US 11,916,771 B2
Combining passive network analysis and active probing
Jesse Abraham Rothstein, Seattle, WA (US); Benjamin Thomas Higgins, Shoreline, WA (US); Michael Kerber Krause Montague, Lake Forest Park, WA (US); and Kevin Michael Seguin, Seattle, WA (US)
Assigned to ExtraHop Networks, Inc., Seattle, WA (US)
Filed by ExtraHop Networks, Inc., Seattle, WA (US)
Filed on Apr. 4, 2022, as Appl. No. 17/712,521.
Application 17/712,521 is a continuation of application No. 17/483,435, filed on Sep. 23, 2021, granted, now 11,296,967.
Prior Publication US 2023/0087451 A1, Mar. 23, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 43/0876 (2022.01); H04L 43/062 (2022.01); H04L 43/12 (2022.01); H04L 67/30 (2022.01)
CPC H04L 43/0876 (2013.01) [H04L 43/062 (2013.01); H04L 43/12 (2013.01); H04L 67/30 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method for monitoring communication over a network between one or more computers, with one or more network monitoring computers (NMCs) that enable performance of actions, comprising:
determining one or more metrics that are included in one or more profiles based on monitoring and mimicking network traffic associated with one or more entities in the network;
determining one or more active probes to include in one or more jobs, wherein the determination is based on one or more occurrences of an activity of interest detected in the monitored network activity;
employing execution of the one or more jobs to use the one or more active probes to collect one or more other metrics for the one or more occurrences of the activity of interest and query one or more of a directory, a service directory, a user directory, a configuration service, or a system database;
updating the one or more profiles based on the one or more other metrics to include one or more responses to the query; and
generating one or more reports that include information associated with the one or more updated profiles.