Upload the Dump Files to Stardust
Once the dump files are created, they need to be uploaded to the remote Stardust system for pattern analysis. The dump file can be somewhat large and is compressed as a part of the Send command. The full signature of the
Send-ComaeDumpFile command is as follows:
Send-ComaeDumpFile [-Key] <string> [-Path] <string> [-ItemType] <string> [-IsCompress]
The following cmdlet parameters are in scope to send one or both files to Stardust:
- Key parameter us the user access token generated through the platform to enable the use of the API.
- Path parameter is the input file or directory as indicated by the ItemType parameter.
- ItemType parameter can be either File or Directory.
To retrieve the Key value, run the
Get-ComaeAPIKey command with the -ClientId and -ClientSecret params with the respective values that can be found in your Stardust account in Settings > Integrations menu.
$APIKey = Get-ComaeAPIKey [-ClientId] <string> [-ClientSecret] <string>
From the PowerShell session, execute the Send-ComaeDumpFile cmdlet with the following parameters, based on preference.
Send a previously generated dump file:
Send-ComaeDumpFile -Key $APIKey -Path "C:\Comae-CrashDumps\FileName.zdmp" -ItemType "File"
For added privacy, instead of sending full memory dumps to Stardust, the metadata archive (compressed .json files) cam be sent. Typically used for hybrid-cloud models, the memory dump is pre-processed locally instead of relying completely on the Stardust platform for analysis.