Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

Run procdump workflow

Run procdump workflow

The Run procdump workflow runs a process dump on a specified process and saves it to a file that can be targeted by security analysts.

About this task

This workflow is triggered when enriched processes are selected and a Run procdump UI action is executed.
Run procdump workflow
Workflow process activities include:
  • Run Script (Audit log enrichment): Runs a script to add an audit log to the security incident.
  • Execute procdump activity
  • Run Script (Success - Add SI work note): Runs a script to add a work note when the procdump succeeds.
  • Run Script (Failed - Add SI work note): Runs a script to add a work note when the procdump fails. Reasons the procdump can fail includes:
    • Invalid dump path
    • Invalid file share path
    • Unable to fetch the fully-qualified domin name of the Windows machine the procdump is running on
    • The process name is not specified
    • The PROCDUMP environment variable not found
    • A copy of the dump file fails to copy from the dump path to the file share path