Documentation
Reference and walkthroughs for ET Ducky's diagnostic engine, AI live sessions, behavioral security monitoring, fleet management, and operator workflows. Pick a topic from the left, or jump to a popular starting point below.
Start here
- Getting started — deploy your first agent and claim your subdomain.
- Agent setup wizard — one-line install on Windows or Linux.
- Live sessions — ask the AI questions about a specific host.
- Security overview — behavioral rules, operator elevation, and isolation.
- Pricing & billing — how subscriptions, queries, and agent seats are counted.
What lives in each area
Agents covers the agent itself: architecture, ETW vs. eBPF capture, install, configuration, tags, and management. Linux-specific install, sudoers policy, and platform differences live in the Linux Agent Guide.
Live sessions and AI diagnostics cover the interactive flow where an operator asks a host questions in plain English and the AI answers from kernel-level evidence. AI Usage & Quotas explains how queries and tokens are counted, and BYOK covers running the AI on your own provider key.
Security covers behavioral monitoring, the cross-platform rule engine, the Windows ETW security session, and operator-driven sudo elevation on Linux. Behavioral Detections documents the rule catalog and the false-positive allowlist workflow.
Reports and analysis covers Smart Reports, Data Explorer, and Historical AI Analysis — the read-side of the platform.
Deployment and team covers cloud-hosted, self-hosted, workspaces, billing, and team management.
Distribution Servers covers LAN-local file hubs — enabling a hub agent, creating connections, granting access, and mapping drives. See Distribution Servers and the API reference.
Installer Reference documents the silent-install switches and exit codes for unattended desktop deployment.
Ticketing covers native ET Ducky tickets plus the Jira and ServiceNow connectors — see Integrations & Tickets for the Tickets page and Ticketing Integrations for connector setup, field mapping, and report push.