Agent Deployment Strategy

Production Servers

• Managed agents in Health Only mode by default (<1% CPU, ~50 MB RAM)
• On-Demand for maintenance windows; Full Monitoring only during active incidents
• Standard (Baseline) provider configuration; alert rules for CPU, memory, disk

Dev/Test Systems

• Managed for AI diagnostics, desktop for basic visibility
• Comprehensive config for debugging sessions

User Workstations

• Desktop agents (free) fleet-wide; managed only for VIP/critical workstations
• On-Demand collection only when troubleshooting

Cost Optimization

• Desktop agents for non-critical systems (free, unlimited)
• Health Only mode when not troubleshooting
• Right-size subscription tier to actual query usage
• Consolidate agents in single org for volume discounts
• 15% savings with annual billing
• BYOK tier for heavy AI users
• Delete inactive agents promptly

Security

• Use registration tokens for all agent installations; never share tokens in plaintext outside secure channels
• Create separate tokens per environment (production, staging, dev) and per deployment wave
• Revoke tokens immediately when a deployment is complete or a token is compromised
• Set max-agent limits and expiry dates on tokens to limit blast radius
• Separate orgs for production vs. non-production
• Review team access regularly; remove departed employees and cancel their admin-purchased subscriptions
• Exclude sensitive paths from ETW collection
• Route critical alerts to security team channels

Alert Tips

• Use duration requirements to avoid false positives on brief spikes
• Test notification channels immediately after creation
• Multiple channels for critical alerts (email + Slack + webhook)
• Tag agents to target rules at specific groups
• Review rules monthly based on alert frequency

Getting Help

• Email: [email protected]
• Phone: 817-880-1336
• Status: status.etducky.com

Response Times: Professional 24hr | Business 8hr | Enterprise 2hr

Roadmap

Near-Term (3 months)

• Enhanced alert templates, alert analytics, agent group management, multi-agent timeline UI

Mid-Term (3–6 months)

• Mobile app with push notifications, extended retention, custom dashboards, AD auto-discovery, integration marketplace

Long-Term (6–12 months)

• ML anomaly detection, predictive alerting, automated remediation, Linux/macOS agents, Kubernetes monitoring, public API

Timelines subject to change based on customer feedback.