ADDENDUM TO CORALOGIX MASTER SUBSCRIPTION TERMS – MDR SERVICES

Updated October 2025

This Addendum (“Addendum”) supplements and forms an integral part of the Coralogix Master Subscription Terms (“Terms”) and applies in the event Customer procures Coralogix’s Managed Detection and Response Services (“MDR Services”). Unless otherwise defined herein, capitalized terms shall have the meaning set forth in the Terms. In the event of conflict between this Addendum and the Terms, this Addendum shall prevail solely with respect to the MDR Services. Except as expressly amended herein, all other terms and conditions of the Terms shall remain in full force and effect, with any necessary changes applied.

1. Service Overview

Coralogix’s MDR Services complement the Coralogix platform and are available exclusively to Customers who have subscribed to the Coralogix SIEM platform, delivering advanced monitoring, detection, and response capabilities as set forth in the applicable Order. The MDR Services further provide 24×7 expert security analysis, investigation, and guided response to enhance threat detection and remediation for SIEM customers.

2. Customer Responsibilities

Customer acknowledges and agrees that the effectiveness of the MDR Services depends on its active cooperation and that Customer has the following obligations under the this Addendum:

1. Access and Integration. Provide and maintain secure, continuous access for Coralogix to ingest and process all relevant log sources, and ensure that such integrations remain functional and up to date.
2. Escalation and Contacts. Maintain and regularly update an escalation matrix and designate an available on-call contact, accessible by Coralogix on a 24×7 basis for escalations and urgent communications.
3. Internal Processes. Implement and operate its own incident response and escalation procedures to act upon the findings, alerts, and recommendations provided by Coralogix.
4. Onboarding Activities. Complete all onboarding tasks—including but not limited to integration setup, baseline configuration, and detection tuning—within the timelines mutually agreed by the parties.
5. Security and Resource Commitments. Remain solely responsible for:
   1. implementing and maintaining appropriate technical and organizational security measures within its environment;
   2. timely execution of remediation or corrective actions recommended by Coralogix; and
   3. ensuring the availability of qualified internal security personnel.
6. No Substitution. Acknowledge that Coralogix’s MDR Services are intended to supplement, and not replace, Customer’s own security operations resources or incident response (IR) capabilities. Customer shall not rely solely on the MDR Services as a substitute for such functions.

3. Disclaimers

1. Limited Scope of Services. Customer acknowledges that Coralogix’s MDR Services are limited in scope to monitoring, alert investigation, and recommendations. Coralogix does not provide containment, eradication, recovery, digital forensics, incident response, implementation of any recommendations or legal evidence preparation services under this Agreement.
2. No Guarantee of Threat Elimination. While Coralogix’s MDR Services are designed to improve threat detection and response capabilities, no service can guarantee elimination, prevention, or detection of all malicious or unauthorized activities.
3. Customer’s Environment & Responsibilities. Coralogix does not manage or maintain Customer’s infrastructure, endpoint devices, third-party integrations, or cloud environments.
4. Compliance Limitations. MDR Services may assist Customer in meeting certain security and compliance requirements; however, Coralogix does not warrant or represent that the Services will ensure compliance with any particular laws, regulations, industry standards, or frameworks. Customer is solely responsible for its own compliance obligations, including those relating to data protection, industry regulations, export controls, and sanctions.
5. Reliance on Customer Contributions. The effectiveness of Coralogix’s MDR Services is contingent upon the Customer’s prompt, accurate, and complete provision of necessary data, system access (if in scope and agreed between the parties), and collaboration, including timely responses to tickets, queries, clarifications, and other communications, especially in cases of subscription to the MDR Services. Coralogix disclaims any liability for delays, failures, or degradation in service quality resulting from the Customer’s failure or delay in providing required inputs or cooperation.
6. Third-Party Dependencies and Limitations. The delivery and performance of Coralogix’s MDR Services may be influenced by the availability, integrity, and reliability of third-party platforms, data sources, and service vendors integrated into or supporting the service. Coralogix shall not be held responsible or liable for any service disruptions, data inaccuracies, security breaches, or other adverse impacts arising from issues, failures, or limitations attributable to such third parties.
7. No Substitution for Customer Judgment: Recommendations provided by SRC are advisory; Customer is responsible for determining and executing appropriate remediation actions.
8. Insurance Disclaimer: MDR Services do not replace or serve as cybersecurity insurance.

4. Limitation of Liability

1. Except for liability that cannot be excluded or limited under applicable law, Coralogix’s total aggregate liability arising out of or related to this Addendum, whether in contract, tort, or otherwise, shall not exceed the fees paid (or payable) by Customer to Coralogix for the MDR Services giving rise to the claim during the twelve (12) months immediately preceding the event giving rise to such liability.
2. To the maximum extent permitted by law, neither party shall be liable to the other for any indirect, incidental, consequential, special, exemplary, or punitive damages (including but not limited to loss of profits, loss of revenues, loss of data, business interruption, or loss of goodwill), even if advised of the possibility of such damages.

5. Unless expressly modified herein, all provisions of the Terms shall apply mutatis mutandis to this Addendum.

 

EXHIBIT A

SLA Commitments – MDR

 

SLA for MDR is detailed in the SLA matrix provided below:

Severity / Alert Priority	TTA		TTII	TTR	Follow Up
	INB	OUT
P1 – Critical	30m	30m	2 hours	2 hours	Every 4 hours
P2 – High	30m	1 hour	4 hours	4 hours	Every 8 hours
P3 – Medium	30m	2 hours	8 hours	6 hours	1 Business Day
P4 – Low	30m	4 hours	1 Business Day	1 Business Day	3 Business Days

 

TTA	Time to Acknowledge
TTII	Time to Initial Investigation
TTR	Time to Respond
INB	Inbound Tickets from the Customer
OUT	Outbound Tickets created by MDR

 

Key principles:

• SLAs apply only to MDR monitoring/investigation timelines and not to incident remediation, Customer-side actions, or third-party performance.
• SLA timelines and performance obligations are suspended while Coralogix awaits Customer input, action, or access.
• MDR follow-up communications will occur via the designated ticketing system and are deemed fulfilled when such communication is logged.
• Exclusions: THIS SLA DOES NOT APPLY WHEN SERVICE ISSUES UNDER THE SLA ARE CAUSED DUE TO (A) FAILURE OF CUSTOMERS TO ACCESS THE INTERNET, OR TELECOMMUNICATIONS NETWORK REQUIRED FOR THE PROPER FUNCTIONING OF SERVICES, OR ANY SHORTAGE OF POWER; OR (B) RESULTED FROM CUSTOMER HARDWARE OR SOFTWARE INCOMPATIBLE WITH THE SERVICE; OR (C) RESULTED FROM DOWNTIME OF THE HOSTING PROVIDER OR WAF PROVIDER; OR (D) RESULTED FROM NON-COMPLIANCE OF THE CUSTOMER WITH SERVICES’ DOCUMENTATION; OR (E) CAUSED DUE TO MAINTENANCE OF CUSTOMER’S SYSTEMS AFFECTING THE OPERATION OF THE SERVICES; (F) RESULTED FROM CIRCUMSTANCES BEYOND CORALOGIX OR ITS HOSTING PROVIDER’S REASONABLE CONTROL INCLUDING, BUT NOT LIMITED TO ON ACCOUNT OF STRIKES, SHORTAGES, RIOTS, INSURRECTION, FIRES, FLOOD, STORMS, EXPLOSIONS, ACTS OF GOD, WAR, EPIDEMIC/ENDEMIC, GOVERNMENT OR QUASI-GOVERNMENTAL AUTHORITIES’ ACTIONS, ACTS OF TERRORISM, EARTHQUAKES, OR POWER OUTAGES; AND (G) VIOLATION OF CORALOGIX’S TERMS INCLUDING PAYMENT OBLIGATIONS.