Action1 runs in the Cloud and it's accesible via a web-based Action1 Console. The Console allows you to manage your entire fleet of endpoints. You can run live queries or schedule queries, configure real-time alerts and control all other aspects of your Action1 service.
Action1 accesses your endpoints via Action1 Agents. An agent is a tiny executable file (about 3Mb in size) that runs on each managed endpoint with a very light resource footprint. When nothing is requested by you using Action1 pltaform, agents just sit idle and do nothing. When you request something using Action1, such as run a live query, the request is forwarded to all the agents on your network and they respond back with results, if any. After that they go back to the idle state. If you enable real-time alerts, such as alerts on newly created user accounts or installed software, the agents start tracking these specific aspects and notify Action1 Cloud when an alert is triggered, which in turns sends you an email with alert details.
One of the main advantages of Action1 is the ability to pull data from all of your endpoints in real-time, without relying on any previously collected stale data. Whenever you run a query, you see the most current and up-to-date information, and not something that was there a few hours or days ago. On top of that, thanks to the true cloud architecture from day one (vs legacy "cloudified" products), it gives you almost unlimited scalability that effortlessly expands based on your workload and number of endpoints, without the need to manage any backend infrastructure. Simply said, Action1 works equaly well with 10 endpoints and 1 million endpoints.