The short answers.

Most teams are live on the first tenant within 15 minutes. Your first agent installs and reports in under a minute. 80% of a typical fleet is discovered within week 1.

No. The platform is cloud-hosted. You install a lightweight agent on Windows endpoints (desktops, laptops, servers). No servers, no appliances, no database to host.

15 days. Full platform. No credit card required. You can invite your team, install agents on your real fleet, and run an end-to-end cycle (discovery → tickets → patches → backups → reports) before deciding.

Yes. Bulk asset imports from CSV/Excel. Ticket history from any system with an email archive. Users from AD / Google Workspace. Contact sales for migrations over a few thousand records.

Service Desk · Asset Manager · Backup Manager · Reports · Mobile App in the core plan. Patch Manager, Vulnerability Manager, and Internal Risk & Compliance are security add-ons, quoted per environment — contact sales@databricks.online.

Today the Discovery agent supports Windows 10+ and Windows Server 2016+ (desktops, laptops, and servers). macOS and Linux are on the roadmap. Non-Discovery assets — firewalls, switches, APs, printers, projectors — are managed manually with per-type fields regardless of OS.

Yes. Each customer workspace is isolated at the query level (not by a flag column). MSPs can have a single super-admin managing multiple customer tenants.

Two modules: Service Desk (create, update, resolve tickets; push alerts on assignment / SLA / comments) and Asset Inventory (scan QR tags, audit shelves, deploy kits, update records). Patch / Vulnerability / Backup / Reports stay on the web app. iOS 14+ and Android 10+.

Discovery = anything with an OS the agent runs on: laptops, desktops, servers. Auto-captured: CPU, RAM, OS, hostname, IP, last-login user. Non-Discovery = everything else: firewalls, switches, APs, printers, projectors, display units. Per-type manual fields (vendor, model, serial, location, assigned-to).

Yes. The agent initiates outbound HTTPS to our cloud. No inbound ports. No VPN tunnel required. Works from home, coffee shops, client sites.

Every 15 minutes for heartbeat + inventory changes. Event-based for patch status, CVE findings, and ticket activity.

Yes. Built-in Scan Code Creator + Printing module. Standard label printers supported. Bulk-print by asset type or tenant.

Windows: Feature / Quality / Security / Driver / Servicing Stack. Third-party: Chrome, Firefox, Edge, Adobe, Zoom, Teams, 7-Zip, Notepad++, WinRAR, AutoCAD — hundreds more. New vendors added continuously.

Create rings (pilot, prod, emergency) as logical groups inside ITManager. Assign assets by type, OS, department, or any filter you define — no AD or directory sync required. Set maintenance windows and auto-approval categories. Patches flow pilot → prod with deploy + rollback visibility at every step.

Two deployment modes, pick per environment:

1. Direct patching (default). Every endpoint agent pulls patches straight from the ITManager cloud. No on-prem infrastructure. Best when endpoints have reliable internet egress and the fleet is spread across sites / work-from-home.

2. On-prem staging server. You run one lightweight staging server inside your network. Agents on all endpoints talk to the staging server (not the cloud) over a local API. The staging server downloads each patch once from ITManager and serves cached copies to every agent that needs it. Each agent then installs the copied patch locally.

Same control plane either way — Patch Groups, maintenance windows, deploy + rollback visibility all work identically.

Pick the staging mode when:
• You have 50+ endpoints at a single site (saves WAN bandwidth — patches download once, distribute many times).
• Your site has a metered or slow internet link.
• Security policy forbids endpoints from reaching the public internet directly.
• You want predictable deployment windows — the staging server caches everything ahead of the window.

Direct mode is simpler (nothing to host) and fits most distributed / work-from-home fleets.

NVD + MITRE feeds. Scored with CVSS v3. Correlated against installed software inventory from the agent — so you only see CVEs that apply to your fleet.

Per CVE per host. You record the reason (compensating control, false positive, planned fix date). Audit trail captures who, when, and when it expires. Suppressed findings remain visible under the Suppressed tab.

There is no schedule concept and no nightly run. The agent watches your file tree in real time — when a file changes, saves, or is created, it is queued and uploaded within seconds (network and change-rate permitting). The agent never consumes more than 5 Mbps at any given point of time, so the real-time stream never becomes disruptive.

Every edit creates a new copy in the cloud store, and we keep them all. Each version is immutable — once written it cannot be modified, overwritten, or deleted from the endpoint, and the agent has no API path to reach back and rewrite history. If ransomware encrypts today's files, yesterday's clean version (and every earlier one) stays untouched. IT engineers pick a timestamp, and the clean version comes back.

Cloud-only. Two options: the ITManager-managed cloud bucket OR your own AWS S3 bucket (BYOB). Keys stay inside your tenant either way. No on-prem NAS or network path.

AES-256 at rest, TLS 1.2+ in transit. Keys are tenant-scoped — no cross-customer access possible at the infrastructure level.

250+ common types: Word, Excel, PowerPoint, PDF, AutoCAD, Visio, CorelDRAW, source code, images, etc. PST is intentionally excluded (use a dedicated mail backup).

Only IT engineers with portal access restore files. End users can't restore directly.

Incremental + compressed. The agent never consumes more than 5 Mbps at any given point of time. Offline-tolerant — changes stage locally and sync on reconnect.

Eight frameworks, every control mapped:
• ISO 27001:2022 — information security management (Annex A controls + ISMS scope)
• CIS Benchmark Level 2 — OS hardening for Windows desktop and Windows Server
• NIST 800-53 / CSF — federal control catalog plus cybersecurity framework functions
• HIPAA Security Rule — administrative, physical, and technical safeguards for protected health information
• SOC 2 Type II — trust services criteria evidenced over the audit window
• PCI-DSS v4.0 — cardholder data protection, including the post-2025 future-dated controls
• GDPR (EU 2016/679) — Article 32 technical and organisational measures, records of processing, breach playbook
• DPDP Act 2023 — India's Digital Personal Data Protection Act: data fiduciary obligations, notice, consent, breach notification

Controls are mapped to the other modules (Asset, Patch, Vulnerability, Backup) so evidence collects itself as you operate the platform.

Identify a risk, score likelihood × impact, assign an owner, set a mitigation plan, and schedule the next review. Full revision history, ownership transfers, and status changes are tracked — no spreadsheet drift.

0–100 per framework, weighted by control criticality. Critical controls have higher weight; partially-met and not-applicable statuses are modelled separately. The global score is the weighted average across all enabled frameworks.

Screenshots, log exports, policy PDFs, ticket references, patch-deployment reports, and configuration snapshots. Each piece of evidence links to the control it proves; auditors see a pre-assembled folder per framework.

Yes. Like Patch Manager and Vulnerability Manager, it's quoted per environment — priced against control scope, user count, and framework mix. The first audit cycle is typically included in onboarding. Contact sales@databricks.online.

Yes. The visual builder handles 90% of requests (cascading Module → Inventory → columns + conditions + Run). Power users get a Custom Report SQL editor (role-scoped).

Hosting + controls aligned with SOC 2, ISO 27001, GDPR. HIPAA-adjacent controls available on Enterprise. Audit evidence exports built-in.

Customer-region specific. Indian tenants hosted in Hyderabad. Upcoming region: UAE.

Only authorised personnel on a need-to-know basis. All access is logged. Support access to customer data requires a per-session approval from the workspace admin.