Real-time configuration discovery and management
First Claim
1. A method for monitoring network traffic in a network, wherein one or more processors execute instructions to perform the method, comprising:
- employing a network monitoring computer to execute instructions that perform actions, including;
executing a network monitoring engine to perform further actions, including;
passively monitoring the network to collect a plurality of characteristics associated with one or more network flows, wherein an efficiency of the monitoring of network packets corresponding to the one or more network flows is improved by passively monitoring these network flows to avoid decryption of encrypted network packets and foregoing expensive participation in one or more of a deep packet inspection or an associated communication protocol;
identifying one or more entities on the network based on one or more of the plurality of characteristics associated with the one or more network flows; and
providing one or more entity profiles based on the identified entities and the one or more characteristics; and
executing a configuration management engine to perform actions, including;
comparing the one or more entity profiles with one or more configuration item (CI) entries in a database are based on one or more previously identified entities that are included in a particular infrastructure; and
providing one or more discrepancy notices based on differences in the comparison, wherein each discrepancy notice is associated with one or more differences between the one or more entity profiles and corresponding CI entries; and
wherein the network monitoring engine executes one or more policies to perform one or more additional actions based on the one or more discrepancies notices.
6 Assignments
0 Petitions
Accused Products
Abstract
Embodiments are directed to monitoring network traffic in a network. A network monitoring engine may monitor networks to collect characteristics associated with network flows. The network monitoring engine may be arranged to identify entities on the network based on characteristics associated with the network flows. The network monitoring engine may provide entity profiles based on the identified entities and the characteristics. A configuration management engine may compare the entity profiles with configuration item (CI) entries in a database. The configuration management engine may provide discrepancy notices based on differences discovered during the comparison. Accordingly, the network monitoring engine may execute one or more policies to perform one or more additional actions based on the one or more discrepancies notices. Also, the configuration management engine may perform audits of an organization'"'"'s information technology infrastructure to identify one or more violations of compliance policies.
-
Citations
30 Claims
-
1. A method for monitoring network traffic in a network, wherein one or more processors execute instructions to perform the method, comprising:
-
employing a network monitoring computer to execute instructions that perform actions, including; executing a network monitoring engine to perform further actions, including; passively monitoring the network to collect a plurality of characteristics associated with one or more network flows, wherein an efficiency of the monitoring of network packets corresponding to the one or more network flows is improved by passively monitoring these network flows to avoid decryption of encrypted network packets and foregoing expensive participation in one or more of a deep packet inspection or an associated communication protocol; identifying one or more entities on the network based on one or more of the plurality of characteristics associated with the one or more network flows; and providing one or more entity profiles based on the identified entities and the one or more characteristics; and executing a configuration management engine to perform actions, including; comparing the one or more entity profiles with one or more configuration item (CI) entries in a database are based on one or more previously identified entities that are included in a particular infrastructure; and providing one or more discrepancy notices based on differences in the comparison, wherein each discrepancy notice is associated with one or more differences between the one or more entity profiles and corresponding CI entries; and wherein the network monitoring engine executes one or more policies to perform one or more additional actions based on the one or more discrepancies notices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for monitoring network traffic in a network:
one or more network monitoring computers (NMCs), comprising; a transceiver that communicates over the network; a memory that stores at least instructions; and one or more processors that execute instructions that perform actions, including; executing a network monitoring engine to perform further actions, including; passively monitoring the network to collect a plurality of characteristics associated with one or more network flows, wherein an efficiency of the monitoring of network packets corresponding to the one or more network flows is improved by passively monitoring these network flows to avoid decryption of encrypted network packets and foregoing expensive participation in one or more of a deep packet inspection or an associated communication protocol; identifying one or more entities on the network based on one or more of the plurality of characteristics associated with the one or more network flows; and providing one or more entity profiles based on the identified entities and the one or more characteristics; and executing a configuration management engine to perform actions, including; comparing the one or more entity profiles with one or more configuration item (CI) entries in a database are based on one or more previously identified entities that are included in a particular infrastructure; and providing one or more discrepancy notices based on differences in the comparison, wherein each discrepancy notice is associated with one or more differences between the one or more entity profiles and corresponding CI entries; and wherein the network monitoring engine executes one or more policies to perform one or more additional actions based on the one or more discrepancies notices; and one or more client computers, comprising; a transceiver that communicates over the network; a memory that stores at least instructions; and one or more processors that execute instructions that perform actions, including; providing one or more portions of the one or more network flows. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
17. A processor readable non-transitory storage media that includes instructions for monitoring network traffic over a network between one or more computers, wherein execution of the instructions by one or more processors on one or more network monitoring computers (NMCs) performs actions, comprising:
-
executing a network monitoring engine to perform further actions, including; passively monitoring the network to collect a plurality of characteristics associated with one or more network flows, wherein an efficiency of the monitoring of network packets corresponding to the one or more network flows is improved by passively monitoring these network flows to avoid decryption of encrypted network packets and foregoing expensive participation in one or more of a deep packet inspection or an associated communication protocol; identifying one or more entities on the network based on one or more of the plurality of characteristics associated with the one or more network flows; and providing one or more entity profiles based on the identified entities and the one or more characteristics; and executing a configuration management engine to perform actions, including; comparing the one or more entity profiles with one or more configuration item (CI) entries in a database are based on one or more previously identified entities that are included in a particular infrastructure; and providing one or more discrepancy notices based on differences in the comparison, wherein each discrepancy notice is associated with one or more differences between the one or more entity profiles and corresponding CI entries; and wherein the network monitoring engine executes one or more policies to perform one or more additional actions based on the one or more discrepancies notices. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
-
24. A network monitoring computer (NMC) for monitoring communication over a network between one or more computers, comprising:
-
a transceiver that communicates over the network; a memory that stores at least instructions; and one or more processors that execute instructions that perform actions, including; executing a network monitoring engine to perform further actions, including; passively monitoring the network to collect a plurality of characteristics associated with one or more network flows, wherein an efficiency of the monitoring of network packets corresponding to the one or more network flows is improved by passively monitoring these network flows to avoid decryption of encrypted network packets and foregoing expensive participation in one or more of a deep packet inspection or an associated communication protocol; identifying one or more entities on the network based on one or more of the plurality of characteristics associated with the one or more network flows; and providing one or more entity profiles based on the identified entities and the one or more characteristics; and executing a configuration management engine to perform actions, including; comparing the one or more entity profiles with one or more configuration item (CI) entries in a database are based on one or more previously identified entities that are included in a particular infrastructure; and providing one or more discrepancy notices based on differences in the comparison, wherein each discrepancy notice is associated with one or more differences between the one or more entity profiles and corresponding CI entries; and wherein the network monitoring engine executes one or more policies to perform one or more additional actions based on the one or more discrepancies notices. - View Dependent Claims (25, 26, 27, 28, 29, 30)
-
Specification