Execute procdump is a powershell action that runs the procdump on the selected processes, dumps the data into a file, and posts it to a shared site on an internal network. An analyst can then view a deny listed process, highlighted in red in a security incident, and perform additional analysis on the file.

Results

Possible results for this action are:

表 : 1. Results

Result	Description
Success	The procdump executed successfully on the process_name, and the details are available in actionOutput.response.
Failure	The procdump failed to execute on the process_name, and the details are available in actionOutput.response.

Input variables

Input variables are used to create the requested outputs.

表 : 2. Input variables

Variable	Description
targetId	[Mandatory] The target ID to run the procdump on.
process_name	[Mandatory] The process name for the procdump.
dump_path	[Mandatory] The local file path to which the generated dump file will be saved.
dump_filename	[Mandatory] The filename of the file generated by the procdump. All special characters will be replaced with hyphens (-) from the dump file name when the file is generated.
file_share_path	[Mandatory] The file share path to which the dump file will be copied.

Output variables

The output variables contain data that can be used in subsequent actions.

表 : 3. Output variables

Variable	Description
share_path	The file share path to which the dump file was copied.
response	A JSON representation of the result of the procdump.
result	The result of the procdump.