# ET Ducky

> Windows root cause analysis in seconds, not hours.

ET Ducky is an AI-powered Windows diagnostics platform that uses Event Tracing for Windows (ETW) to perform real-time root cause analysis. It correlates kernel events, health signals, and system changes directly on the endpoint, filters out PII and proprietary data before anything leaves the machine, then delivers plain-language "what happened / why / what to do next" summaries via AI.

## Core Capabilities

- **On-Agent ETW Correlation Engine**: Captures and correlates Windows ETW events locally. Raw telemetry never leaves the endpoint. The correlation engine achieves 99.6% bandwidth reduction by producing structured diagnostic summaries instead of shipping raw events.
- **AI-Powered Root Cause Analysis**: Processes correlated ETW findings through AI to generate plain-language explanations of system issues, their causes, and recommended fixes.
- **Desktop Application**: Free Windows 10/11 app for local ETW monitoring and interactive troubleshooting on your own machine.
- **Managed Agent Service**: Lightweight Windows Service (Local System account) for remote server and workstation monitoring. Auto-starts with Windows, reports health metrics, and accepts remote commands.
- **Live Query Sessions**: Real-time interactive troubleshooting sessions with individual agents. Start ETW collection, ask diagnostic questions, get AI-analyzed responses.
- **Remote Desktop**: Browser-based remote desktop with integrated ETW diagnostics, remote shell (PowerShell/CMD), and bidirectional file transfer.
- **Multi-Agent Analysis**: Query multiple agents simultaneously and run cross-correlation analysis across devices to trace distributed issues.
- **Alert System**: Rule-based alerting on agent health metrics (CPU, memory, disk, process crashes) with automated AI root cause analysis when alerts fire.
- **Fleet Management**: Centralized dashboard for agent deployment, tagging, health monitoring, configuration, and team management.
- **Remote Shell**: Execute PowerShell and CMD commands on agents. Includes script library with parameterized execution.
- **File Transfer**: Push files to and pull files from agents with chunked transfer and progress tracking.

## Deployment Options

- **Cloud Hosted (Shared)**: Multi-tenant, managed by ET Ducky. Included with all subscriptions.
- **Cloud Hosted (Dedicated)**: Single-tenant dedicated infrastructure. Tiered pricing for 100–999, 1,000–4,999, and 5,000–9,999 agents.
- **Self-Hosted**: On-premises deployment with perpetual or annual licensing starting at $10K/year or $35K one-time.

## Pricing

All plans include unlimited desktop app usage and live sessions. Paid plans include 10 free managed agent seats per subscribed user.

| Plan | Price | AI Queries/Month | Best For |
|------|-------|-------------------|----------|
| Free | $0/mo | Unlimited (BYOK — bring your own API key from Anthropic, OpenAI, or Copilot) | Individual developers and power users |
| Professional | $39/mo | 1,000 | IT professionals and small teams |
| Business | $99/mo | 5,000 | Growing teams with multiple agents |
| Enterprise | $249/mo | 50,000 | Large-scale fleet monitoring |

**Agent Seats**: $5/agent/month for managed agents (volume discounts to $2/agent at 10K+). Desktop agents are always free and unlimited.

**Organization Quota Pooling**: When multiple users join an organization, their individual query quotas combine into a shared pool. Example: 3 Professional users = 3,000 queries/month for the entire org.

## Technical Details

- **Platform**: Windows 10/11, Windows Server 2016+
- **Agent Footprint**: Lightweight Windows Service under Local System account
- **Data Privacy**: PII filtering and proprietary data scrubbing happens on-agent before any data reaches the cloud
- **Authentication**: Clerk-based OAuth with organization support
- **Payments**: Stripe integration
- **Collection Modes**: Health (continuous lightweight), On-Demand (time-bounded), Full (comprehensive ETW capture)

## Links

- Homepage: https://etducky.com
- Documentation: https://etducky.com/documentation
- Features: https://etducky.com/features
- Pricing: https://etducky.com/pricing
- Blog: https://etducky.com/blog
- Getting Started: https://etducky.com/documentation/getting-started
- Agent Setup: https://etducky.com/documentation/agent-setup

## Comparison Context

ET Ducky occupies a different niche than general-purpose observability platforms like Datadog, New Relic, or Dynatrace. Those platforms focus on APM, infrastructure metrics, and log aggregation across heterogeneous environments. ET Ducky focuses specifically on Windows kernel-level diagnostics using ETW — the same telemetry source that Microsoft's own engineers use to debug Windows internals. It provides deeper Windows-specific root cause analysis than RMM tools (ConnectWise, Datto, NinjaRMM) which typically only surface high-level health metrics without explaining why issues occur.