Getting Started

What is ET Ducky?

ET Ducky is a cloud-based Windows monitoring and diagnostics platform powered by Event Tracing for Windows (ETW). Deploy lightweight agents across your infrastructure, then monitor, diagnose, and troubleshoot issues from a centralized web dashboard with AI-powered analysis from Claude by Anthropic.

Key Features

  • Agent-Based Architecture — Deploy managed agents (Windows Service) or free desktop agents across unlimited systems
  • Cloud Dashboard — Single-page application at etducky.com with real-time monitoring, accessible from any browser
  • Real-Time Health Metrics — CPU, memory, disk, and network monitoring with color-coded thresholds and 30-second auto-refresh
  • ETW Event Collection — 30+ configurable kernel and user-mode providers for file system, registry, process, network, and application events
  • Live Query Sessions — Interactive three-tab modal with natural language AI queries, approved script execution, and bidirectional file transfers
  • Browser-Based Remote Desktop — One-click screen sharing and remote control for any online agent, directly from the dashboard via WebSocket relay
  • Multi-Agent Correlation — Query multiple agents simultaneously with cross-correlation analysis to identify fleet-wide patterns
  • Intelligent Alert System — Rule-based alerts with 11 metrics, AND/OR condition logic, multi-channel notifications, and AI root cause analysis
  • Remote Configuration — Push ETW provider settings, metrics toggles, and performance tuning to agents without local access
  • Organization-Scoped Resources — Agent tags, alert rules, query quotas, and team members all scoped to your Clerk organization
  • Multi-Organization Support — Switch between organizations seamlessly with the built-in organization switcher
  • Data Explorer — Visual query builder for custom analysis of fleet telemetry across health metrics, events, correlations, and sessions with interactive charts and saved views
  • Historical AI Analysis — Ask natural language questions about your fleet's historical data and receive AI-generated narrative insights with inline charts, follow-up chains, and analysis history
  • Smart Reports — Natural language query interface that translates plain English questions into instant chart visualizations, with AI-powered follow-up analysis using cross-source data correlation
  • Integrations & Ticketing — Connect Jira or ServiceNow for ticket-driven troubleshooting; use native ET Ducky tickets for organizations that prefer built-in ticketing. View all tickets (native and integration) from the Tickets page.
  • Tickets — Fleet-wide view of ET Ducky tickets and, per agent, tickets from your Jira or ServiceNow integration. Create native tickets from the dashboard or from Run Troubleshooting.
  • End-User Support Shortcut — Users on any agent-installed device can submit a support ticket without opening the full desktop app: use the ET Ducky Support shortcut (Desktop or Start Menu) to open a simple form that sends the ticket to your organization.

Quick Start Guide

  1. Create Your Account
    • Visit etducky.com and click Sign Up
    • Register with email or an OAuth provider (Google, GitHub, etc.) via Clerk authentication. Enterprise customers can configure SAML 2.0 SSO and SCIM directory sync for automated provisioning.
    • Your workspace and first organization are created automatically. ET Ducky provisions a tenant for you the moment your account exists — you'll land on a dashboard at a random readable URL like etd-x7q3p2.etducky.com, with you as owner of a default Clerk organization. Nothing for you to do.
    • Personalize your URL (optional). The first time you hit apex etducky.com you'll see a Personalize your URL prompt with the option to switch from the auto-generated slug to something memorable like acme.etducky.com. You can rename later via /settings → Manage Account.
    • Create additional organizations later from the Dashboard or Team page if you manage multiple clients or want separate environments. Every org you create in your workspace shares your team's seat pool but keeps its own agents, alerts, and data.
    • Invite team members from the Team page if collaborating
  2. Choose a Subscription
    • Start with BYOK (Bring Your Own Key) — free with your own Anthropic API key for unlimited queries
    • Or select a paid tier: Professional ($39/mo, 1K queries), Business ($99/mo, 5K queries), or Enterprise ($249/mo, 50K queries)
    • All paid plans include 20 free managed agent seats per subscribed user; additional seats start at $5/agent/month with volume discounts
    • Organization admins can purchase subscriptions on behalf of team members from the Dashboard or Team page
    • Desktop agents are always free and unlimited on every tier
  3. Deploy Your First Agent
    • Navigate to the Agent Setup page from the navigation bar
    • Create a Registration Token (admin-only) — click "+ New Token" and give it a name
    • Click Download next to the token to get a pre-configured installer, or enable Public Download Link to get a shareable URL
    • Run the downloaded .exe on your target Windows machine — no manual token entry needed
    • Verify the agent service is running: sc query ETDuckyAgent
    • The agent appears on your Agents page within seconds
  4. Configure Monitoring
    • On the Agents page, click the Configure button for your agent
    • Select ETW providers to enable (kernel and user-mode), toggle health metrics, and adjust performance tuning
    • Save — the agent picks up the new configuration within 30 seconds via server polling
  5. Set Up Alerts
    • Go to the Alerts page and switch to the Alert Rules tab
    • Click Create Rule and define conditions using 11 available metrics with operators like >, <, contains, starts with
    • Set up Notification Channels (Email, Slack, Microsoft Teams, or custom Webhooks) and assign them to your rules
  6. Start Diagnosing
    • Click Live Session on any online agent to open the three-tab diagnostic modal
    • Use the Query tab to ask natural language questions — the agent collects ETW events, runs local correlation, and sends structured prompts to AI
    • Use the Shell tab for remote PowerShell/CMD execution
    • Use the Files tab to push or pull files with real-time progress tracking
    • Click Remote on any online agent to launch a browser-based remote desktop session for visual troubleshooting or hands-on configuration
  7. Optional: Integrations & Support
    • Go to Integrations (user menu) to connect Jira or ServiceNow for ticket-driven Run Troubleshooting and push-to-ticket
    • Use the Tickets page to view all ET Ducky tickets and, per agent, integration tickets
    • End users can submit tickets from any agent machine via the ET Ducky Support shortcut (Desktop or Start Menu) without opening the full app

System Requirements

For Agent (Monitored Systems)

  • OS: Windows 10/11, Windows Server 2016+
  • Permissions: Administrator/SYSTEM privileges for managed agents; standard user privileges for desktop agents
  • RAM: ~50 MB in Health Only mode; 50–200 MB during active ETW collection
  • Disk: 100 MB for the agent binary and local event buffer
  • Network: HTTPS outbound to etducky.com (port 443); SSE support for real-time connections
  • .NET: .NET 10 Runtime (bundled with the installer)

For Dashboard (Your Browser)

  • Browser: Chrome 120+, Firefox 121+, Edge 120+, Safari 17+ (latest versions recommended)
  • Network: Stable internet connection for real-time features
  • JavaScript: Must be enabled (the dashboard is a single-page application)
  • EventSource: Must be supported for SSE-based live sessions, real-time updates, and remote desktop relay