+ All Categories
Home > Documents > SD Template (Global) - Consulting and Managed Services -...

SD Template (Global) - Consulting and Managed Services -...

Date post: 02-Oct-2020
Category:
Upload: others
View: 2 times
Download: 0 times
Share this document with a friend
24
1 RSA NetWitness Logs & Packets and RSA NetWitness Endpoint Services | v1.0 | July 3, 2017 Service Description RSA NetWitness® Logs & Packets and RSA NetWitness® Endpoint Services Introduction Dell EMC Services is pleased to provide RSA NetWitness Logs & Packets and RSA NetWitness Endpoint Services (the “Service(s)”) in accordance with this Service Description (“Service Description”). Your quote, order form or other mutually-agreed upon form of invoice or order acknowledgment (as applicable, the “Order Form”) will include the name of the service(s) and available service options that you purchased. For additional assistance or to request a copy of your service contract(s), contact technical support or your sales representative. The Scope of This Service Customer should refer to the Order Form to determine the specific type of service purchased. The table below outlines the scope of service depending on the type of service purchased. Service Name Scope of Service RSA NetWitness Endpoint Implementation This service provides Customer with the initial installation and deployment of the solution at a single location. This service also provides Customer with a functional host anomaly detection and analysis capability. Within the time available, activities may include some or all of the following: Manage the overall engagement and conduct pre-engagement teleconference to plan and schedule the engagement’s tasks Ensure that the environment and operational requirements (hardware, software, and infrastructure) are met by Customer, and provide the Customer with a list of any required or beneficial updates Conduct one whitelisting workshop to include the whitelisting of up to five gold images (if Customer requires this service element) Configure Structured Query Language (SQL) on one server Install and configure console User Interface (UI) software on up to three workstations Install and configure one roaming agent relay service on one server (if Customer requires this service element)
Transcript
Page 1: SD Template (Global) - Consulting and Managed Services - Drafti.dell.com/sites/doccontent/legal/service... · review of the customer support portal, RSA NetWitness community, hand-off

1 RSA NetWitness Logs & Packets and RSA NetWitness Endpoint Services | v1.0 | July 3, 2017

Service Description

RSA NetWitness® Logs & Packets and RSA NetWitness® Endpoint Services Introduction Dell EMC Services is pleased to provide RSA NetWitness Logs & Packets and RSA NetWitness Endpoint Services (the “Service(s)”) in accordance with this Service Description (“Service Description”). Your quote, order form or other mutually-agreed upon form of invoice or order acknowledgment (as applicable, the “Order Form”) will include the name of the service(s) and available service options that you purchased. For additional assistance or to request a copy of your service contract(s), contact technical support or your sales representative.

The Scope of This Service Customer should refer to the Order Form to determine the specific type of service purchased. The table below outlines the scope of service depending on the type of service purchased.

Service Name Scope of Service

RSA NetWitness Endpoint Implementation

This service provides Customer with the initial installation and deployment of the solution at a single location. This service also provides Customer with a functional host anomaly detection and analysis capability.

Within the time available, activities may include some or all of the following:

Manage the overall engagement and conduct pre-engagement teleconference to plan and schedule the engagement’s tasks

Ensure that the environment and operational requirements (hardware, software, and infrastructure) are met by Customer, and provide the Customer with a list of any required or beneficial updates

Conduct one whitelisting workshop to include the whitelisting of up to five gold images (if Customer requires this service element)

Configure Structured Query Language (SQL) on one server

Install and configure console User Interface (UI) software on up to three workstations

Install and configure one roaming agent relay service on one server (if Customer requires this service element)

Page 2: SD Template (Global) - Consulting and Managed Services - Drafti.dell.com/sites/doccontent/legal/service... · review of the customer support portal, RSA NetWitness community, hand-off

2 RSA NetWitness Logs & Packets and RSA NetWitness Endpoint Services | v1.0 | July 3, 2017

Install and configure OPSWAT Metascan (if Customer requires this service element)

Package agent with desired settings for supported operating systems and deploy up to 50 agents

Configure kernel adaptation system updates using RSA Live for Windows agents

Perform RSA NetWitness Logs & Packets integration (if Customer requires this service element)

Configure up to one syslog in Common Event Format (CEF) and one Simple Mail Transfer Protocol (SMTP) alert destination with provided templates

Validate deployment and basic functionality

Perform preliminary analysis on suspected host as time permits

Review available Dell EMC Services and RSA resources and Customer support process

Conducts a basic knowledge transfer to familiarize the Customer with administrative knowledge to include agent install/uninstall/update, environment maintenance, users/groups, troubleshooting and analyst knowledge to include scanning and extractions, machine status and groups, Instant Indicators of Compromise (IIOC) and Yara, hunting with RSA NetWitness Endpoint and preview of the Customer satisfaction survey.

Delivery:

Installation services will be primarily conducted on-site while some activities may be conducted off-site. Cost includes up to one (1) trip to a single location.

Subject to Customer satisfying the “Customer Responsibilities” specified here within, Dell EMC Services estimates that it will complete the Service within six (6) days after the actual service start date.

RSA NetWitness Logs & Packets Implementation Small

This service provides Customer with the deployment of RSA NetWitness Logs and Packets at a single location for up to ten (10) solution components, which may consist of up to one (1) RSA NetWitness Server and a variety of decoders, concentrators, brokers, archivers, virtual log collectors and event stream analysis devices plus up to five (5) extended storage units.

Within the time available, activities may include some or all of the following:

Conduct pre-engagement teleconference consultation

Plan and schedule the engagement’s installation and configuration tasks and ensure that the environment and operational implementation requirements (hardware, software, and infrastructure) are met by Customer, and provide the Customer with a list of required or beneficial updates

Conduct up to four workshops (of approximately one hour duration each) to address the following:

o Solution architecture and design

o Solution use cases:

Session reconstruction and syntax development (applicable for packets only)

Page 3: SD Template (Global) - Consulting and Managed Services - Drafti.dell.com/sites/doccontent/legal/service... · review of the customer support portal, RSA NetWitness community, hand-off

3 RSA NetWitness Logs & Packets and RSA NetWitness Endpoint Services | v1.0 | July 3, 2017

Out-of-the-box RSA Live content rules, parsers, feeds, alerts and reports

If needed, unpack appliance, attach rails, rack & stack and validate power

Perform integration with RSA direct attached capacity (DAC) or storage area network (SAN) (if Customer requires this service element and purchased simultaneously with RSA NetWitness)

Complete, configure and verify the RSA NetWitness registration and licensing tasks with the Customer

Install the RSA NetWitness service packs as needed

Configure/verify network settings (Internet Protocol (IP) address, hostname, Domain Name Server (DNS), Network Time Protocol (NTP)) on all appliances for appropriate auto-start behavior

Configure and verify inter-device connections between the solution components as appropriate based on the Customer’s purchase

Verify data capture on decoder appliance(s)

Configure integration of up to five (5) log event sources (if Customer requires this service element)

Configure up to ten (10) out-of-the-box rules, alerts and reports using RSA Live content to address a variety of use cases (for example authentication, access control, privilege escalation, group management, traffic filtering, port use, unknown services and configuration management)

Conduct a basic product functional overview to familiarize Customer with the implemented solution, demonstrating the normal operations as installed in the Customer’s environment. This will include session reconstruction and syntax development (if Customer requires this service element), out-of-the-box RSA Live content rules, parsers, feeds, alerts and reports, along with a review of the customer support portal, RSA NetWitness community, hand-off to Customer care for on-going support and preview of the customer satisfaction survey.

Delivery:

Installation services will be primarily conducted on-site while some activities may be conducted off-site. Cost includes up to two (2) trips to a single location.

Subject to Customer satisfying the “Customer Responsibilities” specified here within, Dell EMC Services estimates that it will complete the Service within twelve (12) days after the actual service start date.

RSA NetWitness Logs & Packets Implementation Medium

This service provides Customer with the deployment of RSA NetWitness logs and Packets at a single location for up to twenty (20) solution components, which may consist of up to two (2) RSA NetWitness Servers and a variety of decoders, concentrators, brokers, archivers, virtual log collectors and event stream analysis devices plus up to fifteen (15) extended storage units.

Within the time available, activities may include some or all of the following:

Conduct pre-engagement teleconference consultation

Plan and schedule the engagement’s installation and configuration tasks and ensure that the environment and operational implementation requirements

Page 4: SD Template (Global) - Consulting and Managed Services - Drafti.dell.com/sites/doccontent/legal/service... · review of the customer support portal, RSA NetWitness community, hand-off

4 RSA NetWitness Logs & Packets and RSA NetWitness Endpoint Services | v1.0 | July 3, 2017

(hardware, software, and infrastructure) are met by Customer, and provide the Customer with a list of required or beneficial updates

Conduct up to four workshops (of approximately one hour duration each) to address the following:

o Solution architecture and design

o Solution use cases:

Session reconstruction and syntax development (for packets, if Customer requires this service element)

Out-of-the-box RSA Live content rules, parsers, feeds, alerts and reports

If needed, unpack appliance, attach rails, rack & stack and validate power

Perform integration with RSA DAC or SAN, (if applicable and purchased simultaneously with RSA NetWitness)

Complete, configure and verify the RSA NetWitness registration and licensing tasks with the Customer.

Install the RSA NetWitness Service Packs as needed

Configure/verify network settings (IP address, hostname, DNS, NTP) on all appliances for appropriate auto-start behavior

Configure and verify inter-device connections between the solution components as appropriate based on the Customer’s purchase

Verify data capture on decoder appliance(s)

Configure up to five (5) log event sources, if Customer requires this service element

Configure up to ten (10) out-of-the-box rules, alerts and reports using RSA Live content to address a variety of use cases (for example authentication, access control, privilege escalation, group management, traffic filtering, port use, unknown services and configuration management)

Conduct a basic product functional overview to familiarize the Customer with the implemented solution, demonstrating the normal operations as installed in the Customer’s environment. This will include session reconstruction and syntax development (for packets, if Customer requires this service element), out-of-the-box RSA Live content rules, parsers, feeds, alerts and reports, along with a review of the customer support portal, RSA NetWitness community, hand-off to Customer care for on-going support and preview of the customer satisfaction survey.

Delivery:

Installation services will be primarily conducted on-site while some activities may be conducted off-site. Cost includes up to three (3) trips to a single location.

Subject to Customer satisfying the “Customer Responsibilities” specified here within, Dell EMC Services estimates that it will complete the Service within eighteen (18) days after the actual service start date.

RSA NetWitness Logs & Packets

This service provides Customer with the deployment of RSA NetWitness Logs and Packets at a single location for up to thirty (30) solution components, which may consist of up to five (5) RSA NetWitness Servers and a variety of decoders, concentrators,

Page 5: SD Template (Global) - Consulting and Managed Services - Drafti.dell.com/sites/doccontent/legal/service... · review of the customer support portal, RSA NetWitness community, hand-off

5 RSA NetWitness Logs & Packets and RSA NetWitness Endpoint Services | v1.0 | July 3, 2017

Implementation Large

brokers, archivers, virtual log collectors and event stream analysis devices plus up to thirty (30) extended storage units.

Within the time available, activities may include some or all of the following:

Conduct pre-engagement teleconference consultation

Plan and schedule the engagement’s installation and configuration tasks and ensure that the environment and operational implementation requirements (hardware, software, and infrastructure) are met by Customer, and provide the Customer with a list of required or beneficial updates

Conduct up to four workshops (of approximately one hour duration each) to address the following:

o Solution architecture and design

o Solution use cases:

Session reconstruction and syntax development (for packets, if Customer requires this service element)

Out-of-the-box RSA Live content rules, parsers, feeds, alerts and reports

If needed, unpack appliance, attach rails, rack & stack and validate power

Perform integration with RSA DAC or SAN, (if Customer requires this service element and purchased simultaneously with RSA NetWitness)

Complete, configure and verify the RSA NetWitness registration and licensing tasks with Customer.

Install the RSA NetWitness service packs as needed

Configure/verify network settings (IP address, hostname, DNS, NTP) on all appliances for appropriate auto-start behavior

Configure and verify inter-device connections between the solution components as appropriate based on Customer’s purchase

Verify data capture on decoder appliance(s)

Configure up to five (5) log event sources, if Customer requires this service element

Configure up to ten (10) out-of-the-box rules, alerts and reports using RSA Live content to address a variety of use cases (for example authentication, access control, privilege escalation, group management, traffic filtering, port use, unknown services and configuration management)

Conduct a basic product functional overview to familiarize Customer with the implemented solution, demonstrating the normal operations as installed in Customer’s environment. This will include session reconstruction and syntax development (for packets, if Customer requires this service element), out-of-the-box RSA Live content rules, parsers, feeds, alerts and reports, along with a review of the Customer support portal, RSA NetWitness community, hand-off to Customer care for on-going support and preview of the Customer satisfaction survey.

Delivery:

Installation services will be primarily conducted on-site while some activities may be conducted off-site. Cost includes up to four (4) trips to a single location.

Page 6: SD Template (Global) - Consulting and Managed Services - Drafti.dell.com/sites/doccontent/legal/service... · review of the customer support portal, RSA NetWitness community, hand-off

6 RSA NetWitness Logs & Packets and RSA NetWitness Endpoint Services | v1.0 | July 3, 2017

Subject to Customer satisfying the “Customer Responsibilities” specified here within, Dell EMC Services estimates that it will complete the Service within twenty-four (24) days after the actual service start date.

Audit for RSA Logs Universal Device Support (UDS)

This service provides Customer with a review of an event source which is not otherwise supported by NetWitness Logs out-of-the-box. The audit is conducted to determine whether the event source can be integrated with NetWitness.

A successful audit should lead to a subsequent and additional service engagement directed towards the development of the code (event source development) and the actual integration of the event source with NetWitness (event source deployment). Contact your Dell EMC Services sales representative about the RSA NetWitness implementation for logs UDS service for integrating the event source with your NetWitness solution.

Within the time available, activities may include some or all of the following:

Meet with Customer to ensure that the environment and operational implementation requirements (hardware, software, and infrastructure) are met by Customer, and provide Customer with a list of required or beneficial updates

Plans and schedules the engagement tasks

Facilitate data collection and one-on-one interviews with the Subject Matter Experts (SME) to review Customer’s current NetWitness environment

Review the general needs for supporting a single, identified event source, including the purpose of the event source and how monitoring of that event source fits within the overall requirements for security and compliance

Gathering of event source information including actual log files (event messages), product documentation and general descriptions of the messaging, its purpose and how it is to be used

Determination of data extraction requirements and how events will be collected from the event source

Determination of transport specifications and the protocol for message collection (e.g. File Transfer Protocol (FTP), Syslog, Simple Network Management Protocol (SNMP) or Open Database Connectivity (ODBC)

Determination of output requirements for Alerting and Reporting that are specific to the event source

Note:

It is possible, though unlikely, that the audit will reveal that the event source logs cannot be collected for integration with NetWitness. Examples include event sources that generate multiple lines per event (NetWitness generally supports only single-line event collection). It is also possible that upon review, some logs do not provide sufficiently meaningful information to meet Customer requirements.

Delivery:

The cost of the Service includes up to one (1) site visit. Some or all engagement activities may also be conducted remotely. Up to twenty-four (24) hours of remote assistance is included.

Subject to Customer satisfying the “Customer Responsibilities” specified here within, Dell EMC Services estimates that it will complete the Service within twenty-eight (28) days after the actual service start date.

Page 7: SD Template (Global) - Consulting and Managed Services - Drafti.dell.com/sites/doccontent/legal/service... · review of the customer support portal, RSA NetWitness community, hand-off

7 RSA NetWitness Logs & Packets and RSA NetWitness Endpoint Services | v1.0 | July 3, 2017

Implementation for RSA Logs UDS30

This service provides Customer with support for receiving, parsing, and logging up to 30 messages from a single event source for Customer’s NetWitness solution. The service is typically preceded by an audit engagement (RSA NetWitness Audit for Logs UDS) determination that an unsupported event source can be successfully integrated with the NetWitness Logs solution.

Within the time available, activities may include some or all of the following:

Plan / schedule the engagement tasks

Utilize the output from the UDS Audit in order to parse up to 30 messages for form and variation

Map the messages into the RSA NetWitness taxonomy

Create the UDS parser using Extensible Markup Language (XML) 2.0 schema

Parse up to 30 unique messages

Generate up to 5 reports using the parser metadata

Conduct a basic product functional overview to familiarize Customer with the delivered Implementation of the Service, demonstrating the normal operations as installed in Customer’s environment

Delivery:

The cost of the Service includes up to one (1) site visit. Some or all engagement activities may also be conducted remotely.

Subject to Customer satisfying the “Customer Responsibilities” specified here within, Dell EMC Services estimates that it will complete the Service within thirty (30) hours after the actual service start date.

RSA NetWitness Suite One Day Remote Advisory

The Service provides Customer professional services with assistance and knowledge transfer to help with solution configuration, content development and related solution requirements, subject to the estimate of effort. The scope of this one-day (eight (8) hours) engagement addresses remote advisory services relating to general Customer requirements with the RSA NetWitness Suite. The service is intended to be used to address general product related configuration requirements relating to RSA NetWitness Logs and Packets and RSA NetWitness Endpoint. For activities that may require additional effort, such as parser development and device integration, multiples of this service offering may be purchased. The effort will be performed off-site with Customer staff to perform various tasks within the time available. Those tasks may include the following:

Conduct pre-engagement teleconference consultation

Plan and schedule the engagement’s tasks and ensure that the environment and operational implementation requirements (hardware, software, and infrastructure) are met by Customer, and provide Customer with a list of required or beneficial updates

Troubleshooting of the RSA NetWitness suite components including server configuration, licensing, performance, functionality, reporting, health and wellness

RSA NetWitness Logs and Packets

o Event source management, incident management, malware analysis, RSA Live services (content, feedback and threat connect), ESA and other solution components, as appropriate

Page 8: SD Template (Global) - Consulting and Managed Services - Drafti.dell.com/sites/doccontent/legal/service... · review of the customer support portal, RSA NetWitness community, hand-off

8 RSA NetWitness Logs & Packets and RSA NetWitness Endpoint Services | v1.0 | July 3, 2017

o Assistance with creating custom content, troubleshooting ESA rules or help with the creation of custom reports

o Data carving and segmentation activities, such as parameters for traffic directionality

o Data management activities, such as data capture parameters for raw packet and raw log data, packet metadata and log metadata

o Packet and log data filtering/truncation using berkley packet filters, network rules, and application rules, as applicable

o Data enrichment with parsers, network and application rules, feeds, and custom meta keys

o Other solution performance enhancing activities, such as adjusting parameters of indexes, database sizes, and query operations resulting in improved investigations, alerting and reporting

o Troubleshooting of ESA rules from RSA Live which may include alert deployment and tuning, advanced rule building, output template creation and configuration and tuning of other modules (incident management, etc.)

RSA NetWitness Endpoint

o Troubleshooting of requirements relating to solution configuration, whitelisting, database server, reporting and alerting and agent deployment

General knowledge transfer regarding the engagement activities

RSA NetWitness Logs and Packets Tuning & Optimization Service

This service provides Customer with the tuning and optimization of RSA NetWitness Logs and Packets at a single location for up to thirty (30) solution components, which may consist of up to five (5) RSA NetWitness servers and a variety of other solution components including decoders, concentrators, brokers, archivers, local and virtual log collectors and Event Stream Analysis (ESA), including troubleshooting of the integration with the database and storage solution components.

Within the time available, activities may include some or all of the following:

Conduct pre-engagement teleconference consultation

Plan and schedule the engagement’s tuning and optimization tasks and ensure that the environment and operational implementation requirements (hardware, software, and infrastructure) are met by Customer, and provide Customer with a list of required or beneficial updates

If needed, unpack appliance, attach rails, rack & stack, validate power and perform initial installation and configuration for up to one event stream analysis (ESA) appliance

Optimization and tuning of the RSA NetWitness server components including licensing, event source management, reporting engine, incident management, malware analysis, RSA Live services (content, feedback and threat connect), health and wellness, ESA and other RSA NetWitness solution components

Data carving and segmentation activities, such as parameters for traffic directionality

Data management activities, such as data capture parameters for raw packet and raw log data, packet metadata and log metadata

Packet and log data filtering/truncation using berkley packet filters, network rules, and application rules, as applicable

Page 9: SD Template (Global) - Consulting and Managed Services - Drafti.dell.com/sites/doccontent/legal/service... · review of the customer support portal, RSA NetWitness community, hand-off

9 RSA NetWitness Logs & Packets and RSA NetWitness Endpoint Services | v1.0 | July 3, 2017

Data enrichment with parsers, network and application rules, feeds, and custom meta keys

Reporting engine rules development for report and chart generation

Other solution component performance enhancing activities, such as adjusting parameters of indexes, database sizes, and query operations resulting in improved investigations, alerting and reporting

Deploy, customize and tune up to 5 ESA rules from RSA Live which may include alert deployment and tuning, advanced rule building, output template creation and configuration and tuning of other modules (example: incident management)

RSA Software upgrades

Troubleshooting of performance and functionality

Knowledge transfer to assist with tuning and optimization

Delivery:

The cost of the Service includes up to two (2) site visits. Some or all engagement activities may also be conducted remotely.

Subject to Customer satisfying the “Customer Responsibilities” specified here within, Dell EMC Services estimates that it will complete the Service within ten (10) days after the actual service start date.

RSA NetWitness Suite Advisory Subscriptions

This service provides Customer RSA NetWitness Logs & Packets and RSA NetWitness Endpoint advisory expertise ranging from configuration and integration tasks to content development and end-point analytics for a duration of a number of days. Within the time available, activities may include some or all of the following:

Manage the overall engagement and conduct pre-engagement teleconference to plan and schedule the engagement’s tasks and facilitate periodic status update meetings

Managing logistics, administration and communications throughout the project

Ensure that the environment and operational requirements (hardware, software, and infrastructure) are met by Customer, and provide Customer with a list of required or beneficial updates

Use case development, including related parsers, feeds, and application rules

Review of policies and procedures, use cases, roles and responsibilities to ensure RSA NetWitness Endpoints will meet business objectives

Architecture consulting and design with respect to the RSA NetWitness deployment

System integration efforts between the RSA NetWitness Suite and other systems

Analysis of network traffic

Conducts a basic knowledge transfer to familiarize Customer with administrative knowledge to include installation/update, agent deployment, environment maintenance, users/groups, and troubleshooting and analyst knowledge to

Page 10: SD Template (Global) - Consulting and Managed Services - Drafti.dell.com/sites/doccontent/legal/service... · review of the customer support portal, RSA NetWitness community, hand-off

10 RSA NetWitness Logs & Packets and RSA NetWitness Endpoint Services | v1.0 | July 3, 2017

include, IOCs, Yara signatures, endpoint scanning, machines status and groups, and analysis and hunting with the RSA NetWitness Suite

Number of days:

The service is available for 10, 20 or 40 days. Refer to the Order Form to identify the exact number.

Delivery:

The cost of the Service does not include travel & expenses and will be conducted off-site.

Subject to Customer satisfying the “Customer Responsibilities” specified here within, Dell EMC Services estimates that it will complete the Service within three-hundred-sixty-five (365) days after the actual service start date.

RSA Retainers for Incident Response

This service provides Customer with a proactive process for engaging RSA on retainer, facilitating rapid access to incident response resources and expertise should an incident occur.

The service is delivered by a team of experts in incident forensics and data analysis. Through a combination of RSA NetWitness Packets, RSA NetWitness Endpoint and open source analysis and research, RSA conducts incident discovery to identify potential anomalies in the IT systems environment. All services, contracts, and activities in connection with this service description shall be conducted in English.

The Service exists in four (4) different service levels; Bronze, Silver, Gold and Platinum. Refer to the Order Form to identify which service level Customer has purchased.

Within the time available, activities may include some or all of the following:

Proactively define engagement process in anticipation of incident scenario (“Initial Review”):

o Identify the locations relating to any initial response services which may be provided

o Review organizational mission, asset criticality and the nature of potentially targeted data

o Identify points of contact, roles and responsibilities and related contact information

o Review the incident handling and escalation process and breach disclosure requirements

o Identify Customer technologies which may assist in any potential incident response activities

o Review geographic footprint and locations for any potential follow-on incident response activities

o Review engagement “welcome pack,” consisting of the instructions and guidelines for engaging RSA’s incident response team in the event of an incident

o Platinum only: Review Customer provided incident response plan if Customer requires this service element, to align potential use of RSA’s incident response team with Customer processes, procedures and workflows for incident response

Subject to being contacted by Customer in an actual incident scenario

o Conduct initial triage:

Page 11: SD Template (Global) - Consulting and Managed Services - Drafti.dell.com/sites/doccontent/legal/service... · review of the customer support portal, RSA NetWitness community, hand-off

11 RSA NetWitness Logs & Packets and RSA NetWitness Endpoint Services | v1.0 | July 3, 2017

Review current situation, participant roles and responsibilities (including finance, legal, law enforcement, etc.), activities and data gathered to date, the nature of targeted data and its criticality

Identify additional data gathering requirements (e.g. log files, network packet capture, host forensic images, memory dumps and malware)

o Conduct preliminary analysis:

Review data gathered to date, which may include using a combination of open source intelligence gathering and research, host-based forensic analysis, network-based forensic analysis and malware analysis

o Provide direction and guidance for additional activities, including the deployment of enterprise-class RSA tools and technologies as appropriate, for incident response and remediation activities to be fulfilled in a separate statement of work

o Draft and review preliminary analysis report outlining general findings and suggested next steps

Platinum only: In conjunction with the incident discovery:

o Fulfill the initial installation and deployment of a RSA NetWitness Packets appliance-based solution at a single location to enable network security monitoring and/or network forensics for the purposes of this engagement

o Activate a RSA NetWitness Endpoint client-server solution on one Customer provided server and a mutually agreed upon number of endpoint systems

o Analyze network and host data for indications of attacker activity, active malware, beaconing activity, lateral movement to other systems, “command and control” efforts and information exposure or exfiltration

o Conduct analysis on any identified malware and attempt to determine its capabilities and functionality and derive indicators of compromise (IOCs) to further the investigation

o Create forensic images according to industry standards and best practices of either live or dead media as appropriate

o If requested by Customer, provide samples of any malware discovered and reconstructed

o If requested by Customer, remove all collected data from the RSA NetWitness Packets appliances and RSA NetWitness Endpoint systems using industry-standard software wipe processes. If Customer requires physical data destruction, RSA will provide a quote for Customer to purchase all non-volatile storage devices within the deployed RSA NetWitness appliances.

o Subject to the limitation of the estimate of effort, and in conjunction with any related investigative work streams, provide guidance and direction relating to strategies for incident remediation and recovery. Assistance may include security control recommendations, implementation of recommendations associated with the RSA toolset, project management support, and interaction with executive leadership/legal counsel to provide clarity with respect to the nature of the threat

Page 12: SD Template (Global) - Consulting and Managed Services - Drafti.dell.com/sites/doccontent/legal/service... · review of the customer support portal, RSA NetWitness community, hand-off

12 RSA NetWitness Logs & Packets and RSA NetWitness Endpoint Services | v1.0 | July 3, 2017

environment, associated challenges, and recommended best practices for long term success.

o Provide updates on the status of the incident response along with an incident discovery findings report summarizing relevant findings and details of the incident

Delivery:

After having completed the Initial Review:

o The estimated effort relating to the services is up to:

Bronze: 24 hours

Silver: 66 hours

Gold: 120 hours

Platinum: 242 hours

o The service level for initial triage after being contacted by Customer in an actual incident scenario:

Bronze: 8 hours

Silver: 6 hours

Gold: 3 hours

Platinum: 3 hours

o The service level for remote preliminary analysis after being contacted by Customer in an actual incident scenario:

Bronze: 24 hours

Silver: 24 hours

Gold: 12 hours

Platinum: 12 hours

o The service level for any on-site preliminary analysis is to be en-route after being contacted by Customer in an actual incident scenario, subject to any visa or travel requirements which may be outside of Dell EMC Services’ control:

Bronze: 72 hours

Silver: 48 hours

Gold: 24 hours

Platinum: 24 hours

While some of the activities may be conducted off-site, the cost of the Service includes one (1) on-site visit.

Assumptions:

Bronze, Silver, Gold and Platinum:

Customer will provide a new or amended Order Form and shall pay additional amounts related to (i) performance of services outside Dell EMC Services normal business hours or consecutive days, and (ii) reimbursement of any travel-related expenses.

At the end of the one (1) year service term, any remaining unused service hours shall expire and shall be forfeited. No refunds shall be provided based on any remaining unused service days.

Page 13: SD Template (Global) - Consulting and Managed Services - Drafti.dell.com/sites/doccontent/legal/service... · review of the customer support portal, RSA NetWitness community, hand-off

13 RSA NetWitness Logs & Packets and RSA NetWitness Endpoint Services | v1.0 | July 3, 2017

Subject to Customer satisfying the “Customer Responsibilities” specified here within, Dell EMC Services estimates that it will complete the Service within three-hundred-sixty-five (365) days after the actual service start date.

RSA Incident Discovery

The service provides Customer with a proactive review of traffic entering, leaving and within the network, and on host systems in situations without any particular prior grounds for suspecting adversary activities. The service is delivered by experts in incident forensics and data analysis. Through a combination of RSA NetWitness Packets, RSA NetWitness Endpoint and open source analysis and research activities, RSA provides Customer with real insights into potential anomalies in the information technology (IT) systems environment.

Within the time available, activities may include some or all of the following:

Conduct pre-engagement teleconference consultation to plan and schedule the engagement’s tasks

Ensure that the environment and operational implementation requirements (hardware, software, and infrastructure) are met by Customer, and provide Customer with a list of required or beneficial updates

Fulfill the initial installation and deployment of a RSA NetWitness appliance based solution at a single location to enable network security monitoring and/or network forensics for the purposes of this engagement, and:

o Perform integration with RSA DAS (if Customer requires this service element)

o Install the RSA NetWitness service packs as needed

o Configure/verify network settings; licenses; inter-device connections between decoder(s), concentrator(s) and broker(s) appliances

o Verify data capture on decoder appliance(s)

RSA NetWitness Endpoint based host system analysis:

o For the duration of the engagement, activate a RSA NetWitness Endpoint client-server solution on one Customer provided server and a mutually agreed upon number of client host systems

Analyze network and host data for indications of attacker activity, active malware, beaconing activity, lateral movement to other systems, “command and control” efforts and information exposure or exfiltration

Conduct analysis on any identified malware and attempt to determine its capabilities and functionality and derive indicators of compromise (IOCs) to further the investigation

Create forensic images according to industry standards and best practices of either live or dead media as appropriate

If requested by Customer, provide samples of any malware discovered and reconstructed.

If requested by Customer, remove all collected data from the RSA NetWitness appliances and RSA NetWitness Endpoint systems using industry-standard software wipe processes. If Customer requires physical data destruction, RSA will provide a quote for Customer to purchase all non-volatile storage devices within the deployed RSA NetWitness appliances.

Subject to the limitation of the estimate of effort, and in conjunction with any related investigative work streams, provide guidance and direction relating to strategies for incident remediation and recovery. Assistance may include

Page 14: SD Template (Global) - Consulting and Managed Services - Drafti.dell.com/sites/doccontent/legal/service... · review of the customer support portal, RSA NetWitness community, hand-off

14 RSA NetWitness Logs & Packets and RSA NetWitness Endpoint Services | v1.0 | July 3, 2017

security control recommendations, implementation of recommendations associated with the RSA toolset, project management support, and interaction with executive leadership/legal counsel to provide clarity with respect to the nature of the threat environment, associated challenges, and recommended best practices for long term success.

Provide updates on the status of the engagement along with a findings report summarizing relevant details of the discovery and analysis activities.

Assumptions:

RSA Incident Discovery services:

Customer will provide a new or amended Order Form and shall pay additional amounts related to (i) performance of services outside Dell EMC Services normal business hours or consecutive days, and (ii) reimbursement of any travel-related expenses.

At the end of the one (1) year service term, any remaining unused service hours shall expire and shall be forfeited. No refunds shall be provided based on any remaining unused service days.

RSA Jumpstart for Analytic Intelligence

This service enables RSA NetWitness Logs and Packets and RSA NetWitness Endpoint customers to optimize product investments by conducting proactive “hunting” and analysis activities relating to traffic entering, leaving and within the network, and on host systems. It includes knowledge transfer during the hunting and analysis process and is delivered by incident forensics and data analysis experts.

Within the time available, activities may include some or all of the following:

Conduct pre-engagement teleconference consultation to plan and schedule the engagement’s tasks

Ensure that the environment and operational implementation requirements (hardware, software, and infrastructure) are met by Customer, and provide Customer with a list of required or beneficial updates

Review the existing installation and deployment at a single location to ensure the effectiveness of network monitoring/forensics capabilities to support this engagement. Customers with multiple locations may need to purchase more than one unit of this service.

Provide feedback relating to architecture and design, performance, preferred practices, and availability/retention issues

Analyze network and host data for indications of attacker activity, active malware, beaconing activity, lateral movement to other systems, “command and control” efforts and information exposure or exfiltration

Conduct device management and configuration optimization activities

Facilitate knowledge transfer for more effective use of the RSA technologies. This may include technical architecture and design, parsers/feeds and rules that can provide more effective data analytics, integration of external information/intelligence, and reports that facilitate analytic intelligence and analysis.

Deploy Incident Response (IR) content pack and familiarize Customer with relevant content capabilities

Conduct knowledge transfer sessions while performing analysis to emphasize product capabilities, advanced hunting techniques, analysis methodology, most

Page 15: SD Template (Global) - Consulting and Managed Services - Drafti.dell.com/sites/doccontent/legal/service... · review of the customer support portal, RSA NetWitness community, hand-off

15 RSA NetWitness Logs & Packets and RSA NetWitness Endpoint Services | v1.0 | July 3, 2017

effective use of technology, and integration potential with other Customer technology and processes

Provide feedback and recommendations on potential integration of RSA NetWitness into Customer’s current incident response process compared to best practices

Delivery:

The cost of the Service does not include on-site visits nor travel and expenses and will be conducted remotely.

Subject to Customer satisfying the “Customer Responsibilities” specified here within, Dell EMC Services estimates that it will complete the Service within eleven (11) days after the actual service start date.

RSA Subscription for Analytic Intelligence

This proactive service enables RSA NetWitness Logs and Packets and RSA NetWitness Endpoint customers to optimize product investments by conducting proactive “hunting” and analysis activities relating to traffic entering, leaving and within the network, and on host systems. It includes knowledge transfer during the malware hunting and analysis process. This service is typically delivered at quarterly intervals throughout the year by RSA’s incident forensics and data analysis experts.

Within the time available, activities may include some or all of the following:

Conduct pre-engagement teleconference consultation to plan and schedule the engagement’s tasks

Ensure that the environment and operational implementation requirements (hardware, software, and infrastructure) are met by Customer, and provide Customer with a list of required or beneficial updates

Conduct four periodic and proactive consulting sessions, each typically consisting of one 74 hour (approximately) session per calendar quarter to include hunting and analysis activities (approximately 36 hours), device management (approximately 8 hours), knowledge transfer (approximately 8 hours), reporting (approximately 8 hours) and project management (approximately 14 hours), as follows:

o Review the existing installation and deployment of RSA NetWitness at a single location to ensure effectiveness of network monitoring/forensics capabilities to support this engagement

o Provide feedback relating to architecture and design, performance, preferred practices, and availability/retention issues

o Analyze network and host data for traces of attacker activity, active malware, beaconing activity, lateral movement to other systems, “command and control” efforts and information exposure or exfiltration

o Conduct analysis on any identified malware and attempt to determine its capabilities and functionality and derive Indicators of Compromise (IOCs) to further the investigation

o If requested by the Customer, provide samples of any malware discovered and reconstructed

o Facilitate knowledge transfer for more effective use of the RSA technologies. This may include technical architecture and design, parsers, feeds and rules that can provide more effective data analytics, integration of external information/intelligence, and reports that facilitate analytic intelligence and analysis.

Page 16: SD Template (Global) - Consulting and Managed Services - Drafti.dell.com/sites/doccontent/legal/service... · review of the customer support portal, RSA NetWitness community, hand-off

16 RSA NetWitness Logs & Packets and RSA NetWitness Endpoint Services | v1.0 | July 3, 2017

o Conduct device management and configuration optimization activities

o Deploy IR content pack and familiarize Customer with relevant content capabilities

o Provide quarterly engagement summary report with updates on the highlights of the analytic intelligence activities

Subject to the limitation of the estimate of effort, and in conjunction with any related investigative work streams, provide guidance and direction relating to strategies for incident remediation and recovery. Assistance may include security control recommendations, implementation of recommendations associated with the RSA toolset, project management support, and interaction with executive leadership/legal counsel to provide clarity with respect to the nature of the threat environment, associated challenges, and recommended best practices for long term success.

Provide guidance and direction for any separate engagements and to be fulfilled by a separate statement of work relating to potential incident response activities.

Delivery:

The cost of the Service does not include on-site visits nor travel and expenses and will be conducted remotely.

The estimated time spent to deliver the Service is two-hundred-and-ninety-six (296) hours.

Subject to Customer satisfying the “Customer Responsibilities” specified here within, Dell EMC Services estimates that it will complete the Service within three-hundred-sixty-five (365) days after the actual service start date.

A Dell EMC Services representative will contact Customer to schedule the Service, allowing for at least a thirty (30) business day lead time prior to the start of the Service, based upon a mutually agreed resource availability and work closely with Customer staff to assist Customer personnel performing the service activities, within the time available, which may include some or all of the activities outlined above for the Service purchased.

Deliverables The following is a list of tangible material provided as part of the Service:

Service Name Document Description

RSA NetWitness and Logs & Packets Implementations

Trip report Dell EMC Services will provide a trip report documenting the deployment described in the “Scope of Service” section above

RSA Jumpstart for Analytic Intelligence

Engagement summary report

Dell EMC Services will provide an engagement summary report documenting highlights of the analysis activities

Page 17: SD Template (Global) - Consulting and Managed Services - Drafti.dell.com/sites/doccontent/legal/service... · review of the customer support portal, RSA NetWitness community, hand-off

17 RSA NetWitness Logs & Packets and RSA NetWitness Endpoint Services | v1.0 | July 3, 2017

RSA Subscription for Analytic Intelligence

Engagement summary report

Dell EMC Services will provide an engagement summary report each quarter, documenting highlights of the analysis activities

RSA NetWitness Tuning & Optimization Service

Optimization & knowledge transfer checklist

Dell EMC Services will provide an optimization & knowledge transfer checklist highlighting the key tasks conducted and addressed during the knowledge transfer

RSA NetWitness Logs Implementation for UDS

XML Formatted Parser File

Dell EMC Services will provide a file to facilitate parsing and integration of the logs from the audited event source

RSA NetWitness Suite Advisory Subscriptions

Results report Dell EMC Services will provide a results report with on-site or off-site performance of Customer directed tasks, subject to effort estimate

RSA Retainer for Incident Response - All levels

Preliminary analysis report

In connection with any initial response, Dell EMC Services will provide an preliminary analysis report

RSA Retainer for Incident Response – Platinum only

Incident discovery findings report

In connection with incident discovery, Dell EMC Services will provide an incident discovery findings report

RSA Incident Discovery

Incident discovery findings report

Dell EMC Services will provide an incident discovery findings report

Assumptions Dell EMC Services has made the following specific assumptions while specifying the Services detailed in this Service Description:

Any unused remote assistance time must be scheduled within ninety (90) days of the completion of the Service or shall be forfeited. If forfeited, the Customer will not be entitled to a refund.

Knowledge transfer relates largely to the Customer’s environment with a general product overview. Knowledge transfer does not substitute for formal RSA education services product courses.

The functional overview relates to the Customer’s environment and does not substitute for formal RSA education services product courses.

Exclusions For the avoidance of doubt, the following activities are not included in the scope of this Service Description:

Any services, tasks or activities other than those specifically noted in this service description. Such services, tasks or activities, may include for an additional fee;

o Modification of Customer application software. o Development of custom solutions including, without limitation, scripting. o Multiple, basic installation services requiring project management services. o Prolonged service duration. o Any actions associated with remediation of any identified compromise. o Host forensics and analysis.

Page 18: SD Template (Global) - Consulting and Managed Services - Drafti.dell.com/sites/doccontent/legal/service... · review of the customer support portal, RSA NetWitness community, hand-off

18 RSA NetWitness Logs & Packets and RSA NetWitness Endpoint Services | v1.0 | July 3, 2017

o Complete event source integration outside of the configuration of sample devices for knowledge transfer purposes.

The Service offering does not include any of the associated costs for any needed appliance leasing.

The Service does not include the development of any intellectual property created solely and specifically for the Customer.

This Service Description does not confer on Customer any warranties which are in addition to the warranties provided under the terms of your master services agreement or Agreement, as defined below, as applicable.

Offer-Specific Customer Responsibilities

Provide at least one (1) technical contact with system administration responsibilities and appropriate system/information access privileges.

Make appropriate system maintenance window(s) available for Dell EMC Services as needed to prepare equipment.

Ensure that all environment and operational requirements are met prior to commencement of the Services.

Provide access to Customer systems and networks as necessary to perform the Services during normal Dell EMC Services business hours, or at mutually-agreed times.

Provide support from technical support teams for all vendors and third parties as necessary.

Assume all responsibility for network connectivity, performance, and configuration issues.

Verify that the equipment location (work site) is prepared to perform the engagement services.

Respond in a timely fashion to questions or review of any draft deliverables, if Customer requires this service element, posed or shared by RSA regarding the project.

Review and validate engagement objectives.

Complete all planning and scheduling activities Customer is required to perform prior to Dell EMC Services engaging.

General Customer Responsibilities

Authority to Grant Access. Customer represents and warrants that it has obtained permission for both Customer and Dell EMC Services to access and use, whether remotely or in-person, Customer-owned or licensed software, hardware, systems, the data located thereon and all hardware and software components included therein, for the purpose of providing these Services. If Customer does not already have that permission, it is Customer's responsibility to obtain it, at Customer's expense, before Customer asks Dell EMC Services to perform these Services.

Non-solicitation. Where allowed by law, Customer will not, without Dell EMC Services’ prior written consent, for a period of two years from the date listed on your Order Form, directly or indirectly solicit for employment any Dell EMC Services employee with whom you have come in contact in connection with Dell EMC Services’ performance of the Service; provided, however, that general advertisements and other similarly broad forms of solicitation will not constitute direct or indirect solicitation hereunder and you are permitted to solicit for employment any employee that has been terminated or has resigned his or her employment with Dell EMC Services prior to the commencement of employment discussions with you.

Customer Cooperation. Customer understands that without prompt and adequate cooperation, Dell EMC Services will not be able to perform the Service or, if performed, the Service may be materially altered or delayed. Accordingly, Customer will promptly and reasonably provide Dell EMC Services with all cooperation necessary for Dell EMC Services to perform the Service. If Customer does not provide

Page 19: SD Template (Global) - Consulting and Managed Services - Drafti.dell.com/sites/doccontent/legal/service... · review of the customer support portal, RSA NetWitness community, hand-off

19 RSA NetWitness Logs & Packets and RSA NetWitness Endpoint Services | v1.0 | July 3, 2017

reasonably adequate cooperation in accordance with the foregoing, Dell EMC Services will not be responsible for any failure to perform the Service and Customer will not be entitled to a refund.

On-site Obligations. Where Services require on-site performance, Customer will provide (at no cost to Dell EMC Services) free, safe and sufficient access to Customer's facilities and environment, including ample working space, electricity, safety equipment (if applicable) and a local telephone line. A monitor or display, a mouse (or pointing device), and a keyboard must also be provided (at no cost to Dell EMC Services), if the system does not already include these items.

Data Backup. Customer will complete a backup of all existing data, software and programs on all affected systems prior to and during the delivery of this Service. Customer should make regular backup copies of the data stored on all affected systems as a precaution against possible failures, alterations, or loss of data. Dell EMC Services will not be responsible for the restoration or reinstallation of any programs or data.

Unless otherwise required by applicable local laws, DELL EMC SERVICES WILL HAVE NO LIABILITY FOR:

ANY OF YOUR CONFIDENTIAL, PROPRIETARY OR PERSONAL INFORMATION;

LOST OR CORRUPTED DATA, PROGRAMS OR SOFTWARE;

DAMAGED OR LOST REMOVABLE MEDIA;

THE LOSS OF USE OF A SYSTEM OR NETWORK; AND/OR

FOR ANY ACTS OR OMISSIONS, INCLUDING NEGLIGENCE, BY DELL EMC SERVICES OR A THIRD-PARTY SERVICE PROVIDER.

Third Party Warranties. These Services may require Dell EMC Services to access hardware or software that is not manufactured or sold by Dell EMC Services. Some manufacturers' warranties may become void if Dell EMC Services or anyone else other than the manufacturer works on the hardware or software. Customer will ensure that Dell EMC Services' performance of Services will not affect such warranties or, if it does, that the effect will be acceptable to Customer. Dell EMC Services does not take responsibility for third party warranties or for any effect that the Services may have on those warranties.

Service Hours. Subject to local law relating to weekly work hours, unless otherwise listed below, this Service will be performed Monday through Friday during normal Dell EMC Services business hours, which is from 8:00 AM to 6:00 PM Customer local time:

Country Normal Dell EMC Services Business Hours

St. Kitts, St. Lucia, St. Vincent, Trinidad, Virgin Islands, Rest of English speaking Caribbean Monday thru Friday from 7:00 AM to 4:00 PM

Barbados, Bahamas, Belize, Costa Rica, Denmark, El Salvador, Finland, Grand Cayman, Guatemala, Honduras, Jamaica, Norway, Panama, Puerto Rico, Rep. Dominicana, Suriname, Sweden, Turks and Caicos

Monday thru Friday from 8:00 AM to 5:00 PM

Australia, Bermuda, China, Haiti, Hong Kong, Japan, Netherland Antilles, New Zealand, Singapore, Thailand

Monday thru Friday from 9:00 AM to 5:00 PM

Argentina, France, India, Indonesia, Italy, Korea, Malaysia, Paraguay, Taiwan, Uruguay Monday thru Friday from 9:00 AM to 6:00 PM

Bolivia, Chile Monday thru Friday from 9:00 AM to 7:00 PM

Middle East Sunday thru Thursday from 8:00 AM to 6:00 PM

No Service activities will take place outside normal business hours or during local holidays unless other arrangements have been made in advance in writing.

Page 20: SD Template (Global) - Consulting and Managed Services - Drafti.dell.com/sites/doccontent/legal/service... · review of the customer support portal, RSA NetWitness community, hand-off

20 RSA NetWitness Logs & Packets and RSA NetWitness Endpoint Services | v1.0 | July 3, 2017

Page 21: SD Template (Global) - Consulting and Managed Services - Drafti.dell.com/sites/doccontent/legal/service... · review of the customer support portal, RSA NetWitness community, hand-off

21 RSA NetWitness Logs & Packets and RSA NetWitness Endpoint Services | v1.0 | July 3, 2017

Services Terms & Conditions This Service Description is entered between you, the customer (“you” or “Customer”), and the legal entity identified on your Order Form for the purchase of this Service (the “Dell Legal Entity”). This Service is provided subject to and governed by Customer’s separate signed master services agreement with the Dell Legal Entity that explicitly authorizes the sale of this Service. In the absence of such agreement, depending on Customer’s location, this Service is provided subject to and governed by either Dell’s Commercial Terms of Sale or the agreement referenced in the table below (as applicable, the “Agreement”). Please see the table below which lists the URL applicable to your Customer location where your Agreement can be located. The parties acknowledge having read and agree to be bound by such online terms.

Customer Location

Terms & Conditions Applicable to Your Purchase of the Services

Customers Purchasing Services Directly

Customers Purchasing Services Through an Authorized Reseller

United States Dell.com/CTS Dell.com/CTS

Canada Dell.ca/terms (English) Dell.ca/conditions (French-Canadian)

Dell.ca/terms (English) Dell.ca/conditions (French-Canadian)

Latin America & Caribbean Countries

Local Dell.com country-specific website or Dell.com/servicedescriptions/global.*

Service Descriptions and other Dell Legal Entity service documents which you may receive from your seller shall not constitute an agreement between you and Dell Legal Entity but shall serve only to describe the content of Service you are purchasing from your seller, your obligations as a recipient of the Service and the boundaries and limitations of such Service. As a consequence hereof any reference to “Customer” in this Service Description and in any other Dell Legal Entity service document shall in this context be understood as a reference to you whereas any reference to the Dell Legal Entity shall only be understood as a reference to a Dell Legal Entity as a service provider providing the Service on behalf of your seller. You will not have a direct contractual relationship with the Dell Legal Entity with regards to the Service described herein. For the avoidance of doubt any payment terms or other contractual terms which are by their nature solely relevant between a buyer and a seller directly shall not be applicable to you and will be as agreed between you and your seller.

Asia-Pacific-Japan

Local Dell.com country-specific website or Dell.com/servicedescriptions/global.*

Service Descriptions and other Dell Legal Entity service documents which you may receive from your seller shall not constitute an agreement between you and the Dell Legal Entity but shall serve only to describe the content of Service you are purchasing from your seller, your obligations as a recipient of the Service and the boundaries and limitations of such Service. As a consequence hereof any reference to “Customer” in this Service Description and in any other Dell Legal Entity service document shall in this context be understood as a reference to you whereas any reference to the Dell Legal Entity shall only be understood as a reference to a Dell Legal Entity as a service provider providing the Service on behalf of your seller. You will not have a direct contractual relationship with the Dell Legal Entity with regards to the Service described herein. For the avoidance of doubt any payment terms or other contractual terms which are by their nature solely relevant between a buyer and a seller directly shall not be applicable to you and will be as agreed between you and your seller.

Europe, Middle East, & Africa

Local Dell.com country-specific website or Dell.com/servicedescriptions/global.*

In addition, customers located in France, Germany and the UK can select the applicable URL below:

Service Descriptions and other Dell Legal Entity service documents which you may receive from your seller shall not constitute an agreement between you and the Dell Legal Entity but shall serve only to describe the content of Service you are purchasing from your seller, your obligations as a recipient of the Service and the boundaries and limitations of such Service. As a consequence hereof any reference to “Customer” in this Service Description and in any other Dell Legal Entity service document shall in this context be understood as a

Page 22: SD Template (Global) - Consulting and Managed Services - Drafti.dell.com/sites/doccontent/legal/service... · review of the customer support portal, RSA NetWitness community, hand-off

22 RSA NetWitness Logs & Packets and RSA NetWitness Endpoint Services | v1.0 | July 3, 2017

France: Dell.fr/ConditionsGeneralesdeVente

Germany: Dell.de/Geschaeftsbedingungen

UK: Dell.co.uk/terms

reference to you whereas any reference to the Dell Legal Entity shall only be understood as a reference to a Dell Legal Entity as a service provider providing the Service on behalf of your seller. You will not have a direct contractual relationship with the Dell Legal Entity with regards to the Service described herein. For the avoidance of doubt any payment terms or other contractual terms which are by their nature solely relevant between a buyer and a seller directly shall not be applicable to you and will be as agreed between you and your seller.

* Customers may access their local Dell.com website by simply accessing Dell.com from a computer connected to the Internet within their locality or by choosing among the options at Dell’s “Choose a Region/Country” website available at Dell.com/content/public/choosecountry.aspx?c=us&l=en&s=gen.

Customer further agrees that by renewing, modifying, extending or continuing to utilize the Service beyond the initial term, the Service will be subject to the then-current Service Description available for review at Dell.com/servicedescriptions/global. If there is a conflict between the terms of any of the documents that comprise this Agreement, the documents will prevail in the following order: (i) this Service Description; (ii) the Agreement; (iii) the Order Form. Prevailing terms will be construed as narrowly as possible to resolve the conflict while preserving as much of the non-conflicting terms as possible, including preserving non-conflicting provisions within the same paragraph, section or sub-section. By placing your order for the Services, receiving delivery of the Services, utilizing the Services or associated software or by clicking/checking the “I Agree” button or box or similar on the Dell.com or DellEMC.com website in connection with your purchase or within a Dell EMC software or Internet interface, you agree to be bound by this Service Description and the agreements incorporated by reference herein. If you are entering this Service Description on behalf of a company or other legal entity, you represent that you have authority to bind such entity to this Service Description, in which case “you” or “Customer” shall refer to such entity. In addition to receiving this Service Description, Customers in certain countries may also be required to execute a signed Order Form.

Page 23: SD Template (Global) - Consulting and Managed Services - Drafti.dell.com/sites/doccontent/legal/service... · review of the customer support portal, RSA NetWitness community, hand-off

23 RSA NetWitness Logs & Packets and RSA NetWitness Endpoint Services | v1.0 | July 3, 2017

Supplemental Terms & Conditions

1. Term of Service. This Service Description commences on the date listed on your Order Form and continues through the term (“Term”) indicated on the Order Form. As applicable, the number of systems, licenses, installations, deployments, managed end points or end-users for which Customer has purchased any one or more Services, the rate or price, and the applicable Term for each Service is indicated on Customer’s Order Form. Unless otherwise agreed in writing between Dell EMC Services and Customer, purchases of Services under this Service Description must be solely for Customer’s own internal use and not for resale or service bureau purposes.

2. Important Additional Information

A. Rescheduling. Once this Service has been scheduled, any changes to the schedule must occur at least 8 calendar days prior to the scheduled date. If Customer reschedules this service within 7 days or less prior to the scheduled date, there will be a rescheduling fee not to exceed 25% of the price for the Services. Any rescheduling of the Service will be confirmed by Customer at least 8 days prior to commencement of the Service.

B. Payment for Hardware Purchased With Services. Unless otherwise agreed to in writing, payment for hardware shall in no case be contingent upon performance or delivery of services purchased with such hardware.

C. Commercially Reasonable Limits to Scope of Service. Dell EMC Services may refuse to provide Service if, in its commercially reasonable opinion, providing the Service creates an unreasonable risk to Dell EMC Services or Dell EMC Services’ Service providers or if any requested service is beyond the scope of Service. Dell EMC Services is not liable for any failure or delay in performance due to any cause beyond its control, including Customer’s failure to comply with its obligations under this Service Description.

D. Optional Services. Optional services (including point-of–need support, installation, consulting, managed, professional, support or training services) may be available for purchase from Dell EMC Services and will vary by Customer location. Optional services may require a separate agreement with Dell EMC Services. In the absence of such agreement, optional services are provided pursuant to this Service Description.

E. Assignment and Subcontracting. Dell EMC Services may subcontract this Service and/or assign this Service Description to qualified third party service providers who will perform the Service on Dell EMC Servcies' behalf.

F. Cancellation. Dell EMC Services may cancel this Service at any time during the Term for any of the following reasons:

Customer fails to pay the total price for this Service in accordance with the invoice terms;

Customer is abusive, threatening, or refuses to cooperate with the assisting analyst or on-site technician; or

Customer fails to abide by all of the terms and conditions set forth in this Service Description.

If Dell EMC Services cancels this Service, Dell EMC Services will send Customer written notice of cancellation at the address indicated on Customer’s invoice. The notice will include the reason for cancellation and the effective date of cancellation, which will be not less than ten (10) days from the date Dell EMC Services sends notice of cancellation to Customer, unless local law requires other cancellation provisions that may not by varied by agreement. If Dell EMC Services cancels this Service pursuant to this paragraph, Customer shall not be entitled to any refund of fees paid or due to Dell EMC Services.

Page 24: SD Template (Global) - Consulting and Managed Services - Drafti.dell.com/sites/doccontent/legal/service... · review of the customer support portal, RSA NetWitness community, hand-off

24 RSA NetWitness Logs & Packets and RSA NetWitness Endpoint Services | v1.0 | July 3, 2017

G. Geographic Limitations and Relocation. This Service is not available at all locations. Service options, including service levels, technical support hours, and on-site response times will vary by geography and certain options may not be available for purchase in Customer’s location, so please contact your sales representative for these details.

© 2017 Dell Inc. All rights reserved. Trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. A printed hardcopy of Dell’s terms and conditions of sale is also available upon request.


Recommended