diff --git a/nursery/capture-process-snapshot-data.yml b/nursery/capture-process-snapshot-data.yml
new file mode 100644
index 00000000..526aa109
--- /dev/null
+++ b/nursery/capture-process-snapshot-data.yml
@@ -0,0 +1,12 @@
+rule:
+  meta:
+    name: capture process snapshot data
+    namespace: host-interaction/process/dump
+    authors:
+      - "@mr-tz"
+    scope: function
+  features:
+    - or:
+      - api: PssCaptureSnapshot
+      - api: PssQuerySnapshot
+      - api: PssWalkSnapshot