Legal Terms & Conditions

 

TERMS AND CONDITIONS FOR FIREEYE OFFERINGS

Last update November 18, 2016
 

General Terms Applicable to all FireEye Offerings
Exhibit A: Additional Terms Applicable to FireEye Products (FireEye NX, EX, AX, PX, FX, HX, Security Orchestrator™, MVX Smart Grid, and Central Management Series (CMS) Products)
Exhibit B: Additional Terms Applicable to FireEye Subscriptions
    Exhibit B-1: Additional Terms Applicable to FireEye as a Service (FAAS)-Continuous Protection Subscription
    Exhibit B-2: Additional Terms Applicable to FireEye as a Service (FAAS)-Continuous Vigilance Subscription
    Exhibit B-3: Additional Terms Applicable to Threat Analytics Platform (TAP)Subscription
    Exhibit B-4: Additional Terms Applicable to Email Threat Prevention (ETP) Subscription
    Exhibit B-5: Additional Terms Applicable to the Advanced Threat Intelligence Plus (ATI+) Subscription
    Exhibit B-6: Additional Terms Applicable to the FireEye iSight Intelligence Subscription
Exhibit C: Support Terms for FireEye Products

These terms and conditions (the “Agreement”) govern the purchase and use of FireEye Offerings by the Customer listed on the Order or Statement of Work that incorporates this Agreement.

Structure and Order of Precedence.  This Agreement provides the general terms under which the Customer may use FireEye’s various Offerings.  The explicit rights for the Customer to use and receive Products, Support Services or Subscriptions or otherwise engage with specific FireEye Offerings are set forth in the applicable Exhibit.  In the event of conflict between any of the terms in this Agreement and an Exhibit, the Exhibit shall govern.

FireEye Offerings.  In addition to the rights and obligations set forth in this Agreement, when purchased by the Customer, the Customer shall have the rights, subject to the terms in each exhibit, as those set forth in the Exhibits to this Agreement that are applicable to each Offering (collectively the “Exhibit(s)”).

If you have arrived at this page via a link provided during the process of installing your FireEye Product, you acknowledge that by proceeding with the installation of that Product, you agree to be bound by this Agreement as it applies to Products. If this Agreement is considered an offer, acceptance Is expressly limited to the terms of this Agreement. If you do not unconditionally agree to the foregoing, discontinue the installation process. If you proceed with installation, you are representing and warranting that you are authorized to bind the Customer.


GENERAL TERMS APPLICABLE TO ALL FIREEYE OFFERINGS

1.        DEFINITIONS.

1.1      “Content Feed” means all intelligence and content feeds associated with Products, which may consist of inbound and outbound feeds that are part of FireEye’s Dynamic Threat Intelligence (DTI) Cloud,  downloads of Indicators for use with Products, and/or intelligence provided as part of the Advanced Threat Intelligence (ATI) Subscription.

1.2      “Deliverables” means the written reports that are created specifically for Customer as a result of the Professional Services provided hereunder.

1.3      “Documentation” means the user manuals generally provided in writing by FireEye to end users of the Products and Subscriptions in electronic format, as amended from time to time by FireEye.

1.4      “FireEye” means (i) FireEye, Inc., a Delaware corporation with its principal place of business at 1440 McCarthy Blvd., Milpitas, CA, 95035 with respect to Offerings  that are shipped to, deployed or rendered inside of North America (including the United States, Mexico, Canada and the Caribbean), Central America and South America (collectively, the “Americas”); or (ii) with respect to all Offerings that are shipped to, deployed or rendered outside of the Americas, FireEye Ireland Limited, a company incorporated under the laws of Ireland with principal place of business at 2 Park Place, City Gate Park, Mahon, Cork, Ireland.

1.5      "FireEye Materials" means all FireEye proprietary materials, Deliverables, intellectual property related to Products or Subscriptions, (such as all rights in any software incorporated into a Product or Subscription, copyrights, and patent, trade secret and trademark rights related to Products, and screens associated with Products or Subscriptions), Documentation, any hardware and/or software used by FireEye in performing Services or providing Subscriptions, Content Feeds, FireEye’s processes and methods (including any forensic investigation processes and methods), Indicators of Compromise, materials distributed by FireEye during Training, and any FireEye templates and/or forms, including report and presentation templates and forms.  FireEye Materials does not include Third Party Materials.

1.6      "Indicators of Compromise" or "Indicators" means specifications of anomalies, configurations, or other conditions that FireEye is capable of identifying within an information technology infrastructure, used by FireEye in performing Professional Services and providing Subscriptions.

1.7      “Intellectual Property Rights” means copyrights (including, without limitation, the exclusive right to use, reproduce, modify, distribute, publicly display and publicly perform the copyrighted work), trademark rights (including, without limitation, trade names, trademarks, service marks, and trade dress), patent rights (including, without limitation, the exclusive right to make, use and sell), trade secrets, moral rights, right of publicity, authors’ rights, contract and licensing rights, goodwill and all other intellectual property rights as may exist now and/or hereafter come into existence and all renewals and extensions thereof, regardless of whether such rights arise under the law of the United States or any other state, country or jurisdiction.

1.8      “Offerings” means, collectively, Products, Subscriptions, Training, Professional Services and Support Services.

1.9      “Order” means a written purchase order or similar ordering document, signed or submitted to FireEye by Customer and approved by FireEye, under which Customer agrees to purchase Offerings.

1.10     “Products” means the FireEye software and hardware appliances (which may include embedded software or firmware components) as described in Exhibit A to this Agreement.

1.11     “Professional Services” means, collectively, those security consulting services provided by FireEye under a Statement of Work and/or set forth on an Order, which may consist of Product-related services such as deployment, configuration or installation services; proactive security consulting such as penetration testing, vulnerability assessments or compromise assessments; or incident response or other remediative services.

1.12     "Service" or "Services" means the Professional Services, Support Services and Training.

1.13     "Statement of Work" or “SOW” means a mutually agreed-upon document between FireEye and Customer, describing Professional Services, rates and timelines (if applicable) for those Professional Services, and incorporating this Agreement.

1.14     “Subscription” means a service provided by FireEye for a fixed term, under which FireEye provides access to certain features, functionality, and/or information, as described in the applicable Exhibit for each Subscription attached to this Agreement.

1.15     “Support Services” means the Product support and maintenance services provided by FireEye with respect to each Product, and that are described in the applicable Exhibit for each Product attached to this Agreement.

1.16     “Third Party Materials” means software or other components that are licensed to FireEye by third parties for use in FireEye’s Offerings.

1.17     “Training” means training in the use of Products, or on security-related topics in general, provided by FireEye.

2.        ORDERS AND STATEMENTS OF WORK.

2.1.      Orders.  Customer may purchase Offerings by submitting an Order.  If accepted by FireEye, the “Order Effective Date” will be the date of the Order.  All Orders will be governed by this Agreement. For clarity, FireEye will not be obligated to ship any Product, or provide any Services, Training or Subscriptions until Customer has issued a valid Order for those Offerings.

2.2.      Statements of Work.  Each Statement of Work will incorporate and be governed by this Agreement.  The “Statement of Work Effective Date” will be the date both Customer and FireEye have agreed to the Statement of Work, either by executing the Statement of Work or by issuing and accepting an Order for the Professional Services described on the Statement of Work.  For clarity, FireEye will not be obligated to perform any Professional Services until a SOW describing those Professional Services has been agreed by both parties or an Order listing those Professional Services has been accepted by FireEye. 

3.        PAYMENT.  Customer agrees to purchase the Offerings for the prices set forth in each Order and/or Statement of Work, as applicable (“Fees”).  If Customer purchases through a FireEye partner (such as an authorized reseller or distributor, collectively, “FireEye Partners”), all fees and other procurement and delivery terms shall be agreed between Customer and the applicable partner.  If Customer purchases directly from FireEye, Customer will make full payment in the currency specified in FireEye’s invoice, without set-off and in immediately available funds, within thirty (30) days of the date of each invoice.  All Fees are non-cancelable and non-refundable.  All Fees described on an Order will be fully invoiced in advance, unless otherwise agreed by FireEye.  Unless otherwise specified in a Statement of Work, all Fees related to Professional Services will be invoiced fully in advance.  Customer shall reimburse FireEye for any and all expenses incurred so long as such expenses are directly attributable to the Services or Subscriptions performed for or provided to Customer.  FireEye will provide appropriate vouching documentation for all expenses exceeding $25.  If any payment is more than fifteen (15) days late, FireEye may, without limiting any remedies available to FireEye, terminate the applicable Order or Statement of Work or suspend performance until payment is made current.  Customer will pay interest on all delinquent amounts at the lesser of 1.5% per month or the maximum rate permitted by applicable law.  All Fees are exclusive of all present and future sales, use, excise, value added, goods and services, withholding and other taxes, and all customs duties and tariffs now or hereafter claimed or imposed by any governmental authority upon the Offerings which shall be invoiced to and paid by the Customer.  If Customer is required by law to make any deduction or withholding on any payments due to FireEye, Customer will notify FireEye and will pay FireEye any additional amounts necessary to ensure that the net amount FireEye receives, after any deduction or withholding, equals the amount FireEye would have received if no deduction or withholding had been required.  Additionally, Customer will provide to FireEye evidence, to the reasonable satisfaction of FireEye, showing that the withheld or deducted amounts have been paid to the relevant governmental authority.  For purposes of calculating sales and similar taxes, FireEye will use the address set forth on the Order or Statement of Work, as applicable, as the jurisdiction to which Offerings and shipments are delivered unless Customer has otherwise notified FireEye in writing as of the Order Effective Date or Statement of Work Effective Date, as applicable. Customer will provide tax exemption certificates or direct-pay letters to FireEye on or before the Order Effective Date or Statement of Work Effective Date, as applicable. FireEye reserves the right to increase Fees at any time, although increases in Fees for Subscriptions or Support Services will not go into effect until the next Renewal Subscription Term or Renewal Support Term, as applicable.

4.        TITLE AND RISK OF LOSS; INSPECTION.  All hardware, including Products and any hardware provided for use with Subscriptions and/or Services, is shipped FOB Origin from FireEye’s designated manufacturing facility or point of origin, and title to such hardware and the risk of loss of or damage to the hardware shall pass to Customer at time of FireEye’s delivery of such hardware to the carrier.  FireEye is authorized to designate a carrier pursuant to FireEye’s standard shipping practices unless otherwise specified in writing by Customer.  Customer must provide written notice to FireEye within five (5) days of delivery of the Products of any non-conformity with the Order, e.g., delivery of the wrong Product or incorrect quantities.    

5.        TERMS APPLICABLE TO OFFERINGS.

5.1.      Products and Support Services. Customer’s purchase and use of each Product and Support Services for each Product will be subject to the licenses and terms specific to each Product set forth in Exhibit A.

5.2.      Subscriptions. Customer’s purchase of and access to each Subscription will be subject to the terms specific to each Subscription set forth in Exhibit B.

5.3.      Training.  Customer’s purchase of Training will be subject to the terms in this Section 5.3.  Training delivery dates and location for such Training will be mutually agreed upon by the parties. If an Order does not specify such dates and/or locations, then the parties will mutually agree upon the dates and locations for Training.  Customer must request rescheduling of Training no less than two (2) weeks in advance of the scheduled start date.  FireEye will use reasonable efforts to reschedule the Training, subject to availability, and Customer will pay any expenses associated with the rescheduling, including any expenses associated with cancelling or changing travel plans.  If Customer cancels attendance at a public Training class, Customer must notify FireEye no later than two (2) business days before the date of the Training class.  If Customer timely notifies FireEye of the cancellation, FireEye will issue Customer a credit for the amount paid for that public Training class, which Customer may apply toward another public Training class held within one (1) year of the date of the Order on which the cancelled Training class was included.  Customer may substitute a named attendee at a public Training class, but Customer will notify FireEye in advance of any such substitution.  FireEye reserves the right to refuse admittance to public Training classes to any person, for any reason, and if FireEye refuses admittance, FireEye will refund the amount paid for that person’s attendance at the public Training class.  FireEye does not refund or credit Fees paid for attendees who do not attend Training classes or who leave before a Training class concludes.  If Customer purchases a block of Training hours (for example, 10 hours of Training), then Customer must use those hours within one (1) year of the effective date of the applicable Order.  All Training must be scheduled and conducted within one (1) year of the date of the applicable Order for that Training.

5.4.      Professional Services.

5.4.1.   Deliverables.  Subject to Customer’s timely payment of applicable fees, and subject to this Agreement and each applicable SOW, Customer shall have a perpetual, non-exclusive, nontransferable, right and license to use, display and reproduce the Deliverables for its internal business purposes. Deliverables may not be shared with any third party other than law enforcement agencies. In no event may Deliverables be used for sales or marketing activities.  

5.4.2.   Customer-Owned Property.  Customer will be and remain, at all times, the sole and exclusive owner of the Customer-Owned Property (including, without limitation, any modification, compilation, derivative work of, and all intellectual property and proprietary rights contained in or pertaining thereto).  FireEye will promptly return to Customer all Customer-Owned Property upon the termination or expiration of the applicable Statement of Work or Order, or sooner at Customer’s request. “Customer-Owned Property” means any technology, software, algorithms, formulas, techniques or know-how and other tangible and intangible items that were owned by Customer, or developed by or for Customer prior to the SOW Effective Date that are provided by Customer to FireEye for incorporation into or used in connection with the development of the Deliverables or performance of Professional Services.

5.4.3.    Customer Responsibilities.  If the Services or Subscriptions require the installation and use of FireEye equipment or software, Customer will facilitate the installation and shall provide physical space, electrical power, Internet connectivity and physical access as reasonably determined and communicated by FireEye. Notwithstanding anything to the contrary herein or in any Statement of Work, including confidentiality provisions, if Customer has hired FireEye to perform a PCI DSS Compliance Audit or a PCI investigation, FireEye may provide The Payment Card Industry Security Standards Council, LLC (PCI SSC), card companies and the relevant merchant bank with all Reports of Compliance (ROC) and all related assessment and investigative report documents generated in connection with such work, as required by PCI DSS rules. If FireEye is required by applicable law, legal process or government action to produce information, documents or personnel as witnesses with respect to the Professional Services or this Agreement, such as by responding to one or more subpoenas, Customer shall reimburse FireEye for any time and expenses (including without limitation reasonable external and internal legal costs) incurred to respond to the request, unless FireEye is itself a party to the proceeding or the subject of the investigation.

5.4.4.    Additional Assumptions.  The following additional assumptions will apply to all Professional Services: (a) estimated Fees for Professional Services do not include any hardware, software, licensing, maintenance or support costs of any FireEye or other third-party product or service suggested by FireEye in the course of performing Professional Services; (b) when FireEye’s personnel are performing Professional Services on site at Customer’s premises, Customer will allocate appropriate working space and physical access for all FireEye personnel; (c) Customer will make available key individuals within the security program that can best help plan and coordinate activities described in the SOW; (d) either party may elect to submit written change requests to the other party proposing changes to the Statement of Work. All changes to the requirements and Statement of Work will be made using agreed-to project change control procedures.

5.5        Evaluations.  If Customer receives a Product or Subscription for evaluation purposes (“Evaluation Offerings”) then Customer may use the Evaluation Offerings for its own internal evaluation purposes for a period of up to thirty (30) days from the date of receipt of the Evaluation Offerings (the “Evaluation Period”).  Customer and FireEye may, upon mutual written agreement (including via email), extend the Evaluation Period. If the Evaluation Offering includes hardware components, Customer will return the hardware within ten (10) days of the end of the Evaluation Period, and if Customer does not return the hardware within this period, Customer shall be invoiced for the then-current list price for the applicable Evaluation Offering. Customer acknowledges that title to hardware components of Evaluation Offerings remains with FireEye at all times, and that Evaluation Offerings may be used and/or refurbished units. If the Evaluation Offering does not include hardware components, Evaluator must delete all software and other components (including Documentation) related to the Evaluation Offering at the end of the Evaluation Period, and confirm those deletions in writing to FireEye, or the Evaluator shall be invoiced for the then-current list price for the Evaluation Offering.  If the Evaluation Offering is a Subscription, Evaluator understands that FireEye may disable access to the Subscription automatically at the end of the Evaluation Period, without notice to Evaluator. EVALUATION OFFERINGS ARE PROVIDED “AS IS”, AND TO THE EXTENT PERMITTED BY APPLICABLE LAW, FIREEYE DISCLAIMS ALL WARRANTIES RELATING TO THE EVALUATION OFFERINGS, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTIES AGAINST INFRINGEMENT OF THIRD PARTY RIGHTS, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

6.        INTELLECTUAL PROPERTY

6.1.     Ownership of FireEye Materials; Restrictions.  All Intellectual Property Rights in FireEye Materials, Products, Deliverables, Documentation, and Subscriptions belong exclusively to FireEye and its licensors. Customer will not (and will not allow any third party to): (i) disassemble,  decompile,  reverse  compile,  reverse engineer or attempt to discover any source code or underlying ideas or algorithms of any FireEye Materials (except to the limited extent that applicable law prohibits reverse engineering restrictions); (ii) sell,  resell,  distribute, sublicense or otherwise transfer, the  FireEye Materials, or  make the functionality of the FireEye Materials available to any other party through any means (unless otherwise FireEye has provided prior written consent),  (iii) without the express prior written consent of FireEye, conduct any benchmarking or comparative study or analysis involving the FireEye Materials (“Benchmarking”) for any reason or purpose except, to the limited extent absolutely necessary, to determine the suitability of Products or Subscriptions to interoperate with  Customer’s internal computer systems; (iv) disclose or publish to any third party any Benchmarking or any other information related thereto; (v) use the FireEye Materials or any Benchmarking in connection with the development of products, services or subscriptions that compete with the FireEye Materials; or (vi) reproduce, alter,  modify or create derivatives of the FireEye Materials. Between Customer and FireEye, FireEye shall retain all rights and title in and to any Indicators of Compromise FireEye developed by or for FireEye in the course of providing Subscriptions or performing Services. 

6.2.     Third Party Materials.  Customer acknowledges that Products and Subscriptions may include Third Party Materials.  FireEye represents that these Third Party Materials will not diminish the license rights provided herein or limit Customer’s ability to use the Products and Subscriptions in accordance with the applicable Documentation, and neither the inclusion of Third Party Materials in any Product or Subscription or use of Third Party Materials in performance of Services will create any obligation on the part of Customer to license Customer’s software or products under any open source or similar license. 

7.        WARRANTIES.

7.1.     Product Warranty.  FireEye warrants to Customer that during the one (1) year period following the shipment of the Products, the Products will perform substantially in accordance with the applicable Documentation. The warranty stated in this Section 7.1 shall not apply if the Product has: (i) been subjected to abuse, misuse, neglect, negligence, accident, improper testing, improper installation, improper storage, improper handling or use contrary to any instructions issued by FireEye; (ii) been repaired or altered by persons other than FireEye; (iii) not been installed, operated, repaired and maintained in accordance with the Documentation; or (iv) been used with any third party software or hardware which has not been previously approved in writing by FireEye.  If during the one-year Product warranty period: (a) FireEye is notified promptly in writing upon discovery of any error in a Product, including a detailed description of such alleged error; (b) such Product is returned, transportation charges prepaid, to FireEye’s designated manufacturing facility in accordance with FireEye’s then-current return procedures, as set forth by FireEye from time to time; and (c) FireEye’s inspections and tests determine that the Product contains errors and has not been subjected to any of the conditions set forth in 7.1(i)-(iv) above, then, as Customer’s sole remedy and FireEye’s sole obligation under the foregoing warranty, FireEye shall, at FireEye’s option, repair or replace without charge such Product.  Any Product that has either been repaired or replaced under this warranty shall have warranty coverage for the remaining warranty period.  Replacement parts used in the repair of a Product may be new or equivalent to new.

7.2.     Services Warranty.  FireEye warrants to Customer that Services will be performed in a professional manner in accordance with industry standards for like services.  If Customer believes the warranty stated in this Section has been breached, Customer must notify FireEye of the breach no later than thirty (30) days following the date the Services were performed, and FireEye will promptly correct or re-perform the Services, at FireEye’s expense.

7.3.     Subscription Warranty.  FireEye warrants to Customer the Subscriptions will be provided in a professional manner in accordance with industry standards for similar subscriptions.  If Customer believes the warranty stated in this Section has been breached, Customer must notify FireEye of the breach no later than thirty (30) days following the date the warranty was allegedly breached, and FireEye will promptly correct the non-conformity, at FireEye’s expense.

7.4.     Remedies Exclusive.  Except for any Service Level Credits described in Exhibit B, the remedies stated in Sections 7.1-7.3 above are the sole remedies, and FireEye’s sole obligation, with respect to Products, Subscions and Services that fail to comply with the foregoing warranties.   

7.5.     Disclaimer of Warranties.  EXCEPT FOR THE EXPRESS WARRANTIES SET FORTH HEREIN, ALL PRODUCTS, SUBSCRIPTIONS, FIREEYE MATERIALS, DELIVERABLES AND SERVICES ARE PROVIDED ON AN “AS IS” BASIS WITHOUT ANY WARRANTY WHATSOEVER.  FIREEYE AND ITS SUPPLIERS EXPRESSLY DISCLAIM, TO THE MAXIMUM EXTENT PERMISSIBLE UNDER APPLICABLE LAW, ALL WARRANTIES, EXPRESS, IMPLIED AND STATUTORY, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, NONINFRINGEMENT, OR ARISING FROM COURSE OF PERFORMANCE, DEALING, USAGE OR TRADE.  FIREEYE ALSO MAKES NO WARRANTY REGARDING NONINTERRUPTION OF USE OR FREEDOM FROM BUGS, AND MAKES NO WARRANTY THAT PRODUCTS, FIREEYE MATERIALS, DELIVERABLES, SERVICES OR SUBSCRIPTIONS WILL BE ERROR-FREE.

8.        INFRINGEMENT INDEMNITY.

8.1.     FireEye shall defend Customer, and its officers, directors and employees, against any third party action alleging that the FireEye Materials infringes a valid U.S. patent or copyright issued as of the date of delivery or performance, as applicable, and FireEye shall pay all settlements entered into, and all final judgments and costs (including reasonable attorneys’ fees) finally awarded against such party in connection with such action.  If the FireEye Materials, or parts thereof, become, or in FireEye’s opinion may become, the subject of an infringement claim, FireEye may, at its option: (i) procure for Customer the right to continue using the applicable FireEye Materials; (ii) modify or replace such FireEye Materials with a substantially equivalent non-infringing FireEye Materials; or (iii) require the return of such FireEye Materials or cease providing affected Product, Subscriptions, Deliverables or Services, and refund to Customer, with respect to Products, a pro-rata portion of the purchase price of such Products based on a three-year straight line amortization of the purchase price, and with respect to Subscriptions, a portion of any pre-paid Fees for such Subscriptions, pro rated for any unused Subscription Term, and with respect to Services, any pre-paid Fees for Services that have not been delivered. THIS SECTION 8.1 STATES THE ENTIRE LIABILITY OF FIREEYE AND CUSTOMER’S SOLE REMEDY WITH RESPECT TO ANY INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS BY THE OFFERINGS, FIREEYE MATERIALS, OR DELIVERABLES.

8.2.     FireEye shall have no indemnification obligations with respect to any action arising out of: (i) the use of any Product, Subscription, Deliverable, or Service, or any part thereof, in combination with software or other products not supplied by FireEye; (ii) any modification of the Products, Subscriptions, Deliverables, or Services not performed or expressly authorized by FireEye; or (iii) the use of any the Products, Subscriptions, Deliverables, or Services other than in accordance with this Agreement and applicable Documentation.

8.3.     The indemnification obligations shall be subject to Customer: (i) notifying FireEye within ten (10) days of receiving notice of any threat or claim in writing of such action; (ii) giving FireEye exclusive control and authority over the defense or settlement of such action; (iii) not entering into any settlement or compromise of any such action without FireEye’s prior written consent; and (iv) providing reasonable assistance requested by FireEye.

9.        LIMITATION OF LIABILITY.

9.1.     Consequential Damages Waiver.  EXCEPT FOR LIABILITY ARISING UNDER A BREACH OF ANY INTELLECTUAL PROPERTY RIGHT OF FIREEYE, OR THE INDEMNIFICATION OBLIGATIONS SET FORTH IN SECTION 8 (INFRINGEMENT INDEMNITY),  IN NO EVENT WILL FIREEYE BE LIABLE FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES OF ANY KIND, INCLUDING BUT NOT LIMITED TO ANY LOST PROFITS AND LOST SAVINGS, HOWEVER CAUSED, WHETHER FOR BREACH OR REPUDIATION OF CONTRACT, TORT, BREACH OF WARRANTY, NEGLIGENCE, OR OTHERWISE, WHETHER OR NOT FIREEYE WAS ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGES.

9.2.     Limitation of Monetary Damages.  EXCEPT FOR LIABILITY ARISING UNDER A BREACH OF ANY INTELLECTUAL PROPERTY RIGHT OF FIREEYE, PAYMENT OBLIGATIONS OF CUSTOMER, AND THE INDEMNIFICATION OBLIGATIONS SET FORTH IN SECTION 8 (INFRINGEMENT INDEMNITY), AND NOTWITHSTANDING ANY OTHER PROVISIONS OF THIS AGREEMENT OR ANY ORDER OR STATEMENT OF WORK, FIREEYE’S TOTAL LIABILITY ARISING OUT OF THIS AGREEMENT, THE OFFERINGS, THE FIREEYE MATERIALS AND DELIVERABLES SHALL BE LIMITED TO THE TOTAL AMOUNTS RECEIVED BY FIREEYE FOR THE RELEVANT OFFERINGS DURING THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE FIRST OCCURRENCE OF THE EVENTS GIVING RISE TO SUCH LIABILITY.

9.3.      Applicability.  THE LIMITATIONS AND EXCLUSIONS CONTAINED HEREIN WILL APPLY ONLY TO THE MAXIMUM EXTENT PERMISSIBLE UNDER APPLICABLE LAW, AND NOTHING HEREIN PURPORTS TO LIMIT EITHER PARTY’S LIABILITY IN A MANNER THAT WOULD BE UNENFORCEABLE OR VOID AS AGAINST PUBLIC POLICY IN THE APPLICABLE JURISDICTION.

9.4        SAFETY Act.  FireEye and Customer hereby mutually waive and release each other from any and all liabilities relating to any claims for losses or damages of any kind (including, but not limited to, business interruption losses) arising out of an Act of Terrorism as defined by the Support Anti-Terrorism By Fostering Effective Technologies Act of 2002 (“SAFETY Act”)(6 U.S.C. §§ 441-444). FireEye and Customer further agree to be solely responsible to the full extent of any and all losses they may sustain, or for any and all losses their respective employees, officers, or agents may sustain, resulting from an Act of Terrorism as defined by 6 U.S.C. §§ 441-444 when FireEye’s Multi-Vector Virtual Execution Engine and any subscriptions, cloud services platform or associated services (the “Qualified Anti-Terrorism Technology”) are utilized in defense against, response to, or recovery from an Act of Terrorism.    

10.       Export Control; Anti-Corruption; U.S. Government Restricted Rights.

10.1.    Export Control. Each party represents and warrants that it shall comply with all laws and regulations applicable to it with respect to the Offerings.  Customer further acknowledges and agrees that the Products and FireEye Materials may be subject to restrictions and controls imposed by the United States Export Administration Act, the regulations thereunder, as well as European Union (“EU”) or National export control laws and obligations and similar laws in other jurisdictions.  Customer agrees to comply with all applicable export and re-export control laws and regulations, including the Export Administration Regulations (“EAR”) maintained by the U.S. Department of Commerce, trade and economic sanctions maintained by the Treasury Department’s Office of Foreign Assets Control, and the International Traffic in Arms Regulations (“ITAR”) maintained by the Department of State.  Specifically, Customer covenants that it shall not, directly or indirectly, sell, export, reexport, transfer, divert, or otherwise dispose of any Products, FireEye Materials, or technology (including products derived from or based on such technology) received from FireEye under this Agreement to any destination, entity, or person prohibited by the laws or regulations of the United States and the EU, without obtaining prior authorization from the competent government authorities as required by those laws and regulations.  These prohibitions include, but are not limited to the following:  (i) the Products and FireEye Materials cannot be exported or re-exported to any countries embargoed by the United States (currently including Cuba, Iran, North Korea, Sudan or Syria) which includes nationals of these countries employed by Customer; (ii) the Products and FireEye Materials cannot be exported or re-exported for military use in country group ‘b’ prior to valid ‘export license’ or valid ‘license exception’; and (iii) the Products and FireEye Materials cannot be used for any prohibited end uses including any “nuclear, biological or chemical weapon related activities”; and (iv) the Products and FireEye Materials will not be re-exported or otherwise sold or transferred if it is known or suspected that they are intended or likely to be used for such purposes.  Customer agrees to notify FireEye of any suspicious activities by any employee related to the Products.  Customer agrees to indemnify, to the fullest extent permitted by law, FireEye from and against any fines or penalties that may arise as a result of Customer’s breach of this provision.   This export control clause shall survive termination or cancellation of any Orders.

10.2.    Anticorruption Laws.  Each Party acknowledges that it is familiar with and understands the provisions of the U.S. Foreign Corrupt Practices Act ("the FCPA") and the U.K. Bribery Act of 2010 (“UKBA”) and agrees to comply with its terms as well as any provisions of local law related thereto.  Each party further understands the provisions relating to the FCPA and UKBA’s prohibitions regarding the payment or giving of anything of value, including but not limited to payments, gifts, travel, entertainment and meals, either directly or indirectly, to an official of a foreign government or political party for the purpose of influencing an act or decision in his or her official capacity or inducing the official to use his or her party's influence with that government, to obtain or retain business involving the Offering.  Each Party agrees to not violate or knowingly let anyone violate the FCPA or UKBA, and Each Party agrees that no payment it makes will constitute a bribe, influence payment, kickback, rebate, or other payment that violates the FCPA, the UKBA, or any other applicable anticorruption or anti-bribery law.

10.3.    U.S. Government Restricted Rights.  The Offerings, Deliverables and Documentation are “commercial items”, “commercial computer software” and “commercial computer software documentation,” pursuant to DFAR Section 227.7202 and FAR Section 12.212, as applicable.  All Offerings and FireEye Materials are and were developed solely at private expense.  Any use, modification, reproduction, release, performance, display or disclosure of the Offerings, FireEye Materials and Documentation by the United States Government shall be governed solely by the this Agreement and shall be prohibited except to the extent expressly permitted by this Agreement.

11.       CONFIDENTIAL INFORMATION.

11.1.    Confidential Information. “Confidential Information” means the non-public information that is exchanged between the parties, provided that such information is: (i) identified as confidential at the time of disclosure by the disclosing party (“Discloser”); or (ii) disclosed under circumstances that would indicate to a reasonable person that the information should be treated as confidential by the party receiving such information (“Recipient”). The terms of any commercial transaction between the parties (including pricing related to the Offerings) shall be considered Confidential Information.

11.2.    Maintenance of Confidentiality.  Each party agrees that it shall: (i) take reasonable measures to protect the Confidential Information by using the same degree of care, but no less than a reasonable degree of care, to prevent the unauthorized use, dissemination or publication of the Confidential Information as the Recipient uses to protect its own confidential information of a like nature;  (ii) limit disclosure to those persons within Recipient’s organization with a need to know and who have previously agreed in writing, prior to receipt of Confidential Information either as a condition of their employment or in order to obtain the Confidential Information, to obligations similar to the provisions hereof; (iii) not copy, reverse engineer, disassemble, create any works from, or decompile any prototypes, software or other tangible objects which embody the other party's Confidential Information and/or which are provided to the party hereunder; and (iv) comply with, and obtain all required authorizations arising from, all U.S. and other applicable export control laws or regulations..  Confidential Information shall not be used or reproduced in any form except as required to accomplish the purposes and intent of an Order or Statement of Work.  Any reproduction of Confidential Information shall be the property of Discloser and shall contain any and all notices of confidentiality contained on the original Confidential Information.

11.3.    Exceptions.  The parties agree that the foregoing shall not apply to any information that Recipient can evidence: (i) is or becomes publicly known and made generally available through no improper action or inaction of Recipient; (ii) was already in its possession or known by it prior to disclosure by Discloser to Recipient; (iii) is independently developed by Recipient without use of or reference to any Confidential Information; or (iv) was rightfully disclosed to it by, or obtained from, a third party.  Recipient may make disclosures required by law or court order provided that Recipient: (a) uses diligent efforts to limit disclosure and to obtain, if possible, confidential treatment or a protective order; (b) has given prompt advance notice to Discloser of such required disclosure; and (c) has allowed Discloser to participate in the proceedings.

11.4.    Injunctive Relief.  Each party will retain all right, title and interest to such party’s Confidential Information.  The parties acknowledge that a violation of the Recipient’s obligations with respect to Confidential Information may cause irreparable harm to the Discloser for which a remedy at law would be inadequate.  Therefore, in addition to any and all remedies available at law, Discloser shall be entitled to seek an injunction or other equitable remedies in all legal proceedings in the event of any threatened or actual violation of any or all of the provisions hereof.

11.5.   Return of Confidential Information.  Within thirty (30) days after the date when all Orders and SOWs have expired or been terminated, or after any request for return of Confidential Information, each party will return to the other party or destroy all of such other party’s Confidential Information, at such other party’s discretion, and, upon request, provide such other party with an officer’s certificate attesting to such return and/or destruction, as appropriate. 

11.6.   Privacy.  If FireEye is a data processor under this Agreement, further to the provisions of Article 17 and 25 of the EU Data Protection Directive EU (Directive 95/46/EC), FireEye agrees that it will:

11.6.1  only deal with and process personal data controlled by Customer in compliance with, and subject to, the instructions received from Customer and in compliance with this Agreement and will not use or process the personal data for any other purpose whatever;

11.6.2  adopt and maintain appropriate (including organizational and technical) security measures in dealing with Customer’s personal data in order to protect against unauthorized or accidental access, loss, alteration, disclosure or destruction of such data, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing; and

11.6.3  take all reasonable steps to ensure that (i) persons employed by it, and (ii) other persons engaged at its place of work, are aware of and comply with applicable data privacy laws and regulations.

11.6.4  FireEye may process or otherwise transfer any personal information in or to any country outside the European Economic Area or any country not deemed adequate by the European Commission pursuant to Article 25(6) to the extent necessary for the provision of the Offerings. If required, FireEye will enter into the EU Standard Contractual Clauses as approved by the European Commission for ensuring an adequate level of data protection in respect of the personal information that will be processed or transferred.

12.       TERM AND TERMINATION.

12.1.    Term. 

12.1.1  Products.  Products will be licensed according to the applicable terms in Exhibit A, for the period of time stated on the Order (e.g., if the Order lists a Product as being provided for “3Y,” the license for that Product is provided for three years from the date of the Order). If no period of time is stated on the Order, then the Product is licensed perpetually, unless otherwise terminated as set forth herein.

12.1.2  Support Services.  Support Services will begin ten (10) days from the date of shipment of the associated Product and continue for the period of time stated on the Order (“Initial Support Term”). Unless otherwise stated on the Order, the Support Services will automatically renew for additional periods of one (1) year each (each, a “Renewal Support Term” and together with the Initial Support Term, the “Support Term”), unless either party notifies the other of its intention not to renew Support Services at least sixty (60) days prior to the expiration of the then-current Support Term. Customer may terminate Support at any time, for convenience, on thirty (30) days’ written notice to FireEye.  If Customer terminates Support Services for convenience before the end of the then-current Support Term, Customer will pay any remaining fees owing for the remainder of the then-current Support Term within thirty (30) days of the effective date of termination.

12.1.3  Subscriptions.  The term of each Subscription will begin on the Order Effective Date and will continue in effect for the period of time stated in the Order (“Initial Subscription Term”).  Unless otherwise stated on the Order, the Subscription will automatically renew after its Initial Subscription Term for additional periods of one (1) year each (each, a “Renewal Subscription Term” and together with the Initial Subscription Term, the “Subscription Term”), unless either party notifies the other of its intention not to renew that Subscription at least sixty (60) days prior to the expiration of the then-current Subscription Term. Customer may terminate a Subscription at any time, for convenience, on thirty (30) days’ written notice to FireEye.  If Customer terminates a Subscription for convenience before the end of the then-current Subscription Term, Customer will pay any remaining fees owing for the remainder of the then-current Subscription Term within thirty (30) days of the effective date of termination.

12.1.4  Professional Services; Statements of Work.  Professional Services described on an Order will be provided at mutually agreed-upon times, and will continue until complete, unless otherwise terminated as set forth herein.  The term of each SOW will be as set forth in that SOW.  If no term is expressed in an SOW, then the term of that SOW will begin on the SOW Effective Date and continue until the Professional Services described in that SOW are complete or the SOW is earlier terminated as set forth herein.  Unless otherwise stated in a SOW, Customer may terminate a SOW at any time for convenience by giving FireEye at least thirty (30) days’ written notice of its intent to terminate the SOW.  If Customer terminates an SOW for convenience as set forth in this Section, Customer will pay any amounts owing for Professional Services and Deliverables provided under that SOW up to and including the date of termination. Customer may request that FireEye suspend performing Professional Services during the term of a Statement of Work, and FireEye will suspend such Professional Services within 24 hours of Customer’s request.  Customer acknowledges that any such suspension will not affect Customer’s obligation to pay fees for Professional Services rendered through the date of suspension, and that resumption of Professional Services may be delayed if FireEye redeploys personnel to other engagements during the period of suspension.

12.2.   Termination for Material Breach.  Either party may terminate any Order or any SOW upon written notice of a material breach of the applicable Order or SOW by the other party as provided below, subject to a thirty (30) day cure period (“Cure Period”).  If the breaching party has failed to cure the breach within the Cure Period after the receipt by the breaching party of written notice of such breach, the non‑breaching party may give a second notice to the breaching party terminating the applicable Order or SOW.  Termination of any particular Order or SOW under this Section will not be deemed a termination of any other Order or SOW, unless the notice of termination states that another Order or SOW is also terminated.  Notwithstanding the foregoing, the Cure Period applicable to a breach by Customer of any payment obligations under any Order or any SOW will be fifteen (15) days. Notwithstanding the foregoing, this Agreement shall terminate automatically in the event Customer has breached any license restriction and, in FireEye’s determination, that breach cannot be adequately cured within the Cure Period.

12.3.    Effect of Termination.  Termination or expiration of any Order or SOW will not be deemed a termination or expiration of any other Orders or SOWs in effect as of the date of termination or expiration, and this Agreement will continue to govern and be effective as to those outstanding Orders and SOWs until those Orders and SOWs have expired or terminated by their own terms or as set forth herein.  The provisions of Section 3 (Payment), Section 6 (Intellectual Property), Section 7.5 (Disclaimer of Warranties), 9 (Limitation of Liability), 10 (Export Control; Anti-Corruption; U.S. Government Restricted Rights), 12 (Confidential Information), and 13 (Miscellaneous), and all accrued payment obligations, shall survive the termination of all Orders and SOWs and the relationship between FireEye and Customer.

13.       MISCELLANEOUS.

13.1.    Assignment. Customer may not assign any Order or Statement of Work, or any rights or obligations thereunder, in whole or in part, without FireEye’s prior written consent, and any such assignment or transfer shall be null and void.  FireEye shall have the right to assign all or part of an Order or Statement of Work without Customer’s approval.  Subject to the foregoing, each Order and Statement of Work shall be binding on and inure to the benefit of the parties’ respective successors and permitted assigns.

13.2.    Entire Agreement.  This Agreement along with any Order, Statement of Work and the Exhibits attached hereto is the entire agreement of the parties with respect to the Offerings and supersedes all previous or contemporaneous communications, representations, proposals, commitments, understandings and agreements, whether written or oral, between the parties regarding the subject matter thereof.  FireEye does not accept, expressly or impliedly and FireEye hereby rejects and deems deleted any additional or different terms or conditions that Customer presents, including, but not limited to, any terms or conditions contained or referenced in any order, acceptance, acknowledgement, or other document, or established by trade usage or prior course of dealing.  This Agreement may be amended only in writing signed by authorized representatives of both parties.

13.3.    Force Majeure.  Neither party will be liable to the other for any delay or failure to perform any obligation under this Agreement (except for a failure to pay fees) if the delay or failure is due to unforeseen events, which occur after the signing of this Agreement and which are beyond the reasonable control of the parties, such as strikes, blockade, war, terrorism, riots, natural disasters, refusal of license by the government or other governmental agencies, in so far as such an event prevents or delays the affected party from fulfilling its obligations and such party is not able to prevent or remove the force majeure at reasonable cost.

13.4.     Governing Law.  This Agreement shall be deemed to have been made in, and shall be construed pursuant to the laws of the State of California and the United States without regard to conflicts of laws provisions thereof, and without regard to the United Nations Convention on the International Sale of Goods or the Uniform Computer Information Transactions Act.  Any legal suit, action or proceeding arising out of or relating to the Offerings, the FireEye Materials, this Agreement, an Order or a Statement of Work will be commenced exclusively in a federal court in the Northern District of California or in state court in Santa Clara County, California, and each party hereto irrevocably submits to the jurisdiction and venue of any such court in any such suit, action or proceeding.

13.5.     Independent Contractors.  The parties are independent contractors.  Nothing in these Terms, any Order or any Statement of Work shall be construed to create a partnership, joint venture or agency relationship between the parties.  Customer shall make no representations or warranties on behalf of FireEye.

13.6.    Language.  This Agreement and each Order and Statement of Work are in the English language only, which shall be controlling in all respects.  All communications, notices, and Documentation to be furnished hereunder shall be in the English language only.

13.7.     Notices.  All notices required to be sent hereunder shall be in writing, addressed to receiving party’s current business contact, if known, with a cc: to the General Counsel/Legal Department of the receiving party, and sent to the party’s address as listed in this Agreement, or as updated by either party by written notice.  Notices shall be effective upon receipt and shall be deemed to be received as follows: (i) if personally delivered by courier, when delivered; or (ii) if mailed by first class mail, or the local equivalent, on the fifth business day after posting with the proper address.

13.8.     Severability.  If any provision of this Agreement is held to be illegal, invalid or unenforceable under the laws of any jurisdiction, the provision will be enforced to the maximum extent permissible so as to effect the intent of the parties, and the remaining provisions of this Agreement will remain in full force and effect.

13.9.    Third Party Rights.  Other than as expressly set out in this Agreement, this Agreement does not create any rights for any person who is not a party to it and no person who is not a party to this Agreement may enforce any of its terms or rely on any exclusion or limitation contained in it.

13.10.   Waiver.  The waiver of a breach of any provision of this Agreement shall not constitute a waiver of any other provision or any subsequent breach.

13.11.   Equal Opportunity.  FireEye is committed to the provisions outlined in the Equal Opportunity Clauses of Executive Order 11246, the Rehabilitation Act of 1973, the Vietnam Era Veterans Readjustment Act of 1974, the Jobs for Veterans Act of 2003, as well as any other regulations pertaining to these orders.

Back To Top


EXHIBIT A
PRODUCT LICENSE AND SUPPORT TERMS
(FIREEYE NX, EX, AX, PX, FX, HX, SECURITY ORCHESTRATOR™, MVX SMART GRID, AND CENTRAL MANAGEMENT SERIES (CMS) PRODUCTS)

In addition to the General Terms Applicable to all Offerings, the following terms apply to the FireEye NX, EX, AX, PX, FX, HX Security Orchestrator, MVX Smart Grid, and Central Management Series (CMS) Products, including any add-on features such as FireEye Advanced Threat Intelligence (ATI).

1.        Grant of License and Restrictions. Subject to the terms hereof, payment of all fees, and any applicable user/use limitations, FireEye grants Customer a personal,  nonsublicensable, nonexclusive, right to use the Product, in accordance with the Agreement and this Exhibit A. Customer will maintain the copyright notice and any other notices that appear on the Product, including any interfaces related to the Product.  With respect to the FireEye HX Series Product, Customer may install the “agent” software component of the Product on the number of Nodes stated on the applicable Order.  With respect to the FireEye EX Series Product, Customer may use the Product in connection with the number of attached URL engines  (i.e., email accounts) (“Attached URL Engines”) stated on the applicable Order.  FireEye reserves the right to audit Customer’s use of the Product to ensure compliance with this Agreement.  “Nodes” are endpoint computing devices owned or controlled by Customer (such as laptops, workstations, and servers), on which Customer installs the agent software.  Updates, preview features, Content Feeds and/or Support Services are not necessarily provided with the Software, may require additional payment or include additional terms and conditions, and may be provided on a “preview” basis for a limited period at no additional charge but then licensed for an additional fee at a later date. Customer acknowledges that Third Party Software distributed with the Products may be subject to separate license terms, and specifically, if the Oracle™ Java® software is included within the Product, that software is subject to the license found at http://www.oracle.com/technetwork/java/javase/terms/license/index.html.   

2.        Content Feeds.  Subject to Customer’s payment in full of all associated fees for the applicable FireEye Content Feed, as set forth on the applicable Order, FireEye shall grant a limited, non-exclusive, personal, non-transferable, non-sublicenseable right to use the Content Feed as set forth in the Documentation for the applicable Product, for Customer’s internal business purposes during the active Support Term for the applicable Product. FireEye shall not disclose to any third party any personally identifiable data  or Customer Confidential Information in connection with the Content Feed unless expressly authorized to do so by Customer.  The Content Feeds available to the Customer for purchase with respect to the Products may include:

2.1      FireEye Dynamic Threat Intelligence™ (DTI™) – The DTI Content Feed (currently available only for customers who have purchased the FireEye NX, EX, AX, HX and FX Product) provides continual, updated information to the Product about threats.

2.2.     FireEye Advanced Threat Intelligence™ (ATI™) – The ATI Content Feed (currently available only for customers who have purchased the FireEye NX Product) provides contextual information about malware detected in Customer’s environment, such as information regarding threat groups associated with certain malware, industry verticals in which FireEye has observed certain threat groups operate and in which certain malware is used, and brelative frequency of observation of various threats and malware.

3.        Cloud MVX Products. If Customer has purchased the Cloud MVX version of a Product, and subject to Customer’s payment in full of all associated fees, then the analysis performed by the Product will be available through Cloud MVX during the active Support Term for the applicable Product.

4.        Support Services.  Subject to Customer’s payment in full of all associated fees for FireEye Support Services, FireEye shall provide Support Services for the Products as set forth in Exhibit C, as may be updated by FireEye in its discretion.

Back To Top


EXHIBIT B
SUBSCRIPTION TERMS

 

EXHIBIT B-1
SUBSCRIPTION TERMS FOR FIREEYE AS A SERVICE (FAAS) – CONTINUOUS PROTECTION

In addition to the General Terms Applicable to all Offerings, the following terms govern the FireEye as a Service (FaaS) – Continuous Protection (CP) Subscription.

1      Definitions.

1.1     "Alert" means, individually and collectively, APT Alerts, High Priority Alerts, and Low Priority Alerts.

1.2     "APT Alert" means (a) with respect to Products other than HX, an alert generated by a Product, that is identified by the Product as being associated with a "targeted threat," which means advanced persistent threat (APT) actors or APT activity; (b) with respect to the HX Product, an alert designated by HX as XPLT, EXC, or PRE, that is triggered by a FireEye standard Indicator; and (c) with respect to the TAP Subscription, an "APT Alert" means a TAP Alert designated as an "APT Alert" in the table in Section 1.11 below.

1.3     "APT Only Service" means the Subscription level in which FireEye will provide FaaS Reports and monitoring of APT Alert. If Customer purchases the APT Only Service, FireEye will provide FaaS Reports and monitoring of only APT Alerts, and not any other Alerts.

1.4     "Covered System" means (i) a computing device (to the extent supported by FireEye) that Customer specifies as within the scope of the CP Subscription, and if the Customer has purchased the HX Product, on which a software agent has been installed to support CP Subscription delivery, or (ii) a computing device (to the extent supported by FireEye) whose network traffic is observable to support CP Subscription delivery; (iii) with respect to ETP Subscriptions, mailboxes monitored to support CP Subscription delivery; or (iv) any computing device that both Customer and FireEye agree is within scope of the CP Subscription. 

1.5     "Enabling Hardware" means additional hardware appliances that will be used by FireEye in providing the Subscription, and may include log collection and analysis equipment.

1.6     "Full Coverage Service" means the Subscription level in which FireEye will provide FaaS Reports and monitoring of all Alerts, regardless of the severity level of the Alert as classified by the Product.

1.7     "High Priority Alert Service" means the Subscription level in which FireEye will provide FaaS Reports and monitoring of High Priority Alerts and APT Alerts.

1.8     "FaaS Reports" means the written reports relating to Alerts that FireEye creates and makes available to Customer through the CP Subscription.

1.9     "High Priority Alert" means (a) with respect to Products other than HX and FX, an alert generated by that Product that is classified by that Product as severity level "critical" or "major"; (b) with respect to the FX Product, any alert generated by the FX Product, including APT Alerts; and (c) with respect to a TAP subscription, a TAP Alert designated as a "High Priority Alert" in the table in Section 1.11 below.

1.10    "Low Priority Alert" means an alert generated by a Product or TAP Subscription (as applicable) that is not an APT Alert or a High Priority Alert.

1.11    "Nodes" or "Node Band" refers to number of Covered Systems within the Customer environment, which is reflected on the Subscription Order.

1.12    "TAP Alert" means an alert generated by the TAP Subscription, with a severity level assigned by the TAP Subscription (e.g., "Critical," "High," "Medium"). TAP Alerts are investigated and reported on as "APT Alerts" and "High Priority Alerts" as shown in the table below, depending on the TAP Rule Pack that invoked the TAP Alert:

FireEye Rule Pack APT Alerts High Priority Alerts
Application Detection    
Cloud Infrastructure    
Commodity Malware   All
Current Events Critical, High Critical, High
DTI Rules   All
Exploit Kits   All
FTP    
Industrial Control Systems Critical, High, Medium Critical, High, Medium
Intel Match Critical, High, Medium Critical, High, Medium
Linux   Critical, High
Malware Methodology   Critical, High
Phishing Critical, High Critical, High
Point of Sale All All
Security Tools   Critical, High, Medium
Targeted Malware All All
Vendor – FireEye    
Vulnerability   Critical, High, Medium
Web Application Attacks   Critical, High, Medium
Windows   Critical, High

1.12    "TAP Rule Packs" means a predefined set of criteria that identifies suspicious events or threats based on the associated rule type within the TAP Subscription.

2        Scope of FaaS – Continuous Protection (CP) Subscription.  During the Subscription Term, FireEye will provide the CP Subscription as set forth in this Section 2, according to the Subscription level purchased by Customer as set forth in the Subscription Order. If the Subscription Order does not specify the Subscription level purchased, then Customer will be deemed to have purchased the APT Only Service. All services Customer requests that are not described in this Section 2 will be performed at mutually agreed upon rates as set forth in Statements of Work. Unless otherwise specified, the CP Subscription is provided by FireEye personnel remotely accessing Customer’s environment from FireEye’s networks. The CP Subscription is available for the number of Nodes purchased (available for Customers who have purchased the FireEye NX, FX, or EX Product or the ETP or TAP Subscription). If the number of Nodes exceeds the amount reflected in the Subscription Order by more than ten percent (10%), FireEye will notify Customer in writing, and will issue an invoice for the next higher Node Band at FireEye’s then-current rates pro-rated for the remaining portion of the then-current Subscription Term.

2.1       Event Analysis

(a)  Time to Begin Analysis.  FireEye will begin analysis of an Alert within the times set forth in the table below, calculated from the time the Alert was generated by the Product or TAP Subscription (as applicable).

(b)  Alerts Investigated.  FireEye will investigate and report on the Alerts that correspond with the Subscription level the Customer purchased. If the Customer purchased the APT Only Service, FireEye will investigate and report on only APT Alerts. If the Customer purchased the High Priority Alerts Service, FireEye will investigate and report on only High Priority Alerts and APT Alerts.  If the Customer purchased the All Alerts Service, FireEye will investigate and report on APT Alerts, High Priority Alerts, and Low Priority Alerts.  FireEye has no obligation to investigate and report on Alerts that fall outside the purchased Subscription level.

(c)  Initial Investigation. FireEye analysts will perform an initial analysis of the Customer’s Covered Systems to determine if the Alert is a true or false positive, benign or suspicious activity.

(d)  FaaS Reports. If FireEye’s investigation determines that the Alert indicates a true compromise, FireEye will publish a FaaS Report to the FaaS Portal within one (1) hour of the time FireEye makes that determination. Regardless of whether FireEye’s investigation determines that an Alert indicates a true compromise, FireEye will publish a FaaS Report on the Alert to the FaaS Portal within the times set forth in the table below, based on the classification of the Alert (APT Alert, High Priority Alert, Low Priority Alert). Customer acknowledges that in some cases, when FireEye’s investigation is not complete, a FaaS Report may provide only an update of current status of the Alert investigation. 

Alerts Investigated (Level of Service) FaaS Alert Classification Time to Begin Investigation
(from time Product or TAP Subscription generates Alert)
Time to Publish FaaS Report
(from time FireEye validates actual compromise)
Time to Publish FaaS Report
(when no validation of actual compromise;
from time Product or TAP Subscription generates Alert)
APT Only Service High Priority Alerts Service Full Coverage Service
Yes Yes Yes APT Alert 1 hour 1 hour 24 hours
No Yes Yes High Priority Alert 7 hours 1 hour 24 hours
No No Yes Low Priority Alert 24 hours 1 hour 48 hours

The service levels noted in the table above will become effective thirty (30) days following the Order Effective Date, to allow time for Customer to install Products and for FireEye to determine the level of staffing needed to respond to Alerts in Customer’s environment.

(e)        Extended Investigations; Multiple Related Alerts. When FireEye has identified a true positive or suspicious activity, FireEye analysts may perform an extended investigation, and/or may aggregate and review multiple Alerts from related Covered Systems to determine the extent of activity related to the Alert. FireEye analysts may append results from the extended investigation or subsequent Alert investigations to the initial FaaS Report if FireEye determines that additional or subsequent Alerts are related, and in such cases, FireEye will not be required to issue a separate FaaS Report for each such related Alert.

(f)         Non-Remediable Alerts. FireEye has no obligation to notify the Customer or generate a new FaaS Report on new Alerts that are directly related to previous investigations where a FaaS Report has been published and FireEye has provided recommended remediation steps, when the Customer has acknowledged the FaaS Report but chooses not to or cannot remediate the cause of these Alerts.

(g)        Alert Priority. FireEye may re-prioritize Alerts, regardless of their severity classification, to provide focus to Alerts that FireEye determines may have the largest impact to the Customer’s environment. 

(h)        Continuity of Monitoring. All monitoring, investigation and reporting activities described in this Section 2.1 will be provided on a 24/7/365 basis.

2.2           System Health Monitoring and Notification. For Customers who have purchased the FireEye NX, EX, or FX Product, FireEye will provide Customer with notifications of system health issues such as connectivity problems.

2.3           Containment.  When the Customer has purchased the HX Product, FireEye may, when appropriate, recommend containment of the target Covered System from the Customer’s network. Containment must be executed by the Customer.

2.4           Portal Access.  Alerts and FaaS Reports will be provided via an online portal (“FaaS Portal”), and FireEye will provide login credentials to the Customer to enable access to the FaaS Portal. The FaaS Portal will be available 99.9% of the time in any calendar month, other than Downtime, as defined below, and this FaaS Portal Service Level commitment will be subject to the Service Level Credits set forth in Section 3 below.

2.5           FireEye Intelligence Center.  During the Subscription Term, FireEye will provide access to the FireEye Intelligence Center (FIC), which includes the Community Threat Intelligence (CTI) platform, subject to the following:

(a)  Permitted Use; Reports.  Customer may access, view and use FIC and content appearing on FIC (“FIC Content”) solely for internal use.  Some features of FIC may allow Customer to generate a report (each, a “FIC Report”).  FIC Reports and FIC Content are FireEye Materials.  Subject to Customer’s payment obligations, FireEye grants to Customer a limited, non-exclusive right to produce FIC Reports using FIC, and reproduce and distribute those FIC Reports and FIC Content internally for Customer’s own business purposes. 

(b)  Additional Use Limitations.  Customer may appoint up to fifteen (15) users of FIC at any time. Each day, all users on Customer’s account may collectively make up to (A) one hundred (100) queries of IP addresses and domain names and (B) one hundred (100) queries of malware.  Customer may request additional queries, to be evaluated by FireEye on a case by case basis.

(c)  User Content.  “User Content” means any communications, images, sounds, and all the material and information that Customer or anyone using Customer’s account contributes to or through FIC, including any contributions to or through the CTI platform (e.g., comments to FIC Content, suspected malware that Customer uploads to FIC).  Customer hereby grants FireEye a perpetual, irrevocable, worldwide, paid-up, non-exclusive, license, including the right to sublicense to third parties, and right to reproduce, fix, adapt, modify, translate, reformat, create derivative works from, publish, distribute, sell, license, transmit, publicly display, publicly perform, or provide access to electronically, broadcast, display, perform, and use and practice such User Content as well as all modified and derivative works thereof.  Customer represents that Customer has all necessary rights to grant the license referenced in the preceding sentence.  FireEye may use and disclose any of the information it collects about its customers’ use of FIC, including CTI, to the extent such information is de-identified.

(d)  Restrictions. Customer may not access FIC by any means other than through the interface that is provided or approved by FireEye. Customer will not collect any information from or through FIC using any automated means, including without limitation any script, spider, “screen scraping,” or “database scraping” application, and Customer will not damage, disable, overburden, or impair FIC or interfere with any other party’s use and enjoyment of FIC.

(e)  Customer acknowledges that some optional features and content appearing on FIC may require payment of additional fees.

2.6       Reseller and Partner Purchases.  If Customer receives the Subscription via a FireEye authorized services or support partner (a “Partner”), Customer agrees that the Subscription and FaaS Reports may be delivered to Customer through the Partner. Notwithstanding any other confidentiality obligations between the parties, Customer authorizes FireEye to disclose information related to the Subscription and Customer Data to Partner.

2.7       Customer Networks. The Subscription may only be provided for computer systems and networks leased to or owned by Customer, and under Customer’s control, up to the number of Nodes allowed, as set forth in the applicable Subscription Order.

2.8       Connectivity Requirements. Unless otherwise specified, the Subscription are provided by FireEye personnel remotely accessing Customer’s environment from FireEye’s networks.  Customer must provide outbound TCP-based connectivity from all Products to FireEye for the establishment of a virtual private network (VPN).  Details pertaining to specific network access requirements will be established in conjunction with installation activities.

2.9       Credential Security. Customer will be responsible for the following: (a) providing accurate information to FireEye for provisioning access to (and removal of) Customer personnel access to the FaaS Portal; (b) implementing and adhering to strong password standards; (c) providing accurate information to FireEye for domain whitelisting; and (d) reporting any security issues related to the Subscription (including the FaaS Portal) to FireEye immediately.

2.10     Exclusions.  Notwithstanding anything else contained in this Agreement to the contrary, FireEye shall have no obligation or responsibility to provide the Subscription for (i) Products for which Customer does not have an active Subscription in place; (ii) Products that the Customer (or FireEye or another third party on Customer’s behalf) has configured with a one-way feed of FireEye’s Dynamic Threat Intelligence (DTI) Subscription; (iii) Products with an installed FireEye operating system less than version 6.2; (iv) Products that have been declared end of life; (v) Products that have no active Support Service in place; (vi) Products for which software updates have not been applied; (vii) Products that have not been installed and deployed; or (viii) Products that are misconfigured or incorrectly deployed, which prevents the Products from monitoring the Covered Systems. Customer acknowledges that to facilitate FireEye’s efficient performance of the Subscription, FireEye may control some features and functionality of the Products, and that such features or functionality may not be available for Customer’s independent use during the Subscription Term.

2.11     Enabling Hardware. Subject to the exclusions set forth in Section 2.10, Customer may return defective Enabling Hardware to FireEye and at FireEye’s cost (including shipping) for repair or replacement consistent with this Section.  To receive a repair or replacement, Customer must be current with payment obligations, and the Enabling Hardware at issue must have been provided to Customer in the three (3) years prior to the time Customer reported the defect. FireEye will then, at its option, repair the Enabling Hardware or replace it with new or refurbished equipment. FireEye may require Customer to obtain return authorization before returning the Enabling Hardware, and FireEye may require Customer to ship the Enabling Hardware to a location other than FireEye’s offices.  THE FOREGOING DOES NOT CONSTITUTE A WARRANTY. Notwithstanding anything to the contrary herein, FireEye has no obligation to continue support or maintenance of any Enabling Hardware, or to repair or replace any Enabling Hardware, upon the termination or suspension of the Subscription Term for any reason. FireEye will ship Enabling Hardware FOB Origin. Title to the Enabling Hardware passes to Customer immediately upon shipment.  FireEye will include any shipping costs on its invoices. Any software or firmware embedded in or on the Enabling Hardware is FireEye Materials, and will be licensed during the Subscription Term only. FireEye may disable or remove such software at the end of the Subscription Term.

3.         FaaS Portal Availability

3.1        FireEye shall undertake commercially reasonable efforts to ensure the FaaS Portal availability for 99.9% of the time during each calendar month.

3.1.1     “Service Outage” is where the FaaS Portal is not available due to a failure or a disruption in the FaaS Portal that is not the result of Scheduled Maintenance, Emergency Maintenance, a force majeure event or of the act or omission of Customer.

3.1.2     “Scheduled Maintenance Period" is the period during which weekly scheduled maintenance of the FaaS Portal may be performed, or a maintenance window otherwise mutually agreed upon by FireEye and Customer.

3.1.3     "Emergency Maintenance" means any time outside of Scheduled Maintenance that FireEye is required to apply critical patches or fixes or undertake other urgent maintenance. If Emergency Maintenance is required, FireEye will contact Customer and provide the expected time frame of the Emergency Maintenance and availability of the FaaS Portal during the Emergency Maintenance.

3.1.4     "System Availability" means the percentage of total time during which the FaaS Portal shall be available to Customer, excluding the Scheduled Maintenance Period, Emergency Maintenance, force majeure events, or acts or omissions of the Customer that cause system downtime.

3.2.       Remedy

3.2.1     In the event that the FaaS Portal does not meet the monthly service availability defined in 3.1, FireEye will provide a credit to the Customer in accordance to the table below (“Credit”) for a validated SLA Claim (defined below).

Percent of FaaS Portal Availability per Calendar Month Service Credit
<99.9% 2%
<99.0% 5%
<98.0% 10%

3.2.2     For determining the Credit, the duration of a Service Outage will be measured as the time starting when Customer experiences a disruption in availability of the FaaS Portal and ending when a successful solution or workaround allowing for full restoration of the FaaS Portal is provided by FireEye to Customer.  Customer must notify FireEye in writing of any Service Outage no later than fifteen (15) days after the calendar month in which the Service Outage occurred (“SLA Claim”) to be entitled to a Credit for that Service Outage.

3.2.3     Any Credits earned by Customer hereunder will be applied to the Subscription Fees owed by Customer for the next Subscription Term for which the Credit applies. If Credits cannot be applied to future Subscription Fees because the Subscription Term has terminated for non-renewal or for a material uncured breach by Customer, such credits shall become null and void. If Credits cannot be applied to future Subscription Fees because the Subscription Term has terminated due to a material uncured breach by FireEye, FireEye will promptly pay Customer the amount of the Credit.

3.2.4     Customer shall not be entitled to receive a Credit that exceeds 10% of its prorated monthly Subscription Fee for a Service Outage for the applicable calendar month.

Back To Top


EXHIBIT B-2
SUBSCRIPTION TERMS FOR FIREEYE AS A SERVICE (FAAS) – CONTINUOUS VIGILANCE

In addition to the General Terms Applicable to all Offerings, the following terms govern the FireEye as a Service (FaaS) – Continuous Vigilance (CV) Subscription.

1        Definitions.

1.1      "Alert" means, individually and collectively, APT Alerts, High Priority Alerts, and Low Priority Alerts.

1.2     "APT Alert" means (a) with respect to Products other than HX, an alert generated by a Product, that is identified by the Product as being associated with a "targeted threat," which means advanced persistent threat (APT) actors or APT activity; (b) with respect to the HX Product, an alert designated by HX as XPLT, EXC, or PRE, that is triggered by a FireEye standard Indicator; and (c) with respect to the TAP Subscription, an "APT Alert" means a TAP Alert designated as an "APT Alert" in the table in Section 1.11 below.

1.3     "APT Only Service" means the Subscription level in which FireEye will provide FaaS Reports and monitoring of APT Alert. If Customer purchases the APT Only Service, FireEye will provide FaaS Reports and monitoring of only APT Alerts,  and not any other Alerts.

1.4     "Covered System" means (i) a computing device (to the extent supported by FireEye) that Customer specifies as within the scope of the CV Subscription, and if the Customer has purchased the HX Product, on which a software agent has been installed to support CV Subscription delivery, or (ii) a computing device (to the extent supported by FireEye) whose network traffic is observable to support CV Subscription delivery; (iii) with respect to ETP Subscriptions, mailboxes monitored to support CV Subscription delivery; or (iv) any computing device that both Customer and FireEye agree is within scope of the CP Subscription. 

1.5     "Enabling Hardware" means additional hardware appliances that will be used by FireEye in providing the Subscription, and may include log collection and analysis equipment.

1.6     "Full Coverage Service" means the Subscription level in which FireEye will provide FaaS Reports and monitoring of all Alerts, regardless of the severity level of the Alert as classified by the Product.

1.7     "High Priority Alert Service" means the Subscription level in which FireEye will provide FaaS Reports and monitoring of High Priority Alerts and APT Alerts.

1.8     "FaaS Reports" means the written reports relating to Alerts that FireEye creates and makes available to Customer through the CP Subscription.

1.9     "High Priority Alert" means (a) with respect to Products other than HX and FX, an alert generated by that Product that is classified by that Product as severity level "critical" or "major"; (b) with respect to the FX Product, any alert generated by the FX Product, including APT Alerts; and (c) with respect to a TAP subscription, a TAP Alert designated as a "High Priority Alert" in the table in Section 1.11 below.

1.10    "Low Priority Alert" means an alert generated by a Product or TAP Subscription (as applicable) that is not an APT Alert or a High Priority Alert.

1.11    "Nodes" or "Node Band" refers to number of Covered Systems within the Customer environment, which is reflected on the Subscription Order.

1.12    "TAP Alert" means an alert generated by the TAP Subscription, with a severity level assigned by the TAP Subscription (e.g., "Critical," "High," "Medium"). TAP Alerts are investigated and reported on as "APT Alerts" and "High Priority Alerts" as shown in the table below, depending on the TAP Rule Pack that invoked the TAP Alert:

FireEye Rule Pack APT Alerts High Priority Alerts
Application Detection    
Cloud Infrastructure    
Commodity Malware   All
Current Events Critical, High Critical, High
DTI Rules   All
Exploit Kits   All
FTP    
Industrial Control Systems Critical, High, Medium Critical, High, Medium
Intel Match Critical, High, Medium Critical, High, Medium
Linux   Critical, High
Malware Methodology   Critical, High
Phishing Critical, High Critical, High
Point of Sale All All
Security Tools   Critical, High, Medium
Targeted Malware All All
Vendor – FireEye    
Vulnerability   Critical, High, Medium
Web Application Attacks   Critical, High, Medium
Windows   Critical, High

1.12      "TAP Rule Packs" means a predefined set of criteria that identifies suspicious events or threats based on the associated rule type within the TAP Subscription.

2.     Scope of FaaS – Continuous Vigilance (CV) Subscription.  During the Subscription Term, FireEye will provide the CV Subscription as set forth in this Section 2, according to the Subscription level purchased by Customer as set forth in the Subscription Order. If the Subscription Order does not specify the Subscription level purchased, then Customer will be deemed to have purchased the APT Only Service. All services Customer requests that are not described in this Section 2 will be performed at mutually agreed upon rates as set forth in Statements of Work. Unless otherwise specified, the CV Subscription is provided by FireEye personnel remotely accessing Customer's environment from FireEye's networks. The CV Subscription is available for the number of Nodes purchased (available for Customers who have purchased the FireEye NX, FX, or EX Product or the ETP or TAP Subscription). If the number of Nodes exceeds the amount reflected in the Subscription Order by more than ten percent (10%), FireEye will notify Customer in writing, and will issue an invoice for the next higher Node Band at FireEye's then-current rates pro-rated for the remaining portion of the then-current Subscription Term.

2.1     Event Analysis

(a)  Time to Begin Analysis.  FireEye will begin analysis of an Alert within the times set forth in the table below, calculated from the time the Alert was generated by the Product or TAP Subscription (as applicable).

(b)  Alerts Investigated.  FireEye will investigate and report on the Alerts that correspond with the Subscription level the Customer purchased. If the Customer purchased the APT Only Service, FireEye will investigate and report on only APT Alerts. If the Customer purchased the High Priority Alerts Service, FireEye will investigate and report on only High Priority Alerts and APT Alerts.  If the Customer purchased the All Alerts Service, FireEye will investigate and report on APT Alerts, High Priority Alerts, and Low Priority Alerts.  FireEye has no obligation to investigate and report on Alerts that fall outside the purchased Subscription level.

(c)  Initial Investigation. FireEye analysts will perform an initial analysis of the Customer's Covered Systems to determine if the Alert is a true or false positive, benign or suspicious activity.

(d)  FaaS Reports. If FireEye's investigation determines that the Alert indicates a true compromise, FireEye will publish a FaaS Report to the FaaS Portal within one (1) hour of the time FireEye makes that determination. Regardless of whether FireEye's investigation determines that an Alert indicates a true compromise, FireEye will publish a FaaS Report on the Alert to the FaaS Portal within the times set forth in the table below, based on the classification of the Alert (APT Alert, High Priority Alert, Low Priority Alert). Customer acknowledges that in some cases, when FireEye's investigation is not complete, a FaaS Report may provide only an update of current status of the Alert investigation. 

Alerts Investigated (Level of Service) FaaS Alert Classification Time to Begin Investigation
(from time Product or TAP Subscription generates Alert)
Time to Publish FaaS Report
(from time FireEye validates actual compromise)
Time to Publish FaaS Report
(when no validation of actual compromise;
from time Product or TAP Subscription generates Alert)
APT Only Service High Priority Alerts Service Full Coverage Service
Yes Yes Yes APT Alert 1 hour 1 hour 24 hours
No Yes Yes High Priority Alert 7 hours 1 hour 24 hours
No No Yes Low Priority Alert 24 hours 1 hour 48 hours

The service levels noted in the table above will become effective thirty (30) days following the Order Effective Date, to allow time for Customer to install Products and for FireEye to determine the level of staffing needed to respond to Alerts in Customer's environment.

(e)     Extended Investigations; Multiple Related Alerts. When FireEye has identified a true positive or suspicious activity, FireEye analysts may perform an extended investigation, and/or may aggregate and review multiple Alerts from related Covered Systems to determine the extent of activity related to the Alert. FireEye analysts may append results from the extended investigation or subsequent Alert investigations to the initial FaaS Report if FireEye determines that additional or subsequent Alerts are related, and in such cases, FireEye will not be required to issue a separate FaaS Report for each such related Alert.

(f)     Non-Remediable Alerts. FireEye has no obligation to notify the Customer or generate a new FaaS Report on new Alerts that are directly related to previous investigations where a FaaS Report has been published and FireEye has provided recommended remediation steps, when the Customer has acknowledged the FaaS Report but chooses not to or cannot remediate the cause of these Alerts.

(g)     Alert Priority. FireEye may re-prioritize Alerts, regardless of their severity classification, to provide focus to Alerts that FireEye determines may have the largest impact to the Customer's environment. 

(h)     Hunting.  FireEye will conduct periodic proactive hunting techniques on Covered Systems to look for additional indicators of malicious or attacker activity.  When FireEye's investigation reveals a compromise, then within one (1) hour of the time FireEye makes that determination, FireEye will publish a FaaS Report related to that activity to the FaaS Portal.

(i)     Continuity of Monitoring. All monitoring, investigation and reporting activities described in this Section 2.1 will be provided on a 24/7/365 basis.

2.2     System Health Monitoring and Notification. For Customers who have purchased the FireEye NX, EX, or FX Product, FireEye will provide Customer with notifications of system health issues such as connectivity problems.

2.3     Containment.  When the Customer has purchased the HX Product, FireEye may, when appropriate, recommend containment of the target Covered System from the Customer's network. Containment must be executed by the Customer.

2.4     Portal Access.  Alerts and FaaS Reports will be provided via an online portal ("FaaS Portal"), and FireEye will provide login credentials to the Customer to enable access to the FaaS Portal. The FaaS Portal will be available 99.9% of the time in any calendar month, other than Downtime, as defined below, and this FaaS Portal Service Level commitment will be subject to the Service Level Credits set forth in Section 3 below.

2.5     FireEye Intelligence Center.  During the Subscription Term, FireEye will provide access to the FireEye Intelligence Center (FIC), which includes the Community Threat Intelligence (CTI) platform, subject to the following:

(a)  Permitted Use; Reports.  Customer may access, view and use FIC and content appearing on FIC ("FIC Content") solely for internal use.  Some features of FIC may allow Customer to generate a report (each, a "FIC Report").  FIC Reports and FIC Content are FireEye Materials.  Subject to Customer's payment obligations, FireEye grants to Customer a limited, non-exclusive right to produce FIC Reports using FIC, and reproduce and distribute those FIC Reports and FIC Content internally for Customer's own business purposes. 

(b)  Additional Use Limitations.  Customer may appoint up to fifteen (15) users of FIC at any time. Each day, all users on Customer's account may collectively make up to (A) one hundred (100) queries of IP addresses and domain names and (B) one hundred (100) queries of malware.  Customer may request additional queries, to be evaluated by FireEye on a case by case basis.

(c)  User Content.  "User Content" means any communications, images, sounds, and all the material and information that Customer or anyone using Customer's account contributes to or through FIC, including any contributions to or through the CTI platform (e.g., comments to FIC Content, suspected malware that Customer uploads to FIC).  Customer hereby grants FireEye a perpetual, irrevocable, worldwide, paid-up, non-exclusive, license, including the right to sublicense to third parties, and right to reproduce, fix, adapt, modify, translate, reformat, create derivative works from, publish, distribute, sell, license, transmit, publicly display, publicly perform, or provide access to electronically, broadcast, display, perform, and use and practice such User Content as well as all modified and derivative works thereof.  Customer represents that Customer has all necessary rights to grant the license referenced in the preceding sentence.  FireEye may use and disclose any of the information it collects about its customers' use of FIC, including CTI, to the extent such information is de-identified.

(d)  Restrictions. Customer may not access FIC by any means other than through the interface that is provided or approved by FireEye. Customer will not collect any information from or through FIC using any automated means, including without limitation any script, spider, "screen scraping," or "database scraping" application, and Customer will not damage, disable, overburden, or impair FIC or interfere with any other party's use and enjoyment of FIC.

(e)  Customer acknowledges that some optional features and content appearing on FIC may require payment of additional fees.

2.6     Reseller and Partner Purchases.  If Customer receives the Subscription via a FireEye authorized services or support partner (a "Partner"), Customer agrees that the Subscription and FaaS Reports may be delivered to Customer through the Partner. Notwithstanding any other confidentiality obligations between the parties, Customer authorizes FireEye to disclose information related to the Subscription and Customer Data to Partner.

2.7     Customer Networks. The Subscription may only be provided for computer systems and networks leased to or owned by Customer, and under Customer's control, up to the number of Nodes allowed, as set forth in the applicable Subscription Order.

2.8     Connectivity Requirements. Unless otherwise specified, the Subscription are provided by FireEye personnel remotely accessing Customer's environment from FireEye's networks.  Customer must provide outbound TCP-based connectivity from all Products to FireEye for the establishment of a virtual private network (VPN).  Details pertaining to specific network access requirements will be established in conjunction with installation activities.

2.9     Credential Security. Customer will be responsible for the following: (a) providing accurate information to FireEye for provisioning access to (and removal of) Customer personnel access to the FaaS Portal; (b) implementing and adhering to strong password standards; (c) providing accurate information to FireEye for domain whitelisting; and (d) reporting any security issues related to the Subscription (including the FaaS Portal) to FireEye immediately.

2.10     Exclusions.  Notwithstanding anything else contained in this Agreement to the contrary, FireEye shall have no obligation or responsibility to provide the Subscription for (i) Products for which Customer does not have an active Subscription in place; (ii) Products that the Customer (or FireEye or another third party on Customer's behalf) has configured with a one-way feed of FireEye's Dynamic Threat Intelligence (DTI) Subscription; (iii) Products with an installed FireEye operating system less than version 6.2; (iv) Products that have been declared end of life; (v) Products that have no active Support Service in place; (vi) Products for which software updates have not been applied; (vii) Products that have not been installed and deployed; or (viii) Products that are misconfigured or incorrectly deployed, which prevents the Products from monitoring the Covered Systems. Customer acknowledges that to facilitate FireEye's efficient performance of the Subscription, FireEye may control some features and functionality of the Products, and that such features or functionality may not be available for Customer's independent use during the Subscription Term.

2.11     Enabling Hardware. Subject to the exclusions set forth in Section 2.10, Customer may return defective Enabling Hardware to FireEye and at FireEye’s cost (including shipping) for repair or replacement consistent with this Section.  To receive a repair or replacement, Customer must be current with payment obligations, and the Enabling Hardware at issue must have been provided to Customer in the three (3) years prior to the time Customer reported the defect. FireEye will then, at its option, repair the Enabling Hardware or replace it with new or refurbished equipment. FireEye may require Customer to obtain return authorization before returning the Enabling Hardware, and FireEye may require Customer to ship the Enabling Hardware to a location other than FireEye’s offices.  THE FOREGOING DOES NOT CONSTITUTE A WARRANTY. Notwithstanding anything to the contrary herein, FireEye has no obligation to continue support or maintenance of any Enabling Hardware, or to repair or replace any Enabling Hardware, upon the termination or suspension of the Subscription Term for any reason. FireEye will ship Enabling Hardware FOB Origin. Title to the Enabling Hardware passes to Customer immediately upon shipment.  FireEye will include any shipping costs on its invoices. Any software or firmware embedded in or on the Enabling Hardware is FireEye Materials, and will be licensed during the Subscription Term only. FireEye may disable or remove such software at the end of the Subscription Term.

3.         FaaS Portal Availability

3.1        FireEye shall undertake commercially reasonable efforts to ensure the FaaS Portal availability for 99.9% of the time during each calendar month.

3.1.1     “Service Outage” is where the FaaS Portal is not available due to a failure or a disruption in the FaaS Portal that is not the result of Scheduled Maintenance, Emergency Maintenance, a force majeure event or of the act or omission of Customer.

3.1.2     “Scheduled Maintenance Period" is the period during which weekly scheduled maintenance of the FaaS Portal may be performed, or a maintenance window otherwise mutually agreed upon by FireEye and Customer.

3.1.3     "Emergency Maintenance" means any time outside of Scheduled Maintenance that FireEye is required to apply critical patches or fixes or undertake other urgent maintenance. If Emergency Maintenance is required, FireEye will contact Customer and provide the expected time frame of the Emergency Maintenance and availability of the FaaS Portal during the Emergency Maintenance.

3.1.4     "System Availability" means the percentage of total time during which the FaaS Portal shall be available to Customer, excluding the Scheduled Maintenance Period, Emergency Maintenance, force majeure events, or acts or omissions of the Customer that cause system downtime.

3.2.       Remedy

3.2.1     In the event that the FaaS Portal does not meet the monthly service availability defined in 3.1, FireEye will provide a credit to the Customer in accordance to the table below (“Credit”) for a validated SLA Claim (defined below).

Percent of FaaS Portal Availability per Calendar Month Service Credit
<99.9% 2%
<99.0% 5%
<98.0% 10%

3.2.2     For determining the Credit, the duration of a Service Outage will be measured as the time starting when Customer experiences a disruption in availability of the FaaS Portal and ending when a successful solution or workaround allowing for full restoration of the FaaS Portal is provided by FireEye to Customer.  Customer must notify FireEye in writing of any Service Outage no later than fifteen (15) days after the calendar month in which the Service Outage occurred (“SLA Claim”) to be entitled to a Credit for that Service Outage.

3.2.3     Any Credits earned by Customer hereunder will be applied to the Subscription Fees owed by Customer for the next Subscription Term for which the Credit applies. If Credits cannot be applied to future Subscription Fees because the Subscription Term has terminated for non-renewal or for a material uncured breach by Customer, such credits shall become null and void. If Credits cannot be applied to future Subscription Fees because the Subscription Term has terminated due to a material uncured breach by FireEye, FireEye will promptly pay Customer the amount of the Credit.

3.2.4     Customer shall not be entitled to receive a Credit that exceeds 10% of its prorated monthly Subscription Fee for a Service Outage for the applicable calendar month.

 

Back To Top


EXHIBIT B-3
SUBSCRIPTION TERMS FOR FIREEYE THREAT ANALYTICS PLATFORM (TAP)

In addition to the General Terms Applicable to all Offerings, the following terms govern the Threat Analytics Platform Subscription, including purchase and support of TAP Cloud Collector™ Appliances and Support. 

1.         TAP Software, Alerts

1.1.1     TAP Software and Hardware.  As part of the TAP Subscription, FireEye may deliver to Customer one or more software files (individually and collectively, “TAP Software”), and/or one or more “Cloud Collector” hardware appliances (“Cloud Collector Appliances”), which may contain TAP Software.  Subject to full payment of all Fees associated with the TAP Subscription, FireEye grants to Customer a non-exclusive, limited right and license to install and run the TAP Software during the Subscription Term solely for purposes of using the TAP Subscription in accordance with the Documentation for the TAP Subscription.

1.1.2     Access; Customer Logs.  FireEye will provide Customer with credentials to enable access to the TAP Subscription.  Using the TAP Software, and subject to payment of Fees for the TAP Subscription and any Cloud, Customer may upload Customer Logs to the TAP portal (“TAP Portal”).  “Customer Logs” means any communications, logs and other content and information that Customer or anyone using Customer’s account contributes to or through the TAP Portal. Customer grants to FireEye a perpetual, irrevocable, worldwide, paid-up, non-exclusive license and right to reproduce, modify, create derivative works from, publish, distribute, sell, sub-license, transmit, publicly display and provide access to Customer Logs, for purposes of enhancing FireEye’s products and services, so long as (i) FireEye ensures that any Customer Confidential Information is removed from Customer Logs, and (ii) FireEye’s use of Customer Logs does not in any way identify Customer or its employees or in any other way allow a third party to identify Customer as the source of the Customer Logs.  Customer Logs are Customer’s property, and other than the licenses granted in herein, FireEye does not obtain any ownership rights in Customer Logs.

1.1.3     Some features of the TAP Subscription may generate alerts of suspected malicious activity (each, a “TAP Alert”).  TAP Alerts are FireEye Materials.  FireEye hereby grants to Customer a limited, non-exclusive right to use TAP Alerts, and reproduce and distribute those TAP Alerts internally for Customer’s own business purposes. 

1.1.4     Cloud Collector Management.  If Customer has installed Cloud Collectors in connection with the TAP Subscription, then FireEye will continuously monitor the Customer’s Cloud Collector Appliances or Cloud Collector TAP Software for system health issues such as monitoring to ensure proper throughput and relay of data.

1.1.5     Cloud Collector Appliances.  If the Customer has purchased Cloud Collector Appliances, then during the TAP Subscription Term, FireEye will replace any defective Cloud Collector Appliances as follows:

a)      Prior to any return, Customer shall verify that the Cloud Collector Appliance at issue is defective by logging a Support request via one of the mechanisms provided in the Documentation and in accordance with FireEye’s RMA procedures, including providing the part number, serial number, quantity and reason for return, an explanation of all failure symptoms and other relevant information.

b)      Upon confirmation by FireEye of a defect, Customer shall obtain from FireEye an RMA number.  FireEye shall ship via a recognized express courier service a replacement Cloud Collector Appliance to Customer to arrive no later than next business day after FireEye’s issuance of an RMA number, provided the RMA number was issued prior to the business day cutoff time local to the defective Cloud Collector Appliance, provided the replacement does not require any custom pre-configuration, and provided no external-to-FireEye circumstances prevent the delivery.  The replacement Cloud Collector Appliance may be a new or reconditioned Cloud Collector Appliance (of equivalent or better quality) at FireEye’s sole discretion.

c)      FireEye shall pay the shipping costs to ship the replacement Cloud Collector Appliance to Customer, but Customer shall bear any and all risk of loss of or damage to said Cloud Collector Appliance at all times after said Cloud Collector Appliance is made available by FireEye to the common carrier.

d)      Within five (5) business days after Customer receives the replacement Cloud Collector Appliance from FireEye, Customer shall package the defective Cloud Collector Appliance in its original packing material or equivalent, write the RMA number on the outside of the package and return the defective Cloud Collector Appliance, at FireEye’s cost (provided Customer utilizes FireEye’s designated courier service and properly packages the defective Cloud Collector Appliance according to FireEye’s instructions), shipped properly insured, FOB FireEye’s designated facility. Customer shall enclose with the returned Cloud Collector Appliance the applicable RMA form, and any other documentation or information requested by FireEye customer support.  Customer shall assume any and all risk of loss of or damage to such Cloud Collector Appliance during shipping.  Title to the defective Cloud Collector Appliance shall pass to FireEye upon FireEye’s receipt thereof.

e)      When a replacement Cloud Collector Appliance is provided and Customer fails to return the defective Cloud Collector Appliance to FireEye within ten (10) business days after Customer receives the replacement Cloud Collector Appliance from FireEye, FireEye may charge Customer, and Customer shall pay for the replacement Cloud Collector Appliance at the then-current list price.

2.         Event Volume; True-Up

2.1.1     Fees for the TAP Subscription are divided into “Tiers” based on the volume of events processed through the TAP Subscription per second (“Event Volume”).  If at any point during the Subscription Term, Customer’s Event Volume exceeds the Tier upon which Customer’s TAP Subscription Fees were based, FireEye will not guarantee that Customer Logs in excess of the purchased Tier will be ingested and processed by the TAP Subscription. In times of Event Volume in excess of the paid Tier, Customer Logs will enter a queue.  Excessive queueing may cause Customer Logs to be lost from the queue. If at any point during the Subscription Term, Customer’s average Event Volume for any consecutive thirty-day period exceeds the Tier upon which Customer’s TAP Subscription Fees were based, FireEye may issue a true-up invoice for the pro-rated difference between the Fees already paid for that Subscription Term and FireEye’s list prices for the Fees for the Tier associated with Customer’s actual Event Volume for that thirty-day period, pro-rated to reflect that thirty-day period and the remainder of the Subscription Term.  FireEye will apply any discounts that were applied to initial Fees to FireEye’s list prices for any true-up invoice.  Until such time that the True Up invoice is paid in full, the TAP Subscription will continue to ingest and process only the Event Volume of the purchased Tier, allowing any excess Customer Logs to enter queueing conditions. The Tier for any Renewal Subscription Term will be the Tier associated with the actual Event Volume for the immediately preceding Subscription Term.

2.1.2     At the end of the Initial Subscription Term and each Renewal Subscription Term, FireEye may true-up Fees for that Subscription Term, and if the average monthly Event Volume for that Subscription Term exceeds the maximum Event Volume for the Tier for which Customer previously paid Fees, then (a) FireEye will issue a true-up invoice reflecting the difference between the Fees already paid for that Subscription Term and the Fees for the Tier associated with Customer’s actual Event Volume.

3.         TAP Portal Availability

3.1        FireEye shall undertake commercially reasonable efforts to ensure the TAP Portal availability for 99.9% of the time during each calendar month.

3.1.1     “Service Outage” is where the TAP Portal is not available due to a failure or a disruption in TAP Portal that is not the result Scheduled Maintenance, Emergency Maintenance, a force majeure event or of the act or omission of Customer.

3.1.2     “Scheduled Maintenance Period" is the period during which weekly scheduled maintenance of the TAP Portal may be performed.

3.1.3     "Emergency Maintenance" means any time outside of Scheduled Maintenance that FireEye is required to apply critical patches or fixes or undertake other urgent maintenance. If Emergency Maintenance is required, FireEye will contact Customer and provide the expected time frame of the Emergency Maintenance and availability of the TAP Portal during the Emergency Maintenance.

3.1.4     "System Availability" means the percentage of total time during which the TAP Portal shall be available to Customer, excluding the Scheduled Maintenance Period and Emergency Maintenance.

3.2.       Remedy

3.2.1     In the event that the TAP Portal does not meet the monthly service availability defined in 6.1, FireEye will provide a credit to the Customer in accordance to the table below (“Credit”) for a validated SLA Claim (defined below).

Percent of TAP Portal Availability per Calendar Month

Service Credit

<99.9%

2%

<99.0%

5%

<98.0%

10%

3.2.2     For determining the Credit, the duration of a Service Outage will be measured as the time starting when Customer experiences unavailability of the TAP Portal and ending when a successful solution or workaround allowing for full restoration of the TAP Portal is provided by FireEye to Customer.  Customer must notify FireEye in writing of any Service Outage no later than fifteen (15) days after the date the Service Outage occurred (“SLA Claim”) to be entitled to a Credit for that Service Outage.

3.2.3     Any Credits earned by Customer hereunder will be applied to the Subscription Fees owed by Customer for the next Subscription Term for which the Credit applies. If Credits cannot be applied to future Subscription Fees because the Subscription Term has terminated for non-renewal or for a material uncured breach by Customer, such credits shall become null and void. If Credits cannot be applied to future Subscription Fees because the Subscription Term has terminated due to a material uncured breach by FireEye, FireEye will promptly pay Customer the amount of the Credit.

3.2.4     Customer shall not be entitled to receive a Credit that exceeds 10% of its prorated monthly Subscription Fee for a Service Outage for the applicable calendar month.

4.         FireEye Intelligence Center™ (FIC™), Community Threat Intelligence™ (CTI™).  During the Subscription Term, FireEye will provide access to the FireEye Intelligence Center (FIC), which includes the Community Threat Intelligence (CTI) platform, subject to the following:

  1. Permitted Use; Reports.  Customer may view and use FIC and content appearing on FIC (“FIC Content”) solely for internal use.  Some features of FIC may allow Customer to generate a report (each, a “FIC Report”).  FIC Reports and FIC Content are FireEye Materials.  Subject to Customer’s payment obligations, FireEye grants to Customer a limited, non-exclusive right to produce FIC Reports and FIC Content using FIC, and reproduce and distribute those FIC Reports and FIC Content internally for Customer’s own business purposes
  2. Additional Use Limitations.  Customer may appoint up to fifteen (15) users of FIC at any time. Each day, all users on Customer’s account may collectively make up to (A) one hundred (100)queries of IP addresses and domain names, and (B) one hundred (100) queries  of malware per day.  Customer may request additional queries, to be evaluated by FireEye on a case by case basis.
  3. User Content.  “User Content” means any communications, images, sounds, and all the material and information that Customer or anyone using Customer’s account contributes to or through FIC including any contributions to or through the CTI platform (e.g., comments to FIC Content, suspected malware that Customer uploads to FIC).  Customer hereby grants FireEye a perpetual, irrevocable, worldwide, paid-up, non-exclusive, license, including the right to sublicense to third parties, and right to reproduce, fix, adapt, modify, translate, reformat, create derivative works from, publish, distribute, sell, license, transmit, publicly display, publicly perform, or provide access to electronically, broadcast, display, perform, and use and practice such User Content as well as all modified and derivative works thereof.  Customer represents that Customer has all necessary rights to grant the license referenced in the preceding sentence.  FireEye may use and disclose any of the information it collects about its customers’ use of FIC, including the CTI platform, to the extent such information is de-identified.
  4. Restrictions. Customer may not access FIC by any means other than through the interface that is provided or  approved by FireEye. Customer will not collect any information from or through FIC using any automated means, including without limitation any script, spider, “screen scraping,” or “database scraping” application, and Customer will not damage, disable, overburden, or impair FIC or interfere with any other party’s use and enjoyment of FIC.

 

Back To Top


EXHIBIT B-4
SUBSCRIPTION TERMS FOR FIREEYE EMAIL THREAT PREVENTION (ETP)  

In addition to the General Terms Applicable to all Offerings, the following terms govern the Email Threat Prevention Subscription.

1.         Definitions.

 “ETP Subscription" means the online, web-based applications and platform which is made accessible to Customer by FireEye via a designated website, which includes the associated offline Software components to be used in connection with FireEye Email Threat Prevention.

“Customer Data” means data, information, applications, and any other items originated by Customer that Customer submits to the ETP Subscription.

“Customer Representatives” means any employee of Customer to whom Customer provides access to the ETP Subscriptions (or any component thereof) for use on behalf of and for the benefit of the Customer and for Customer’s internal business purposes, subject to all the terms and conditions of this Agreement.

“Licensed Inboxes” means the number of email inboxes Customer may have at any time that are registered to the ETP Subscription; which maximum number shall be based on the Subscription fees paid by Customer and identified on the relevant purchase order from Customer as approved and invoiced by FireEye. 

2.        Right of Access and Use.   During the Subscription Term, and subject to the terms of this Agreement, FireEye grants to Customer a non-exclusive right to (a)  permit those Customer Representatives authorized by Customer to access and use the ETP Subscription on Customer's behalf in compliance with the terms of this Agreement and the Documentation for the ETP Subscription.  Notwithstanding anything else herein, the number of email inboxes Customer may register to the ETP Subscription may not exceed the number of Licensed Inboxes.

3.        Restrictions.  Except as otherwise expressly permitted under this Agreement, Customer agrees that it shall not, nor shall it permit any third party to, (a) use the ETP Subscription (or any portion thereof) in excess of or beyond the Subscription Term, the Licensed Inbox quantity, and/or other restrictions/limitations described in this Agreement; use the ETP Subscription to store or transmit infringing, libelous, or otherwise unlawful or tortious material, or to store or transmit material in violation of third-party privacy or other rights; or (d) interfere with or disrupt the integrity or performance of the ETP Subscription or third-party data contained therein. Customer shall route email through a commercially available secure email gateway for anti-spam scanning prior to relay through the FireEye network.  No rights or licenses are granted other than as expressly and unambiguously set forth herein.

4.        Updates, Malware Detection Content and Support Services.  Updates and malware detection content and/or Support Services are not necessarily provided with the ETP Subscription, and may require additional payment or include additional terms and conditions.  If malware detection content/support services are provided, FireEye reserves the right to change the scope or duration of such services at anytime, and to access, freely use and distribute data collected from Customer through such services.

5.        Inbox Count Increases; Reporting; Invoice.  If the number of inboxes that Customer have registered to the ETP Subscription (“Actual Inbox Count”) exceeds Customer’s then current Licensed Inbox count or if Customer wishes to increase the Licensed Inbox count, then Customer shall notify FireEye (or the applicable FireEye Partner) and submit an Order for the incremental Subscription Fees due, and upon receipt of such Order, the Licensed Inbox count shall be amended to reflect this change.  Upon written request, Customer will provide FireEye a report identifying (i) the Actual Inbox Count; and (ii) any other information reasonably requested by FireEye at the time as it relates to the use of the ETP Subscription to determine compliance with the terms of this Agreement.  FireEye and/or its Authorized Resellers may invoice Customer if it learns of any shortfalls, i.e. that the Licensed Inbox Count is below the Actual Inbox Count.  The fees charged to Customer for increases in License Inbox counts will be based on the then-current Subscription Term pricing.

6.        ETP Subscription Availability

6.1      FireEye shall undertake commercially reasonable efforts to ensure the ETP Subscription availability for 99.9% of the time during each calendar month.

6.1.1   “Service Outage” is where the ETP Subscription is not processing email due to a failure or a disruption in the ETP Subscriptions that is not the result of Scheduled Maintenance, Emergency Maintenance, a force majeure event or of the act or omission of Customer.

6.1.2   “Scheduled Maintenance Period" is the period during which weekly scheduled maintenance of the ETP Subscriptions may be performed, or a maintenance window otherwise mutually agreed upon by FireEye and Customer.

6.1.3   "Emergency Maintenance" means any time outside of Scheduled Maintenance that FireEye is required to apply critical patches or fixes or undertake other urgent maintenance. If Emergency Maintenance is required, FireEye will contact Customer and provide the expected time frame of the Emergency Maintenance and availability of the ETP Subscriptions during the Emergency Maintenance.

6.1.4   "System Availability" means the percentage of total time during which the ETP Subscriptions shall be available to Customer, excluding the Scheduled Maintenance Period, Emergency Maintenance, force majeure events, or acts or omissions of the Customer that cause system downtime.

6.2.     Remedy

6.2.1   In the event that the ETP Subscription does not meet the monthly service availability defined in 6.1, FireEye will provide a credit to the Customer in accordance to the table below (“Credit”) for a validated SLA Claim (defined below).

Percent of System Availability per Calendar Month

Service Credit

<99.9%

25%

<99.0%

50%

<98.0%

100%

6.2.2   For determining the Credit, the duration of a Service Outage will be measured as the time starting when there is a disruption in ETP Subscription and ending when a successful solution or workaround allowing for full restoration of the ETP Subscriptions is provided by FireEye to Customer.  Customer must notify FireEye in writing of any Service Outage no later than fifteen (15) days after the date the Service Outage occurred (“SLA Claim”) to be entitled to a Credit for that Service Outage.

6.2.3   Any Credits earned by Customer hereunder will be applied to the Subscription Fees owed by Customer for the next Subscription Term for which the Credit applies. If Credits cannot be applied to future Subscription Fees because the Subscription Term has terminated for non-renewal or for a material uncured breach by Customer, such credits shall become null and void. If Credits cannot be applied to future Subscription Fees because the Subscription Term has terminated due to a material uncured breach by FireEye, FireEye will promptly pay Customer the amount of the Credit.

6.2.4   Customer shall not be entitled to receive a Credit that exceeds 100% of its prorated monthly Subscription Fee for a Service Outage for the applicable calendar month.

Back To Top


EXHIBIT B-5
SUBSCRIPTION TERMS FOR FIREEYE ADVANCED THREAT INTELLIGENCE PLUS (ATI+)

In addition to the General Terms Applicable to all Offerings, the following terms govern the Advanced Threat Intelligence Plus (ATI+) Subscription.

The ATI+ Subscription comprises two features: Continuous Monitoring (“CM” or “Continuous Monitoring”) and the FireEye Intelligence Center™ (FIC™) (“FIC”).

1.        Continuous Monitoring

The Continuous Monitoring portion of the Subscription is purchased in connection with one or more FireEye Products, and includes the following during the Subscription Term for the specific Products for which Continuous Monitoring was purchased (some Products may not be eligible for CM):

(a)     Critical Event Notification.  For Customers who have purchased the FireEye NX, FX, HX or EX Product, MVX Smart Grid with Network Smart node product combination, or the ETP or TAP Subscription, FireEye will provide Customer with proactive notifications of events FireEye determines to be critical that are logged by the Products (“Alerts”).  FireEye will also provide Customer with access to a detailed description of the Alert.  Alerts are not proof of vulnerability, threats or attacks on Customer. 

(b)     System Health Monitoring and Notification. For Customers who have purchased the FireEye NX, EX, HX, AX or FX Product, or MVX Smart Grid w/Network Smart node combination (hardware only), FireEye will provide Customer with proactive notifications of serious system health issues related to the hardware for Products covered by Continuous Monitoring.  Customers will also be provided with metrics on critical event notifications and, for purchased hardware, the status of monitored hardware parameters.

(c)    Portal Access.  Alerts and critical event notifications from Continuous Monitoring will be provided via an online portal, and FireEye will provide login credentials to the Customer to enable access to that portal.

(d)    Continuity of Monitoring.  The monitoring activities described in (a)-(c) above will be provided on a 24/7 basis.

(f)     Reseller and Partner Purchases.  If Customer receives the Subscription via a FireEye Partner, Customer agrees that the Subscription may be delivered to Customer through the Partner. Notwithstanding any other confidentiality obligations between the parties, Customer authorizes FireEye to disclose information related to the Subscription to the Partner.

(g)     Exclusions.  Notwithstanding anything else contained in this Agreement to the contrary, FireEye shall have no obligation or responsibility to provide the Subscription for (i) Products for which Customer does not have an active Subscription in place; (ii) Products that the Customer (or FireEye or another third party on Customer’s behalf) has configured with a one-way feed of FireEye’s Dynamic Threat Intelligence subscription; (iii) Products with an installed FireEye operating system less than version 6.2; (iv) Products that are end of life; (v) Products that have no active support service in place; (vi) Products for which software updates have not been applied; or (vii) Products that have not been installed and deployed.

2.        FireEye Intelligence Center™ (FIC™), Community Threat Intelligence™ (CTI™)

FireEye will provide the FIC portion of the Subscription, which includes the Community Threat Intelligence (CTI) platform, during the Subscription Term, as set forth below:

2.1      Permitted Use; Reports.  Customer may view and use FIC and content appearing on FIC (“FIC Content”) solely for internal use.  Some features of FIC may allow Customer to generate a report (each, a “FIC Report”).  FIC Reports and FIC Content are FireEye Materials.  Subject to Customer’s payment obligations, FireEye grants to Customer a limited, non-exclusive right to produce FIC Reports and FIC Content using FIC, and reproduce and distribute those FIC Reports and FIC Content internally for Customer’s own business purposes. 

2.2      Additional Use Limitations.  Customer may appoint up to fifteen (15) users of FIC at any time. Each day, all users on Customer’s account may collectively make up to (i) one hundred (100) queries of IP addresses and domain names, and (ii) one hundred (100) queries of malware per day.  Customer may request additional queries, to be evaluated by FireEye on a case by case basis.

2.3      User Content. “User Content” means any communications, images, sounds, and all the material and information that Customer or anyone using Customer’s account contributes to or through FIC including any contributions to or through the CTI platform.  Customer hereby grants FireEye a perpetual, irrevocable, worldwide, paid-up, non-exclusive, license, including the right to sublicense to third parties, and right to reproduce, fix, adapt, modify, translate, reformat, create derivative works from, publish, distribute, sell, license, transmit, publicly display, publicly perform, or provide access to electronically, broadcast, display, perform, and use and practice such User Content as well as all modified and derivative works thereof.  Customer represents that Customer has all necessary rights to grant the license referenced in the preceding sentence.  FireEye may use and disclose any of the information it collects about its customers’ use of FIC, including the CTI platform to the extent such information is de-identified.

2.4      Restrictions. Customer may not access FIC by any means other than through the interface that is provided or approved by FireEye. Customer will not collect any information from or through FIC using any automated means, including without limitation any script, spider, “screen scraping,” or “database scraping” application, and Customer will not damage, disable, overburden, or impair FIC or interfere with any other party’s use and enjoyment of FIC.

Back To Top


EXHIBIT B-6
SUBSCRIPTION TERMS FOR FIREEYE iSIGHT INTELLIGENCE

In addition to the General Terms Applicable to all Offerings, the following terms govern the iSIGHT Subscription (“iSIGHT” or “iSIGHT Subscription”). FireEye will provide the iSIGHT Subscription purchased by the Customer, as shown on the Order.

1.         Definitions.

1.1        “Access Method(s)” or “Access Methods” means the MySIGHT Portal (“MySIGHT”), Software Development Kit (“SDK”), Application Programming Interface (“API”), Browser Plugin, iSIGHT App for Splunk, or any other method provided by FireEye for Customer to access the iSIGHT Subscription, individually or collectively.  All Access Methods are FireEye Material as defined in the Agreement.

1.2        “Analyst Access” means a request made by Customer to FireEye for additional research or information about a specific piece of Content, such as an Indicator.

1.3        “Application” is a software program the Customer creates, or causes to have created on its behalf, that is designed to access the Content, which includes the features of the SDK/API but adds significant functionality beyond that provided by the SDK/API.

1.4        “Application Programming Interface” or “API” means the latest version of the iSIGHT Application Programming Interface software made generally available by iSIGHT, with its developer’s guide and other related material (available at http://www.isightpartners.com).

1.5        “Browser Plugin” means the iSIGHT Browser Plugin which a Customer may install on Google Chrome and/or other commercially available and supported browsers that allows the Customer to access and view the Content when licensed to do so.  The Browser Plugin displays the iSIGHT logo and links to MySIGHT.  The Browser Plugin includes the latest version of the Browser Plugin software, its documentation and any html embedded code.

1.6        “Content” means the cyber threat intelligence data and any reports, threat indicators, trends, events, information, documentation or functionality provided in connection with the Subscription.  All Content is FireEye Material as defined in the Agreement.

1.7        “End User” means the Customer or the Customer’s employees, as applicable.

1.8       “Executive Subscription” means a level of iSIGHT Subscription, purchased in addition to the purchased Tier of iSIGHT Subscription, as reflected in the applicable Order, which provides specific Content about attacker motivations and strategies, industry trends and other information of relevance to executive members of the Customer’s security team.

1.9       “Fusion Subscription” means a Tier of means a Tier of iSIGHT Subscription that consists of access to Content published by FireEye through the iSIGHT Subscription through MySIGHT and other Access Methods, along with access to Indicators through an API, and access to additional Content related to threat actor motivations and strategies.

1.10     “iSIGHT App for Splunk” means the application provided by FireEye, which a Customer may install on Splunk, that allows the Customer to access and view the Content in accordance with this Agreement. The iSIGHT App for Splunk includes the latest version of the iSIGHT App for Splunk software, its documentation and any html embedded code.

1.11     “iSIGHT Subscription” means the Tier of Subscription purchased by Customer as described on the applicable Order, including all Content available through that Tier of Subscription and Access Methods.

1.12      “iSIGHT Support Level” means the level of Support Services purchased by Customer in relation to the Tier of iSIGHT Subscription, as described in Section 3 below.

1.13     “Operational Subscription” means a Tier of iSIGHT Subscription that consists of access to intelligence Content published by FireEye through the iSIGHT Subscription through MySIGHT and other Access Methods, along with access to Indicators through an API.

1.14     “Software Development Kit” or “SDK” shall mean the latest publicly-available version of the iSIGHT Software Development Kit and any associated documentation, tools, libraries, technical notes, software code, or other materials.

1.15     “Tactical Subscription” means a Tier of iSIGHT Subscription that consists of access to Indicators published by FireEye through the iSIGHT Subscription through an API. Tactical Subscription Tier customers may not access Content through MySIGHT, the Browser Plug-in, or any Access Method other than the API.

1.16     “Tier” means the tier of iSIGHT Subscription purchased by Customer, as reflected on the applicable Order, which would be either Tactical, Operational, or Fusion.

1.17     “Vulnerability Subscription” means a level of iSIGHT Subscription, purchased in addition to the purchased Tier of iSIGHT Subscription, as reflected in the applicable Order, which provides specific Content related to vulnerabilities discovered in various products and services offered by third parties.

2.         License; Access to iSIGHT Subscription and Content.

2.1.       Grant of Limited License.  During the Subscription Term, FireEye grants to Customer in accordance with the terms of this Agreement and the Tier of iSIGHT Subscription purchased, a limited, worldwide, revocable, non-exclusive, non-transferable, non-assignable, non-sublicensable royalty-free right and license to:

(a)       use MySIGHT, the iSIGHT Subscription, and any Content provided by FireEye through the purchased Tier of iSIGHT Subscription for internal use only. The ISIGHT Subscription can be used by End Users who have a valid "need to know" within Customer’s organization, typically defined as a person or group that has a direct role in securing information system or networks. FireEye agrees to provide support for the ISIGHT Subscription  in accordance with the iSIGHT Support Level purchased by Customer, as described in Section 3 below.

(b)       use the API to search, display, and otherwise access the Content.  The API can be used to develop, display, or integrate applications, scripts, tools or workflows that interoperate with iSIGHT Subscriptions for the Customer’s internal use.  FireEye agrees to provide Support for the latest version of the API in accordance with Section 3 below. 

(c)        if applicable to the purchased Tier of iSIGHT Subscription, download, install and use the Software Development Kit (“SDK”) to design, develop and test an Application(s), for the Customer’s internal use only, for the purpose of customizing access to the Content.  The Customer may modify the source code versions of sample files, if any, included with the SDK for the purpose of creating Customer’s Application(s), and may make a reasonable number of copies of the SDK as necessary to develop Customer’s Application(s), provided that Customer must reproduce complete copies of the SDK, including without limitation all "read me" files, copyright notices, and other legal notices and terms.  FireEye agrees to provide Support for the ISIGHT SDK in accordance with Section 3 below.

(d)       if applicable to the purchased Tier of iSIGHT Subscription, use the Browser Plugin to search, display and otherwise access the Content for the Customer’s internal use only.  Customer may install and use one copy of the Browser Plugin on a single computer per license.  FireEye agrees to provide Support for the latest version of the Browser Plugin in accordance with Section 3 below.

(e)        if applicable to the purchased Tier of iSIGHT Subscription, use the ISIGHT App for Splunk to search, display and otherwise access the Content for the Customer’s internal use only.  Customer may install and use one copy of the ISIGHT App for Splunk on a single computer per license.  FireEye agrees to provide Support for the latest version of the ISIGHT App for Splunk in accordance with Section 3 below.

2.2.       Access Keys.  Use of the Access Methods and access to the ISIGHT Subscription  and the Content by Customer’s End Users is provided through access keys or login credentials. Access keys in association with the Access Methods and purchased Tier of iSIGHT Subscription  shall be kept in confidence by Customer and Customer’s End Users. Access keys will be issued to individual End Users by FireEye in accordance with each particular Access Method’s parameters and that End User’s Tier and will not be shared between End Users. Customer may not establish group accounts. Any unauthorized disclosure or dissemination of access keys by Customer or End Users shall be deemed a material breach of this Agreement. Customer shall inform FireEye of any data breach concerning login credentials in a timely manner.  FireEye reserves the right to change, suspend, remove, or disable Customer’s access keys to the Access Methods, ISIGHT Subscription, and Content upon notice if a material breach is suspected and not rectified upon notification.

2.3.       Latest Version.  The license granted to Customer under this Agreement is for the current version of the Access Methods.   FireEye may release future versions of the Access Methods as determined in the sole discretion of FireEye.  Nothing in this Agreement is a commitment to Customer of compatibility between the existing Access Methods and any future versions of the Access Methods.  FireEye reserves the right to discontinue offering particular Access Methods (or any updates thereto) or to modify the Access Methods at any time in its sole discretion.

2.4.       Multiple Copies.  Customer may receive software for an Access Method in more than one medium and/or in multiple copies.  The Customer’s license rights are in accordance with the Order regardless of the number of copies received.

2.5.       Additional Licenses.  If applicable to the purchased Tier of iSIGHT Subscription, Customer may purchase additional licenses for the Browser Plugin for its authorized End Users through the Chrome Web Store.  Customer may purchase additional licenses for the ISIGHT App for Splunk for its authorized End Users through Splunk. Additional licenses for the Browser Plugin and ISIGHT App for Splunk may be purchased and will be valid for the current Subscription Term as provided in the Order.

2.6.       Customer Application.  If applicable to the purchased Tier of iSIGHT Subscription, Customer may allow Customer’s employees to access and use the SDK/API on Customer’s behalf to design an Application.  The Customer may not rent, lease, sell, transfer, sublicense or time-share the Customer’s Application to any third-party without the express consent of FireEye. Customer shall retain all right, title or interest in the Application and as such, Customer agrees to indemnify and hold harmless FireEye for any claims of infringement made against FireEye in connection with any Application.  The Customer’s Application(s) must perform in accordance with the terms of this Agreement and must ensure the security and confidentiality of FireEye’s Confidential Information.  Customer assumes full responsibility for any breach of security caused by Customer’s Application(s) in connection with the Content, API, SDK, and specifically to any unauthorized disclosure of any FireEye Materials or FireEye Confidential Information.

2.7.       Content Modifications.  Customer may access the Content from the MySIGHT Portal, via email, SMS, HTML, API, any other Access Methods as officially distributed by FireEye or an FireEye sanctioned third-party integration. FireEye reserves the right to modify, amend, augment, reduce or alter the Content’s format, or Access Methods, or mode of retrieval of the Content, that in the sole judgment of FireEye is in its customers’ best interests. FireEye will determine what Content is appropriate for distribution to End Users in a particular Tier in its sole discretion. Customer will be entitled to retrieve the Content with any updates, modifications, additions or changes in the Content. These changes may require Customer to upgrade its systems, hardware or software and FireEye will not be responsible for the costs of any such changes.

2.8.       Prohibited Usage.  Customer must comply with any Intellectual Property rights asserted in any materials contained in the Content.  The following conduct and usage restrictions apply during Customer’s download, installation, and use of the Content and/or Access Methods, and survive termination of the Agreement or Subscription Term.   Customer and its authorized End Users may not:

a.         rent, lease, lend, sell, redistribute or sublicense any part of the iSIGHT Subscription  or Access Methods to any other party;

b.         share the iSIGHT Subscription , Access Methods, Content or Confidential Information with any third-parties, except as expressly authorized in advance by this Agreement or by FireEye in writing;

c.         use the iSIGHTe Subscription  or Access Methods in the operation of a service or in any way to provide services to any third-party;

d.         create derivative works for external distribution or use based upon the Content;

e.         create apps, extensions, or other products and services that use Content except as set forth herein;

f.          display, post, frame, or scrape the Content, except as allowed under this Agreement;

g.         use the Access Methods for any other purpose than to access the iSIGHT Subscription and the Content;

h.         use the Access Methods for any illegal or unauthorized purpose to promote or provide instructional information about illegal activities or to promote stalking, physical harm or injury against any group or individual, or any use that violates the rights of privacy and publicity of others;

i.          create, place, or disseminate any materials or other items that are inappropriate, defamatory, obscene, pornographic, harassing, threatening, abusive, hateful or otherwise offensive, or is unlawful (including any content that infringes any patent, trademark, service mark, copyright, trade secret or other proprietary right of any third-party without appropriate permissions);

j.          transmit any viruses, worms, defects, Trojan horses, time-bombs, malware, spyware, or any other computer code of a destructive or interruptive nature in connection with use of the Access Methods;

k.         use the Access Methods in connection with or to promote any products, services, or materials that constitute, promote or are used primarily for the purpose of dealing in spyware, adware, or other malicious programs or code, counterfeit goods, unsolicited mass distribution of email ("spam"), hacking, surveillance, interception, descrambling equipment, stolen products and items used for theft;

l.          create any Application that exposes or provides functionality of the Access Methods to any third party;

m.        interfere, restrict or inhibit any other customer from using the Access Methods or Content or disrupt any services offered by FireEye through any medium;

n.         attempt to exceed or exceed the usage limits established by FireEyeT for the Customer (https://docs.fireeye.com/iSight/index.html#/rate_limiting).

2.9.      Restrictions.  FireEye expressly reserves the right to limit the number and/or frequency of requests for Content made through the Access Methods in its sole discretion in line with technical design and performance standards as documented in the publicly available developers guide.  FireEye may limit the number of network calls that any Application may make via the Access Methods, the maximum file size, or the maximum amount of ISIGHT material that may be accessed. FireEye may change such usage limitations at any time and without notice. In addition to any other rights under this Agreement, FireEye may utilize technical measures to prevent over-usage or to stop usage of any Access Methods or any Application after any usage limitations are exceeded.  The most current API/SDK documentation and developers guide can be found at https://docs.fireeye.com/iSight/index.html#/, and these documents detail the current rates and capabilities of the API.

2.10.     Customer recognizes and agrees that certain information and data that will be provided by Customer to FireEye pursuant to the ISIGHT Subscription is not owned by Customer and is not Confidential Information of Customer.  Malware submitted by Customer to FireEye for analysis under ISIGHT Global Response, and other information submitted by Customer to FireEye that is not unique to and/or developed by Customer (collectively “Submissions”) shall not be considered Confidential Information or Intellectual Property of the Customer.  FireEye may use the Submissions, aggregate the Submissions with submissions from other FireEye customers as well as original research and analysis, and share that aggregated intelligence with Customer and with other FireEye customers to enhance the services FireEye provides to its customers.  FireEye will anonymize all Submissions prior to distribution, and will not identify the source of any Submission without written permission in each case.

3.  iSIGHT Support Levels.

3.1.      
Level One Support – Self-Help

Customers purchasing the Level One iSIGHT Support Level will have access to:

(I)     Support information through a support portal, Documentation provided by FireEye, and publications about the iSIGHT Subscription published by FireEye

(II)    Maintenance and updates as described in Section 3.4 below

(III)   Customer onboarding support.

(IV)   One (1) Analyst Access request per calendar quarter.

(V)    All Support activities provided for Level One Support customers will be provided remotely.

3.1.       Level Two Support – Intel Coordination

Customers purchasing the Level Two iSIGHT Support Level will, in addition to receiving the support items available for purchasers of the Level One iSIGHT Support Level, have access to a service desk through which FireEye assists its customers with issues, trouble or general questions concerning use of the FireEye ISIGHT Subscriptions.  Customer may initiate a service call as follows:

Description

Details

FireEye Service Desk
(Primary, escalation and off-hours contact)   

servicedesk@isightpartners.com

Service Desk Hours

24 x 7

Service Call Response Time
(“Response Time Standard”)  

4 hours for initial response

(confirmation of receipt is immediate through an automated ticketing system)

iSIGHT API

General information regarding iSIGHT API which can be accessed at http://www.isightpartners.com/doc/api2.0/docs/#/

Other resources
(all other Subscription Support issues)
 

Existing Clients –
Contact your assigned Intelligent Account Manager at:
client-engagement@isightpartners.com

Prospective Clients –
Contact your assigned Sales Engineer at:
sales-engineering@isightpartnerns.com

Partners, Resellers, Referrals –
Contact partners program representative at: partners@isightpartners.com

FireEye will catalog and evaluate all bugs or software issues as they are reported.  Such issues will be prioritized based on variables such as customer impact, security impact, etc. and will be scheduled for release accordingly.  When applicable, FireEye will notify Customer of urgent patches or bug fixes. Support Services do not include custom programming services, on-site support, or other services including installation of hardware or software, or training.

Customers purchasing the Level Two iSIGHT Support Level will also receive:

(I)     Up to two (2) hours of dedicated support for API technical integration. Any additional hours spent for API technical integration will be invoiced as Professional Services at FireEye’s then-current hourly rates.

(II)    One (1) threat brief specific to Customer’s industry.

(III)   An additional nine (9) Analyst Access requests (total of ten (10) requests) per calendar quarter, which Analyst Access requests will be given priority over requests from customers at a lower iSIGHT Support Level.

(IV)   A designated iSIGHT Account Manager (IAM), who will serve as a point of contact for Customer to FireEye related to the iSIGHT Subscription

(V)    All Support activities provided for Level Two Support customers will be provided remotely.

3.2       Level Three Support – Intel Optimization

Customers purchasing the Level Three iSIGHT Support Level will, in addition to receiving the support items available for purchasers of the Levels One and Two iSIGHT Support Levels, receive the following:

(I)     Up to two (2) additional hours (four (4) hours total) of dedicated support for API technical integration. Any additional hours spent for API technical integration will be invoiced as Professional Services at FireEye’s then-current hourly rates.

(II)    One (1) threat brief specific to Customer.

(III)   An additional fifteen (15) Analyst Access requests per calendar quarter (total of twenty-five (25) requests), which Analyst Access requests will be given priority over requests from customers at a lower iSIGHT Support Level.

(IV)   Access to workshops and other live support offerings provided by FireEye related to the iSIGHT Subscription.

(V)    When available, Content selected based on the specific threat concerns discussed with the Customer during onboarding.

(VI)    A designated Intel Account Analyst to respond to questions about specific Content.

3.3.       Maintenance and Updates

(a)       When feasible and appropriate, FireEye will provide Customer prior notification about major releases at least two weeks in advance via communication from FireEye representatives.

(b)       Scheduled system maintenance will be performed during the targeted times of 01:00 – 07:00 UTC on Thursdays and 12:00 – 19:00 UTC on Sundays.  Prior notification will be provided in the event of any impact to customer facing applications.

(c)        Emergency maintenance notifications will be provided by FireEye as early as possible but with a goal of six (6) hours’ prior notice provided.  Further, FireEye will strive to minimize the impact of any maintenance on any critical system during standard business hours around the globe.

3.4.       Subscription Availability

(a)       The FireEye iSIGHT API will have at least 99% system uptime (“API Uptime Standard”).

(b)       The iSIGHT MySIGHT Portal will have at least a 99% system uptime (“Portal Uptime Standard”).

(c)       FireEye realizes that a failure to meet the Response Time Standard, API Uptime Standard and the Portal Uptime Standard (collectively, the “Service Level Standards”) could have an adverse impact to Customer. If FireEye fails to meet any of the Service Level Standards (“Service Level Failure”), FireEye will: (i) promptly investigate and report on the root cause of the problem; (ii) advise Customer of the remedial efforts being undertaken with respect to this failure to meet the Service Level Standards; (iii) use commercially reasonable efforts to correct the problem and begin meeting the Service Level Standards; and (iv) take appropriate preventative measures designed to ensure that the problem does not recur.

Back To Top


EXHIBIT C
FIREEYE SUPPORT SERVICES APPLICABLE FOR FIREEYE PRODUCTS

In addition to the General Terms Applicable to all Offerings, the following terms will govern the Support Services provided with respect to FireEye Products listed in Exhibit A.

1.        Support Purchased Separately from the Products.  In the event Customer has purchased the Products and pass-through Support Services from FireEye through a FireEye authorized reseller (a "Reseller"), Customer will be entitled to all the rights herein set forth related to the level of Support Service requested and paid for by it, provided Customer: (a) is the original purchaser of the covered Products, (b) has provided true, accurate, current and complete information to FireEye included with its purchase; and (c) has maintained and updated this information to keep it true, accurate, current, and complete.

2.        SUPPORT SERVICES PROVIDED BY FIREEYE.

FireEye offers a range of programs for the support of its Products as described below (“Support Programs”).  Customer shall be entitled to receive the Support Services specified on the applicable support invoice and described below to the extent that Customer has paid in full the applicable Fees for Support Services.

2.1      Software Maintenance Services – include each of the following:

Software Updates.  During the Support Term , FireEye shall provide Customer notification of bug fixes, maintenance patches and new releases which may contain minor enhancements to the features or functions of the Product (“Updates”).  FireEye may designate a particular release of the Product as an Update at its sole discretion.  Customer may obtain Updates either through delivery of a machine-readable copy pursuant to instructions contained in the document notifying Customer of an available Update or by downloading the Update from FireEye’s server via the Internet.  FireEye reserves the right to impose additional charges for releases of Products (i) that provide major enhancements to the features or functions of the Products, as determined by FireEye at its sole discretion; or, (ii) that provide additional features or perform additional functions not provided or performed by the Products. 

Software Error Corrections.  During the Support Term, FireEye shall use commercially reasonable efforts to correct any reproducible programming error in the software associated with the Product attributable to FireEye, employing a level of effort commensurate with the severity of the error, provided, however, that FireEye shall have no obligation to correct all errors in the Products.  Upon identification of any programming error, Customer shall notify FireEye of such error in writing and shall provide FireEye with enough information to locate and reproduce the error.  FireEye shall not be responsible for correcting any errors not attributable to FireEye.  Errors attributable to FireEye shall be those that are reproducible by FireEye on unmodified Products. If it is found that a particular error is fixed in the most current Product release, then FireEye shall have no obligation to fix the error in any prior Product release and Customer will need to upgrade to the current Product release in order to obtain the fix.

2.2      Support Programs

(a)  Platinum Support includes all of the services set forth above under Software Maintenance Service (section 2.1) and additionally:

  • Email, Live Chat, Web or Telephone Support.  During the Support Term, FireEye shall provide Customer technical email, live chat, web or telephone support for the Products twenty-four (24) hours per day, 365 days a year.  FireEye’s support technician shall only be obligated to respond to Customer’s fifteen (15) designated contacts.
  • FireEye shall use commercially reasonable efforts to respond to the request for support as detailed in the Initial Response Times table found at https://www.fireeye.com/support/programs.html regarding use or installation of the Product that is communicated to FireEye via one of the mechanisms above to the attention of FireEye’s support engineers.
  • Product Return. During the term of this Agreement, Customer shall have the right to return to FireEye any defective Product subject to the limited warranty. Additionally, FireEye will fulfill the following Advance Return provisions below.
  • Advance Replacement.  Prior to any return as to which Advance Replacement applies, Customer shall verify that said Product is defective by logging a Support request via one of the mechanisms described above and in accordance with FireEye’s RMA procedures, including providing the part number, serial number, quantity and reason for return, an explanation of all failure symptoms and other relevant information. Upon confirmation by FireEye of a defect, Customer shall obtain from FireEye an RMA number.  FireEye shall ship via a recognized express courier service a replacement Product to Customer to arrive no later than next business day after FireEye’s issuance of an RMA number, provided the RMA number was issued prior to the business day cutoff time local to the defective Product, provided the replacement does not require any custom pre-configuration, and provided no external-to-FireEye circumstances prevent the delivery.  The replacement Product may be a new or reconditioned Product (of equivalent or better quality) at FireEye’s sole discretion.  FireEye shall pay the shipping costs to ship the replacement Product to Customer, but Customer shall bear any and all risk of loss of or damage to said Product at all times after said Product is made available by FireEye to the common carrier.  The support service will transfer from the defective Product to the replacement Product. Within five (5) business days after Customer receives the replacement Product from FireEye, Customer shall package said defective Product in its original packing material or equivalent, write the RMA number on the outside of the package and return said defective Product, at FireEye’s cost provided Customer utilizes FireEye’s designated courier service and properly packages the defective Product according to FireEye’s instructions, shipped properly insured, FOB FireEye’s designated facility (except that FireEye shall pay for shipping). Customer shall enclose with the returned Product the applicable RMA form, and any other documentation or information requested by FireEye customer support.  Customer shall assume any and all risk of loss of or damage to such Product during shipping.  Title to the defective Product shall pass to FireEye upon FireEye’s receipt thereof.  When a replacement Product is provided and Customer fails to return the defective Product to FireEye within ten (10) business days after Customer receives the replacement Product from FireEye, FireEye may charge Customer, and Customer shall pay for the replacement Product at the then-current list price.
  •  

(b)  Platinum Priority Plus Support iincludes all of the services set forth above under Platinum Support [section 2.2(a)] and additionally:

  • Access to Support. Customer will be provided with direct priority access to Level 2 Advanced Engineering support who shall respond to Customer’s unlimited number of designated contacts. A Designated Support Engineer (DSE) point of contact, who is available during Customer’s business hours (for single Customer site if Product(s) installed at multiple Customer sites), will be made available to be the focal point of contact within FireEye, to project manage Customer’s technical issues.
  • Onsite Support. Onsite visits for problem assistance at DSE’s sole discretion.
  • Reporting. FireEye will supply Customer with monthly reports detailing technical support provided during the previous month. Quarterly business reviews will also be conducted.

(c)  Government Support, if available, includes all of the services set forth above under Platinum Support [section 2.2(a)] and additionally:

  • Email, Live Chat, Web or Telephone Support.  For the specified country, access to citizens of that country for the fulfillment of Level 1 and 2 technical support requests.

(d)  Government Priority Plus Support includes all of the services set forth above under Government Support [section 2.2(c)] and additionally:

  • Access to Support. Customer will be provided with direct priority access to Level 2 Advanced Engineering support who are citizens of that country and shall respond to Customer’s unlimited number of designated contacts. A Designated Support Engineer (DSE) point of contact who is a citizen of that country and available during Customer’s business hours (for single Customer site if Product(s) installed at multiple Customer sites), will be made available to be the focal point of contact within FireEye, to project manage Customer’s technical issues.
  • Onsite Support. Onsite visits for problem assistance at DSE’s sole discretion.
  • Reporting. FireEye will supply Customer with monthly reports detailing technical support provided during the previous month. Quarterly business reviews will also be scheduled.

(e)   Special Services.  FireEye agrees to use commercially reasonable efforts to respond to any requests by Customer for support services not specifically provided for above.  Customer acknowledges that all such services provided by FireEye shall be at FireEye's discretion and then-current fees and policies.

3.        CUSTOMER RESPONSIBILITIES.

3.1      Requesting Support Services. When requesting Support Services from FireEye under this Agreement, Customer should have the following information available to provide to FireEye, if requested:  (i) detailed problem description, including operating system (“OS”) version, Product model and serial number(s), of the affected Product, and a detailed description of the troubleshooting that has already been done to try to resolve the problem; (ii) detailed system log files; (iii) configuration and login details to allow FireEye access as needed to the Products via the Internet for the purpose of providing support services and permissions needed in order for FireEye to conduct such remote access; (iv) a detailed description of changes to the environment; and (v) Customer’s unique ID, Account ID, the serial number(s) of the Product(s) covered by this Agreement or other unique customer identifier as assigned to Customer by FireEye.  Customer acknowledges and agrees that failure to have any or all information or access available as needed by FireEye in order to provide the Support Services may result in delays in FireEye’s response, may hinder FireEye’s ability to perform the Support Services and/or may cause incorrect Support Program fulfillment. FireEye will not be responsible for any such delays and inability to perform due to causes not due to FireEye.

3.2      Customer Assistance. 
Customer agrees to:  (i) ensure that their site complies with any and all applicable FireEye published system environmental specifications; (ii) follow FireEye’s procedures when requesting Support Services; (iii) provide FireEye reasonable access to all necessary personnel to answer questions or resolve problems reported by Customer regarding the Products; (iv) promptly implement all Updates and error corrections provided by FireEye under this Agreement; (v) maintain FireEye supported versions of required third party software, if any; and (vi) notify FireEye promptly of any relocation of the Products from the location to which the Products were originally shipped. Customer agrees to use reasonable efforts to resolve internally any support questions prior to requesting Support Services pursuant to this Agreement.  During the Support Term, FireEye may obtain information regarding Customer’s email communication and Customer agrees that, as a condition to FireEye’s provision of Support Services, FireEye may use statistical data generated regarding Customer’s email correspondence with customer support so long as the source or content of the emails is not being disclosed.

3.3      Contact People. Customer shall appoint the specified number of individuals (depending upon the Support Program purchased) within Customer's organization to serve as contacts between Customer and FireEye and to receive support through FireEye's telephone support center.  Customer’s contacts shall have been adequately trained on the Products and shall have sufficient technical expertise, training and experience.  All of Customer's support inquiries shall be initiated through these contacts.

4.     EXCLUSIONS.  Notwithstanding anything else contained in this Agreement to the contrary, FireEye shall have no obligation or responsibility to provide any Support Services relating to problems arising out of or related to (i) Customer's failure to implement all Updates to the Product which are made available to Customer under this Agreement; (ii) the failure to provide a suitable installation environment; (iii) any alteration, modification, enhancement or addition to the Products performed by parties other than FireEye; (iv) use of the Products in a manner, or for a purpose, for which they were not designed; (v) accident, abuse, neglect, unauthorized repair, inadequate maintenance or misuse of the Products; or relocation of the Products (including without limitation damage caused by use of other than FireEye shipping containers), (vi) operation of the Products outside of environmental specifications; (vii) interconnection of the Products with other products not supplied by FireEye; (viii) use of the Products on any systems other than the specified hardware platform for such Products; or (ix) introduction of data into any database used by the Products by any means other than the use of the software associated with the Products.  Notwithstanding anything else contained in this Agreement to the contrary, FireEye will support all generally available ("GA") versions of the FireEye OS, for a minimum of one (1) year from GA release date, regardless of the number of supported OS GA versions.  FireEye will also support the two (2) most current OS GA versions, regardless of the elapsed time from GA release date.  If available, and at FireEye’s sole discretion, support for any other OS versions or for other problems not covered under this Agreement may be obtained at FireEye's then-current fees and policies for such services. FireEye’s complete end of life policy can be found on the supported products web page.

5.        Lapsed Support and Upgraded Support.

5.1      Lapsed Support.  After any lapse of Support Services, the parties subsequently may elect to reinstate such Support Services for Products for which the Support Services lapsed pursuant to the terms and conditions set forth in this Agreement; provided, however, that (i) Customer agrees to pay for the period of time that has lapsed as well as any renewal term, and (ii) such Products must be in good working condition, as solely determined by FireEye or its designee.

5.2      Support Program Upgrade. At any time during the Term, Customer may upgrade to FireEye's next level of Support Program by (i) notifying FireEye of Customer's desire to upgrade; (ii) acknowledging in writing the then-current terms and conditions for the relevant Support Program; and (iii) paying FireEye the additional Support Fee owed in connection with such upgraded Support Program.

Back To Top