if the Security Validation Product has: (i) been subjected to abuse, misuse, neglect, negligence, accident, improper testing, improper installation, improper storage, improper handling or use contrary to any instructions issued by Mandiant; (ii) been repaired or altered by persons other than Mandiant; (iii) not been installed, operated, repaired and maintained in accordance with the Documentation; or (iv) been used with any third party software or hardware which has not been previously approved in writing by Mandiant.  If during the thirty-day Product warranty period: (a) Mandiant is notified promptly in writing upon discovery of any error in a Security Validation Product, including a detailed description of such alleged error; (b) such Security Validation Product is returned, transportation charges prepaid, to Mandiant’s designated manufacturing facility in accordance with Mandiant’s then-current return procedures, as set forth by Mandiant from time to time; and (c) Mandiant’s inspections and tests determine that the Security Validation Product contains errors and has not been subjected to any of the conditions set forth in (i)-(iv) above, then, as Customer’s sole remedy and Mandiant’s sole obligation under the foregoing warranty, Mandiant shall, at Mandiant’s option, repair or replace without charge such Security Validation Product.  Any Security Validation Product that has either been repaired or replaced under this warranty shall have warranty coverage for the remaining warranty period.  Replacement parts used in the repair of a Security Validation Product may be new or equivalent to new. This warranty is specific to the Security Validation Products, and the warranty stated in Section 7.1 of the General Terms will not apply to the Security Validation Products.

4.     Web Services.  Mandiant may provide access to certain Web-based or other online content (the "Web Services"), including intelligence offerings, and in some cases such Web Services will be subject to additional fees.  Mandiant grants Customer a non-exclusive, non-transferable license to use the Web Services solely in connection with its use of the associated Products.  Customer grants to Mandiant a perpetual, irrevocable, worldwide, paid-up, non-exclusive license and right to reproduce, modify, create derivative works from, publish, distribute, sell, sub-license, transmit, publicly display and provide access to any information or data submitted by Customer through the Web Services, for purposes of enhancing Mandiant’s products and services, so long as (i) Mandiant ensures that any Customer Confidential Information is removed from such content, and (ii) Mandiant’s use of such content does not in any way identify Customer or its employees or in any other way allow a third party to identify Customer as the source of the content.

Mandiant will use commercially reasonable efforts to make the Web Services available for Customer's access and use, as contemplated under this Agreement, an average of at least ninety-nine (99%) of the time during each month during the term of the applicable Product license (the "Availability Requirement"), excluding any period of Permitted Unavailability. "Permitted Unavailability" includes Planned Outages (as defined below) and any unavailability due to causes beyond Mandiant's reasonable control, including, without limitation:  any software, hardware, or telecommunication failures; interruption or failure of telecommunication or digital transmission links; Internet slow-downs or failures; failures or default of third party software, vendors, or products; and unavailability resulting from Customer's actions or inactions or a failure of Customer's communications link or systems.  "Planned Outages" means the period of time during which Mandiant conducts systems maintenance and any instances requiring emergency maintenance.  Mandiant will use reasonable efforts to schedule Planned Outages during non-peak hours.  In the event of any failure to achieve the Availability Requirement, Mandiant will use commercially reasonable efforts to correct the interruption as promptly as practicable. 

5.     Support.    Support Services for the Security Validation Products will be provided as set forth in this Section 5. Support Services as provided for other Mandiant Offerings are not available for the Security Validation Products, and the only Support Services provided for the Security Validation Products are as outlined in this Section 5. Additional support services, updates and new releases of a Product for which Mandiant charges its customers a separate fee may be purchased at Mandiant’s then current pricing. Support Services are not provided for Security Content or any Third Party Materials.

5.1  Definitions.

“Update” means bug fixes, patches, upgrades, and modifications to software, and web services Products that Mandiant in its sole discretion makes generally available to its other customers at no charge as part of Product support.

“Urgent Priority Request” shall be associated with a problem that, in the reasonable judgment of Mandiant, renders the software inoperable.

“High Priority Request” shall be associated with a problem that, in the reasonable judgment of Mandiant, materially impairs the software’s operation, with the consequence that the software can be used but in a restricted or inefficient manner.

“Normal Priority Request” shall be associated with a problem that, in the reasonable judgment of Mandiant, affects a specific function or feature of the software and the performance or efficiency of the software’s operation would improve if such problem were to be corrected.

“Low Priority Request” shall be associated with a problem that, in the reasonable judgment of Mandiant, does not significantly affect operation of the software but the performance or efficiency of the software’s operation might improve if such problem were to be corrected.

5.2. Scope of Support

Mandiant will provide the following as Support Services for the Security Validation Products during the Support Term:

  • Monitored telephone support in accordance with defined Service Availability in section 5.1
  • Monitored email/web portal support in accordance with defined Service Availability in section 5.1
  • Reasonable efforts to resolve material, reproducible failures of the software components of the Products to materially conform to its Documentation (“Errors”)
  • Updates and bug fixes that Mandiant in its sole discretion makes generally available to its other similarly situated customers at no charge
  • Assistance using virtual meeting and screen sharing services of Mandiant’s choosing.

To receive Support Services, Customer may be required to create an account on Mandiant’s Customer Support Portal.  Certain software Products may allow Customer ability to configure the Products to automatically install Updates or to receive them only on demand.  Updates to Web Services are provided automatically as they become generally available.  

Mandiant will provide generally available Updates pursuant to the roadmap and timeline designated by Mandiant. Support Services and Updates will be provided for the then-current version release. Non-current version releases will be supported until Mandiant determines that an Update is required to provide resolution for an issue, at which time Customer will be expected to update to the appropriate release version containing said resolution.  Mandiant will provide written instructions as Customer may reasonably require to complete installation of any Updates. 

5.3 Customer Requirements

In addition to payment of any fees for Support Services, Customer will be responsible for the following to receive Support Services for the Verodin Products:

  • Customer will make its representative(s) reasonably available when resolving a service related incident or request
  • Customer will provide reasonable remote access to its systems for purposes of receiving support
  • Customer will ensure the appropriate customer personnel have been trained in the operation and management of the Verodin Products

5.4 Hardware Returns. No return of hardware components of Security Validation Products will be accepted by Mandiant without a Return Material Authorization (“RMA”) and associated number, which may be issued by Mandiant in its sole discretion.  Returned Security Validation Products must be in their original, unaltered, undamaged condition, and must be returned in the original shipping cartons complete with all packing materials.  All Security Validation Product returns must be returned freight prepaid in the manner specified in the RMA.  If returned Security Validation Products are claimed to be defective, a complete description of the nature of the defect must be included with the returned Security Validation Products. Security Validation Products not eligible for return shall be returned to Customer, freight collect.

5.5 Service Levels for Support

The following sections provide relevant details on service availability, monitoring of in-scope services and related components.

a.    Service Availability

Business hours and coverage types specific to the Support Services described in this Schedule are as follows:

 

EMEA

Americas

Telephone Request Monitoring

8:00 A.M. to 8:00 P.M. GMT, Monday - Friday

8:00 A.M. to 8:00 P.M. Eastern Time, Monday - Friday

Telephone requests received out of office hours will be forwarded to a mobile phone and best efforts will be made to answer the call - missed calls will roll over to voicemail and follow up will occur on the next business day

Email Request Monitoring

8:00 A.M. to 8:00 P.M. GMT, Monday - Friday

8:00 A.M. to 8:00 P.M. Eastern Time, Monday - Friday

Emails received outside of office hours will be collected, however no action can be guaranteed until the next business day

Portal Request Monitoring

8:00 A.M. to 8:00 P.M. GMT, Monday - Friday

8:00 A.M. to 8:00 P.M. Eastern Time, Monday - Friday

Portal requests received outside of office hours will be collected, however no action can be guaranteed until the next business day

b.    Service Requests

In support of services outlined in this Agreement, Mandiant will use commercially reasonable efforts to resolve service related incidents and/or requests submitted by Customer within the following time frames during business hours:

Request Priority Level Service Level
Urgent Priority Request Mandiant will initiate diagnostic and remedial measures within one hour of notification of an Urgent Priority Request. Once corrective actions have commenced, Mandiant staff will work diligently until the issue has been remedied.
High Priority Request Mandiant will initiate diagnostic and remedial measures within four hours of notification of a High Priority Request.  Once corrective actions have commenced, Mandiant will complete all such corrections as soon as reasonably practicable.
Normal Priority Request Mandiant will initiate diagnostic and remedial measures within twenty-four (24) hours of notification of a Normal Priority Request.  Once corrective actions have commenced, Mandiant will complete all such corrections as soon as reasonably practicable.
Low Priority Request Mandiant shall endeavor to correct the problem and furnish a remedy by working with Customer on reasonable timing based on Mandiant’s development roadmap.

c.    Exclusions

Notwithstanding the foregoing, Mandiant will have no obligation to support: (a) services, hardware, or software provided by anyone other than Mandiant or for which Support Services have not been purchased; or (b) issues caused by customer’s negligence, abuse or misapplication, Customer’s use of Products other than as specified in the Documentation, or by other factors beyond the control of Mandiant.

Back To Top

 


SCHEDULE – MANDIANT SOLUTIONS
MANDIANT MANAGED DEFENSE – CONTINUOUS VIGILANCE SUBSCRIPTION
MANDIANT MANAGED DEFENSE – NIGHTS AND WEEKENDS SUBSCRIPTION

In addition to the General Terms Applicable to all Offerings, which govern this Schedule, the following terms govern the Mandiant Managed Defense – Continuous Vigilance and Mandiant Managed Defense Nights and Weekends Subscription (each, a “Managed Defense Subscription” or “Subscription”).

1.     Managed Defense Subscription.  Mandiant will provide Customer with the most current version of the Mandiant Managed Defense service description (“Service Description”). The Service Description will contain an up-to-date description of the entitlements and support available through each Managed Defense Subscription. Customer acknowledges that Mandiant may update the Service Description from time to time, and that the most current version of the Service Description will apply to the Managed Defense Subscription. During the Subscription Term, Mandiant will provide the Managed Defense Subscription as set forth in the Service Description, according to the number of Nodes purchased by Customer as set forth in the Subscription Order. All services Customer requests that are not described in the Service Description will be performed at mutually agreed upon rates as set forth in Statements of Work.  If the number of Nodes exceeds the purchased Nodes reflected in the Subscription Order by more than ten percent (10%), Mandiant will notify Customer in writing, and will issue an invoice for the next higher Node count at Mandiant’s then-current rates pro-rated for the remaining portion of the then-current Subscription Term.

2.      Reseller and Partner PurchasesIf Customer receives the Subscription via a Mandiant authorized services or support partner (a “Partner”), Customer agrees that the Subscription and Managed Defense Reports may be delivered to Customer through the Partner. Notwithstanding any other confidentiality obligations between the parties, Customer authorizes Mandiant to disclose information related to the Subscription and Customer Data to Partner.

3.      Customer Responsibilities. Customer acknowledges and agrees that Mandiant’s ability to successfully deliver the Managed Defense Subscription is dependent on the Customer’s ability to meet its responsibilities as outlined herein.

3.1   Mandiant will have no liability for any failure to deliver the Managed Defense Subscription that may arise due to Customer’s refusal or failure to perform its responsibilities.

    a)     Installation Requirements. Customer will be responsible for the following: (i) providing network architecture diagrams, physical, and logical access to Customer’s environment for the sole purpose of deploying and configuring Managed Defense Supported Technology (as defined in the Service Description);  (ii) upgrading pre-existing Managed Defense Supported Technology to the minimum software version as referenced within the Managed Defense Service Description for each product or service; (iii) providing confirmation that all Managed Defense Supported Technology within the Customer’s environment has been successfully configured and connected to their network according to the individual Product’s or Subscription’s System Administration Guide and the configurations supported as noted in the FireEye Support Portal; (iv) providing the ability to establish a persistent connection to the Customer’s network within the designated port range corresponding to the country from which the Managed Defense Subscription will be delivered as referenced within the Managed Defense Quick Start Guide.

    b)     Compromised Systems. Customer recognizes that the Managed Defense Subscription is not an alternative to an incident response engagement for an environment that is compromised prior to the start of the Managed Defense Subscription.

    c)     Credential Security. Customer will be responsible for the following: (i) providing accurate information to Mandiant for provisioning access to (and removal of) Customer personnel access to the Managed Defense Portal; (ii) implementing and adhering to strong password standards; (iii) providing accurate information to Mandiant for domain whitelisting; and (iv) reporting any security issues related to the Subscription (including the Managed Defense Portal) to Mandiant immediately.

    d)     Network Segment Exclusion: Customer must notify Mandiant if specific network segments will not require Managed Defense monitoring. Customer must provide detailed information regarding the specific network segment range when possible. Examples: guest networks, testing environments, etc.

    e)     Remediating Known Compromises. Customer must make a reasonable effort to remediate any known compromises reported by Mandiant or third party vendors. Mandiant may choose to suppress alerts generated by known compromised systems until such time the compromise is remediated.

    f)      Time and Date Settings. Customers purchasing a Managed Defense the Nights and Weekends Subscription must ensure that all Managed Defense Supported Technology has accurate time and date settings, to help ensure that Nights and Weekends Supported Alerts are accurately categorized. Mandiant will not be responsible for reporting on Alerts generated by Managed Defense Supported Technology that does not have up to date time and date settings.

3.2.    Exclusions.  Notwithstanding anything else contained in this Agreement to the contrary, Mandiant shall have no obligation or responsibility to provide the Managed Defense Subscription for (i) Products that the Customer (or Mandiant or another third party on Customer’s behalf) has configured with a one-way feed of Mandiant’s Dynamic Threat Intelligence (DTI) Content Feed; (ii) Managed Defense Supported Technology that has been declared end of support or that are not currently supported; (iii) Managed Defense Supported Technology that has no active Support Service in place; (iv) Managed Defense Supported Technology for which software updates have not been applied; (v) Products that have not been installed and deployed; or (vi) Managed Defense Supported Technology that is misconfigured or incorrectly deployed, which prevents the Managed Defense Supported Technology from monitoring the Covered Systems. Customer acknowledges that to facilitate Mandiant’s efficient performance of the Managed Defense Subscription, Mandiant may control some features and functionality of the Managed Defense Supported Technology, including by applying updates, and such features or functionality may not be available for Customer’s independent use during the Subscription Term.


Back To Top


SCHEDULE – MANDIANT SOLUTIONS
MANDIANT INTELLIGENCE SUBSCRIPTIONS

In addition to the General Terms Applicable to all Offerings, which govern this Schedule, the following terms govern Mandiant Intelligence Subscriptions (each, an “Intelligence Subscription”). Mandiant will provide the Intelligence Subscription(s) purchased by the Customer, as shown on the Order.

1.       Intelligence Subscriptions

Mandiant will provide Customer with the most current version of the Mandiant Intelligence service description (“Service Description”). The Service Description will contain an up-to-date listing of the entitlements and support available through each Intelligence Subscription. Customer acknowledges that Mandiant may update the Service Description from time to time, and that the most current version of the Service Description will apply to the Intelligence Subscription.

2.         License; Access to Intelligence Subscription and Content. 

2.1.      Grant of Limited License.  During the Subscription Term , Mandiant grants to Customer in accordance with the terms of this Agreement and Intelligence Subscription(s) purchased, a limited, worldwide, revocable, non-exclusive, non-transferable, non-assignable, non-sublicensable royalty-free right and license to use Intelligence Subscription to access Mandiant Intelligence for Customer’s internal use only. Certain features of some Intelligence Subscriptions may provide access to third party data, some of which may be collected from underground forums or other websites. Customer acknowledges and agrees that its use of any such data is solely for the purpose of its own internal security investigations and for research to secure its own networks. All access methods and content is FireEye Material and FireEye Confidential Information as defined in the Agreement. Customer will not interfere with, restrict or inhibit any other customer from using the Mandiant Intelligence Subscriptions or content or disrupt any services offered by Mandiant through any medium. Mandiant does not warrant that any content made available through the Subscription will continue to be available throughout the entire Subscription Term, and Mandiant may, in its discretion, remove content from time to time.

2.2.       Limitations. The Intelligence Subscription(s) and services can be used only by Customer employees who have a need to know within Customer’s organization, typically defined as a person or group that has a direct role in securing information system or networks.  Use of the Access Methods and access to the Intelligence Subscription(s) and the Content by Customer’s End Users is provided through access keys or login credentials. Access keys and login credentials may not be shared between End Users. Customer may not establish group accounts. Mandiant reserves the right to discontinue offering particular Access Methods or to modify the Access Methods at any time in its sole discretion. Mandiant reserves the right to limit the number and/or frequency of requests for Content made through the Access Methods in its sole discretion.  Customer will not exceed any usage limits established by Mandiant. In addition to any other rights under this Agreement, Mandiant may utilize technical measures to prevent over-usage or to stop usage of any Access Methods or any Application after any usage limitations are exceeded. 

2.3.      Customer Submissions. Customer agrees that certain information and data that will be provided by Customer to Mandiant through the Intelligence Subscription(s), such as malware submitted for analysis, is not owned by Customer. Such submissions may be used, aggregated, analyzed and shared by Mandiant to enhance the products and services Mandiant provides to its customers.

Back To Top


SCHEDULE – MANDIANT SOLUTIONS
MANDIANT EXPERTISE ON DEMAND SUBSCRIPTION

In addition to the General Terms Applicable to all Offerings, which govern this Schedule, the following terms govern the Mandiant Expertise On Demand Subscription (“Expertise On Demand” or “Expertise On Demand Subscription”).

1. Expertise On-Demand Services.  Mandiant will provide Customer with the most current version of the Expertise On-Demand service description (“Service Description”). The Service Description will contain an up-to-date listing of the services available through the Expertise On Demand Subscription (“EOD Services”). Customer may order any of the EOD Services described in the Service Description during the twelve (12) month period beginning on the Order Effective Date (the “Covered Period”), as set forth in this Schedule. Each EOD Service will draw down the number of EOD Units listed for that EOD Service in the Service Description. Customer shall make each request for EOD Services in writing through one of the communication channels described in the Service Description, and Mandiant will, after receiving the written request, confirm receipt, and schedule a planning and coordination call if necessary. All EOD Services must commence within the Covered Period, and must be requested within the time frames set forth in the Service Description to allow for scheduling so that EOD Services may commence prior to the end of the Covered Period. Customer acknowledges that Mandiant may update the Service Description from time to time, and that the most current version of the Service Description (including listings of EOD Services and Unit values) will apply to the EOD Services, subject to the following: Mandiant will notify Customer at least twelve (12) months in advance of discontinuing any EOD Service or increasing the number of EOD Units required for any EOD Service.

2. Incident Response Retainer. Mandiant (through its division Mandiant) agrees to provide incident response services (“Incident Response Services”) during the Covered Period, as set forth in the Service Description. During the Covered Period Mandiant will provide Incident Response Services as requested by Customer in the following areas:

  • Computer security incident response support.
  • Forensics, log and advanced malware analysis.
  • Advanced threat actor response support.
  • Advanced threat/incident remediation assistance.

Shortly after the Order Effective Date, Customer will receive a welcome letter that describes the Mandiant Incident Response Services process, 24/7 contact information and email address for requesting Incident Response Services. Customer is provided access to Mandiant’s toll-free hotline, which is available 24 hours a day and 7 days a week.

3. Deliverables. Deliverables for each EOD Service and the Incident Response Services will be as described in the Service Description.

4. Units. In consideration for the EOD Services, Customer will pay the fixed fee as set forth on the Order (the “Package Fixed Fee”), which will entitle Customer to the number of Expertise On Demand Units (“Units”) set forth on the Order (“Unit Package”). The total Package Fixed Fee will be invoiced on or about the Order Effective Date. Customer may purchase additional Units (“Additional Units”) during the Covered Period. Additional Units may be used only within the Covered Period, and are non-cancelable and non-refundable. Units may not be used for any Product, Service, or Subscription other than the EOD Services as described in the Service Description. Any technology fees and expenses will be invoiced separately as set forth in the Service Description.

 

Back To Top