WIXLIB

Cisco PublicPrivacy Data SheetCisco Cognitive IntelligenceThis Privacy Data Sheet describes the processing of personal data (or personal identifiable information) by Cisco CognitiveIntelligence1. Overview of Cisco Cognitive Intelligence CapabilitiesCognitive Intelligence is a threat detection and analytics cloud-based malware behavioral analysis solution leverages (1) webproxy logs from a Cisco web gateway solution such as Cisco Web Security Appliance (“WSA”) or Cloud Web Security (“CWS”) orthird party web proxies and (2) NetFlow from Cisco Stealthwatch Enterprise and/or Cisco Stealthwatch Cloud (which may includeEnhanced NetFlow if Customer enables Cisco Encrypted Traffic Analytics (“ETA”)). The web proxy logs and/or NetFlow helpidentify malware present within a customer‘s environment and allow a customer to research related active malicious behaviors.Cognitive Intelligence is available via (a) AMP for Endpoints, (b) AMP on WSA, and (c) Stealthwatch Enterprise and StealthwatchCloud. Finally, Cognitive intelligence's implementation of Machine Learning based Static File Analysis capability is also availableto AMP customers via an integration with Threat Grid. Please consult the Cognitive Intelligence Documentation for furtherinformation on its technical specifications, configuration requirements, features and functionalities. For more information onCognitive Intelligence, please see gnitive-threat-analytics/index.html.Cognitive Intelligence offers identity and single sign-on through Cisco Secure Sign-On. Please see the Cisco Secure Sign-OnPrivacy Data Sheet if you elect to use Cisco Secure Sign-On.2. Personal Data ProcessingThe tables below list the personal data used by Cognitive Intelligence to carry out the services and describes why we processthat data.For the purposes of this Privacy Data Sheet, the term “Files” means those types of files identified in the applicable Documentation,such as an executable, a Portable Document Format (PDF), a Microsoft Office Documents (MS Word, MS Excel, MS PowerPoint),and those files in a ZIP file (.ZIP). “SPAD Report” means the Simple Portal for Administration report created within the CognitiveIntelligence portal. The SPAD Report is a preview of customer’s reports generated by Cognitive Intelligence and available withinthe Cognitive Intelligence portal.Table 1Personal Data CategoryTypes of Personal DataPurpose of ProcessingRegistration Information NameAddressEmail AddressPhone NumberData is collected for: Creating an account. Data collected is for productenablement, product use notifications, training and support.Customer Web Log Telemetry Customer Device IP andDestination IP AddressCustomer Username*Data is collected for: Security analytics, forensics, efficacy research, general productfunctionality and usage. Cisco global threat intelligence research.If SPAD Report access allowed, data is used to improve customerexperience, advise on appropriate configuration and deployment,assist with interpretation of threat detections, general productusage and integration with other Cisco and third-party products.Data is collected for: Security analytics, forensics, efficacy research, generalproduct functionality and usage. Cisco global threat intelligence research. If SPAD Report access allowed, data collected toimprove customer experience, advise on appropriateconfiguration and deployment, assist with *Customer Username collection is an“opt in” feature that can be enabledthrough the customer’s configuration.Customer NetFlow Telemetry Customer Device IP (source IP) andDestination IP addressCustomer Device MAC addressCustomer Group ID (akaStealthwatch Host Groups, whichcan be configured to captureinternal traffic telemetry in 2020 Cisco and/or its affiliates. All rights reserved.Version 2.0 June 16, 2020

Cisco PublicPrivacy Data Sheet Firewall Event Data and Logs* *Only applies to customers usingCognitive Intelligence throughtheir Stealthwatch Cloudsubscription Customer Enhanced NetFlowTelemetry for Encrypted TrafficAnalytics (ETA)**Enhanced NetFlow telemetry isprovided in addition to theNetFlow telemetry if generatedby the underlying EnterpriseNetwork equipment.Customer Web and API Usagelog*Collected only via CognitiveIntelligence’s “Static FileAnalysis” available via thecustomer’s integration withCisco AMP and/or Threat Grid )Firewall Event Data (may includeusername and/or user ID,accessed URL’s, IP address, eventtype, and file names)Device host namePassive DNS logsinterpretation of threat detections, general productusage and integration with other Cisco and third-partyproducts. Global threat intelligence research1Initial Data Packet (“IDP”). IDP mayinclude: any data sent in the first packetof the communication. This may besensitive for unencrypted protocols.Notable examples include DNS traffic,plain text HTTP URL, cookies, username,password, IP header, TLS header, ServiceName Identifier, Cipher suitesData is collected for: Security analytics, forensics, efficacy research, generalproduct functionality and usage. Cisco global threat intelligence research. If SPAD Report access allowed, data collected toimprove customer experience, advise on appropriateconfiguration and deployment, assist withinterpretation of threat detections, general productusage and integration with other Cisco and third-partyproducts. Identity of device used to uploadtelemetry data (ex: serial numberor a name created by thecustomer)Name of end user that accessedthe logs.Data is collected for: Forensics, efficacy research, general productfunctionality, usage, and product improvementpurposes. If SPAD Report access allowed, data collected toimprove customer experience, advise on appropriateconfiguration and deployment, assist withinterpretation of threat detections, general productusage and integration with other Cisco and third-partyproducts.Any Personal Data that may becontained in a File submitted byCustomer.Data is collected for : Security analytics, forensics, efficacy research, generalproduct functionality and usage. Files*addition to external traffictelemetry)Customer TrustSec Security GroupTag ID and Name. 3. Cross-Border TransfersCognitive Intelligence currently leverages third-party data centers located in Ireland and the United Kingdom for productionpurposes. For customers who purchased the legacy version of Cognitive Intelligence (known as Cognitive Threat Analytics), priorto the second calendar quarter of 2019, the customer’s account information will be created, processed and stored in both theIreland and UK data centers. If the customer provisions Cognitive Intelligence via its AMP for Endpoints instance, then its accountinformation is pulled from AMP for Endpoints and replicated in data centers located in Ireland and the United Kingdom. EventData and Source Telemetry (as defined and discussed in Section 5 below) may be viewed by the Cisco Cognitive Intelligence officein the Czech Republic, United Kingdom, Canada and the United States for research and product integration purposes. If CognitiveIntelligence is integrated with AMP for Endpoints, Event Data from Cognitive Intelligence will be sent to the regional AMP forEndpoints cloud selected by the customer for further investigation. Please see the AMP for Endpoints Privacy Data Sheet at r/solutions-privacy-data-sheets.html more information on the regional dataclouds for AMP for Endpoints.1 A Stealthwatch Cloud customer that does not want to share this information with Cognitive Intelligence can request that the transfer of such data bedisabled by submitting a request by email to swatchc-support@cisco.com. 2020 Cisco and/or its affiliates. All rights reserved.Version 2.0 June 16, 2020

Cisco PublicPrivacy Data SheetWhere the table in Section 2 above specifies that personal data is processed for the purposes of Cisco global threat intelligenceresearch, processing is conducted by Cognitive Intelligence and by Cisco’s global threat intelligence teams, which have datacenters in the United States only as described in the table in this Section 3 below. Please note this cross-border transfer of suchpersonal data to the Cisco Talos and Threat Intelligence Platform (“TIP”) global threat intelligence research data centers locatedin the United States; the applicable Talos and TIP data centers are included in both the table in this Section 3 below and Section7.The following table shows location of the current third-party data centers for the Cognitive Intelligence and Cisco’s global threatintelligence research teams, and the locations of the Cisco offices with staging and development environments (including efficacyresearch) for Cognitive Intelligence.Third Party Data Centers, Cisco Offices & Platform LocationsEquinix--United Kingdom-Cognitive Intelligence production environment.Equinix—California, Texas, Virginia, U.S.A.Cisco Talos global threat intelligence cloud co-location facilities.Cisco Offices –Czech Republic, United Kingdom, Canada, U.S.A.-Development and efficacy research engineers are located in Cisco offices for development and efficacy researchVazata—Texas, U.S.A. Data Center-Cisco TIP global threat intelligence cloud co-location facility.AWS EU – Ireland-Cognitive Intelligence production environment.Cisco has invested in a number of transfer mechanisms to enable the lawful use of data across jurisdictions. In particular: Binding Corporate RulesEU-US Privacy Shield FrameworkSwiss-US Privacy Shield FrameworkAPEC Cross Border Privacy RulesAPEC Privacy Recognition for ProcessorsEU Standard Contractual Clauses4. Access ControlPersonal Data CategoryWho has accessPurpose of the accessRegistration InformationCustomersSecurity administration and operationsCisco Employees – Cisco SalesAdministration, Licensing Operations,Cognitive Intelligence Operations,Engineering and Efficacy ResearchCreating an account and validating license entitlements and generalproduct operationsCustomersSecurity administration and operationsCustomer Web Log Telemetry 2020 Cisco and/or its affiliates. All rights reserved.Version 2.0 June 16, 2020