Addendum to Chronicle Services Agreement – Chronicle for Tanium
This Addendum (“Addendum”) supplements, amends, and is incorporated into the Chronicle Services Agreement at https://chronicle.security/legal/services-agreement (the “Agreement”), and is entered into by and between Chronicle and the company or entity agreeing to this Addendum (“Customer”). “Chronicle” means either (i) Chronicle LLC, a Delaware limited liability company, if Customer is located in North or South America; or (ii) Chronicle Security Ireland Limited, an Ireland limited company, if Customer is located outside the Americas.
If you are entering into this Addendum on behalf of Customer, you represent and warrant that: (a) you have full legal authority to bind Customer to this Addendum; (b) you have read and understand this Addendum; and (c) you agree, on behalf of Customer, to this Addendum. Unless otherwise defined, capitalized terms used in this Addendum are given the meaning set forth in the Agreement. In the event of any conflict or inconsistency between this Addendum and the Agreement, this Addendum will govern.
This Addendum provides additional terms and conditions that govern Customer’s purchase and use of the Services as part of the Combined Solution.1. Definitions.
1.1 “Chronicle Services” means the Chronicle security telemetry platform as integrated with the Combined Solution.
1.2 “Combined Solution” means the technical integration between Tanium Products and the Chronicle Services as offered by Tanium Inc. (“Tanium”).
1.3 “Endpoint” means a physical or virtual hardware device that communicates with the Combined Solution, and where that device is capable of processing data. Endpoint includes managed Oss, including any of the following types of computer devices, each of which constitutes an Endpoint: mobile/smart phone, diskless workstation, personal computer workstation, networked computer workstation, homeworker/teleworker, home-based system, file server, print server, e-mail server, Internet gateway device, storage area network server (SANS), terminal servers, or portable workstation connected or connecting to a server or network. In the case of a virtual system, in addition to the virtual managed OSs, the hypervisor is deemed a single Endpoint if the Combined Solution is installed at the hypervisor level.
1.4 “Log” means a file that records events, processes, messages, and communications on and/or between Endpoints.
1.5 “Operational Data” means Customer Data that does not relate to Customer’s security posture and that is produced by non-security related features, products, and services.
1.6 “Security Data” means Customer Data that relates to Customer’s security posture and that is produced by security related features, products, and services.
1.7 “Tanium Products” means products and services made available by Tanium to Customers as integrated with the Combined Solution.
2. The Combined Solution. The Combined Solution allows Customer to send security Logs generated by Tanium Products to the Chronicle Services. The Chronicle Services: (i) will accept Security Data from Customer’s production and non-production environments; and (ii) are priced per Endpoint (e.g., Customer will purchase one subscription of the Chronicle Services per one Endpoint). Customer: (i) acknowledges and agrees that the Chronicle Services will only accept Security Data from Customer’s Network; and (ii) will not send Operational Data to the Chronicle Services. The Data Policy does not apply to Customer’s purchase of the Chronicle Services.
3. Subscriptions. The Chronicle Services are available in two types of subscriptions: (i) EDR subscriptions; and (ii) XDR subscriptions.
3.1 EDR Subscriptions. Customer’s purchase and use of EDR subscriptions is subject to the following:
(a) Customer must purchase a minimum of 5,000 EDR subscriptions.
(b) Customer may only send Security Data from up to ten (10) Log sources to the Chronicle Services. The Chronicle Services will not accept Logs from the following Log sources under an EDR subscription:
Unaccepted Log Sources
Flow (e.g., Netflow, VPC Flow)
PCAP (Packet Capture)
NDR (Network Detection & Response)
(c) EDR Data Ingestion Cap.
(i) The annual EDR data ingestion cap is 25GB for each EDR subscription per year (the “Annual EDR Cap”). The Annual EDR Cap aggregates the number of purchased EDR subscriptions (e.g., If a Customer has purchased EDR subscriptions for 20,000 Endpoints, then the Customer’s Annual EDR Cap is 500TB per year).
(ii) Chronicle’s recommended daily EDR ingestion rate is the aggregate number of EDR subscriptions multiplied by 68MB.
3.2 XDR Subscription. Customer’s purchase and use of XDR subscriptions is subject to the following:
(a) XDR subscriptions are only available as an upgrade to EDR subscriptions. The purchase of XDR subscriptions is subject to Customer purchasing at least an equal number of EDR subscriptions for the same Endpoints.
(b) XDR subscriptions do not limit the number or source of Logs.
(c) XDR Data Ingestion Cap.
(i) The annual XDR data ingestion cap is 38GB for each subscription per year (the “Annual XDR Cap”). The Annual XDR Cap and the Annual EDR Cap are not cumulative (i.e., Customer's total Annual XDR Cap is 38GB per each XDR subscription - not 63GB (25GB for the underlying EDR subscription (+) 38GB for the XDR subscription)). The Annual XDR Cap aggregates the number of purchased XDR subscriptions (e.g., if a Customer has purchased XDR subscriptions for 20,000 Endpoints, then the Customer’s Annual XDR Cap is at 760TB per year).
(ii) Chronicle’s recommended daily XDR ingestion rate is the aggregate number of XDR subscriptions multiplied by 104MB. The recommended daily XDR ingestion rate and the recommended daily EDR ingestion rate are not cumulative.
4. Data Monitoring and Overage Resolution.
4.1 Chronicle will measure Customer’s data ingestion rate. If Customer is repeatedly over the recommended daily ingestion rate Chronicle will:
(a) First, work with Tanium to optimize the Endpoint events and reduce the size of Customer’s Logs. If doing so does not get Customer below the recommended daily ingestion rate, as determined by Chronicle, then;
(b) Second, work with Tanium and Customer to get Customer below the recommended daily ingestion rate by optimizing Customer’s other Log sources.
4.2. Chronicle will not stop ingesting Security Data if the Customer hits the recommended daily ingestion rate. Chronicle will not stop ingesting Security Data if the Customer hits the Annual XDR Cap or Annual EDR Cap (together, the “Annual Cap”).
4.3. If customer exceeds the Annual Cap, and if Chronicle cannot find a solution to reduce the amount of data sent by Customer to the Chronicle Services, then Chronicle may, with prior notice to Customer, reduce Customer’s Data Period to a number of months that puts Customer below the Annual Cap (i.e. a first in, first out model).
5. Chronicle Services Proof of Concept Trials. Use of the Chronicle Services under a free proof of concept trial (“POC Trial”) is subject to the terms of the Agreement and this Addendum as modified in this Section 5.
(a) Only new Chronicle Services customers are eligible to participate in a POC Trial.
(b) The POC Trial starts when the Chronicle Services are made available to Customer (“POC Trial Start Date”) and ends on the earlier of: (i) 90 days from the POC Trial Start Date; (ii) the start date of the Chronicle Services ordered by Customer pursuant to a paid Order Form; or (iii) termination of the POC Trial by either party (“POC Trial Period”), in each case except in the event of written notice (including email) from Chronicle extending the duration of the POC Trial Period.
(a) Certain services and features may not be available under a POC Trial.
(b) The SLA, Chronicle’s indemnity, and Section 4 (Payment Terms) of the Agreement do not apply to Customer’s use of the Chronicle Services under a POC Trial. DURING THE POC TRIAL, THE CHRONICLE SERVICES ARE PROVIDED “AS-IS” WITHOUT ANY REPRESENTATIONS OR WARRANTIES OF ANY KIND. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THE AGREEMENT, CHRONICLE’S TOTAL AGGREGATE LIABILITY FOR DAMAGES ARISING OUT OF RELATED TO A POC TRIAL IS LIMITED TO $5,000.00 USD IN THE AGGREGATE.
5.4. Upgrading to Standard Chronicle Services Account.
(a) At any time during the POC Trial, Customer may convert its POC Trial Account into a standard Chronicle Services Account by placing a paid Order Form for the Chronicle Services.
(b) Customer’s continued use of the Chronicle Services after upgrading to a paid version of the Chronicle Services is subject to Customer’s compliance with the Agreement and the Addendum, and the POC Trial terms and conditions in this Section 5 will no longer apply.
5.5. Conclusion of the POC Trial.
(a) When the POC Trial ends or terminates, Customer will no longer have access to the Services. ANY CUSTOMER DATA IN THE CHRONICLE SERVICES AND ANY CUSTOMIZATIONS MADE TO THE SERVICES BY OR FOR CUSTOMER DURING CUSTOMER’S POC TRIAL WILL BE DELETED UNLESS CUSTOMER ORDERS THE SAME CHRONICLE SERVICES BEFORE THE END OF THE POC TRIAL PERIOD.
(a) Sections 5.3, 5.4 and 5.5 will survive any expiration or termination of a POC Trial.
(b) If the terms of this Section 5, the Agreement, and the Addendum conflict, the terms of this Section 5 will govern.