Execute procdump activity Execute procdump is a powershell activity that runs the procdump on the selected processes, dumps the data into a file, and posts it to a shared site on an internal network. An analyst can then view a blacklisted process, highlighted in red in a security incident, and perform additional analysis on the file. Results Possible results for this activity are: Table 1. Results Result Description Success The procdump executed successfully on the process_name, and the details are available in activityOutput.response. Failure The procdump failed to execute on the process_name, and the details are available in activityOutput.response. Input variables Input variables are used to create the requested outputs. Table 2. Input variables Variable Description targetId [Mandatory] The target ID to run the procdump on. process_name [Mandatory] The process name for the procdump. dump_path [Mandatory] The local file path to which the generated dump file will be saved. dump_filename [Mandatory] The filename of the file generated by the procdump. All special characters will be replaced with hyphens (-) from the dump file name when the file is generated. file_share_path [Mandatory] The file share path to which the dump file will be copied. Output variables The output variables contain data that can be used in subsequent activities. Table 3. Output variables Variable Description share_path The file share path to which the dump file was copied. response A JSON representation of the result of the procdump. result The result of the procdump.
Execute procdump activity Execute procdump is a powershell activity that runs the procdump on the selected processes, dumps the data into a file, and posts it to a shared site on an internal network. An analyst can then view a blacklisted process, highlighted in red in a security incident, and perform additional analysis on the file. Results Possible results for this activity are: Table 1. Results Result Description Success The procdump executed successfully on the process_name, and the details are available in activityOutput.response. Failure The procdump failed to execute on the process_name, and the details are available in activityOutput.response. Input variables Input variables are used to create the requested outputs. Table 2. Input variables Variable Description targetId [Mandatory] The target ID to run the procdump on. process_name [Mandatory] The process name for the procdump. dump_path [Mandatory] The local file path to which the generated dump file will be saved. dump_filename [Mandatory] The filename of the file generated by the procdump. All special characters will be replaced with hyphens (-) from the dump file name when the file is generated. file_share_path [Mandatory] The file share path to which the dump file will be copied. Output variables The output variables contain data that can be used in subsequent activities. Table 3. Output variables Variable Description share_path The file share path to which the dump file was copied. response A JSON representation of the result of the procdump. result The result of the procdump.
