Accessdata: Dump memory for malicious process

Dumps memory if the given process is running on legacy AD agent.

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

  • GenericPolling

Integrations

  • Accessdata

Scripts

  • AccessdataCheckProcessExistsInSnapshot
  • Set

Commands

  • accessdata-get-jobstatus-memorydump
  • accessdata-legacyagent-get-memorydump
  • accessdata-get-jobstatus-processlist
  • accessdata-legacyagent-get-processlist
  • accessdata-read-casefile

Playbook Inputs


NameDescriptionRequired
target_ipRequired
process_nameRequired

Playbook Outputs


PathDescriptionType
Accessdata.IsProcessDetectedIndicates if the process with the specified name was detected on the agent machine during playbook execution.boolean
Accessdata.MemoryDumpPathThe path for the created memory dump file (if not created, it will be an empty string).string

Playbook Image


Accessdata_Dump_memory_for_malicious_process