ChangeTraceOps beta
Built for MSPs that hate noise

See the changes that matter — not 14,000 raw events.

Track high‑signal changes across Windows endpoints and cut alert fatigue with grouping, dedupe, and NEW/RARE/SPIKE triage.

Create account See triage model
Noise reduction
Grouping + dedupe
Triage
NEW / RARE / SPIKE
Deployment
Windows agent + web console

Already testing? Login to generate an enroll token.

How it works

A simple pipeline designed for credible MSP operations — fast, deterministic, and explainable.

1

Enroll endpoints

Generate an enroll token, deploy the Windows agent, and start ingesting security‑relevant change signals.

2

Reduce noise

Events are grouped into signals and deduped so your dashboard shows “what happened” — not raw spam.

3

Triage fast

Focus on NEW, RARE, and SPIKE patterns. Suppress or snooze signals to keep the queue realistic.

Built for real‑world ops

The goal is confidence, not chaos: predictable results, clean evidence, and operator control.

Grouping + dedupe

Turn many events into one signal, with consistent hashing and tag normalization.

NEW / RARE / SPIKE

See what’s new, what almost never happens, and what suddenly explodes — without tuning for weeks.

Suppression controls

Snooze noisy signals during maintenance windows, or suppress known‑benign patterns to protect focus.

Privacy‑aware fields

Designed to support redaction and “suspicious‑only” collection modes without breaking triage value.

Multi‑user ready

Server/RDS/Citrix environments can be modeled with user/session context when you enable it.

Shared hosting friendly

Runs on simple PHP + MySQL setups (great for early traction on Namecheap‑style hosting).

The triage model

Operators don’t need “more events.” They need fast answers.

NEW

First‑time signals

Anything you haven’t seen recently. Great for spotting new persistence, new tools, and new behaviors.

RARE

Low‑frequency events

Things that almost never happen — and therefore deserve attention even when severity is moderate.

SPIKE

Sudden bursts

Volume jumps that often correlate with ransomware‑like behavior, mass changes, or automation gone wrong.

Want to see it with your endpoints?

Create an account, generate an enroll token, and deploy the agent.

Get started Login

Privacy and control

Built so you can operate in “suspicious‑only” mode and still keep triage useful.

Default: minimize collection

  • Support for privacy‑friendly fields and redaction‑ready payload design.
  • Signals remain explainable without requiring full command lines everywhere.
  • You decide what to store, for how long, and what to suppress.

Operationally safe

  • Suppression and snooze controls reduce fatigue without losing visibility.
  • Deterministic grouping makes results stable across reruns.
  • Designed to expand into Auditor View and evidence‑heavy exports.

Note: This is a beta tool; always validate findings in context and keep existing EDR controls in place.

FAQ

Quick answers for operators evaluating a beta deployment.

Is this a replacement for EDR?
No. It’s a complementary change‑intelligence and triage layer. Keep your EDR; use ChangeTraceOps to reduce noise and speed investigation.
How do enroll tokens work?
You generate an enroll token in the console, deploy the agent, and the agent exchanges it for a tenant/endpoint identity and an agent token.
Can I run this on Windows Server / RDS / Citrix?
Yes — the model supports server endpoints. Multi‑user user/session context can be enabled and expanded as your deployment needs mature.
Where do I download the agent?
If you host a download endpoint, link it here: /download. Otherwise serve a static ZIP from your hosting.
Do you provide documentation?
Add your docs page at: /docs (optional). You can start with a single static HTML page.