DEMO Read-only showcase seeded with synthetic data. Sign-in, reviewing, rules, retention and alerts are disabled. Browse every page and session freely. Install on your fleet →
Admin

Custom sensitive-path rules

Operator-defined patterns layered on top of the built-in matcher. Applied at session review time — rules you add now flag matches in sessions already in the store.

Add a rule
Path rules match file touches; segments compare a single path part case-insensitively (.mycreds matches C:\app\.mycreds\token), globs treat * as any run of characters. Host rules match DNS queries; segments compare a single hostname label (pastebin matches paste.pastebin.com), globs match the full hostname. Built-in exfil-channel hosts (pastebin.com, transfer.sh, file.io, ...) are always on.

No custom rules yet

Add a pattern above to extend the built-in matcher. Built-in path patterns (.env, .aws, .ssh, credentials, id_rsa, ...) and host patterns (pastebin.com, transfer.sh, file.io, ...) are always on and don't need to be re-added here.