Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Addendum - Secureworks® Services for Taegis ManagedXDR


Secureworks Services for Taegis™ ManagedXDR (the “Service”) provides Customer with Service Units to use for Proactive Services or Emergency Incident Response (“EIR”). All capitalized words and phrases shall have the meanings set forth herein, as defined in the Glossary, or within the Secureworks-applicable agreement, such as the Customer Relationship Agreement.

Customer can purchase Service Units upon initial ordering of a ManagedXDR subscription or at any time during Customer’s Services Term. There is no limit to the number of Service Units that can be purchased.

Service Units can be used for any of the Proactive Services listed in the Secureworks Services for ManagedXDR Catalog. For all Proactive Services, the Consulting Services Addendum applies. See the Secureworks Services Catalog for more information about this Service and each parties’ obligations with respect to this Service. The Secureworks Services Catalog is incorporated into this Addendum by reference.


Service Components

Proactive Services

Secureworks will provide Customer with Proactive Services available in the Secureworks Services Catalog. The scope for each Proactive Service in the catalog is fixed (standard Secureworks scope will be used); however, Secureworks can work with Customer to reasonably customize the scope. Any deviations from this Service Catalog shall require a change order signed by both parties. Each request for a Proactive Service will be scoped and the number of required Service Units will be determined prior to Engagement start.

Engagement-specific Deliverables

Upon completion of each Proactive Service, Customer will receive final Engagement-specific Deliverables (e.g., a Final Report) that will include information about the completed Proactive Service. See the Secureworks Services Catalog for details.

Secureworks Services Catalog

The Secureworks Services Catalog contains the Proactive Services available to Customer through use of the Service Units. If Customer does not have enough Service Units for a service in the catalog, then Customer will need to contact their Customer Success Manager or Secureworks Account Manager to purchase additional Service Units. If Customer purchased ManagedXDR through a Secureworks partner, then Customer must contact partner of choice for additional purchases of Service Units.

Below are descriptions of the categories of services listed in the Secureworks Services Catalog.

Emergency Incident Response

In the event of a cybersecurity emergency or need for Emergency Incident Response services, Customer may use Service Units for an EIR Engagement. Only increments of one (1) Service Unit are acceptable (e.g., no partial Service Units can be used). One (1) Service Unit is equal to five (5) EIR hours.

Secureworks can provide EIR that can be conducted remotely or on-site. The activities conducted can include but are not limited to the following:

To provide clarification, information about some of the above-listed items is provided in the subsections below.

Digital Forensic Analysis

As part of EIR, Secureworks may acquire and analyze a variety of formats for forensic analysis of digital media and artifacts to assess compromise activity, including but not limited to the following:

Malware Analysis and Reverse Engineering

As part of EIR, Secureworks may perform static, dynamic, and reverse engineering analysis to assist in understanding the function of Customer-supplied files.

Secureworks will provide analysis results, to include cyber threat intelligence based on correlation across Secureworks datasets and will advise on mitigation actions to reduce the impact of the sample on Customer’s infrastructure.

Ransomware Negotiation

As part of EIR, Secureworks may negotiate on behalf of Customer with a ransomware threat actor regarding return or deletion of stolen data and potential payment of a ransom amount. The primary objective of ransomware negotiation is to negotiate a reduced price from the original ransom demand for the return or deletion of any stolen data to minimize Customer’s risk pertaining to data leakage or further extortion.


Secureworks will contact a Customer-designated representative within five (5) business days after the execution of the Transaction Document to validate scoping and schedule Proactive Services. For each Engagement, Secureworks will provide a work order to Customer for review. Prior to scheduling and commencing work for each Engagement, Customer must provide written approval of the work order to Secureworks. Below is information about scheduling and re-scheduling EIR and Proactive Services Engagements.

Delivery Coordination

Secureworks will provide coordination for the Service(s) with appropriate communication and updates to the stakeholder community. The coordinator will oversee logistics for people, processes, and tools as well as timeline and meeting facilitation.

The scope of delivery coordination includes the following:

Services will be delivered from Customer’s site(s) and/or remotely from a secure location. Secureworks and Customer will determine the location of the service(s) to be performed herein.

Secureworks solely reserves the right to refuse to travel to locations deemed unsafe by Secureworks or locations that would require a forced intellectual property transfer by Secureworks. Secureworks solely reserves the right to require a physical security escort at additional Customer expense to locations that are deemed unsafe by Secureworks. Customer will be notified at the time that services are requested if Secureworks refuses to travel or if additional physical security is required, and Customer must approve the additional expense before Secureworks travel is arranged. In the event any quarantines, restrictions, or measures imposed by governmental authority or Secureworks restricts travel to any location, Secureworks may at its election (i) deliver the Services remotely or (ii) postpone the Services until travel is permitted. If neither option (i) nor (ii) in the preceding sentence is feasible, Secureworks may terminate the affected Services and provide Customer with a refund of any unused, prepaid fees.

Services Fees are based on the number of Service Units purchased. Total Fees for Service Units are billable in totality upon execution of the Transaction Document. See Customer’s MSA or CRA (as applicable), and Transaction Document for details, including the following:

Billable effort for Engagements will be calculated using Service Units. Customer may stop an Engagement by providing 24-hour advance notice to stop all work against the Transaction Document. Notice for stop of an Engagement must be sent by email to irservices@secureworks.com.

Notwithstanding the foregoing, Service Units will not be refunded and are not transferable to any other Secureworks services not listed in the Secureworks Services Catalog. Any Service Units specified for any twelve-month period beginning on the Effective Date of the Service Order and each anniversary thereof (each twelve-month period, a “Contract Year”) that are not used within such Contract Year shall be forfeited.

Invoice Commencement

See the Service-specific Addendum or Transaction Document for information about invoice commencement.

Additional Service Fees and Other Information

Customer can purchase additional Service Units at any time during the Services Term if desired. To purchase additional Service Units, Customer may contact their Customer Success Manager or Secureworks Account Manager. If Customer purchased ManagedXDR through a Secureworks partner, then Customer must contact partner of choice for additional purchases of Service Units.

If Customer previously purchased Service Units directly from Secureworks, then Customer may purchase additional Service Units at the previously agreed rate in the most recent Transaction Document. Customer’s approval for Service Units shall be sent through email to secureworks_services@secureworks.com. Customer acknowledges and agrees that receipt of such email will be from a Customer representative authorized to commit Customer to the purchase of additional Service Units and email notification is binding upon Customer. Total Fees for Service Units are 100% billable upon Customer’s approval through email.

Customer acknowledges and agrees that if Purchase Orders (P.O.s) are required for the transaction with Secureworks to extend or add to the originally purchased Service(s), then an updated P.O. will be issued to Secureworks for the extended/added Service(s) specified in the Transaction Document. Secureworks may terminate the Service(s) and/or Engagement as applicable and, notwithstanding the foregoing, Customer acknowledges and agrees that it remains responsible for any additional work performed by Secureworks until such P.O. is received.


Customer agrees to reimburse Secureworks for all reasonable and actual expenses incurred in conjunction with delivery of the Service.

These expenses include but are not limited to the following:

Customer Obligations

Customer will perform the obligations listed below, and acknowledges and agrees that the ability of Secureworks to perform the Service is contingent upon the following:


To initiate a request for an EIR Engagement, Customer will submit a request through the Incident Response Hotline or the Taegis™ XDR in-application chat. These communication methods are available to Customer 24 hours a day, 7 days a week. To initiate a request for a Proactive Service, Customer will send an email to irservices@secureworks.com.

Ransomware Negotiation

Warranty Exclusion

While this Service is intended to reduce risk, it is impossible to completely eliminate risk, and therefore Secureworks makes no guarantee that intrusion, compromises, or any other unauthorized activity will not occur on Customer’s network.


Term Definition
Services Term Period of time identified in the Transaction Document during which Services will be delivered to Customer.


On this page: