Last updated January 2026
BY SUBMITTING THE WARRANTY ENROLLMENT FORM ON THIS PAGE OR CLICKING A "SUBMIT", "CONTINUE", "I AGREE" OR A SIMILAR PHRASE, OR OTHER SIMILAR BUTTON ASSOCIATED WITH THIS AGREEMENT, YOU AND THE COMPANY OR ENTITY YOU ARE ACTING FOR ("CUSTOMER") AGREE TO THIS RAPID7 LIMITED BREACH PROTECTION WARRANTY AGREEMENT ("WARRANTY AGREEMENT") AND THE WARRANTY AGREEMENT WILL BE DEEMED A BINDING CONTRACT BETWEEN RAPID7 AND CUSTOMER. YOU EXPRESSLY REPRESENT AND WARRANT THAT: (1) YOU ARE LAWFULLY ABLE TO ENTER INTO THIS WARRANTY AGREEMENT, AND (2) THE COMPANY OR ENTITY THAT YOU ARE ACTING FOR HAS GIVEN YOU FULL AUTHORITY TO BIND THE COMPANY/ENTITY TO THIS WARRANTY AGREEMENT. IF YOU DO NOT AGREE TO OR CANNOT COMPLY WITH ALL OF THE TERMS AND CONDITIONS SET FORTH IN THIS WARRANTY AGREEMENT OR IF YOU DO NOT HAVE AUTHORITY TO BIND THE CUSTOMER, THEN DO NOT CLICK "SUBMIT", "CONTINUE", "AGREE" OR A SIMILAR PHRASE, AND CUSTOMER WILL NOT BE AUTHORIZED TO ENROLL IN RAPID7'S BREACH PROTECTION WARRANTY.
This Warranty Agreement is entered into as of the date that Customer accepts the terms and conditions herein ("Warranty Inception Date").
In consideration of the mutual covenants and agreements contained herein, and other good an valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the parties agree as follows:
1. DEFINITIONS
"Affiliate" means any legal entity that controls, is controlled by, or that is under common control with a party. "Control" means ownership of more than 50% interest of voting securities in an entity or the power to direct the management and policies of an entity.
"Carrier" means the insurance carrier underwriting this warranty.
"Compliance Action" means (1) a request for information, civil investigative demand, administrative action or civil proceeding brought by a federal or state government entity or agency against Customer, or (2) an action brought by, or written demand from, a payment card association seeking an assessment, fee, fine or penalty for a violation of the PCI Data Security Standard.
"Covered Expenses" means solely (and to the exclusion of all other fees, expenses, losses, settlements and damages) the following reasonable and necessary fees and expenses to the extent incurred by Customer as a result of a Security Incident:
(1) Forensic Investigation Expenses;
(2) Legal Consultation Expenses;
(3) Post Security Incident Expenses; and
(4) Public Relations Expenses;
The foregoing fees and expenses constitute "Covered Expenses" only if: (1) incurred by Customer after having obtained prior written approval from Rapid7 to obtain such services or incur such expenditures; (2) invoiced by a third party provider that has been preapproved in writing by Rapid7; (3) incurred by Customer within one (1) year following the Discovery Date of the applicable Security Incident; and (4) payment and/or reimbursement does not violate any applicable domestic or foreign law, statute, regulation or rule as determined by Rapid7 in its sole discretion.
"Covered Endpoint" means any Customer Endpoint (i) that has the Rapid7 agent installed on it and (ii) with an operating system that (a) meets the pre-requisites and configuration requirements listed in the Documentation, and (b) is fully supported by the operating system manufacturer.
"Customer Agreement" means the agreement between Rapid7 and Customer governing Customer's Managed Threat Complete Ultimate subscription.
"Discovery Date" means the earlier of (1) the date Customer first discovers the Security Incident or (2) the date Rapid7 first discovers the Security Incident.
"Documentation" means the technical documentation of Managed Threat Complete Ultimate generally supplied by Rapid7 to its end-customers.
"Endpoint" means any physical or virtual device that is under ownership, operation or control of, or is leased by, Customer.
"Event Date" means the date the Security Incident or Pre-existing Incident first occurred; provided, however, that each Security Incident that forms part of a Related Security Incident shall be deemed to have the Event Date of the earliest Security Incident or Pre-existing Incident (if applicable) that forms part of the Related Security Incident.
"Managed Threat Complete Ultimate ("MTC Ultimate")" means Rapid7's managed subscription referred to as Managed Threat Complete Ultimate and as further described under https://www.rapid7.com/.
"Forensic Investigation Expenses" means fees and expenses of a vendor, approved by Rapid7, incurred by Customer to conduct an investigation (including a forensic investigation) to determine the cause and extent of a Security Incident.
"Legal Consultation Expenses" means fees and expenses of vendor, approved by Rapid7, incurred by Customer to obtain data security-related legal advice after a Security Incident, including, without limitation advice related to notification content and requirements. Legal Consultation Expenses do not include any fees or expenses incurred in connection with the response to or defense of any actual, anticipated or threatened suit, action, proceeding litigation or Compliance Action against the Customer.
"Measured Security Posture" means the configurations, settings, actions and remediations described in then-current Rapid7 documentation for MTC Ultimate.
"Personnel" means Customer's employees, vendors and contractors.
"Physical Event" means fire, smoke, explosion, lightning, wind, water, flood, earthquake, volcanic eruption, tidal wave, landslide, hail, an act of God, loss or theft of a physical Endpoint, or any other physical event, however caused.
"Post-Security Incident Expenses" means fees and expenses incurred by Customer, at the advice of a vendor approved by Rapid7, for (1) notifying individuals whose personally identifiable information may have been compromised by a Security Incident (including the cost of printing and mailing) and (2) identity theft call center assistance, identity restoration services, credit file or identity monitoring and/or victim expense reimbursement insurance made available to such notified individuals.
"Pre-existing Incident" means any unauthorized access to the operating system of an Endpoint that occurs either (1) before such Endpoint becomes a Covered Endpoint in the Protected Environment; or (2) before Customer's Warranty Period.
"Protected Environment" means the Covered Endpoint that are in the Measured Security Posture (or higher) and monitored by Rapid7's MTC Ultimate team.
"Public Relations Expenses" means fees and expenses incurred by Customer for a public relations firm, approved by Rapid7, to advise the Customer on minimizing the harm to Customer and restoring public confidence in Customer after a Security Incident.
"Related Security Incident" means, collectively, the same, continuous, related or repeated Pre-existing Incidents and/or Security Incidents.
"Security Incident" means unauthorized access by a Third Party to the operating system of a Covered Endpoint in the Protected Environment that results in the malicious exfiltration, destruction and/or irreversible encryption of Customer data that Customer reasonably believes has value in excess of $25,000. Notwithstanding the foregoing, unauthorized access arising out of or resulting directly or indirectly from any of the following events does not constitute a Security Incident: (a) Customer whitelisting a Covered Endpoint or process; (b) Customer or Personnel altering or instructing Rapid7 to alter configurations such that a Covered Endpoint falls below the Measured Security Posture; (c) Customer's or Personnel's failure to follow Rapid7's prevention or remediation instructions; (d) Customer's or Personnel's modification or alteration of MTC Ultimate; (e) any fraudulent, criminal or malicious act of Customer or its Personnel, or any intentional or knowing violation of the law by Customer or its Personnel; (f) any Physical Event; (g) any form of Unrest; and/or (h) the Third Party accessed the operating system of a Covered Endpoint in the Protected Environment from a portion of the Customer's network that is not part of the Protected Environment.
"Third Party" means any entity or person except Customer and Personnel.
"Unrest" means strike or similar labor action, war, invasion, military action (whether war is declared or not), civil war, mutiny, popular or military uprising, insurrection, rebellion, revolution, military or usurped power, or any action taken to hinder or defend against any of these events.
2. Scope
If Customer experiences a Security Incident in its Protected Environment during a Warranty Period, Customers' sole and exclusive remedy will be under this limited warranty, subject to the terms herein, for the reimbursement of Covered Expenses that directly result from such Security Incident ("Payments") up to a maximum amount not to exceed the applicable Limit set forth in Section 3 (Limits of Liability).
This limited warranty extends only to Customer and its Covered Expenses, and unless explicitly agreed by Rapid7 in writing, does not extend to Customer's Affiliates or any of their losses or damages, nor does it extend to any third parties (including, but not limited to, suppliers, service providers, end-clients, employees or agents of Customer) or any of their losses or damages.
3. Limits of Liability
Covered Costs: Customer Covered Endpoints | Limit (in USD) |
500-4,999 | $100,000 |
5,000-10,000 | $500,000 |
10,001 and above | $1,000,000 |
Aggregate Payments for multiple Security Incidents that have Discovery Dates in the Warranty Period shall not exceed the Limit for such Warranty Period.
4. Reimbursement Eligibility
To be eligible for Payments:
a) During the entirety of the Warranty Period: (i) Customer must have a valid MTC Ultimate subscription, and (ii) Customer's Covered Endpoint must be in the Measured Security Posture (or higher) at all times;
b) At the time the Security Incident first occurs, Customer must be using the most-recent version of the Rapid7 agent made available by Rapid7 to Customer on the Endpoint(s) that experienced such Security Incident;
c) The Event Date and Discovery Date of the Security Incident must occur during the Warranty Period;
d) Customer must notify Rapid7 in accordance with Section 6 below;
e) Customer must be in compliance with its Customer Agreement, including without limitation any payment obligations; and
f) During the entirety of the Warranty Period, Customer must reasonably cooperate with Rapid7, including without limitation by implementing all reasonable remediation steps provided by Rapid7 and providing all reasonably requested information and complying with the reimbursement process set forth in Section 5 (Reimbursement Request Process).
5. Reimbursement Request Process:
a) Reimbursement Request Requirements. A separate Reimbursement Request must be submitted to Rapid7 for each Security Incident. Such Reimbursement Request shall include all information available to Customer regarding the Security Incident.
b) Submission of Reimbursement Request. Rapid7 shall review the Reimbursement Request and Customer shall provide any additional information reasonably requested by Rapid7 at any time. by submitting the Reimbursement Request to Rapid7, Customer authorizes Rapid7 to share any information that is reasonably necessary to assess the validity of the Reimbursement Request with Carrier, provided Carrier is under an obligation to keep such information confidential. If Carrier denies coverage to Rapid7 for any Reimbursement Request, notwithstanding anything to the contrary in this Warranty Agreement, Rapid7 shall have no obligation to make any Payments for such Reimbursement Request to Customer.
c) Payments. Rapid7 shall have no obligation to make Payments that are prohibited by law. Customer shall submit proof of Covered Expenses in accordance with Rapid7's instructions. During the Warranty Period and for a period of three (3) years thereafter, Rapid7 shall have the right at its own expense to inspect, and Customer shall maintain and provide, Customer's records related to such Covered Expenses upon unreasonable written request during regular business hours.
6. Notice.
If Rapid7 discovers a Security Incident during the Warranty Period that occurred during such Warranty Period, Rapid7 shall notify Customer of such Security Incident in accordance with Rapid7's then-applicable MTC Ultimate documentation. If Customer discovers during the Warranty Period a Security Incident that occurred during such Warranty Period, Customer shall notify Rapid7 of such Security Incident by sending an email to [email protected] no later than seventy-two (72) hours after the Discovery Date of such Security Incident. Customer shall have thirty (30) days from (a) the date Rapid7 provides notice of Security Incident to Customer, or (b) Customer provides notice of a Security Incident to Rapid7 to notify Rapid7 of Customer's intent to request Payments by sending an email to [email protected] ("Reimbursement Request").
7. Exclusions:
This limited warranty does not extend to Pre-existing Incidents or Related Security Incidents that include a Pre-existing Incident. All Covered Expenses resulting from a Related Security Incident shall be subject to the terms, conditions, exclusions and Limits of Liability of the Warranty Period in effect on the Discovery Date of the first discovered Security Incident that forms part of the Related Security Incident.
8. Choice of Law:
The terms of this Warranty Agreement will be governed by and construed in accordance with the laws of the State of Delaware. The 1980 United Nations Convention on Contracts for the International Sale of Goods and its related instruments will not apply to this agreement.
9. Dispute Resolution:
Notwithstanding any dispute resolution or venue provisions in any Customer Agreement, any dispute, claim, or controversy arising out of or relating to this Warranty Agreement or the existence, breach, termination, enforcement, interpretation, or validity of this Warranty Agreement, including the determination of the scope or applicability of this arbitration clause, (each, a "Dispute") shall be referred to and finally resolved by arbitration under the rules of the American Arbitration Association in force on the date when the notice of arbitration is submitted in accordance with such rules (which rules are deemed to be incorporated by reference into this clause) on the basis that the governing law is the law of the State of Delaware, USA; and (2) any Customer claims under the Customer Agreement that are in any way related to a Dispute or MTC Ultimate shall also be subject to this arbitration provision. The seat, or legal place, of arbitration shall be the State of Delaware, USA.
The arbitral panel shall consist of three (3) arbitrators, selected as follows: each party shall appoint one (1) arbitrator; and those two (2) arbitrators shall discuss and select the third arbitrator. If the two party-appointed arbitrators are unable to agree on a third arbitrator, the third arbitrator shall be selected in accordance with the applicable rules of the arbitration body. Each arbitrator shall be independent of all parties to the arbitration and shall have suitable experience and knowledge in the subject matter of the Dispute. Judgement upon the award so rendered may be entered in a court having jurisdiction or application may be made to such court for judicial acceptance of any award and an order of enforcement, as the case may be. The language to be used in the arbitral proceedings shall be English.
10. Term, Termination & Assignment:
This Warranty Agreement shall commence on the Warranty Inception Date and continue for the term of the Customer's then-current MTC Ultimate subscription ("Warranty Period"), unless terminated earlier accordance with this section 10 or the Customer Agreement. This Warranty Agreement may be terminated by Rapid7, with immediate effect, for convenience and for any reason in Rapid7's sole direction and Rapid7 will have no further liabilities to Customer under this Warranty Agreement. Termination of the Customer Agreement and/or Customer's MTC Ultimate subscription shall automatically terminate this Warranty Agreement. Termination of this Warranty Agreement shall not terminate the Customer Agreement or Customer's MTC Ultimate subscription.
Customer may not assign this Warranty Agreement without the prior written consent of Rapid7, except to an Affiliate in connection with a corporate reorganization or in connection with a merger, acquisition, or sale of all or substantially all of its business and/or assets provided Customer provides Rapid7 with notice of any such assignment no later than thirty (30) days after such assignment or change in control event is public. Any assignment in violation of this Section 10 shall be void and shall void this Warranty Agreement. Subject to the foregoing, all rights and obligations of the parties under this Warranty Agreement shall be binding upon and inure to the benefits of and be enforceable by and against the successors and permitted assigns.
Except to the extent a Reimbursement Request arises out of an event that is later determined (1) not a Security Incident, or (2) to relate to a Pre-Existing Incident, Rapid7 hereby waives any and all rights it has or may have to reimbursement of Payments from Customer. Customer shall promptly (but in no event later than 30 days after written notice) reimburse Rapid7 for all Payments related to a Reimbursement Request that arises out of an event that is later determined not to be a Security Incident or that relates to a Pre-Existing Incident.
11. Insurance.
Rapid7 has obtained one or more insurance policies to cover its obligations under this Warranty Agreement. Customer is not an insured or intended third party beneficiary under such insurance policies, and hereby waives any rights it may have as a third party beneficiary under such insurance policies. Customer shall not communicate with Carrier without Rapid7's prior to written consent. Where approved by Rapid7, Customer agrees to communicate directly with Carrier regarding Reimbursement Requests and to provide the same information and cooperation required under this Warranty Agreement to any Carrier issuing such an insurance policy. Notwithstanding the foregoing or anything else herein to the contrary, (a) the parties do not intend for this Warranty Agreement to be deemed a contract of insurance under any laws or regulations and (b) this Warranty Agreement shall be null and void in any country or other jurisdiction in which it is deemed to be a contract of insurance.
12. Updates.
Rapid7 reserves the right to modify this Warrant Agreement at its sole discretion. Should Rapid7 make any modifications to the Warranty Agreement, Rapid7 will post the amended terms at https://www.rapid7.com/legal/breach-protection-warranty-terms/ or provide notification by such other reasonable notification method implemented by Rapid7.
13. Warranty Disclaimer.
EXCEPT AS SPECIFICALLY SET FORTH HEREIN AND/OR WITHIN THE CUSTOMER AGREEMENT AND TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW, RAPID7 AND ITS AFFILIATES AND SUPPLIERS SPECIFICALLY DISCLAIM ANY OTHER EXPRESS, IMPLIED OR STATUTORY WARRANTIES, INCLUDING WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY, AND FITNESS FOR A PARTICULAR PURPOSE WITH RESPECT TO MTC ULTIMATE. RAPID7 AND ITS AFFILIATES AND SUPPLIERS DO NOT WARRANT THAT MTC ULTIMATE WILL MEET CUSTOMER'S REQUIREMENTS, PURPOSES OR NEEDS, OR THAT IT WILL BE ERROR FREE, OR THAT IT WILL OPERATE WITHOUT INTERRUPTION. CUSTOMER AGREES THAT IT IS CUSTOMER'S RESPONSIBILITY TO ENSURE SAFE USE OF MTC ULTIMATE ON ENDPOINTS INTERFACING WITH SUCH APPLICATIONS AND SYSTEMS.
14. Limitation of Liability.
TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, FOR ANY CAUSE RELATED TO OR ARISING OUT OF THIS WARRANTY AGREEMENT, WHETHER IN AN ACTION BASED ON A CONTRACT, TORT (INCLUDING NEGLIGENCE AND STRICT LIABILITY) OR ANY OTHER LEGAL THEORY, HOWEVER ARISING, RAPID7 WILL IN NO EVENT BE LIABLE TO CUSTOMER OR ANY THIRD PARTY FOR LOST REVENUES, LOST PROFITS, LOST BUSINESS OPPORTUNITIES OR LOST GOODWILL, LOST DATA, DATA RESTORATION OR ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR LOSSES OR SUCH DAMAGES OR LOSSES WERE REASONABLY FORESEEABLE. IN NO EVENT WILL RAPID7'S LIABILITY UNDER OR ARISING FROM THIS WARRANTY AGREEMENT EXCEED THE AGGREGATE LIMIT OF LIABILITY IN SECTION 3 (LIMITS OF LIABILITY). Multiple claims or Security Incidents shall not expand the limitation specified in the foregoing sentence. Any Payments, damages or losses paid under this Warranty Agreement shall accrue towards any limit of liability set forth in the Customer Agreement. If such limitation of liability is determined to be invalid under applicable law, this Warranty Agreement shall be deemed null and avoid.
15. Entire Agreement.
This Warranty Agreement constitutes the entire agreement between Customer and Rapid7 concerning the subject matter of this Warranty Agreement and it supersedes any prior or concurrent proposals, agreements, understandings, or other communications between the parties, oral or written, regarding such subject matter. For the avoidance of doubt, this Warranty Agreement is in addition to the Customer Agreement and except as expressly set forth herein, nothing in this Warranty Agreement is intended to supersede, modify or amend the Customer Agreement, including the warranties therein. This Warranty Agreement is not intended to and shall not be construed to give any third party any interest or rights (including, without limitation, any third party beneficiary rights) with respect to or in connection with any agreement or provision contained herein or contemplated hereby.
Appendix A
This Appendix A sets forth the minimum technical and operational conditions that must be continuously
maintained by Customer in order to remain eligible for coverage under the Breach Protection Warranty
(“Warranty”). These requirements define the baseline visibility necessary for Rapid7 to perform the MDR
Services. Failure to meet any requirement in this Appendix A, at any time, will suspend Warranty
eligibility for the duration of such failure, regardless of whether Rapid7 notifies Customer of the
deficiency.
Definitions
“Determined Assets” means the population of in-scope assets as calculated by Rapid7 through
telemetry reported to the Rapid7 Command Platform (“Rapid7 Platform”), which shall be the exclusive
authoritative source of asset counts.
“Rapid7 Agent” or “Agent” means Rapid7’s lightweight endpoint software that collects and transmits
security telemetry to the Rapid7 Platform. An Agent is not considered Healthy if it is offline,
unresponsive, misconfigured, unable to communicate, or lacking required permissions, components, or
system access.
“Rapid7 Collector” or “Collector” means the on-premises component of Rapid7’s SIEM capabilities within
the Command Platform that receives data from Event Sources and makes it available for analysis. A
Collector is not considered Healthy if it is offline, misconfigured, unable to process or transmit telemetry,
unable to reach Event Sources, or experiencing persistent credential, network, or ingestion failures.
“Event Source” means a single device, system, cloud service, application, or other telemetry-producing
component that sends logs or security events to a Collector or directly to the Command Platform via an
HTTP connection.
“Core Event Sources” means the minimum telemetry sources required for Warranty eligibility. As of the
Effective Date, Core Event Sources include:
- Windows Event Logs (Core)
- LDAP (Core)
- DHCP (Core)
- Firewall Logs (Core)
- Cloud Service Logs (Core)
Rapid7 may modify this list on written notice to Customer if necessary to maintain MDR detection
efficacy.
“Healthy” means operational, connected, transmitting required telemetry, and free of significant
ingestion, authentication, or configuration errors, as determined solely by Rapid7.
“Healthy Core Event Source” means a Core Event Source that is correctly configured, reachable by a
Healthy Collector, and continuously transmitting required telemetry without material gaps or failures.
“MDR Environment” means the collection of Agents, Collectors, Event Sources, network segments, cloud
services, and systems monitored as part of the MDR Services.
Customer Requirements
To maintain a Healthy MDR Environment and remain eligible for Warranty coverage, Customer must
fulfill the following technical, operational, and procedural requirements. These requirements consolidate
the obligations in this Appendix A and the responsibilities described in Rapid7’s MDR and MTC Scope of
Service documentation.
1. General Obligations
1.1 Acknowledge and adhere to all requirements outlined in the applicable Rapid7 Scope of
Service and this Appendix A.
1.2 Designate a primary point of contact to work with Rapid7 for deployment, onboarding,
incident escalation, and ongoing operational communication.
1.3 Provide Rapid7 with an incident escalation path and maintain current contact information.
1.4 Complete required onboarding steps—including data gathering, prerequisite questionnaires,
and environment preparation—in a timely manner.
1.5 Notify Rapid7 promptly of any personnel, technology, network, or architectural changes that
may impact MDR telemetry or service delivery.
2. Agent Deployment and Health Requirements
2.1 Deploy Rapid7 Agents to all workstations, desktops, servers, and other in-scope assets and
maintain a Healthy Agent deployment rate of at least eighty percent (80%) across all in-scope
Assets.
2.1.a. Each Endpoint must be free of malware before installing the Rapid7 Agent.
2.1.b. The Operating System (OS) on each Endpoint must be fully updated and patched for all
security updates prior to and during Agent operation.
2.1.c. The Rapid7 Agent must be installed only on operating systems that are officially
supported by Rapid7 for Agent compatibility and telemetry collection.
2.1.d. All vulnerable applications on each Endpoint must be updated to their latest supported
release versions prior to and during Agent operation.
2.2 Deployment rate is calculated as: Healthy Agents ÷ Determined Assets.
2.3 Agents that fail to transmit telemetry, run unsupported operating systems, or meet the
definition of Healthy are excluded from the numerator and lower Customer’s deployment
percentage.
2.4 Warranty eligibility is suspended during any period in which Healthy Agent deployment falls
below eighty percent (80%).
2.5 Agent Version Compliance. Customer shall maintain all deployed Agents on the latest
version released or required by Rapid7. Rapid7 may push Agent updates without notice when
necessary to preserve MDR efficacy. Agents disabled from auto-update, blocked from upgrading,
or running unsupported versions are deemed Unhealthy.
2.6 Work with Rapid7’s onboarding and operations teams to validate Agent deployment,
connectivity, and telemetry availability.
3. Collector Deployment and Health Requirements
3.1 Allocate and configure at least one Rapid7 Collector to collect the Core Event Sources
required under this Appendix and proxy data from applicable on-premises Agents.
3.2 Maintain all required Collectors in a Healthy state. A Healthy Collector must be:
3.2.a. properly installed and configured,
3.2.b. reachable by Rapid7,
3.2.c. capable of retrieving or receiving telemetry from Event Sources, and
3.2.d. successfully transmitting telemetry to the Rapid7 Platform.
3.3 Customer is responsible for all Collector dependencies, including routing, firewall rules,
ports, credentials, permissions, bandwidth, and service accounts.
3.4 Warranty eligibility is suspended during any period in which Healthy Collector coverage falls
below one hundred percent (100%).
4. Core Event Source Configuration and Health Requirements
4.1 Configure and maintain at least eighty percent (80%) of Core Event Sources in a Healthy
state.
4.2 A Core Event Source must be properly onboarded, credentialed, reachable by a Healthy
Collector, and continuously transmitting required telemetry.
4.3 Core Event Sources experiencing persistent or intermittent failure, credential errors,
ingestion errors, silent failures, or telemetry gaps are considered Unhealthy.
4.4 Warranty eligibility is suspended during any period in which Healthy Core Event Source
coverage falls below eighty percent (80%).
4.5 Connect all available Core and Recommended Event Sources, and ensure required
availability, connectivity, permissions, and routing for MDR use.
5. Operational Responsibilities During MDR Service
5.1 Respond promptly to Rapid7 Requests for Information (RFIs), MDR Notifications, and other
communications related to investigations.
5.2 Review and respond to notifications regarding events outside MDR scope to support accurate
threat assessment and investigation handoff.
5.3 Partner with Rapid7 during and after incident response engagements, following processes
referenced in the Scope of Service.
5.4 Configure the Rapid7 Platform and associated components in accordance with guidance from
Rapid7’s deployment team and Cybersecurity Advisor.
6. Exclusions
This Warranty Agreement does not apply to:
a. Pre-existing incidents: Breaches that occurred before the Warranty Inception Date.
b. Negligence or intentional misconduct: Breaches caused by failure to implement Rapid7
recommended security practices or intentional misuse of systems
c. Unsupported configurations: Endpoints or systems not monitored or managed through the
Rapid7 Insight Platform
d. Cyber extortion payments: Any payments made to threat actors as part of ransomware or
extortion demands.