The following terms apply only to the Service(s) indicated in the section title.
1. Chronicle Security Operations (Chronicle SIEM and Chronicle SOAR) (“Chronicle”)
a. Service Models. Chronicle is available in the following service models, as specified in an Order Form:
i. Data Ingestion (Log Ingest). Customers are charged a flat rate based on data ingestion up to the Data Cap. The following terms apply to this service model:
A. Data Limitations. Chronicle is only to be used for Security Telemetry. Customer agrees that it will not provide any data to Chronicle that is not Security Telemetry.
B. Overages. The applicable Order Form will identify Customer’s Data Cap as the number of Units purchased. In the event Customer consumed in excess of the Units purchased (as determined in Google’s sole discretion), Google will invoice Customer in arrears at the end of each month for any Units that Customer consumes in excess of the Units purchased, which will be charged at the monthly-prorated List Price less the applicable Discount as set forth in the applicable Order Form, unless otherwise agreed by the parties in writing. Customer will pay such invoice by the Payment Due Date. If Customer does not pay such invoice within thirty (30) days of the Payment Due Date, then Google may terminate the applicable Order Form upon written notice to Customer.
ii. Covered Personnel. Customers are charged a flat rate per each Covered Personnel. The following terms apply to this service model:
A. Data Limitations. Chronicle is only to be used for Network Telemetry and Third Party Telemetry. Customer agrees that it will not provide any data to Chronicle that is not Network Telemetry or Third Party Telemetry. Customer further agrees to work with Google to filter Customer Data that does not constitute Network Telemetry or Third Party Telemetry.
B. Overages. The applicable Order Form will identify the number of Covered Personnel as the number of Units purchased. Overages in the number of Covered Personnel are subject to proportional increases in Customer’s Fees during an Order Term based on any ten percent (10%) or more increase in Covered Personnel from the number reported in an Order Form.
C. Compliance. Within 30 days of Google’s reasonable written request, Customer will provide documentation establishing that the number of Covered Personnel providing Customer Data to Chronicle does not exceed the number of Units reported in an Order Form plus ten percent (10%).
b. Service Suspension. Google may Suspend Customer’s access to Chronicle if Customer does not comply with the data limitations provisions in Section 1(a)(i)(A) and Section 1(a)(ii)(A) (as applicable) of these Chronicle Service Terms, and Customer’s non-compliance is not cured following notice from Google within the Data Limitation Notice Period. If Google Suspends Customer’s access to Chronicle under this Section, then (i) Google will provide Customer notice of Suspension without undue delay, to the extent legally permitted, and (ii) the Suspension will be to the minimum extent and for the shortest duration required to resolve the cause for Suspension.
c. Data Period. Subject to and in accordance with the Cloud Data Processing Addendum, (i) Google will maintain Customer Data in Chronicle for the Data Period, and (ii) Customer instructs Google that it may delete Customer Data that is outside the Data Period.
d. Third-Party Terms.
i. Third-Party Offerings. Customer must obtain access to any Third-Party Offerings from the respective provider (a “Third-Party Provider”). To the extent Customer provides access to the Customer’s Account to a Third-Party Offering or Third-Party Provider, Customer explicitly consents and instructs Google to allow the Third-Party Provider of any such Third-Party Offerings to access Customer Data as may be required to interact with Chronicle, including to copy Customer Data into or out of Chronicle. For clarity, Third-Party Providers are not Subprocessors (as defined in the Cloud Data Processing Addendum).
A. Disclaimers. The manner in which Third-Party Offerings and Third-Party Providers transmit, use, store, and disclose Customer Data is governed solely by the policies of such Third-Party Offering and Third-Party Provider. To the extent permitted under applicable law, Google will have no liability or responsibility for:
1. Customer’s use of a Third-Party Offering, including any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such Third-Party Offering, any non-Google integrations of the Services with Third-Party Offerings, actions or the effect of actions that Customer authorizes Google to take with respect to Third-Party Offerings and a Third-Party Provider’s access to and use of Customer Data;
2. the privacy practices or other actions of any Third-Party Offering or Third-Party Provider; or
3. the accuracy, availability, or reliability of any data, information, content, services, advice, or statements made available in connection with such Third-Party Offering.
B. Representations and Warranties. Customer represents and warrants that nothing in the Agreement, or Customer’s use of Chronicle, will violate any agreement or terms with a third party to which Customer is subject.
ii. Looker and BigQuery. Google uses Looker and BigQuery with Chronicle for dashboarding, reporting, and storage features. Customer may only use Looker and BigQuery as part of Chronicle subject to any deployment, configuration, and use limitations provided or described by Google. Google may make Software available to Customer in connection with Customer’s use of Looker, including third-party Software. Some Software may be subject to third-party license terms, which can be found at https://looker.com/trust-center/legal/notices-and-acknowledgements. If Customer stops using Chronicle, or Looker, then Customer will also stop using the Software. Customer’s access to Looker and/or BigQuery may be terminated by Google, at any time, if Customer is found to be in breach of the Agreement. Notwithstanding anything to the contrary in the Agreement, as used in this Section 1(d)(ii) in these Chronicle Service Terms, the term “Customer Data” means (a) all data in Customer’s databases provided to Looker by Customer or End Users via Chronicle, and (b) all results provided to Customer or End Users for queries executed against such data via Looker. Google’s data location commitments under General Service Terms Section 1 (Data) do not apply to Looker or BigQuery dashboarding, reporting, or storage.
iii. Chronicle SIEM Enterprise Plus. If Customer subscribes to “Chronicle SecOps Enterprise Plus” SKU, such SKU leverages capabilities from and entitles Customer access to a product called “VirusTotal”. Customer’s use of VirusTotal is subject to the additional terms set forth in Section 3 (VirusTotal) below. For avoidance of doubt, VirusTotal is not part of the Audited Services as set forth in the Cloud Data Processing Addendum, and Google’s data location commitments under General Service Terms Section 1 (Data) do not apply to VirusTotal.
e. Build Partners. The following terms apply where Customer purchases Chronicle as a Build Partner:
i. In the following definitions in Section f (Additional Definitions) in these Chronicle Service Terms, all references to Customer will be replaced with End User(s): (A) Covered Personnel, (B) Customer Network, (C) Network Telemetry, and (D) Third Party Telemetry;
ii. Customer may not use Chronicle for internal purposes, unless Customer has a separate Order Form for internal use; and
iii. In General Service Terms Section 2 (General Software Terms): (A) End Users are included in the definition of “Software Users”, and (B) Customer may reproduce and use the Software ordered by Customer on systems owned, operated, or managed by or on behalf of End Users in accordance with (Y) the Agreement, and (Z) if applicable, the Scope of Use, provided that Customer will be liable for the acts and omissions of its End Users.
f. Service Limits. Google may restrict a Customer’s ingestion of data into Chronicle that exceed quotas (“Quotas”). Quotas are enforced to protect the community of Chronicle users by preventing unforeseen spikes in usage and overloaded services. Customer’s Quota is specified in the Account. Additional information regarding Quotas can be found in the Documentation.
g. Additional Definitions.
“Covered Personnel” means an employee or contractor of Customer.
“Customer Network” means the network used by Customer for internal business purposes, and all applications, software, services, and physical devices used for internal business purposes that connect to such network.
“Data Cap” means the amount of Customer Data that Customer is permitted to provide to Chronicle through the Account on an annual basis starting from the Service(s) Start Date, as specified in an Order Form as “Unit(s)”.
“Data Limitation Notice Period” means either (a) 72 hours after Google’s notice to Customer of non-compliance or (b) 7 days after Google’s notice if Customer reasonably demonstrates to Google that Customer is taking reasonable steps to remedy the non-compliance.
“Data Period” means the length of time that Customer Data will be available in Chronicle, as specified in an Order Form. The Data Period is calculated on a monthly rolling, lookback basis from the current date using the event date/timestamp of the Customer Data as read by Chronicle. If not specified in an Order Form, the Data Period is 12 months.
“Documentation” means the then-current Chronicle documentation made available by Google to its customers for use with the Services at https://cloud.google.com/chronicle/docs.
“Build Partner” means a Customer that provides its own Customer Applications that complement, enhance, or extend the reach or functionality of Chronicle for use solely by End Users. This would be applicable to Customer’s participation in the Program under the Build Engagement Model.
“Network Telemetry” means Security Telemetry generated by devices that are part of the Customer Network and does not include Security Telemetry generated by anyone other than Covered Personnel; for example Network Telemetry does not include Security Telemetry generated by Customer’s customers or Customer’s partners.
“Program” means the Google Cloud Partner Advantage Program as described in the then-current Google Cloud Partner Advantage Guide, available at https://www.partneradvantage.goog (as may be updated or modified by Google from time to time).
“Security Telemetry” means the metadata or other data that relates to Customer’s or a Customer End User’s security posture and that is produced by security related features, products, or services.
“Third Party Telemetry” means Security Telemetry Customer has received from a third party that Customer uses for purposes of securing the Customer Network.
“Units” means the units by which use of a Service SKU is measured (e.g., Data Cap or Covered Personnel).
2. Mandiant
a. Mandiant Solutions
i. Access to Mandiant Solutions. Subject to the Agreement, payment of all Fees, and any applicable Scope of Use, Customer may access and use the Mandiant Solutions in accordance with the Agreement and any Documentation, solely for its internal business purposes.
1. Mandiant Security Validation Solutions. The Security Validation Solutions may only be used up to the purchased license entitlement listed on the Order Form. Customers purchasing the Validation on Demand version of the Security Validation Solutions are licensed to use 1 actor to conduct 1 assessment, as set forth in the Documentation, and such use must occur within 1 year from the date of the applicable Order Form. The term of the license will begin on or shortly after the Order Form Effective Date (as determined by Google).
2. Mandiant Automated Defense. Customers may only use Mandiant Automated Defense solely for the purpose of analyzing Customer Data and rendering reports of the results of such analysis to Customer.
3. Mandiant Attack Surface Management (ASM). Customers may only use Mandiant ASM up to the purchased license entitlements on the Order Form for the purpose of assessing the security of internet-facing assets in connection with Customer’s business.
4. Intelligence Subscriptions. Customer may purchase different Intelligence Subscriptions, as set forth in the Documentation. Customer’s access to the Intelligence Subscription(s) is provided through access keys or login credentials, which may not be shared between Customer’s End Users. Customer may not establish group accounts. Google reserves the right to limit the number and/or frequency of requests through the Intelligence Subscriptions, as set forth in the Documentation. In addition to any other rights under the Agreement, Google may use technical measures to prevent over-usage or to stop usage after any limitations are exceeded.
5. Digital Threat Monitoring. Customer may use Digital Threat Monitoring solely for the purpose of analyzing Customer’s own security posture and for no other purpose. Google may terminate or suspend Customer’s usage of Digital Threat Monitoring based on a suspected violation of this Section 5 (as determined in Google’s sole discretion).
ii. Security Content.
1. License. Mandiant Solutions may include access to certain defined files, URLs, IP addresses, file hashes, commands, network traffic samples and other artifacts that can be malicious and/or represent real attacker behavior (“Security Content”). Google grants to Customer a limited, non-transferable, non-exclusive license to use the Security Content solely in connection with the applicable Mandiant Solutions and for no other purpose. Any Security Content obtained or licensed from a third party and furnished through Google or which Customer procures on its own will be deemed a Third Party Offering under the Agreement. Google does not warrant that any Security Content made available through Mandiant Solutions will continue to be available throughout the Order Term, and Google may add or remove Security Content from time to time in its sole discretion.
2. Disclaimer. Customer understands that Security Content includes live malware, including ransomware, and that use of the Security Content in ways not strictly described in the Documentation may cause damage to Customer’s environment. Security Content is provided “as-is” and Google makes no representations or warranties regarding the Security Content and does not guarantee or warrant that the Security Content will cover all possible conditions, environments or controls. Security Content is obtained from a variety of sources, which may include known threat actors. To the maximum extent permitted by applicable law, Customer assumes all risk associated with use of the Security Content, and acknowledges that Google has no obligation to ensure Security Content will operate as intended.
3. Submission of Security Content. Mandiant Solutions may allow Customer to submit Security Content or other malware to Google. Customer acknowledges that any Security Content or other malware provided by Customer through the Mandiant Solutions is not Customer Data, and may be used, aggregated, analyzed and shared by Google to enhance the products and services Google provides to its customers.
b. Mandiant Managed Services
i. Managed Services. During the Order Term, Google will provide Managed Services as set forth in the Documentation, according to the volume of entitlements or licenses purchased by Customer set forth in the applicable Order Form. Any services Customer requests that are not described in the Documentation will be performed at mutually agreed upon rates. If the number of entitlements or licenses exceeds the purchased volume reflected in the Order Form, Google will notify Customer in writing, and will issue an invoice for the next higher count at Google’s then-current rates prorated for the remaining portion of the then-current Order Term.
ii. Reseller and Partner Purchases. If Customer receives Managed Services via a Google authorized partner (a “Partner”), Customer agrees that the Managed Services and any output of the Managed Services, including reports, may be delivered to Customer through the Partner. Notwithstanding anything to the contrary in the Agreement, Customer authorizes Google to disclose information related to the Managed Services and Customer Data to Partner.
iii. Customer Responsibilities. Customer acknowledges and agrees that (i) Managed Services are not an alternative to an incident response engagement for an environment that is compromised prior to the start of the Managed Services Order Term, and (ii) Google’s ability to successfully deliver the Managed Services is dependent on the Customer’s ability to meet its responsibilities as outlined in this Section 2(b)(iii). To the maximum extent permitted by applicable law, Google will have no liability for any failure to deliver the Managed Services that may arise due to Customer’s refusal or failure to perform its responsibilities:
1. Installation Requirements. Customer will be responsible for the following: (i) providing network architecture diagrams, physical, and logical access to Customer’s environment for the sole purpose of deploying and configuring any Managed Services supported technology (as may be defined in the Documentation); (ii) upgrading pre-existing technology to the minimum software version as referenced within the Documentation; (iii) providing confirmation that all technology within the Customer’s environment has been successfully configured and connected to its network according to the individual product’s system administration guide and the configurations supported as noted in the relevant product’s support terms; and (iv) providing the ability to establish a persistent connection to the Customer’s network within the designated port range corresponding to the country from which the Managed Services will be delivered.
2. Credential Security. Customer will be responsible for the following: (i) providing accurate information to Google for provisioning access to (and removal of) Customer personnel access to any portals associated with the Managed Services; (ii) implementing and adhering to strong password standards; (iii) providing accurate information to Google for domain whitelisting; and (iv) reporting any security issues related to the Managed Services (including any available portals) to Google immediately.
3. Network Segment Exclusion. Customer will notify Google if specific network segments will not require managed defense monitoring. Customer must provide detailed information regarding the specific network segment range when possible (e.g. guest networks, testing environments).
4. Remediating Known Compromises. Customer will make a reasonable effort to remediate any known compromises reported by Google or third party vendors. Google may choose to suppress alerts generated by known compromised systems until such time as the compromise is remediated.
5. Time and Date Settings. Customers will ensure that all supported technology has accurate time and date settings, to help ensure that time-supported alerts are accurately categorized. Google will not be responsible for reporting on alerts generated by supported technology that does not have up to date time and date settings.
iv. Exclusions. Notwithstanding anything to the contrary in the Agreement, Google will have no obligation to provide the Managed Services for (i) products or services that have been declared end of support or that are not currently supported; (ii) products or services that have no active support in place; (iii) products or services for which updates have not been applied; (iv) products or services that have not been installed and deployed; or (v) products or services that are misconfigured or incorrectly deployed, which prevents the Managed Services from monitoring. Customer acknowledges that to facilitate Google’s efficient performance of the Managed Services, Google may control some features and functionality of the underlying products and services, including by applying updates, and such features or functionality may not be available for Customer’s independent use during the Order Term of the Managed Services.
c. Mandiant Consulting Services
i. Provision of Services. Google will provide Consulting Services, including Deliverables, to Customer, subject to Customer fulfilling its obligations under Section 2(c)(v) (Customer Obligations) below. Deliverables are considered final upon the earlier of Customer’s written or oral confirmation of acceptance, or ten (10) business days after Google makes the Deliverables available to Customer.
ii. Invoices and Payment. Customer will pay all Fees for Consulting Services and some Fees may be non-cancellable, as specified in the Order Form.
iii. Personnel. Google will determine which Personnel will perform the Consulting Services. If Customer requests a change of Personnel and provides a reasonable and lawful basis for such request, then Google will use commercially reasonable efforts to replace the assigned Personnel with alternative Personnel. If provided to Google before the start of the Consulting Services, Google’s Personnel performing the Consulting Services will comply with Customer’s reasonable personnel training policies related to the Consulting Services.
iv. Compliance with Customer’s Onsite Policies and Procedures. Google Personnel performing Consulting Services at Customer’s facilities will comply with Customer’s reasonable onsite policies and procedures made known to Google in writing in advance.
v. Customer Obligations.
1. Cooperation. Customer will provide reasonable and timely cooperation in connection with Google’s provision of the Consulting Services. Google will not be responsible for a delay caused by Customer’s failure to provide Google with the information, materials, consents, or access to Customer facilities, networks, systems, or key individuals required for Google to perform the Consulting Services. If Google informs Customer of such failure and Customer does not cure the failure within 30 days, then Google may terminate any incomplete Consulting Services and Customer will pay actual costs incurred by Google for the canceled Consulting Services.
2. Expenses.
a. General. Customer will reimburse expenses as specified in the applicable Order Form.
b. Litigation Expenses. If Google is requested by Customer or required by applicable law, legal process or government action to produce information, documents or personnel as witnesses with respect to the Consulting Services or the Agreement, Customer will reimburse Google for any time, expenses, and liabilities (including reasonable external and internal legal costs or fines) incurred to respond to the request, unless Google is itself a party to the proceeding or the subject of the investigation.
3. Shipping Media. Customer acknowledges and agrees that Google is not responsible for any damages arising from the shipment and delivery of any media, hardware, and equipment to Google.
4. Information and Systems. Customer is solely responsible for the accuracy and completeness of all information it and its Personnel provide to Google, and Customer represents and warrants that it owns, or is authorized to give Google access to, any systems, facilities, and/or devices that Google is required to access to perform Consulting Services.
vi. Intellectual Property.
1. Background IP. Customer owns all rights, title, and interest in Customer’s Background IP. Google owns all rights, title, and interest in Google’s Background IP. Customer grants Google a license to use Customer’s Background IP to perform the Consulting Services (with a right to sublicense to Google Affiliates and subcontractors). Except for the license rights under Sections 2(c)(vi)(2) (Google Technology) and 2(c)(vi)(3) (Deliverables) below, neither party will acquire any right, title, or interest in the other party’s Background IP under the Agreement. For clarity, Background IP is included in the definition of “Indemnified Materials” for each party.
2. Google Technology. Google owns all rights, title, and interest in Google Technology. To the extent Google Technology is incorporated into Deliverables, Google grants Customer a limited, worldwide, non-exclusive, non-transferable license (with the right to sublicense to Affiliates), for the maximum term permitted by applicable law, to use the Google Technology in connection with the Deliverables for Customer’s internal business purposes. The Agreement (including these Service Specific Terms) does not grant Customer any right to use materials, products, or services that are made available to Google customers under a separate agreement.
3. Deliverables. Google grants Customer a limited, worldwide, non-exclusive, fully-paid, non-transferable license (with the right to sublicense to Affiliates), for the maximum term permitted by applicable law, to use and reproduce the Deliverables for Customer’s internal business purposes.
vii. Warranties and Remedies.
1. Google Warranty. Google will perform the Consulting Services in a professional and workmanlike manner, in accordance with practices used by other service providers performing services similar to the Consulting Services. Google will use Personnel with requisite skills, experience, and qualifications to perform the Consulting Services.
2. Remedies. Google’s entire liability and Customer’s sole remedy for Google’s failure to provide Consulting Services that conform with Section 2(c)(vii)(1) (Google Warranty) will be for Google to, at its option, (a) use commercially reasonable efforts to re-perform the Consulting Services or (b) terminate the Order Form and refund any applicable Fees received for the nonconforming Consulting Services. Any claim that Google has breached the warranty as described in Section 2(c)(vii)(1) (Google Warranty) must be made within 30 days following the date that Google has performed the applicable Consulting Services.
viii. Indemnification.
1. Indemnification Exclusions. The sections of the Agreement titled "Google Indemnification Obligations" and "Customer Indemnification Obligations" will not apply to the extent the underlying allegation arises from (a) modifications to the Google Indemnified Materials or Customer Indemnified Materials (as applicable) by anyone other than the indemnifying party or (b) compliance with the indemnified party’s instructions, design, or request for customized features.
2. Infringement Remedies. The remedies described in the section of the Agreement titled "Remedies" also apply to Deliverables.
ix. Survival. If the Agreement or applicable Order Form expires or terminates, then the following Sections of these Service Specific Terms will survive for purposes of Consulting Services: 2(c)(vi) (Intellectual Property), 2(c)(viii) (Indemnification), 2(c)(ix) (Survival), and 2(f) (Additional Definitions).
x. Insurance. During the term of the Agreement, each party will maintain, at its own expense, appropriate insurance coverage applicable to performance of the party’s respective obligations under the Agreement, including general commercial liability, workers’ compensation, automobile liability, and professional liability.
xi. No Publicity. Notwithstanding anything in the Agreement to the contrary, including the Agreement sections titled "Marketing and Publicity" and "Conflicting Terms", neither party will publicly disclose that Google is providing Mandiant Consulting Services to Customer without the other party's prior written consent in each instance.
xii. Google Cloud Service Data. If Customer also purchases Cloud Services (as defined in the Google Cloud Privacy Notice), then without limiting Google’s obligations under the Google Cloud Privacy Notice with respect to Service Data:
1. Google may access and process such data to provide Consulting Services to Customer, as further described in the SecOps Privacy Notice; and
2. Customer will notify data subjects impacted by such processing as required by applicable law.
d. Expertise On Demand.
i. Expertise On-Demand. Google will provide Customer with the most current version of the Documentation that will describe the Services that are available through the Expertise On-Demand Subscription (“Expertise on Demand Services” or “EOD”). Customer may order any of the Expertise on Demand Services described in the Documentation during the twelve month period beginning on the Order Form Effective Date (the “Covered Period”). All Expertise on Demand Services must commence within the Covered Period, and must be requested within the time frames set forth in the Documentation to allow for scheduling so that Expertise on Demand Services may commence prior to the end of the Covered Period.
ii. Units. Customer will pay a fixed fee (the “Package Fixed Fee”) that entitles Customer to a specific number of Expertise On Demand Units (“EOD Units”), all as set forth on the applicable Order Form (“Unit Package”). The total Package Fixed Fee will be invoiced on or about the Order Form Effective Date. Each Expertise on Demand Service will draw down the number of EOD Units listed for that Expertise on Demand Service in the Documentation. Customer will make each request for Expertise on Demand Services in writing as described in the Documentation. Customer may purchase additional EOD Units (“Additional Units”) during the Covered Period. Additional Units must be used during the Covered Period, and are non-cancelable and non-refundable. EOD Units (including Additional Units) may not be used for any Services not listed in the EOD Documentation. Any technology fees and expenses will be invoiced separately as set forth in the Documentation. EOD Units may be used to pay for such expenses.
iii. Updates to Expertise on Demand Services. Customer acknowledges that Google may update the Documentation from time to time, and that the most current version of the Documentation (including listings of Expertise on Demand Services and Unit values) will apply to the Expertise on Demand Services. Notwithstanding the foregoing, Google will notify Customer at least twelve months in advance of discontinuing any Expertise on Demand Service or increasing the number of EOD Units required for any Expertise on Demand Service.
iv. Incident Response Retainer. Subject to the terms governing Consulting Services, Google will provide incident response services (“Incident Response Services”) during the Covered Period, as set forth in the Documentation. Incident Response Services may include:
1. Computer security incident response support.
2. Forensics, log and advanced malware analysis.
3. Advanced threat actor response support.
4. Advanced threat/incident remediation assistance.
e. Training Services
i. Training Services. Subject to any Training Terms, Customer may order Training Services for use in connection with Mandiant products and services. The parties will mutually agree upon delivery dates and location for Training Services. All Training Services (including rescheduled Training Services) must be scheduled and conducted within one year from the date of the Order Form on which the applicable Training Services were purchased.
1. Private Training. Customer will request rescheduling of private Training Services no less than two weeks in advance of the scheduled start date. Google will use reasonable efforts to reschedule Training Services, subject to availability, and Customer will pay any expenses associated with the rescheduling, including changing of travel plans. Customer may not record any aspect of the Training Services.
2. Public Training. If Customer cancels attendance at any public Training Services, Customer will notify Google no later than two (2) weeks before the date of the public Training Services, and Google will issue Customer a credit for the amount paid for the public Training Services. Customer will notify Google of any substitution of a named attendee for public Training Services. Google reserves the right to refuse admittance to public Training Services to any person, for any reason. If Google refuses admittance, Google will refund the amount paid for that person’s public Training Services. Google does not refund or credit Fees paid for attendees who do not attend Training Services or who leave before Training Services conclude. Google reserves the right to cancel public Training Services and provide a refund for any reason. Customer may not record any aspect of the Training Services.
3. On Demand Training. On-demand Training Services must be completed within ninety days from the date of enrollment. Customer may not share or transfer Access credentials for on-demand Training Services.
f. Additional Definitions.
“Background IP” means all Intellectual Property Rights owned or licensed by a party (a) before the effective date of the applicable Order Form or (b) independent of the Services.
“Deliverables” means written reports that are created specifically for Customer as a result of the Consulting Services provided under the Agreement.
“Documentation” means the then-current Mandiant documentation made available by Google to its customers for use with the Services, as provided by Google upon Customer request.
“Google Cloud Privacy Notice” means the then-current Google Cloud Privacy Notice at https://cloud.google.com/terms/cloud-privacy-notice.
“Google Technology” means (a) Google Background IP; (b) all Intellectual Property and know-how applicable to Google products and services; (c) Indicators of Compromise; and (d) tools, code, algorithms, modules, materials, documentation, reports, and technology developed in connection with the Services that have general application to Google’s other customers, including derivatives of and improvements to Google’s Background IP. Google Technology does not include Customer Background IP or Customer Confidential Information.
"Indicators of Compromise" or "Indicators" means specifications of anomalies, configurations, or other conditions that Google can identify within an information technology infrastructure, used by Google in performing the Services.
“Mandiant Consulting Services” or “Consulting Services” means the then-current Mandiant Consulting Services as described at https://cloud.google.com/terms/secops/services or in an applicable Order Form. Mandiant Consulting Services do not include Training Services.
“Mandiant Managed Services” or “Managed Services” means the then-current Mandiant Managed Services as described at https://cloud.google.com/terms/secops/services or in the applicable Order Form.
“Mandiant Solutions” means the then-current Mandiant Solutions as described at https://cloud.google.com/terms/secops/services or in the applicable Order Form.
“Order Form” means an order form, statement of work, or other document issued by Google under the Agreement, including data sheets associated with Services described in the order form, and executed by Customer and Google, specifying the Services Google will provide to Customer.
“Personnel” means a party’s and its Affiliates’ respective directors, officers, employees, agents, and subcontractors.
“SecOps Privacy Notice” means the then-current SecOps Privacy Notice at https://cloud.google.com/terms/secops/privacy-notice.
“Service Data” has the meaning given in the Google Cloud Privacy Notice.
“Services” means the then-current Mandiant Solutions, Mandiant Managed Services, and/or Mandiant Consulting Services, each as described at https://cloud.google.com/terms/secops/services or in the applicable Order Form. Services do not include Training Services.
“Training Services” means education and certification services related to Mandiant products and services for individual users, as more fully described in an applicable Order Form. Training Services do not include Deliverables.
“Training Terms” means the then-current terms applicable to Training Services provided to Customer by Google.
3. Google Threat Intelligence (“GTI”)
a. License Grant. Subject to the terms of the Agreement during the Order Term, Google grants to Customer a worldwide, nontransferable, nonassignable, nonexclusive, revocable, limited license to use the Samples for the exclusive purpose of protecting Customer’s internal business.
b. SLAs. During the applicable Order Term, Google will make the Service available in accordance with the Service Level Agreement at www.virustotal.com/go/sla (“SLA”). Other than as expressly provided in the SLA, Google has no obligation to provide Customer with support for any feature of the Services. The SLA states Customer’s sole and exclusive remedy for any failure to meet the standards of the SLA.
c. VirusTotal Free Users and Legacy Customer.
i. VirusTotal Free Users. The SLAs and Google’s indemnity do not apply to free users of the Services. Services provided to free users are not covered by TSSG. For VirusTotal free users only, the definition of “Services” in the Agreement is replaced with the following:
“Services” means the VirusTotal malware intelligence service and platform that leverages real threat intelligence contributed by a global community of users.
ii. VirusTotal Legacy Customers. For customers that purchased VirusTotal from Chronicle LLC or Chronicle Security Ireland Limited only, the VirusTotal Enterprise Terms at https://go.chronicle.security/hubfs/vt_terms.pdf, or an offline variant of those terms if available, govern the purchase and use of VirusTotal instead of the Agreement.
d. Samples and Community Content Guidelines.
i. To the extent Customer contributes any Sample to the Community, Customer confirms that all content contained in the Sample complies with the Agreement and the VirusTotal Privacy Policy, that Customer is either the original owner of the Sample it submits or that it has the necessary rights and permissions to irrevocably contribute the Sample and share it, and information about it, with the Community.
ii. Customer understands that if it submits any Sample, the Sample is immediately shared for review by Security Partners, and the resulting intelligence report is shared with Customer and with Security Partners, who use the results to improve their own systems. As such, by contributing a Sample, Customer is contributing to the effort to raise global IT security levels.
iii. While Customer retains any ownership rights in the original material contained in the Sample, when Customer upload or otherwise submits a copy of the Sample, Customer gives Google (and those we work with) a worldwide, royalty free, perpetual, irrevocable and transferable license to use, edit, host, store, reproduce, modify, create derivative works, communicate, publish, publicly perform, publicly display and distribute all content contained in the Sample.
iv. CUSTOMER FURTHER AGREES THAT IT WILL ONLY UPLOAD SAMPLES THAT IT WISHES TO PUBLICLY SHARE AND THAT IN ANY CASE, CUSTOMER WILL NOT KNOWINGLY SUBMIT ANY SAMPLE TO THE SERVICE THAT CONTAINS CONFIDENTIAL OR COMMERCIALLY SENSITIVE DATA WITHOUT LAWFUL PERMISSION. FURTHER CUSTOMER AGREES THAT IT WILL NOT SUBMIT ANY SAMPLES TO THE SERVICE THAT CONTAIN PERSONAL DATA.
v. Although Google has no obligation to monitor use of the Service, user content or any Samples, Google may monitor the Service to detect and prevent fraudulent activity or violations of the Agreement and retain absolute discretion to remove Samples, content or users from the Service at any time and for any reason without notice. At the same time, to promote the security of the Community and information sharing accountability, accounts and Samples contributed by the Community (for example, comments, posts, etc.) generally will not be removed from the Service, unless they are illegal, violate the lawful rights of an individual, serve any other unethical/malicious purpose, or otherwise violate the Agreement.
vi. IF CUSTOMER DOES NOT WANT TO PUBLICLY SHARE A SAMPLE IN THE MANNER SET OUT IN THE AGREEMENT OR IN THE PRIVACY POLICY, CUSTOMER WILL NOT SEND IT/CONTRIBUTE IT TO THE SERVICE AS THE SERVICE IS DESIGNED TO WORK THROUGH THE COLLECTIVE AGGREGATION AND SHARING OF THREAT-INTELLIGENCE WITH AND THROUGH THE COMMUNITY.
e. Changes in the Services and/or the Site.
i. Notwithstanding anything to the contrary in the Agreement, the Service provided by Google is constantly evolving, and the form and nature of the Service that Google provides, including the Site, may change from time to time without prior notice to Customer. Any changes to the Service and the Site, including the release of new Service features, may be subject to additional terms communicated to Customer. In addition, Google may stop (permanently or temporarily) providing the Service or the Site (or any features within the Service) without providing prior notice. Google also retains the right to create limits on Customer’s use of the Service including storage, at Google’s sole discretion, at any time without prior notice to Customer.
f. Restrictions.
Customer will not: (a) sublicense, distribute, publicly perform or display, or otherwise share or make accessible, directly or indirectly, any Samples, datafeed, metadata or results from the Services, including without limitation, any API or interface, or portions thereof, to any third party; (b) use the Service to develop, offer, support or enhance products and services competitive with those of Google or its Affiliates.
Customer also agrees that it will not use or attempt to:
i. Obtain or use any Samples except as specifically permitted by the Service or use or attempt to use the Service to mine information in any way that could identify individual persons in their private capacity, attempt to access or misappropriate content contained in any Sample, or otherwise use the Service or Samples for any purpose other than to detect and prevent malware in a non-commercial personal or organizational capacity.
ii. Publicly attribute the intelligence Customer receives through the Service to any Security Partner (including, but not limited to any antivirus vendors, URL scanning engines, file characterization tools, etc.) without the individual Security Partner’s express permission.
g. Browser Extension. If you access the Services through a VirusTotal browser extension, we will collect information about how domain names you visit are resolved. Passive Domain Name System Information (“pDNS”) data consists of domain names that your browser requests, along with the IP address resolutions for such domain names. We will make this pDNS data available through the Services to enable members of the Community to better detect malicious domains that might be hosted on a server (contacted on a given IP address) controlled by an attacker. Collected pDNS data is distinct from browsing history and is never tied to a user or used to identify an individual. Existing users of a VirusTotal browser extension will need to opt-in to share pDNS data with the Community. Users downloading the VT extension for the first time may opt-out of this collection in the VirusTotal browser extension’s settings.
h. Additional Definitions.
“Community” means a member of the public, an AV, scanning, sandbox or other Security Partners, security-minded organizations and other licensed users of the Service.
“Documentation” means the then-current VirusTotal documentation made available by Google to its customers for use with the Services for VirusTotal at https://docs.virustotal.com/ and for GTI at https://gtidocs.virustotal.com/.
“Samples” means security-related objects and artifacts, which include executable and non-executable files uploaded to or scanned or analyzed by tools on the Site by users of the Service, including associated metadata, comments and/or posts made available to users through the Service. For the avoidance of doubt, Samples is not Customer Data.
“Site” means the site located at virustotal.com and all associated controlled and VirusTotal branded sites linked from virustotal.com by Google and its Affiliates.
“Security Partners” means members of the public, an antivirus, scanning, sandbox or other security partner who are using and contributing Samples to the Service.
