SOC PRIME PLATFORM TERMS OF SERVICE
SOC Prime, Inc., a Delaware corporation, and its Affiliates (collectively, “SOC Prime”, “we”, “us”, or “our”) make the Service (as defined below) available on the SOC Prime’s website https://tdm.socprime.com (the “Site”) subject to the following SOC Prime Platform Terms of Service (“Terms”).
For the purpose of these Terms, “you”, “your”, or “User” includes individually or collectively any individual or organization that visits, views, uses, or accesses the SOC Prime Platform (as defined below) or uses the Content (as defined below). To the extent that you have entered into another written agreement with SOC Prime, the terms and conditions of such written agreement shall govern in case of any discrepancy with these Terms.
Definitions
“SOC Prime Platform” is a service for cross-platform threat detection content delivery, developed by security incident responders. SOC Prime Platform provides content and tools for searching, indexing, monitoring, analyzing, and visualizing information and data on cybersecurity threats to improve the efficiency of Security Information and Event Management (“SIEM”), Endpoint Detection and Response (“EDR”), Network Security Monitoring (“NSM”), Network Traffic Analysis (“NTA”) and Network Threat Detection & Response ("NTDR") solutions.
“Account” means the account at the Site that is or will be created by a User or by SOC Prime. SOC Prime voluntarily creates accounts for members of the SOC Prime Threat Bounty Program or other programs or projects operated by SOC Prime.
“Affiliate” means an entity that directly or indirectly controls, is controlled by, or is under common control with a party; where “control” means the direct or indirect ownership of at least fifty percent (50%) of the then-outstanding voting shares or equity interests of that party, or the power to direct or cause the direction of the management and policies of that party, whether by contract or otherwise; but only for so long as such control relationship exists.
“Agreement” means any purchase order, price quote, contract, agreement, or other binding document used by the User to order the Service, including the purchase through a third-party reseller or authorized marketplace, including any modification to such a document. Unless expressly consented by SOC Prime in writing, any other standard terms set forth on any Purchase Order or other similar document provided by User whether prior to or after the date of the Agreement, are of no force or effect and are expressly rejected by SOC Prime.
“Content” means, individually and together, use cases, threat detection rules, queries, configurations for security information and event management systems, analytical packages, scripts, comments, feedback, and other materials provided as a part of the Service, whether by SOC Prime, Users or a third party.
“Service” means a subscription-based SOC Prime Platform service for the duration of the Subscription term set forth in the applicable Agreement.
“Subscription” means the User's then-current subscription to the Service. “Paid Subscription” means Enterprise or similar paid subscription. “Free Subscription” means the Community or similar free subscription. “Paid Users” means Users with a Paid subscription. “Free Users” means Users who have signed up through the Free subscription.
“Subscription term” means the amount of time set forth on an applicable Agreement. If the Agreement doesn’t specify when the Subscription term begins, it begins on the date the User gets access to the Service.
Introduction
Please read these Terms carefully before you use the Service. It sets out the basis on which SOC Prime makes the Service available to you and on which you may use it. These Terms are a legally binding contract unless otherwise indicated in a separate written agreement between you and SOC Prime. By creating an Account and starting using the Service and/or Content, you accept all the conditions of these Terms on behalf of yourself and any entity or individual you represent or for whose device you acquire the Service.
SOC Prime’s Privacy Policy (“Privacy Policy”) is an integral part of these Terms. By using our Service, you agree to accept and to be bound by these Terms and Privacy Policy at all times.
In order to use and exercise the benefits of the Service, you will need internet access, SIEM, EDR, NSM, NTA, NTDR, or similar systems or solutions that may process the Content distributed via the SOC Prime Platform.
Choosing a Subscription
We offer different types of Subscriptions. You can find the features and content of each Subscription on our pricing page at https://tdm.socprime.com/journey/, or you can reach out to our Sales representative for more details about a Subscription plan that is right for you or the organization you represent. We reserve the right to modify, terminate or otherwise amend the Subscription plans at any time.
When you purchase your selected Paid Subscription, you will have access to the Service and Content currently available within that Paid Subscription for the period you have chosen for the Subscription term.
License to use the Service and Content
Unless otherwise agreed between parties in the applicable Agreement and subject to User’s compliance with the provisions set forth in the Third-Party Content, Third-Party Services, Acceptable use and Restrictions, Payment Terms, and Termination Sections herein, SOC Prime hereby grants User a non-exclusive, non-sublicensable, non-transferable right to access and use the Service, download and use the Content provided by the Service during the Subscription term solely for User’s internal business purposes in accordance with these Terms and the applicable Agreement. For the avoidance of doubt, unless otherwise expressly stated in an Agreement, Subscription to Service is intended exclusively for end users only and does not allow re-distribution, sub-distribution, or use of the Content for any party other than you (see “Acceptable use and Restrictions” Section below). For redistribution of the Content to any third party (end user/customer) or using it in your services to third parties, please refer to the “MDR/MSSP Payment Terms” Section below or contact our sales team at sales@socprime.com.
The rights granted in this Section terminate when a Subscription expires or is terminated by the User or SOC Prime.
SOC Prime does not guarantee the stable and correct operation of the Service in case of exceeding the number of end-users/computers connected to the Service indicated in the applicable Agreement, incompatibility with hardware requirements and settings; violation of the operating conditions of virtual machines, and hypervisors, and other requirements set in the documentation to the Service, which may be published at the Site or otherwise provided to you.
Effect of Termination or Expiration of Subscription. Unless otherwise stated in the applicable Agreement or confirmed by SOC Prime, upon Subscription termination or expiration, the user must cease using all the downloaded Content.
Otherwise, the user acknowledges that the further use of the Content will be (i) at its own risk; (ii) the Content will not be supported or updated by our team; and (iii) we cannot guarantee that the Content will remain effective against evolving threats. We hereby revoke any responsibility and guarantees for the continued use of the Content after the Subscription period has ended. We shall not be responsible for any issues or problems or provide any support arising from such use. To continue using the Content, renew your subscription before its expiration date.
Acceptable Use and Restrictions
As a condition to the rights and licenses granted in the Section above, User agrees that User and Representatives must not, nor permit any third party to access or use the Service (or any feature thereof) or any Content in a manner not specifically permitted by these Terms or applicable Agreement; or use any Content or information contained on or obtained from or through the Service under granted Paid subscription access prior to payment.
Unless you have a prior written permission or license from us or as expressly permitted herein, you agree not to: (i) modify, adapt, translate, publicly display, publish, create derivative works of any Content or results from the Service; (ii) distribute, re-distribute, sub-distribute, sublicense, sell, rent or otherwise transfer the Service or Content in whole or in part to any third party (end user/customer) applicable for MDR/MSSP use (like using Content to provide services to end customers); (iii) deploy the Service on more SIEM/EDR/XDR instances than was allocated to you (unless otherwise indicated in the Oder); (iv) decompile, debug, disassemble, reverse engineer, simulate or derive source code or otherwise prepare any derivative works from the Service, Site or Content in any manner; (v) use any means of collecting data from the Service, Site, not directly allowed, including any robot, spider, crawlers, deep-link, automated content scraping script, grabbers or other automatic device, program, techniques, algorithm or methodology to retrieve, index, scrape, data mine or in any way gather, copy or monitor any portion of the Site, Content or Service; (vi) use Service for providing time-sharing services, managed detection and response services, SaaS offering, service bureau, or as part of an application services provider/service offering; (vii) alter or remove any copyright, trademark, or proprietary notices, credits, or legends contained on or in or provided through the Service; (viii) make available to any third party any intellectual property of SOC Prime related to the Service; (x) use Content, Service or any portion thereof, in any manner or for any purpose that infringes, misappropriates, or otherwise violates any intellectual property right or any applicable law, regulation, or order; (xi) embed the Site and/or the Service to another web sites and systems, (xii) to interfere or attempt to interfere with the proper operation of the Service or any activities conducted through the Service; (xiii) use the Services and/or the Content as a part of any machine learning or similar algorithmic activity services and solutions (xiv) provide the Content to any competitor of SOC Prime, (xv) use the Service or Content in a way that infringes, misappropriates or violates any person’s rights or (xvi) use the Service in violation of any SOC Prime policy or in a manner that violates applicable law, including but not limited to anti-spam, export control, privacy, and anti-terrorism laws and regulations, and you agree that you are solely responsible for compliance with all such laws and regulations.
Violation of this Section may result in the termination of your Subscription and access to the Service, and SOC Prime reserves the right to claim indemnification for the losses incurred by SOC Prime caused by your breach of these restrictions.
You may "cache" pages of the Site for the sole purpose of increasing the speed and efficiency at which you access the Site. Any other copy or use of a portion of the Site is not authorized, will be a violation of these Terms, and will constitute a copyright violation. You shall not interfere or attempt to interfere with the operation of the Site in any way through any means or device, including, but not limited to, spamming, hacking, uploading computer viruses, archive bombs or time bombs, or any other means expressly prohibited by any provision of these Terms or by law.
Third-Party Content
“Third-Party Content” is the Content that was provided by our partners, Threat Bounty Program members, contractors, and third-party developers, validated and reviewed by SOC Prime. For all Third-Party Content, we are conducting the best effort review, but we do not provide any warranties (more detail in the “Limited Warranties and Disclaimers” and “Limitation of Liability” Sections). All rights for Third-Party Content and all other copyrights and trademarks belong to their respective owners. You acknowledge that the Third-Party Content licensing terms may include certain limitations, which may include the obligation to identify the author of the Third-Party Content, etc. Please contact the appropriate third party for further information regarding their terms of use applicable to Third-Party Content.
Without limiting the foregoing, certain Content may be licensed to you under the terms of the Detection Rule License 1.1 below, as well as other licenses accompanying the related Content. Before using the Content, please carefully read the terms of the license attached to the Content so that the use of the Content complies with the license requirements. Unless otherwise stated, Third-Party Content will be licensed under the Detection Rule License 1.1 by default, which can be found by following this link: https://github.com/SigmaHQ/sigma/blob/master/LICENSE.Detection.Rules.md
Third-Party Services
Your use of Site and Service may involve usage of a service, information, feature, software, Application Programming Interface (“API”), websites, or functionality that is owned or operated by a third party (“Third-Party Services”).
If you use Third-Party Services, you may be subject to certain policies, terms, and conditions of their providers, which may differ from ours. You should review any end-user or other license agreement that governs the respective party's relationship with you, as well as the privacy policy and security measures of the third-party resource that will govern your use of that resource. SOC Prime is not responsible or liable for the content or accuracy of any Third-Party Services or for any loss or damage of any kind arising from the use or any failure of products or services provided on or with the help of a Third-Party Services. For example, our Service utilizes the National Vulnerability Database (“NVD”) created by the National Institute of Standards and Technology (“NIST”). The NVD offers some of its public data in machine-readable format via an API subject to the appropriate terms of use on the NIST website. Via this API, we collect data and use it to prioritize the output of the Content searching to the Users with the appropriate links. Our usage or accessing the NVD API does not mean that our Service is endorsed or certified by the NVD.
Third-Party Links
The Service may contain links to third-party sites. The linked sites are not under the control of SOC Prime, and SOC Prime is not responsible for the accuracy or reliability of any information, opinions, advice, or statements made on these linked sites. Access to any of these linked sites is at the User’s own risk.
Payment Terms
Fees. Unless otherwise specified in the applicable Order or in these Terms, the fees: (i) must be paid in advance before activation of the Subscription; (ii) are indicated for a 1-year Subscription term; (iii) must be paid within 30 days following the respective invoice; (iv) are non-refundable.
In addition to any other rights or remedies available to SOC Prime under the applicable law, if you fail to timely make payments, SOC Prime reserves the right to (i) accrue interest on any amounts not paid when due at the rate equal to 1.5% per month or the highest amount permitted by law; and (ii) immediately downgrade to your Account to Free subscription or suspend the provision of the Service.
Expenses. Except as expressly set in the applicable Order, each party will bear all of its own costs and expenses in connection with or arising under the Subscription.
Taxes. Applicable taxes (e.g. VAT, sales tax) may be charged on top of the fees. If the applicable taxes were not charged to you at the time of the payment, SOC Prime reserves the right to collect the taxes from you at any time, should such taxes be assessed after payment for a Subscription has been processed.
Non-Automatic Renewal. Unless otherwise stated in the clause below, the Subscription shall not be subject to automatic renewal upon its expiration. If you wish to extend or renew the Subscription, simply make a new purchase. Note that the price of the Subscription for the next billing cycle may change. To renew your Enterprise subscription or update its scope for the next billing cycle, contact our Sales and negotiate a new Agreement in writing, which shall govern the relationship for the extended term.
Automatic Renewal Exception for Uncoder Service. The Subscription for the Uncoder service provided by SOC Prime shall be subject to automatic renewal upon its expiration. You can cancel the Uncoder paid service subscription at any time through your personal Account Settings.
Purchasing Services with Personal Email. The use of personal email addresses is exclusively available for purchasing Uncoder paid service, subject to the specific Uncoder Terms outlined below. This allowance does not extend to the purchase of any other Service, product, or add-on available on the SOC Prime Site. It is strictly prohibited to utilize personal email addresses for such transactions.
MDR/MSSP Payment Terms
Providers of managed detection and response services and managed security services providers (“MDR/MSSP”) or other entities that may redistribute Content to or serve its customers with the use of Service and/or Content are subject to special terms and conditions and different pricing models. SOC Prime reserves the right to determine in its sole discretion whether a User belongs to MDR/MSSP category. You may use On-Demand Subscription Plans to distribute Content or use the Service and/or Content to serve third parties when purchasing such subscription and under the terms set forth in the applicable Agreement. If you are an MDR/MSSP, please reach out to us at sales@socprime.com.
1. UNCODER Terms and Conditions
As part of the Service, SOC Prime offers an Uncoder service accessible by the User using their SOC Prime Platform access credentials. By using Uncoder you agree to these specific Uncoder Terms and Conditions (“Uncoder Terms”). You have the same restrictions and other rights as you have under the SOC Prime Platform Terms with the Uncoder-specific terms described in these Uncoder Terms.
Definition of terms for Uncoder service
“Uncoder” or “Uncoder service” means provided through the SOC Prime Platform’s augmented intelligence framework for advanced detection engineering that unlocks collective cybersecurity expertise backed by Sigma and MITRE ATT&CK®. Uncoder enables the User to research, code, translate and validate detection algorithms as well as convert indicators of compromise into hunting queries.
“Content Input” means detection code or any text sent by the User to the Uncoder in order to have it translated/reverse translated by the machine translation infrastructure operated by SOC Prime as well as for other functionality of the Uncoder service that is or may be added in the future;
“Content Output” means any translated/reverse translated or otherwise received text or detection code that has been obtained using the Uncoder;
“Uncoder Content” means together Content Input and Content Output;
Responsibility for the Uncoder Content
The User is responsible for (i) Content Input, including ensuring that it does not violate any applicable law, these Terms, or any third party intellectual property rights; (ii) maintaining the security of the user account and API access keys; and (iii) all activities that occur under the User’s account or API access keys.
The User is obligated to observe all legal requirements for the processing and use of data that is transmitted to the Uncoder service. The User guarantees not to share any personal or sensitive information in connection with the Uncoder service without the express consent of the data subject or other sufficient legal grounds. If your use of the Uncoder service involves personal data, you must have and provide, if needed for SOC Prime’s legal obligations, necessary consents or other evidence of the processing of such data in accordance with applicable law.
License to Use Uncoder Service
As long as the User is in compliance with these Terms, SOC Prime grants the User a non-exclusive, non-transferable, non-sublicensable worldwide right to use the Uncoder service for its business or internal purpose for the term and within the scope of these Uncoder Terms.
SOC Prime will not store Uncoder Content. The User grants SOC Prime permission to use the Uncoder Content to the extent needed to operate the Uncoder service.
SOC Prime can store and use service-related logs to the extent technically required (i) to provide, operate, maintain, develop, and improve Uncoder service to the User; (ii) for billing, security, and statistical purposes; and (iii) to comply with applicable law.
Content Input
The User (or other party that owns rights to the Content Input) retains any and all intellectual property rights to the Content Input.
Content Output
Content Output generated by Uncoder service belongs to the User and/or other third parties (presumably, owners of respective Content Input), as determined by applicable legislation and relevant ownership rights. SOC Prime does not retain intellectual property rights to the Content Output.
Uncoder Service Ownership
All rights, titles, and interests in and to the Uncoder service, any its features, will remain solely with SOC Prime or its third-party suppliers or partners.
2. Custom Repositories
This Section is an integral part of the Terms and governs your use of Custom Repositories, available at SOC Prime Platform. Custom Repositories may be available either as part of a Subscription or for separate purchase.
Custom Repositories are a specialized feature within SOC Prime Platform, distinct from traditional version control or code hosting git repositories. These repositories serve as dedicated storage within a separate database integrated into SOC Prime Platform's cloud infrastructure (with an encrypted rule body at rest). In essence, Custom Repositories provide SOC Prime Platform users with a secure environment to safeguard and organize Content, either uploaded by Users or modified Content from SOC Prime Platform tailored to their unique needs.
Permitted Use
Custom Repositories are intended for storage of Content only. You shall not upload to Custom Repositories any data that (i) violates any applicable law, (ii) infringes or misappropriates the rights of any third party, (iii) contains any malicious code, viruses, or other harmful software, (iv) poses security risks for SOC Prime Platform or its Users, (v) contains any personally identifiable information (personal data), or (vi) otherwise violates these Terms (collectively - “Custom Repositories Prohibited Data”).
Intellectual Property Rights and Data Ownership
You are solely responsible for all data you upload to Custom Repositories (“your data”). You authorize us to store your data, and represent and warrant that you have the legal right to store and distribute your data in Custom Repositories.
We are not involved in verifying the ownership of your data. The Company shall not be liable for any copyright infringements or other third-party rights associated with your data uploaded into Custom Repositories.
Your Data Removal
We reserve the right to suspend access or remove, without notice, your data from Custom Repositories if we reasonably believe that such data constitute or contain any Custom Repositories Prohibited Data.
In addition, we reserve the right to remove your data from Custom Repositories within 60 days after the expiration or termination of your Subscription (or any agreement that governs your use of our Service, including Custom Repositories).
Privacy and Security
We consider your data in Custom Repositories to be confidential to you and take reasonable measures to protect the confidentiality of your data and ensure its security. However, you are responsible for maintaining secure access to your Account and sharing your data with your Team Members (please refer to Section “User Account Registration” of these Terms).
Share Repository Option
By utilizing the "Share to SOC Prime" feature within Custom repositories, accessible exclusively to the users holding Manager Account (“company administrator”) within the repository settings interface, all Сontent within the designated repository becomes visible to SOC Prime without physical duplication. This feature is intended to facilitate collaboration, enhancement, reviews, and other professional services provided by SOC Prime.
User Responsibility
You are solely responsible for your actions and your data stored in Custom Repositories. By activating the "Share to SOC Prime" feature, the company administrator assumes full responsibility for granting SOC Prime access to the repository Сontent. SOC Prime disclaims all liabilities for any issues arising from the use of this feature, and the company administrator is solely responsible for ensuring compliance with all applicable laws and internal regulations regarding data sharing and access permissions. For the avoidance of any doubts, Section “Limited Warranties and Disclaimers” will be fully applicable to the use of Custom Repositories.
No Automatic Renewal
Custom Repositories service will not have automatic renewal. Users will need to manually renew their subscriptions or make individual purchases as needed.
GitLab Integration for Custom Repositories
As part of the Custom Repositories service, SOC Prime may offer integration with a self-hosted version of GitLab, hosted within SOC Prime’s infrastructure. This ensures that user content remains exclusively within SOC Prime’s environment, without data transmission to GitLab’s cloud. Users who have a Manager Account may choose a limited number of their team members who can sync data in SOC Prime Custom Repositories to GitLab.
By enabling GitLab synchronization, you acknowledge and accept the following:
- Data Storage and Liability: Content synced to GitLab remains within SOC Prime’s infrastructure, secured by GitLab software. SOC Prime takes all reasonable measures to safeguard data but disclaims liability for unauthorized access or data loss.
- User Control and Responsibility: SOC Prime grants users administrative control over GitLab synchronization settings, including options to manually push updates from SOC Prime to GitLab and to pull changes back into SOC Prime. Users are solely responsible for managing data shared with GitLab, including understanding that changes or deletions during synchronization are user-initiated actions, and SOC Prime bears no responsibility for their outcome.
By utilizing this integration, you agree to these terms and understand that GitLab’s terms and practices apply to any content shared or stored through their platform. For more details, please review GitLab’s Subscription Agreement.
3. Attack Detective
This Section is an integral part of the Terms and governs your use of Attack Detective, a comprehensive cybersecurity product provided by SOC Prime, that can verify thousands of threat-hunting hypotheses automatically to gain a deeper understanding of what is truly happening within the organization. By accessing or using Attack Detective, you agree to comply with and be bound by these Attack Detective Terms.
Scope of Services
With Attack Detective, you can obtain a heatmap over a selected time period with triggered Tactics, Techniques, and Procedures (TTPs), check if the visualized data can be attributed to a relevant attack, and streamline threat-hunting procedures by serving a set of prioritized queries.
The investigation process consists of two key stages: data audit and scanning.
Data Audit
During the data audit phase, Attack Detective automatically analyzes the log data collected in your data planes. This analysis aims to determine your coverage of MITRE ATT&CK® framework and identify any potential gaps in your log sources.
Scanning
Once the data audit is complete, the Attack Detective proceeds to the scanning phase. This involves querying your logs for the selected period using translations of all relevant rules from the SOC Prime Platform. These rules are tailored to match your specific data planes.
Attack Detective Limited Warranties and Disclaimers
Certain SIEM/EDR/XDR/Data Lakes may impose additional charges for data queries execution. Prior to initiating the scanning stage, you will be informed of the number of queries to be executed. The scanning period is defined by the user. By proceeding with the scan, you and the company you represent accept full responsibility for any resulting charges and bills from your SIEM.
Cancellation and refunds
You can terminate your Account or cancel your Subscription at any time. Except as otherwise set forth in these Terms, applicable Agreement or is required by applicable law, SOC Prime shall be under no obligation to do any refunds or provide credits for any part of unused Service or Content during the Subscription term.
Use on behalf of the organization
You represent and warrant to us that you have the full right, power, and authority to access and use the Service and, to the extent necessary, that you have obtained all necessary corporate or other authorizations or consents to access and use the Service. Thus, if you are an individual (e.g., employee or consultant) acting on behalf of an organization, you represent and warrant that you have obtained all necessary authorizations or consents (i.e., you must be an authorized representative) to accept these Terms on behalf of such organization so that, in addition to yourself, such organization is bound by the Terms.
Use on behalf of individual
You may use the Service only if (i) you are at least 18 years old, and (ii) SOC Prime is not restricted from the provision of Service to you under Export Control and Sanctions Laws (as defined below). An individual User Account can only be a member of one organization. Individuals can have no more than one Account, even if an individual has multiple email addresses.
User Account Registration
In order to use the Service, you must have a valid Account. To acquire an Account for the Service, you must provide SOC Prime with an electronic corporate or personal mail address and other information ("User Data") requested during the registration of the Account or later when you use the Service. You agree to provide true, accurate, and complete User Data and keep such User Data updated to maintain its truthfulness, accuracy, and completeness. You agree that all User Data you provide, our use, and processing of such User Data will be governed by our Privacy Policy (https://my.socprime.com/privacy-policy/), which may be updated from time to time.
Please note that the use of personal email addresses is allowed solely for accessing the Uncoder service provided by SOC Prime. Access to other services, products, or features available on the SOC Prime Platform will be restricted. To utilize those services, users must register and use a valid business or professional email address.
Notwithstanding the foregoing, individual users who participate in the SOC Prime Threat Bounty Program or/and educational programs or projects operated by SOC Prime may be permitted to create an account with access to services, products or features of the SOC Prime Platform using their personal email address with the prior written consent of the SOC Prime administrators. Such exceptions are granted on a case-by-case basis and are be subject to review and approval.
It is strictly prohibited to create duplicate or multiple accounts using the same business account or within the same company domain name address.
Except as expressly provided herein, you may not transfer, sell, combine, assign, and otherwise share your Account with any other person, and you may not use anyone else’s account at any time. In cases where you have nevertheless authorized or registered another person to use your Account, or where you have acted negligently in safeguarding your account as set forth above, you agree you are fully responsible for (i) the acts and omissions of such person accessing the SOC Prime Platform via your account, (ii) controlling the person’s access to and use of the Service, and (iii) the consequences of any use or misuse by such person(s). You agree to immediately notify SOC Prime of any unauthorized use of your Account that you become aware of.
Manager Account. Accounts with the same company domain (“Team Member”) can be managed by one or two Manager Accounts, which can be assigned in settings without re-registering. Manager Accounts have access to the management pages, where they can supervise the Team Members’ accounts at their sole discretion and have the right: to add, edit, remove, send direct invitations to a Team Members emails, see the statistical information of the Team Members and other actions that will be added to the Manager Accounts by the SOC Prime. If you make changes to the Team Members’ Accounts, you represent that you have respective authorities to do so (e.g., from your employer).
Login and Passwords. You understand and agree that you are solely responsible for maintaining the confidentiality of the credentials (login, passwords) for accessing your Account. If you believe that the credentials have been compromised or you detect unauthorized access to your Account - report it to report@socprime.com immediately. We may suspend access to your Account if we notice any suspicious activity.
User Responsibilities. The User will promptly report any errors in the operation of the Service to SOC Prime and will not take any actions that would increase the severity of the error. The User will use the Service solely as described herein.
You agree not to create an Account and/or use the Service if your account has previously been deactivated, deleted, and/or banned by us for further access to the Service. Additionally, you understand and agree that we may contact you via e-mail or otherwise with information relevant to your use of the Service.
Services & Support
We're committed to providing you with the best possible support experience. Our support team can be reached via email: support@socprime.com or via Platform. The free support option has the following conditions:
- Expected response time: Same Business Day, Monday-Friday (excluding statutory US holidays): 9:00 AM to 5 PM GMT
- Expected resolve time: From 24 Hours to 5 Business Days
We may offer additional paid support. For details, please contact our support or sales team.
Service Level Agreement (SLA)
For paid Subscriptions, SOC Prime shall maintain the availability of the Service 99.5% of the time. “Availability” means the percentage of the time the Service is available to User calculated in the following manner:
Availability in the calendar month = [total monthly minutes – minutes of unavailability/total monthly minutes] * 100%
Availability will not include minutes of unavailability resulting from events of Force Majeure (except to the extent avoidable by SOC Prime’s commercially reasonable efforts), or the User's failure to use the Service. Our Support will make the best effort to resolve any issues to your satisfaction as quickly as possible and achieve the maximum level of Availability.
You may have other SLA terms in the Agreement.
Extended Service Level Agreement for the Latest Threats
If you purchased the 24-Hour SLA add-on for the latest threats, you may be entitled to the special terms described in this Section. Otherwise, a 24-hour or longer wait time on content code access from its release date will be granted, according to the applicable Agreement. 24-Hour SLA can already be included in your Subscription, please check this in the price list or quote.
We provide the Content for the detection of suspicious activity related to the most dangerous Exploitable Critical Vulnerabilities selected by SOC Prime within a 24-hours period (“Content SLA Period”).
For the purposes of the Terms, Exploitable Critical Vulnerability means critical weakness in an information system that can be exploited or triggered by a threat source, and information about such exploits and/or triggers is publicly available and assessed as described below (all three criteria below should be met):
- information about the Exploitable Critical Vulnerability becomes publicly available, identified, and categorized with Common Vulnerabilities and Exposures (CVE®) methodology, its CVE record published by respective CVE Numbering Authorities according to the MITRE Corporation rules and practices;
-
criticality level of the Exploitable Critical Vulnerability is assessed and received the
following scores on at least one of the following sources indicated below:
- Microsoft Security Update: Publicly Disclosed=yes, Exploited=yes, CVSS:3 >= 9, according to methodology published at https://msrc.microsoft.com/update-guide/vulnerability;
- VulnDB: Exploitability must exist, and CTI Interest Score >= 9 and CVSS:3 >= 9 as published at https://vuldb.com/?cti.
- results of exploitation of respective Exploitable Critical Vulnerability must be traceable (i.e. present in log files: event logs, security logs, audit trails, audit logs, and similar records).
SOC Prime will be proactively monitoring and developing Content that addresses certain Exploitable Critical Vulnerabilities, which, in our opinion, constitute the biggest threat. For this purpose, we monitor the sources mentioned in the Exploitable Critical Vulnerability definition and focus on the widely used software (e.g. most common Linux platforms, Microsoft Windows, and software with a proven base of users of at least 1 million). We will do our best to address vulnerabilities in legacy and niche software as well. However, such software will not be covered by this section of the Terms. SOC Prime will determine at its sole discretion what software we focus our efforts on and what Exploitable Critical Vulnerabilities will be selected for the Content SLA Period.
Content SLA Period for Exploitable Critical Vulnerability selected by SOC Prime will be calculated from the moment of publication of the information about such Exploitable Critical Vulnerability on the websites indicated above.
The content will be considered as provided to you from the moment it is published on the SOC Prime Platform.
We do not offer refunds for the 24-Hour SLA or longer SLA add-on. If you have any questions or concerns about the add-on, please reach out to our support team for assistance.
Right to Audit and Other Requests
You agree to keep accurate records containing all the data (including technical data and logs about the distribution or use of Content for any third party) reasonably required to verify your compliance with these Terms or Agreement. Such records will be retained for a period of at least 3 years following the end of your Subscription term. Upon receipt of written notice (which may be sent at least 3 days in advance), you will permit the auditing and copying of such records by our representatives or a mutually acceptable third party. In addition, you will respond to reasonable inquiries from SOC Prime regarding your use of the Service and/or the Content.
SOC Prime shall bear fees and expenses incurred in connection with the audits unless such audit discovers a material breach of these Terms or underpayment of fees (periodic payment of fees that may be stipulated by the Agreement), in which case you will bear the fees and expenses incurred in connection with such audit.
If we have reasonable grounds to believe that you are not compliant with these Terms, we may send you a request with information relevant to your use of the Service, and you agree to respond to such request within 5 business days.
Termination
SOC Prime’s Termination for Breach. You agree that we may suspend your Account or terminate your Subscription if we believe that you have violated these Terms, infringed the intellectual property rights, or engaged in fraudulent or illegal activities with the use of Service if it is required by applicable law, regulation, court or governing agency order. Our termination of any User’s access to the Site or Service hereunder may be effected with notice and, on such termination, we may immediately deactivate or delete User’s account and/or bar any further access, and your right to use the Service will immediately cease.
SOC Prime’s Termination for Convenience. We may suspend, restrict, or terminate your Subscription and, therefore, your access to Service and suspend your User Account without explaining to you a reason for such deactivation by giving you notice: (i) at least 2 months before such deactivation if you are a Paid User; and (ii) at least in 3 days if you are a Free User. You acknowledge that our decision to take specific actions, including limiting access to or suspending your Account, may be based on confidential criteria essential for our risk management and security protocols. You agree that SOC Prime is under no obligation to disclose the details of its risk management and security procedures to you. If you are a Paid User, you will be entitled to a refund of fees prorated to the unused Subscription term.
Termination for Breach. SOC Prime may terminate your Subscription prior to its expiration if you breach and fail to cure said breach within 30 days after receipt of written notice thereof.
User’s Termination for Convenience. You may terminate your Account or cancel the Subscription by emailing support@socprime.com or by withdrawing your consent for processing your personal data via your Account.
Termination for cause. Accounts of individual users who are participating in the SOC Prime Threat Bounty Program or/and educational programs or projects operated by SOC Prime may be suspended by SOC Prime by its sole discretion with or without notice if the Threat Bounty Program member does not submit any detection code via Program for ninety (90) consecutive days, or if the maintenance of such account is no longer needed for the abovementioned programs and projects.
Intellectual Property
The intellectual property rights pertaining to the Service, Content, and all Site materials, including but not limited to the copyright, trademark, patent rights, and other intellectual property rights remain the sole ownership of SOC Prime and its respective owners. All rights not expressly granted herein are reserved. The registered trademark 'SOC Prime' is the property of SOC Prime, Inc. All other trademarks, service marks, and trade names mentioned in these Terms or elsewhere on the Site are the property of their respective owners. You are not authorized to use SOC Prime trademarks or logos in any advertising, publicity, or any other commercial manner without prior written consent from SOC Prime.
SOC Prime acknowledges that certain sections of the Content description, specifically Audit Configuration, False Positives, and Triage Recommendations, are generated by the Chat GPT and may incorporate pre-existing knowledge or information. SOC Prime does not claim or assert any intellectual property rights over these specific sections of the Content description.
The user acknowledges that SOC Prime may not own all the Content available on its Platform.
Claims of copyright infringement
SOC Prime respects the intellectual property rights of others and asks that the people who use
the Site do the same. The Digital Millennium Copyright Act of 1998 (the “DMCA”) provides
recourse for copyright owners who believe that material appearing on the Internet infringes
their rights under U.S. copyright law. If you believe in good faith that materials available on
the Site infringe your copyright, you (or your agent) may send SOC Prime a notice requesting
that we remove the material or block access to it. If you believe in good faith that someone has
wrongly filed a notice of copyright infringement against you, the DMCA permits you to send SOC
Prime a counter-notice. Notices and counter-notices must meet the then-current statutory
requirements imposed by the DMCA.
See the DMCA Designated Agent
Directory for
details. Notices and counter-notices should be sent to:
Copyright Agent
SOC Prime, Inc.
399 Boylston Street, 6th Floor
Boston, MA 02116
Email: dmca@socprime.com
Choice of law
These Terms and all matters relating to your access or use of the Service, including all disputes, claims, or causes of action (whether in contract, tort, or statute) that may be based upon, arise out of, or relate to these Terms shall be governed by and construed under the laws of the State of Delaware, without regard to the principles thereof relating to conflicts of laws. Any action which is based, directly or indirectly, arising out of these Terms shall be brought only in the courts of the State of Delaware.
Dispute Resolution
Should any dispute arise with regard to these Terms, the parties agree to first work in good faith to resolve such dispute, and neither party may commence any action with regard to such dispute until thirty (30) days have passed from the time such party has provided written notice to the other party of the nature of such dispute, provided that nothing herein will prevent us from seeking injunctive relief in the event of your actual or threatened breach of any terms of these Terms.
Limited Warranties and Disclaimers
SOC PRIME PROVIDES THE SERVICE USING A COMMERCIALLY REASONABLE LEVEL OF CARE, AND WE PROMISE TO DO OUR BEST TO MAKE SURE YOU ENJOY THE SERVICE. CERTAIN MODULES OF THE SOC PRIME PLATFORM MAY HAVE ACCESS TO SYSTEMS OF YOUR ORGANIZATION (E.G. SIEM), INCLUDING MANAGING, ADDING, AND REMOVING CONTENT THEREFROM. YOU ARE UPLOADING AND DEPLOYING THE CONTENT TO YOUR SYSTEMS AT YOUR OWN RISK AND ARE SOLELY RESPONSIBLE FOR ANY ACTIONS TAKEN UNDER YOUR ACCOUNT.
TO THE MAXIMUM EXTENT POSSIBLE UNDER THE APPLICABLE LAW, SOC PRIME SHALL HAVE NO LIABILITY FOR ANY FAILURES, DISRUPTIONS, DAMAGES, DIRECT OR INDIRECT LOSSES, LOSSES OF PROFITS OR REVENUES, COSTS, EXPENSES OR LOSS OF DATA RELATED TO YOUR USE OF THE SERVICE AND/OR THE CONTENT FROM THE SOC PRIME PLATFORM IN YOUR AND/OR ANY THIRD PARTY SIEM, EDR, NSM, NTA, NTDR, OR SIMILAR SYSTEMS.
YOU EXPRESSLY ACKNOWLEDGE AND AGREE THAT YOUR USE OF THE SERVICE IS AT YOUR OWN RISK. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE SERVICE AND/OR THE CONTENT IS PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS.
SOC PRIME MAKES NO WARRANTY THAT (I) THE SERVICE AND/OR CONTENT WILL MEET YOUR REQUIREMENTS OR EXPECTATIONS AND (II) ANY USER ACCESS TO THE SERVICE WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE.
THE LIGHT SEARCH FEATURE USES A THIRD-PARTY SERVICE AND MAY TRANSMIT CERTAIN SEARCH QUERIES TO EXTERNAL SERVICES, SUCH AS OPENAI SERVICE, TO ENHANCE SEARCH RESULTS. TERMS OF OPENAI SERVICE SHALL APPLY BOTH TO INPUT QUERIES AND OUTPUT USED TO FIND RESULTS. USERS ARE SOLELY RESPONSIBLE FOR THE CONTENT OF THEIR QUERIES AND SHOULD AVOID INCLUDING PERSONAL OR CONFIDENTIAL INFORMATION. SOC PRIME DISCLAIMS LIABILITY FOR ANY UNAUTHORIZED ACCESS, DATA LEAKAGE, OR OTHER INCIDENTS ARISING FROM THIRD-PARTY PROCESSING OF QUERIES. BY USING LIGHT SEARCH, YOU ACKNOWLEDGE AND ACCEPT THESE TERMS.
Limitation of Liability
To the extent not prohibited by law, in no event shall SOC Prime or its affiliates, suppliers, or resellers be liable for personal injury or any special, incidental, indirect, exemplary, punitive, or consequential damages whatsoever, including, without limitation, damages for loss of profits, revenues, loss of opportunity or anticipated savings, business interruption, loss of data, computer failure arising out of or related to the use of or inability to use the Service (including any potential risks associated with using Light Search), or the provision of or failure to provide technical or another support service, whether arising in tort (including negligence), contract, or any other legal theory, even if SOC Prime, its affiliates, suppliers, or resellers have been advised of the possibility of such damages. In any case, SOC Prime's, its affiliates', suppliers', and resellers' maximum cumulative liability and your exclusive remedy for any claims arising out of or related to these Terms shall not exceed the lesser of either US$ 5,000 or a total of fees paid by you for the one month of Service immediately preceding the event giving rise to the claim.
Indemnity
Unless otherwise provided in a written agreement between you and SOC Prime, you agree, to the extent permitted under applicable law, to indemnify, defend, or at our option, settle and hold SOC Prime and its Affiliates harmless from any assertion, claim, or proceeding, damages, losses and expenses of any kind arising out or related to (1) your breach of any of these Terms, including compliance with the Export Control and Sanctions Laws; (2) any Content you post or otherwise contribute to SOC Prime Platform; (3) any activity in which you engage on or through the Service; and (4) your violation of any law or the rights of a third party.
Force Majeure
SOC Prime shall be exempted from liability for failure to comply with its obligations under these Terms, where such failure is caused by the occurrence of an act of God or other circumstances beyond the reasonable control of the affected Party, including, without limitation, natural disasters, civil commotion, war (declared and undeclared), revolution, strikes, work stoppages, accidents, acts of terrorism, nuclear or natural catastrophes, embargo, or in case the User or User`s company are subject to any U.S. sanctions (the “Sanction”) administered by OFAC or subject to any equivalent sanctions administered or enforced by the United Nations Security Council or other relevant sanctions authority (hereinafter referred to as “Force Majeure”).
The occurrence of a Force Majeure event shall extend the due terms of SOC Prime's obligations under these Terms for the period duration of the Force Majeure plus an additional period required to eliminate its consequences. If any Force Majeure event occurs, SOC Prime shall not be responsible for any indemnity for the fees paid by the User and only agrees to extend the period of use of the Service for 30 days.
No agency
No agency, partnership, joint venture, employee-employer, or franchisor-franchisee relationship between you and SOC Prime is intended or created by these Terms.
No third-party beneficiaries
The provisions of these Terms are for the sole benefit of the parties and their successors and permitted assignments, and they will not be construed as conferring any rights to any third party (including any third-party beneficiary rights).
Waiver and Severability
Failure by either party to exercise any of its rights under or to enforce any provision of these Terms will not be deemed a waiver or forfeiture of such rights or ability to enforce such provision. If any provision of these Terms is held by a court of competent jurisdiction to be illegal, invalid, or unenforceable, that provision will be amended to achieve as nearly as possible the same economic effect of the original provision, and the remainder of these Terms will remain in full force and effect.
Export Control and Sanctions Laws
You shall comply with all applicable federal, state, local, and foreign laws, rules, and regulations while using the Service and the Content. You are solely responsible for ensuring your use of the Service is compliant with all applicable laws, rules, and regulations. The right to access the Service is revoked where the use of the Service is prohibited or to the extent offering, selling, or providing of the Service conflicts with any applicable law, rule, or regulation.
The Service is subject to U.S. export control laws and regulations and may be subject to foreign export or import laws or regulations. You are now and will remain in the future compliant with all such export control laws and regulations and will not export, re-export, or otherwise transfer any SOC Prime Service or technology or disclose any Content to any person contrary to such laws or regulations.
You acknowledge that the Service, or a portion thereof, may be subject to the Export
Administration Regulations, 15 C.F.R. Parts 730-774, of the United States and may be subject to
other applicable country export control and trade sanctions laws (“Export Control and Sanctions
Laws”). You and your end users may not access, use, export, re-export, divert, transfer, or
disclose any portion of the Service or any related technical information or materials, directly
or indirectly, in violation of Export Control and Sanctions Laws. You represent and warrant
that: (i) you and your end users (a) are not entities of, or registered/located within, a
country or territory that is subject to Export Control and Sanctions Laws or other significant
trade restrictions, including but not limited to Russia, Venezuela, Sudan, Zimbabwe, Myanmar
(Burma), Nicaragua, Cuba, Iran, North Korea, and Syria), and that you and your end users will
not access or use the Services, or export, re-export, divert, or transfer the Service, in or to
such countries or territories; (b) are not persons, or owned 50% or more, individually or in the
aggregate by persons, identified on the U.S. Department of the Treasury’s Specially Designated
Nationals and Blocked Persons List or Foreign Sanctions Evaders Lists; and (c) are not persons
on the U.S. Department of Commerce’s Denied Persons List, Entity List, or Unverified List, or
U.S. Department of State proliferation-related lists.
You are solely responsible for complying with the Export Control and Sanctions Laws and
monitoring them for any modifications.
Entire agreement
These Terms, inclusive of the incorporated webpages, any terms that are incorporated in these Terms by reference, Order, as applicable, and all other documents executed by the parties, constitute the entire agreement between the parties concerning its subject matter and supersede all contemporaneous or prior representations, discussions, proposals, and agreements, in any format, relating to its subject matter. If you have executed a separate agreement with SOC Prime for this transaction, that separate agreement will take precedence as to these Terms. You represent that you accepted these Terms without reliance on any oral or written representations made by SOC Prime that are not contained in these Terms.
Modification
SOC Prime reserves the right to change, modify, add, or remove portions of these Terms, our Privacy Policy, or any terms they incorporate by reference in its sole discretion and at any time. Such modifications shall take effect and be binding on Users on the date set forth on the first page of these Terms. We will take reasonable steps to notify you of any changes or modifications (usually via email identified in your User Data), but it is your responsibility to check these Terms periodically for changes. Notwithstanding anything to the contrary, your continued use of the Service after the effective date of any modified Terms will be deemed your conclusive acceptance of all such changed or modified terms and conditions. If you have any questions regarding the update, reach out to our Support Team at support@socprime.com
Report abuse
If you feel SOC Prime needs to know that something goes wrong or someone violates these Terms, please report it to abuse@socprime.com
Marketing notifications
As part of the registration process, you are also given the opportunity to receive relevant information about the Service, including information about other products and services that may be of interest to you. In this case, SOC Prime may contact you at the email address provided during registration. You can opt-in to receive marketing communications by contacting us via support@socprime.com.
Feedback and Information
SOC Prime welcomes and encourages you to provide suggestions, comments, or other feedback about the Site, Service, Content (e.g., regarding their utility, and feasibility), and your experience with the Service, as well as any bug fixes, features, functionality, or enhancements you would like to see in future versions, as well SOC Prime may collect certain metrics about your use of the Service (collectively "Feedback"). You acknowledge and agree that all Feedback provided or collected during your use of the Service, Site, or otherwise will be given entirely voluntarily and be non-confidential for SOC Prime, you represent and warrant that you will not provide any Feedback that you know or have reason to believe might infringe any third-party intellectual property rights or misappropriate any third-party confidential information or trade secrets. You grant SOC Prime a non-exclusive, transferable, royalty-free right and license to use the Feedback, and SOC Prime shall be free to use such Feedback on an unrestricted basis.
We encourage you to share your feedback in Discord by joining our Discord server at https://tdm.socprime.com/zeptolink/E0ojRAykgC5adVh7/ and engaging with the community in channels to get advice and feedback from our team and other users.
We reserve the right to edit, move, or delete comments that, at our discretion, fall within the following categories: offensive or inappropriate language, failure to respect fellow commenters, links returning errors, irrelevant links, invalid email addresses, or comments not contributing to the conversation.