Phase 2: Automated Analysis

When a security event occurs on an endpoint, Traps freezes the contents of the memory, and stores it in a data file known as a memory dump. From the ESM Console you can fine-tune memory dump settings that specify the size of the memory dump—either small, medium, or full (the largest and most complete set of information)—and whether Traps should automatically upload the memory dump to the forensic folder. For more information, see Define Memory Dump Preferences.
After creating the memory dump, Traps deciphers the file and extracts information to identify the underlying cause and to verify the validity of the prevention. Use the results of the analysis to diagnose and understand the event.
Depending on the type of event, Traps may also use automated detection tools to scan for malicious behavior as described in Phase 3: Automated Detection.

Recommended For You