How do I work with memory dumps in Traps?

L0 Member

How do I work with memory dumps in Traps?

I've created a task to perform a full memory dump on a specific machine. The task results in a massive list of "dump" files in .zip format spread across several minutes. I have no idea what to do with these files or how to glean information from them. I would love to see a video of someone performing analysis on an event using a memory dump that was manually requested.

 

filelist.JPG  dump.jpg

L4 Transporter

Re: How do I work with memory dumps in Traps?

The dumps that are gathered from a prevention event include files in use during the time of the prevention, and a memory snapshot (.dmp). The dmp file can be viewed with programs such as windbg. Palo Alto Traps support has been trained on how to review and analyze these dumps, and can review any dump you submit to them. You can always open a case through the Palo Alto support portal, and submit the dump for review. Should they find the prevention to be a false positive, they can offer a solution for you.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!