Cmd Control can do both. Because the Cmd Control agent operates in user space, you can use Cmd's trigger system (based on flexible Cmd CQL) to intercept system calls. It lets you create custom policies that allowlist commands you’d like to allow, and denylist commands you’d like to block pre-execution. It supports rules that are contingent on a wide range of factors such as the time of day, which user is attempting a command, an ssh connection's IP address, and many more. 

You can also add clarity to “maybe” cases by prompting remote users for additional authorization before a particular command is executed. New triggers propagate to all agents in under 30 seconds.

Cmd Audit does not have enforcement capabilities — it can't stop commands. But you can use it to receive immediate alerts when your custom rules (including allow/deny lists) are violated.

To get started with Cmd Free or to request a full product demo, visit

Did this answer your question?