Command Filtering & Blocking
One accidental rm -rf can cost hours of downtime. OnePAM intercepts dangerous commands in real time with regex rules — block, log, or alert before they execute.
What You Get
Included Capabilities
Regex pattern matching — define rules using regular expressions to match commands precisely
Block or log actions — choose to block dangerous commands outright or log them for review
SSH command filtering — intercept shell commands before they execute on remote servers
Database query filtering — block destructive SQL operations like DROP, DELETE, or TRUNCATE
Priority-based evaluation — rules are evaluated in priority order; first match wins
Per-policy rules — attach command filter rules to specific access policies for granular control
Real-time alerting — trigger alerts when blocked commands are detected
Audit trail — every matched command is logged with the pattern, action, and session context
Compliance ready — enforce least-privilege command access for SOC 2, HIPAA, and PCI DSS
Available on Business and Enterprise plans
Live Preview
Feature Overview
Secure Access — Overview
Zero Trust Access
Session Recording
Just-In-Time Access
Browser-Based
Deploy in Under 5 Minutes
Three Steps to Secure Access
1. Sign Up With SSO
Connect your identity provider — Okta, Azure AD, Google Workspace, or any SAML/OIDC provider. Your team logs in with existing credentials.
2. Add Your Resources
Register servers, databases, Kubernetes clusters, and web apps. Define who can access what with role-based policies.
3. Access Securely
Your team accesses resources through the browser — identity-verified, session-recorded, and audit-logged. No VPN, no exposed ports.
Try Command Filtering & Blocking — Free for 14 Days
From signup to your first secure session in under 5 minutes. No infrastructure changes, no credit card, no sales call.