Execute procdump action
Execute procdump is a powershell action that runs the procdump on the selected processes, dumps the data into a file, and posts it to a shared site on an internal network. An analyst can then view a deny listed process, highlighted in red in a security incident, and perform additional analysis on the file.
Results
Possible results for this action are:
| Result | Description |
|---|---|
| Success | The procdump executed successfully on the process_name, and the details are available in actionOutput.response. |
| Failure | The procdump failed to execute on the process_name, and the details are available in actionOutput.response. |
Input variables
Input variables are used to create the requested outputs.
| Variable | Description |
|---|---|
| targetId | [Mandatory] The target ID to run the procdump on. |
| process_name | [Mandatory] The process name for the procdump. |
| dump_path | [Mandatory] The local file path to which the generated dump file will be saved. |
| dump_filename | [Mandatory] The filename of the file generated by the procdump. All special characters will be replaced with hyphens (-) from the dump file name when the file is generated. |
| file_share_path | [Mandatory] The file share path to which the dump file will be copied. |
Output variables
The output variables contain data that can be used in subsequent actions.
| Variable | Description |
|---|---|
| share_path | The file share path to which the dump file was copied. |
| response | A JSON representation of the result of the procdump. |
| result | The result of the procdump. |