Run procdump workflow

The Run procdump workflow runs a process dump on a specified process and saves it to a file that can be targeted by security analysts.

About this task

This workflow is triggered when enriched processes are selected and a Run procdump UI action is executed.

Workflow process activities include:

Run Script (Audit log enrichment): Runs a script to add an audit log to the security incident.
Execute procdump activity
Run Script (Success - Add SI work note): Runs a script to add a work note when the procdump succeeds.
Run Script (Failed - Add SI work note): Runs a script to add a work note when the procdump fails. Reasons the procdump can fail includes:
- Invalid dump path
- Invalid file share path
- Unable to fetch the fully-qualified domin name of the Windows machine the procdump is running on
- The process name is not specified
- The PROCDUMP environment variable not found
- A copy of the dump file fails to copy from the dump path to the file share path