Chronicle Service Specific Terms

Last modified: September 20, 2021

These Chronicle Service Specific Terms are incorporated into the agreement under which Chronicle has agreed to provide the below services to Customer (the "Agreement"). If the Agreement authorizes the resale or supply of the Services under a Chronicle partner or reseller agreement or program, then all references to Customer in the Service Specific Terms mean Partner or Reseller (as applicable), and all references to Customer Data in the Service Specific Terms mean Partner Data. Capitalized terms used but not defined in the Service Specific Terms have the meaning given to them in the Agreement.

1. Services Summary.

1.1. Chronicle is a cloud-based security analytics service that enables customers to collect and analyze security telemetry from across their enterprise to power detection, investigation, and remediation of threats. As part of the service, Chronicle normalizes, correlates, and enriches security data to provide analysis and context on suspicious activity.

1.2. Google Cloud Threat Intelligence for Chronicle ("Threat Intelligence for Chronicle") is an add-on aggregate threat intelligence service for Chronicle customers that leverages Google threat intelligence to surface threats in their cloud and on-premise environments. It is supported by Google threat analysts who verify malicious indicators in security telemetry and surface contextualized alerts to customers, allowing them to make an informed response.

2. Service Terms.

2.1. Data Location. In the Order Form or by other means made available by Chronicle, Customer may select to store Customer Data in a specific Region/Multi-Region as detailed in the Chronicle Locations Page ("Data Location Selection"), and Chronicle will store that Customer Data at rest only in the selected Region/Multi-Region. If a Data Location Selection is not made by Customer, Chronicle may (subject to the Data Protection and Security Terms) process and store Customer Data anywhere Chronicle or its agents maintain facilities. The Services do not limit the locations from which Customer or Customer End Users may access Customer Data or to which they may move Customer Data. For clarity, Customer Data does not include resource identifiers, attributes, or other data labels, and Data Location Selection does not apply to Looker dashboarding and reporting.

2.2. Service Models.

  1. Chronicle. Chronicle is available in one of the following two service models, as specified in an Order Form:

    1. Number of Covered Personnel. Customers are charged a flat rate per each Covered Personnel. The following terms apply to this service model:

      1. Data Limitations. The Services are only to be used for Network Telemetry and Third Party Telemetry. Customer agrees that it will not provide any data to the Services that is not Network Telemetry or Third Party Telemetry. Customer further agrees to work with Chronicle to filter Customer Data that does not constitute Network Telemetry or Third Party Telemetry.

      2. Overages. Overages in the number of Covered Personnel are subject to proportional increases in Customer's Fees during an Order Term based on any ten percent (10%) or more increase in Covered Personnel from the number reported in an Order Form.

      3. Compliance. Within 30 days of Chronicle's reasonable written request, Customer will provide documentation establishing that the number of Covered Personnel providing Customer Data to the Services does not exceed the number reported in an Order Form plus ten percent (10%).

    2. Data Ingestion. Customers are charged a flat rate based on data ingestion up to the Data Cap. The following terms apply to this service model:

      1. Data Limitations. The Services are only to be used for Security Telemetry. Customer agrees that it will not provide any data to the Services that is not Security Telemetry.

      2. Overages. If Customer exceeds its Data Cap, Customer will either purchase an increase to its Data Cap or reduce its ingestion of Customer Data to an amount that Chronicle reasonably believes will keep Customer within its Data Cap. A breach of this section by Customer will allow Chronicle to seek termination of the applicable Order Form(s) for material breach.

  2. Threat Intelligence for Chronicle. Threat Intelligence for Chronicle is only available as an add-on to Chronicle. Customer must have an active Account for Chronicle to receive Threat Intelligence for Chronicle.

2.3. Results. To the fullest extent permitted by applicable law, Chronicle makes no guarantee or promise that the Services will provide Customer or Customer End Users with any specific outcome or result, or that the outcome or result of the Services will be correct or error free.

2.4. Third-Party Terms.

  1. Third-Party Offerings. Customer must obtain access to any Third-Party Offerings from the respective provider (a "Third-Party Provider"). To the extent Customer provides access to the Customer's Account to a Third-Party Offering or Third-Party Provider, Customer explicitly consents and instructs Chronicle to allow the Third-Party Provider of any such Third-Party Offerings to access Customer Data as may be required to interact with the Services, including to copy Customer Data into or out of the Services. For clarity, Third-Party Providers are not Subprocessors (as defined in the Data Processing and Security Terms).

    1. Disclaimers. The manner in which Third-Party Offerings and Third-Party Providers transmit, use, store, and disclose Customer Data is governed solely by the policies of such Third-Party Offering and Third-Party Provider. Chronicle will have no liability or responsibility for:

      1. Customer's use of a Third-Party Offering, including any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such Third-Party Offering, actions or the effect of actions that Customer authorizes the Service to take with respect to Third-Party Offerings and a Third-Party Provider's access to and use of Customer Data;

      2. the privacy practices or other actions of any Third-Party Offering or Third-Party Provider; or

      3. the accuracy, availability, or reliability of any data, information, content, services, advice, or statements made available in connection with such Third-Party Offering.

    2. Representations and Warranties. Customer represents and warrants that nothing in the Agreement, or Customer's use of the Services, will violate any agreement or terms with a third party to which Customer is subject.

  2. Looker Terms. Chronicle uses Looker and BigQuery for dashboarding and reporting features. Customer may only use Looker and BigQuery as part of the Services subject to any deployment, configuration, and use limitations provided or described by Chronicle. Chronicle may make Software available to Customer in connection with Customer's use of Looker, including third-party Software. Some Software may be subject to third-party license terms, which can be found at https://looker.com/trust-center/legal/notices-and-acknowledgements If Customer stops using the Services or Looker, then Customer will also stop using the Software. Notwithstanding any provision of these Chronicle Service Specific Terms, the then-current data processing and security terms for Looker described at https://looker.com/trust-center/legal/customers/dpst are incorporated by reference in the Agreement and apply to the storage and processing of Customer Data by Looker. Customer's access to Looker may be terminated by Chronicle, at any time, if Customer is found to be in breach of the Agreement. Notwithstanding anything to the contrary in the Agreement, as used in this Section 2.4(b), the term "Customer Data" means (a) all data in Customer's databases provided to Looker by Customer or End Users via the Services and (b) all results provided to Customer or End Users for queries executed against such data via Looker.

2.5. Pre-GA Offerings Terms. Chronicle may make available to Customer pre-general availability Service features, services or software that are either not yet listed in Section 1 (Services Summary) of these Chronicle Service Specific Terms, or identified as "Early Access," "Alpha," "Beta," "Preview," "Experimental," or a similar designation in related documentation or materials (collectively, "Pre-GA Offerings"). While Pre-GA Offerings are not Services, Customer's use of Pre-GA Offerings is subject to the terms of the Agreement applicable to Services, as amended by this Section 2.5.

Customer may provide feedback and suggestions about the Pre-GA Offerings to Chronicle, and Chronicle and its Affiliates may use any feedback or suggestions provided without restriction and without obligation to Customer.

PRE-GA OFFERINGS ARE PROVIDED "AS IS" WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES OR REPRESENTATIONS OF ANY KIND. Pre-GA Offerings (a) may be changed, suspended or discontinued at any time without prior notice to Customer and (b) are not covered by any SLA or Chronicle indemnity. Except as otherwise expressly indicated in a written notice or the documentation for a given Pre-GA Offering, (i) Pre-GA Offerings may not be covered by Chronicle TSS and (ii) the Chronicle Data Processing and Security Terms do not apply to Pre-GA Offerings and Customer should not use Pre-GA Offerings to process personal data or other data subject to legal or regulatory compliance requirements. With respect to Pre-GA Offerings, to the maximum extent permitted by applicable law, neither Chronicle nor its suppliers will be liable for any amounts in excess of the lesser of (A) the limitation on the amount of liability stated in the Agreement or (B) $1,000. Nothing in the preceding sentence will affect the remaining terms of the Agreement relating to liability (including any specific exclusions from any limitation of liability). Customer's access to and use of any Pre-GA Offering is subject to any applicable Scope of Use. Either party may terminate Customer's use of a Pre-GA Offering at any time with written notice to the other party.

3. Software Terms.

The following terms apply to all Software:

3.1. License. Chronicle grants Customer a royalty-free (unless otherwise stated by Chronicle), non-exclusive, non-sublicensable, non-transferable license during the Term to reproduce and use the Software ordered by Customer on systems owned, operated, or managed by or on behalf of Customer in accordance with (i) the Agreement, and (ii) if applicable, the Scope of Use. Customer may authorize its employees, agents, and subcontractors (collectively, "Software Users") to use the Software in accordance with this section (License), so long as Customer remains responsible. Customer may make a reasonable number of copies of the Software for back-up and archival purposes. For clarity, Software does not constitute Services.

3.2. Documentation. Chronicle may provide Documentation describing the appropriate operation of the Software, including a description of how Software is properly used, and whether and how the Software collects and processes data. Customer will comply with any restrictions in the Documentation regarding Software use.

3.3. Compliance with Scope of Use. Within 30 days of Chronicle's reasonable written request, Customer will provide a sufficiently detailed written report describing its usage in accordance with the applicable Scope of Use of each Software product used by Customer and its Software Users during the requested period. If requested, Customer will provide reasonable assistance and access to information to verify the accuracy of Customer's Software usage report(s).

3.4. Other Warranties and Compliance. Each party represents and warrants that it will comply with all laws and regulations applicable to its provision or use of the Software, as applicable. Customer will: (i) ensure that Customer and its Software Users' use of the Software complies with the Agreement and the restrictions in the Agreement applying to Customer's use of the Services; (ii) use commercially reasonable efforts to prevent and terminate any unauthorized access to or use of the Software; and (iii) promptly notify Chronicle of any unauthorized access to or use of the Software of which Customer becomes aware. If the Software contains open source or third-party components, those components may be subject to separate license agreements, which Chronicle will make available to Customer. If the Agreement terminates or expires, then Customer will stop using all Software and delete it from Customer's systems.

4. Trials.

Services may be made available to Customer on a trial basis. The parameters of each trial, including any Scope of Use, may be presented to Customer either through the Order Form, Documentation, email, or as otherwise communicated by Chronicle. Use of a trial indicates Customer's acceptance of any such parameters.

5. Additional Definitions.

"Covered Personnel" means an employee or contractor of Customer.

"Customer Network" means the network used by the Customer for internal business purposes, and all applications, software, services, and physical devices used for internal business purposes that connect to such network.

"Data Cap" means the amount of Customer Data the Customer is permitted to provide to the Services through the Account on an annual basis starting from the Services Start Date, as specified in an Order Form.

"Documentation" means the then-current Chronicle documentation made available by Chronicle to its customers for use with the Services.

"Network Telemetry" means Security Telemetry generated by devices that are part of the Customer Network and does not include Security Telemetry generated by anyone other than Covered Personnel; for example Network Telemetry does not include Security Telemetry generated by Customer's customers or Customer's partners.

"Scope of Use" means any limits on installation or usage of Services or Software presented by Chronicle.

"Security Telemetry" means the metadata or other data that relates to Customer's security posture and that is produced by security related features, products, or services.

"Third Party Telemetry" means Security Telemetry the Customer has received from a third party that Customer uses for purposes of securing the Customer Network.