Direct Sale from EventTracker
: If you have purchased SIEMphonic services directly from EventTracker, this document is incorporated into your Master Services Agreement / Statement of Work / License Agreement with EventTracker. Sale via an authorized EventTracker partner
: If you have purchased these services through an authorized EventTracker partner, this document is for description purposes only; and the contract, if any, governing the provision of the services will be between you and your authorized partner. Your authorized partner should provide this document to you. SIEMphonic services are designed to augment your existing staff resources for IT security and regulatory compliance matters. By co-sourcing your SIEM and log management responsibilities with SIEMphonic, you can leverage the expertise and experience of skilled EventTracker security professionals without having to increase the investment in IT staff or incurring additional capital expenses. SIEMphonic services are delivered along with EventTracker software solutions. SIEMphonic services are delivered by EventTracker SOC staff through secure access provided to your server(s) running EventTracker software.
2. Functionality - Service Offerings
The SIEMphonic EventTracker Services available are:
- RUN: Check EventTracker Diagnostics, Confirm Threat Intelligence Feeds Security and Compliance Content Updates, Configuration and Health Check, Check for non-reporting systems
- WATCH: Threat and Alert Monitoring, Incident Analysis and Investigation, Report Review, Behavior and Anomaly Analysis. Summary of Observations prepared and shared
- COMPLY: Reports annotation to demonstrate regulatory Compliance
- TUNE : Expert Services such as Advanced Tuning/Rules for Behavior Analysis, Correlation, EventVault Explorer (DataMart) and Incident Investigation/Forensics
- EventTracker Vulnerability Assessment System (ET-VAS)
- EventTracker Intrusion Detection System (ET-IDS)
These are post-implementation services for the administrative maintenance of EventTracker software including licensing updates, service pack installation, and basic configuration of user profiles, standard reports, alerts and dashboards.
SOC staff will access and review your EventTracker server(s) from the EventTracker SOC and will run diagnostics and validate that processes and services are functioning properly, forecast capacity expansion, confirm proper reporting to EventTracker consoles by all licensed systems and notify you of any non-reporting systems. SOC Staff will perform analysis for EventTracker server resources to verify that CPU/RAM and DISK I/O are within acceptable ranges. SOC Staff will review EventTracker log volume analysis reports and confirmation of Threat Intelligence updates.
EventTracker configuration auditing will be performed routinely to ensure that all licensed systems in your network are reporting to EventTracker console(s) in accordance with recommended procedures. SOC Staff will ensure that any new infrastructure devices / applications that have been added to the network are reporting accurately to EventTracker.
Deliverable: EventTracker System Status Report
SOC staff will review incidents, reports, dashboards and behavior analysis. Incidents and Reports that merit escalation to your IT staff will be shared through a Critical Observations Summary. Report and Incident flagging will be provided for issues requiring immediate attention. Automated 24×7 processes will notify SOC and your staff of prioritized EventTracker Incidents. Your staff is provided guidance for potential security, regulatory and compliance issues including summary and relevant detailed analysis of:
- Privileged User Monitoring
- Changes to Identity and Access Policies
- Identity/Role Context in User Activity Monitoring Reports
- Change Management Reports to Identify Resource Access Exceptions
- Data Access
- Application Activity
- Behavior Analysis and (optional Threat Intelligence) for SIEM
- System Resources
Deliverable: Critical Observations Management Summary Report
SOC works with your staff and/or your auditor/regulator to identify the standard reports and top level summaries to be scheduled and reviewed based on relevant regulatory standards (PCI, HIPAA, ISO, FFIEC, etc.) and/or internal policy. SOC staff review the generated reports, annotate them to indicate that reviews were completed. Summary reports of these compliance activities are available for audit preparation.
Deliverable: Compliance report annotations
SOC will provide custom configurations for Behavior Analysis, Correlation Rules, Threat Intelligence Feeds Categories and Alerts. This is the ongoing optimization and configuration of new correlation rules, reports, searches, behavior dashlets and dashboards within EventTracker.
2.5. Expert Services
SOC can assist in the review of logs and other security information in EventTracker to help determine what activities have occurred. SOC Staff will conduct forensic analysis of patterns to identify indications of compromise. This may result in recommendation (s) for remediation. Incident Investigation services are billable T&M or under annual subscription service and may be authorized on an emergency basis via e-mail from your appropriate point of contact.
SOC can provide support if you are preparing for or engaged in an IT audit. SOC Staff will assist as EventTracker experts to explain and demonstrate how proper use of EventTracker helps demonstrate compliance. SOC Staff will provide a Plan of Action and Milestones (POAM) response for deficiencies and follow through as required. Audit Assistance services are billable T&M.
2.6. EventTracker Vulnerability Assessment Service (ETVAS)
SOC staff will work with your staff to identify and group assets in your environment, schedule scanning and attempt to detect vulnerabilities in the target assets monthly or quarterly.
Detailed results, including remediation recommendations are integrated into the EventTracker Reports Dashboard and are scored by risk. Trend reports showing new, remediated or unchanged vulnerabilities are provided. For dynamic assets, a network discovery phase can precede each scan. Both authenticated and unauthenticated scans are supported. The service includes the maintenance of the scanner system for signature, engine and platform updates.
To provide this service, a software appliance is installed on your premises with VPN access provided to SOC staff. EventTracker is also required; the reports and risk scores from ETVAS are integrated and available within EventTracker Reports console.
2.7. EventTracker Intrusion Detection System (ETIDS)
SOC staff will install Snort (Community Edition), configure, tune and maintain available rules to monitor your network. VPN Access will need to be provided to the staff of SOC. Alerts are integrated into the EventTracker Incidents screen which can launch notifications (e.g. e-mail) and/or auto remediation actions.
The service includes the maintenance of Snort for signature, engine and platform updates. A separate instance of EventTracker is also required; the reports and risk scores from ETIDS are integrated and available within EventTracker.
3. Service Delivery
The purchased services (except any billable T&M services) are delivered from the SOC. The options for periodicity of service delivery are:
- Weekday - Monday thru Friday, except US holidays. SOC staff will perform review and analysis of alerts, incidents and logs for the previous one (1) working day.
- 7 Days per Week - Monday thru Sunday, all calendar days of the year. SOC staff will perform review and analysis of alerts, incidents and logs for the previous one (1) calendar day.
- Weekly – On a scheduled day every week, except US holidays. Schedule will be pre-agreed during service initiation. In case of US holidays, service will be delivered the working day prior to the holiday. SOC staff will perform review and analysis of the alerts, incidents and logs for the previous seven (7) calendar days.
||Daily (Working Week) Monday - Friday Except US holidays
||7 days per Week Monday - Sunday Without any holidays
||Once a week
||Once a week
||Once a week
||Daily (for prior 1 weekday)
||Daily (for prior 1 calendar day)
||Weekly (for prior 7 days)
||Daily (for prior 1 weekday)
||Daily (for prior 1 Calendar day)
||Weekly (for prior 7 days)
||Under annual subscription service Week 1, Week 16 and Week 32 from commencement of services. Additional Tuning will be done as billable T&M Professional Services Engagement
||Installation of Snort (Community Edition). SOC staff tune and maintain available rules, to monitor your network. The monitoring will be scheduled either Weekly or Monthly
||Installation of VAS OVA. Threat Intelligence feeds updates are done Weekly Scanning of identified assets will be done monthly or quarterly. Detailed results, including remediation recommendations are integrated into the EventTracker Reports Dashboard and are scored by risk. Trend reports showing new, remediated or unchanged vulnerabilities are provided at the conclusion of every scan
4. Hours of Work
EventTracker SOC's hours of operation are: Monday - Friday : 06:30 - 18:30 GMT (2:30am - 2:30pm EST) Saturday - Sunday : 07:30 - 16:30 GMT (03:30am - 12:30pm EST)
5. Data Privacy
EventTracker Security LLC (“EventTracker” or “SOC Staff”, “We,” “Us,” “Our” or similar pronouns), created this Privacy Statement to demonstrate our firm commitment to your privacy. This Privacy Statement discloses our information gathering and disseminating practices for use of the services we provide at www.eventtracker.com
We strongly believe in protecting the privacy and confidentiality of personally identifiable information that refers or relates to our remote access users (“You” or “Your”) and your Clients. We explain what information we collect about you, how we use the information we collect, how we protect the security and confidentiality of such information, and what you should do if you have any questions or comments. Our commitment to you is clear: We do not sell, license or rent any personally identifiable information about you or your customers, your information or any other information about your affiliates to any third party without your express consent and we will take reasonable measures to protect the confidentiality of personal identifiable information you provide to us.
5.3. Changes to This Privacy Statement
5.4. What Information is collected?
5.5. General Use of the Service
We continually seek to improve the quality of the Service so that we may better meet your needs. As part of this process, the information we collect from our Service users and data regarding your use of this Service is used in the following ways:
- By us – We use personally identifiable information that you provide to us (such as your name, address, phone and fax numbers, email address and other similar types of information specific to you) to statistically analyze the Service usage and to improve the Service and our product and service offerings. We may use your email address, mailing address, phone or fax number to contact you regarding comments that you may have provided or information that you actively requested from us. Further, we may be required to disclose personally identifiable information by court or administrative order such as a law, regulation, search warrant, or subpoena. We may also provide third parties with aggregate information regarding users of the Service. For example, we might inform third parties regarding the number of unique users of our Service, and aggregate information on the types of the activities such users conducted while on the Service. This aggregate information will not contain information that can identify you, and will not contain any personally identifiable information that refers or relates to you.
- By Third Parties – We provide no personally identifiable information about you or your customers to any third party without your express consent. Further, without your consent, no third party will contact you using personally identifiable information you gave to us through the Service (but note, that if we obtain or are provided information about you from other sources, this rule does not apply).
5.6. Security of Personal Identifiable Information
We take the security of personal identifiable information seriously. Commercially reasonable efforts are made to secure servers, networks, host operating systems and databases against unauthorized access. Please remember that the security measures taken above are not foolproof; no hosted service can guarantee that personally identifiable information will be protected in all situations. Therefore we can only state that we will make a reasonable effort to protect from unauthorized access the information that you provide. You must also recognize your role in security and maintain all access and login credentials, and we are not liable or responsible for any failure by you to maintain such security.
5.7. Updating Your Personal Information and Contacting Us
You can always contact us in order to: (i) update the personally identifiable information you have provided; or (ii) direct us to render inactive on our systems all personally identifiable information that refers or relates to you. We may be reached by email at firstname.lastname@example.org.
6. EventTracker Responsibilities
Provided you have paid all relevant licensing, support and SIEMphonic fees, SOC will:
- Provide services set forth in the Service Description, as ordered by you;
- Provide all Product Updates and Version Releases commercially released by EventTracker;
- Use its reasonable commercial efforts to resolve technical problems identified within EventTracker’s Services
- As detailed in section 2 , “Functionality - Service Offerings”, EventTracker’s responsibilities are limited to:
- Ensuring to the best of our capabilities that EventTracker is functioning as has been configured at the client site. Through the service offering options SOC Staff will confirm proper reporting and alerting of incidents and alerts to assigned ‘points of contact’ within the client organization.
- Review of incidents and logs wherein SOC Staff will escalate any potential security, regulatory or compliance issues in accordance with service delivery period described in section 3 of this document
- Wherever possible (depending on the incident / alert) SOC Team will attempt to suggest a remediation option to address a potential issue.
- EventTracker’s responsibility is limited to notifying you of any potential security, regulatory or compliance concerns.
- EventTracker is not responsible if alerts / incidents brought to your notice either by the automated alerts or by the SOC Team are not addressed / managed / remediated.
- EventTracker is not responsible for any remediation of security, regulatory or compliance requirements within your network
EventTracker warrants that the Services as detailed in Section 2 will be performed in a professional manner consistent with relevant industry standards. Except as expressly provided herein, EventTracker makes no representations or warranties, and EventTracker disclaims all representations, warranties, and conditions, express or implied, including, without limitation, any implied warranties of fitness for a particular purpose, merchantability, and title. EventTracker does not guarantee for (i) services to find all vulnerabilities and/or incidents; or (ii) the services and/or reporting to be error free. EventTracker shall use all reasonable efforts to ensure that all information it provides or makes available is accurate, however, except in the case of gross negligence or willful acts, customer agrees that EventTracker shall not be liable for any errors, omissions or inaccuracies with respect to such information.
9. Force Majeure
EventTracker is not liable for failure to perform its obligations, if such failure is as a result of:
- acts of God (including but not limited to fire, flood, earthquake, storm, hurricane, typhoon or other natural disaster);
- war, riot, invasion, act of foreign enemies, hostilities (regardless of whether war is declared;
- civil war, rebellion, revolution, insurrection, military or usurped power or confiscation, terrorist activities, explosion;
- contamination by radio-activity from any nuclear fuel, or from any nuclear waste from the combustion of nuclear fuel, radio-active toxic explosive;
- nationalization, government sanction, blockage, embargo, labor dispute, strike, lockout, boycott;
- slowdown or interruption or failure of electricity or telephone service, acts of state or governmental action prohibiting or impeding from performing its respective obligations under the contract;
Either Party shall be excused from performance and shall not be in default in respect of any obligation hereunder to the extent that the failure to perform such obligation is due to a Force Majeure Event.
10. Limitation of Liability
EVENTTRACKER’S AND ITS AFFILIATES TOTAL AGGREGATE AND CUSTOMER’S SOLE AND EXCLUSIVE REMEDY FOR ANY CLAIM OF ANY TYPE WHATSOEVER ARISING OUT OF OR IN CONNECTION WITH ANY SERVICES, DELIVERABLES OR ANY OTHER MATTER CONSIDERED HEREUNDER SHALL BE LIMITED TO PROVEN DIRECT DAMAGES CAUSED BY EVENTTRACKER IN AN AMOUNT NOT TO EXCEED THE FEES PAID BY CUSTOMER TO EVENTTRACKER FOR THE SPECIFIC SERVICES FROM WHICH SUCH CLAIM ARISES IN THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO A CLAIM HEREUNDER. FURTHER, IN NO EVENT SHALL EVENT TRACKER HAVE ANY LIABILITY TO CUSTOMER OR ANY THIRD PARTY FOR ANY LOST PROFITS, LOSS OF DATA, LOSS OF USE, COSTS ASSOCIATED WITH INTEGRATION, INTERRUPTION OF BUSINESS, COSTS OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR FOR ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, EXEMPLARY, CONSEQUENTIAL, OR EXTRA-CONTRACTUAL DAMAGES OF ANY KIND, HOWEVER CAUSED, WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY AND WHETHER OR NOT EVENTTRACKER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
11. Your Responsibilities
You shall supply EventTracker with all technical data and all other information EventTracker may reasonably request from time to time to allow EventTracker to supply the services to you, including a completed pre-deployment questionnaire. You will provide EventTracker, or its authorized representative, reasonable and free access to your networking equipment during the Expert Install stage. Obtaining all approvals required by any third parties in order for EventTracker to perform any services under this Service Description is your responsibility. EventTracker shall not be in default of its obligations to the extent it cannot perform the service either because such approvals have not been obtained or any third party otherwise prevents EventTracker from performing such services. You assume full responsibility for the control and use of the data contained in any reports provided by EventTracker hereunder. You acknowledge the potential privacy and other issues associated with the collection and use of this data. You assume full responsibility to back-up and/or otherwise protect all data against loss, damage, or destruction. You acknowledge that it has been advised to back-up and/or otherwise protect all data against loss, damage or destruction. You recognize that information sent to and from you will pass through EventTracker’s systems and accordingly you undertake to comply with all relevant legislation applicable to its use of the Internet. Implementing and using strong passwords for accessing EventTracker dedicated infrastructure, is your responsibility. You agree that you will not resell the Product and/or Services or create or offer derivative versions of the services either directly or through a third party. You agree to pay EventTracker, at EventTracker's then current rates, plus any reasonable actual out-of-pocket expenses, for any rework or additional work resulting from modification of services requested by you (and accepted by EventTracker) or any act or omission by you, including providing inaccurate information to EventTracker. EventTracker shall seek your approval in advance of incurring such costs if it knows costs will be incurred as a result of such act or omission by you. In performing the services, EventTracker may instruct you to perform certain tasks or checks relating to your network / infrastructure. You should, at your own expense, perform all such checks and tests. You shall comply with such laws and regulations governing use, export, re-export, and transfer of EventTracker Products and technology and will obtain all required U.S. and local authorizations, permits, or licenses. You must notify EventTracker within 7 calendar days, if the number of licenses used increases by more than 5% of the declared licenses. EventTracker reserves the right to require you to purchase additional licenses, if the number of actual distinct agents/devices (as shown by EventTracker’s traffic logs) exceeds the number of licenses from time to time. Your failure to comply with this section may be deemed a material breach.
EventTracker SOC will use appropriate processes, procedures and tools to monitor and report against all devices that are reporting into the EventTracker server (s). If any device in your environment is not reporting into EventTracker and there are vulnerabilities exposed on such said device, EventTracker does not take responsibility for such device or the impact that such device may have on the network environment. Services that are not expressly set forth in this Service Description are not covered, including, without limitation, the following:
- Any customization of EventTracker Software.
- Services relating to installation of EventTracker Software.
- Services pertaining to non-EventTracker products used in connection with SIEMphonic Services.
- Services or software to resolve Software or Hardware problems resulting from third party products.
- Resolution of causes beyond SOC control or failure by you to perform your responsibilities as set forth in this Service Description.
- Expenses incurred to visit your location.
Computer viruses can be transmitted via email. Recipients should check received email and any attachments for the presence of viruses. EventTracker accepts no liability for any damage caused by any virus transmitted by email. E-mail transmission cannot be guaranteed to be secured or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses.
12.2 Anti-virus Software
Anti-virus software scans files or your computer's memory for certain patterns that may indicate an infection. The patterns it looks for are based on signatures (definitions), of known viruses. Virus authors are continually releasing new and updated viruses, so it is important that the latest definitions be installed across your environment. The management and performance of your Anti Virus solution is out of scope of any services provided by EventTracker.
12.3 Software Patches and Operating System Updates
Software companies on periodic basis release patches or updates for the Products or Technologies they produce. If such patches are not applied when released by the software manufacturer, you might be susceptible for malware to enter your environment. Such malware could exploit flaws in your systems in order to do its work.
Defects in clients such as web browsers, email programs, instant messaging software, image viewers, and or media players may allow malicious websites, email messages, IM messages, images, and sound files to infect or compromise your computer systems with no action on your part, other than viewing or listening to a website, message, or media.
The application and management of system and software patches is out of scope of any services provided by EventTracker.
12.4 Mobiles Phones and Tablets
Such devices are getting more popular and fancier all the time, hence making them a target for theft. If such devices fall into the wrong hands, using the wireless access you could be subject to theft of your identity and other personal information. Also such devices are becoming more susceptible to hacks. Attackers are exploiting vulnerabilities in the software, by writing viruses and other malware for phones and tablets. Such malware can disable your device or expose the data stored on it.
To protect such devices, select a strong password (if applicable to your phone/tablet). This assists in restricting access to the keypad. Change this password often. Keep the operating system and software of your phone /tablet patched and updated to protect against harmful software, just like you would your regular computer system.
The application and management of system and software patches to mobile devices is out of scope of any services provided by EventTracker. Theft and misuse of mobile devices is out of scope of any services provided by EventTracker.
TUNING is a service offering from EventTracker to its clients. It is recommended that EventTracker remains Tuned at all times. If improperly tuned, system performance can be unpredictable and lead to missed or unwanted alerts, reports, or other conditions.
You can contact EventTracker SOC via e-mail at email@example.com
. You can contact Technical Support via e-mail at firstname.lastname@example.org
You can get updates at https://www.eventtracker.com
All intellectual property rights in this work belong to EventTracker. The information contained in this work must not be reproduced or distributed to others in any form or by any means, electronic or mechanical, for any purpose, without the prior permission of EventTracker, or used except as expressly authorized in writing by EventTracker Security LLC. Copyright © 1999 - 2019 EventTracker. All Rights Reserved.
All company, brand and product names are referenced for identification purposes only and may be trademarks or registered trademarks that are the sole property of their respective owners.
EventTracker reserves the right to make changes to this document and the content described herein without notice. EventTracker has made all reasonable efforts to ensure that the information in this document is accurate and complete. However, EventTracker shall not be liable for any technical or editorial errors or omissions made herein or for incidental, special, or consequential damage of whatsoever nature resulting from the furnishing of this document, or operation and performance of equipment in connection with this document. The information contained in this document represents the current view of EventTracker Security LLC. as of the date of publication. Because EventTracker must respond to changing market conditions, it should not be interpreted to be a commitment on the part of EventTracker, and EventTracker cannot guarantee the accuracy of any information presented after the date of publication.