WhatChanged takes periodic snapshots of the state of the monitored systems. Snapshot generation can be automatically scheduled or generated on a demand basis. Both the file structure and registry are captured and compared locally on the monitored system and only the actual changes are transmitted to the WhatChanged Console for further analysis. If required, detected changes can also be forwarded as events to the local machine's eventlog.

WhatChanged consists of the WhatChanged Console that manages the configuration and deployment of the WhatChanged agents, a repository to store the change data, and powerful browsing tools to identify and analyze any changes. The Console is combined with the WhatChanged agent that is deployed on the monitored systems.

WhatChanged Agent

All WhatChanged agents are centrally managed and deployed from the WhatChanged Console. The agent has a small footprint and takes zero resources while a snapshot is not being generated. When a scheduled or on-demand snapshot is run, the Console contacts the agent and the agent performs the task. Even during snapshot generation the resource consumption is extremely modest, and as the activity is generally scheduled off-hours the machine user almost never knows an agent is even present. The agent processes all changes from the reference snapshot and only the actual change data is sent via a compressed and secure TCP transmission to the WhatChanged console, minimizing network consumption.

WhatChanged Console

The WhatChanged Console provides a central point to manage and review all change data. An unlimited number of snapshots per monitored system can be retained by WhatChanged. Each snapshot only records the delta of the change, not the entire state again so disk requirements per monitored system generally average a modest 50MB per system. The WhatChanged Console provides a powerful UI to monitor change. A user may either simply monitor change from the previous snapshot or define policy-based configuration definitions and monitor for changes against the defined policy. Compliance Standards such as PCI DSS require change auditing on critical systems and WhatChanged enables you to meet mandates such as these with ease.

Change Browser

The Change Browser is an information rich browser that displays a comparison of current versus previous snapshots or policies.

The Change Browser is similar to Microsoft Windows Explorer and enables a user to move quickly through all changes in the file system and registry.  The color-coded presentation of useful information about system changes helps resolve the problem quickly, and additional information can be displayed showing the exact nature of the change.