Laserfiche WebLink
Current Events <br />Critical, High <br />Critical, High <br />DTI Rules <br />All <br />Exploit Kits <br />All <br />FTP <br />Industrial Control Systems <br />Critical, High, <br />Medium <br />Critical, High, <br />Medium <br />Intel Match <br />Critical, High, <br />Medium <br />Critical, High, <br />Medium <br />Linux <br />Critical, High <br />Malware Methodology <br />Critical, High <br />Phishing <br />Critical High <br />Critical, High <br />Point of Sale <br />All <br />All <br />Security Tools <br />Critical, High, <br />Medium <br />Targeted Malware <br />All <br />All <br />Vendor - FireEye <br />Vulnerability <br />Critical, High, <br />Medium <br />Web Application Attacks <br />Critical, High, <br />Medium <br />Windows <br />Critical, High <br />1.13 "TAP Rule Packs" means a predefined set of criteria that identifies suspicious events or threats based on <br />the associated rule type within the TAP Subscription. <br />2 Scope of FaaS - Continuous Protection (CPI Subscription. During the Subscription Term, FireEye will provide <br />the CP Subscription as set forth in this Section 2, according to the Subscription level purchased by Customer <br />as set forth in the Subscription Order. If the Subscription Order does not specify the Subscription Ivel <br />purchased, then Customer will be deemed to have purchased the APT Only Service. All services Customer <br />requests that are not described in this Section 2 will be performed at mutually agreed upon rates as set forth <br />in Statements of Work. Unless otherwise specified, the CP Subscription is provided by FireEye personnel <br />remotely accessing Customer's environment from FireEye's networks. The CP Subscription is available for <br />the number of Nodes purchased (available for Customers who have purchased the FireEye NX, FX, or EX <br />Product or the ETP or TAP Subscription). If the number of Nodes exceeds the amount reflected in the <br />Subscription Order by more than ten percent (10%), FireEye will notify Customer in writing, and will issue an <br />invoice for the next higher Node Band at FireEye's then -current rates pro -rated for the remaining portion of <br />the then -current Subscription Term. <br />2.1 Event Analysis. <br />ll Time to Begin Analysis. FireEye will begin analysis of an Alert within the times set forth in the table below, <br />calculated from the time the Alert was generated by the Product or TAP Subscription (as applicable). <br />ll Alerts Investigated. _ FireEye will investigate and report on the Alerts that correspond with the Subscription <br />level the Customer purchased. If the Customer purchased the APT Only Service, FireEye will investigate <br />and report on only APT Alerts. If the Customer purchased the High Priority Alerts Service, FireEye will <br />investigate and report on only High Priority Alerts and APT Alerts. If the Customer purchased the All Alerts <br />Service, FireEye will investigate and report on APT Alerts, High Priority Alerts, and Low Priority Alerts. <br />FireEye has no obligation to investigate and report on Alerts that fall outside the purchased Subscription <br />level. <br />jcj Initial Investigation.-FireEye analysts will perform an initial analysis of the Customer's Covered Systems to <br />determine if the Alert is a true or false positive, benign or suspicious activity. <br />jdj FaaS Reports. If FireEye's investigation determines that the Alert indicates a true compromise, FireEye will <br />publish a FaaS Report to the FaaS Portal within one (1) hour of the time FireEye makes that determination. <br />Regardless of whether FireEye's investigation determines that an Alert indicates a true compromise, <br />FireEye will publish a FaaS Report on the Alert to the FaaS Portal within the times set forth in the table <br />Confidential FireEye Rev. 8/2016 <br />Page 15 <br />