US 11,956,335 B1
Automated mapping of multi-tier applications in a distributed system
Naveen Goela, Berkeley, CA (US); Rishi Kant, Foster City, CA (US); Andrew R. White, Apex, NC (US); Christian L. Hunt, Chapel Hill, NC (US); and David Irwin, Cary, NC (US)
Assigned to Tanium Inc., Kirkland, WA (US)
Filed by Tanium Inc., Kirkland, WA (US)
Filed on May 23, 2022, as Appl. No. 17/751,504.
Application 17/751,504 is a continuation of application No. 16/943,291, filed on Jul. 30, 2020, granted, now 11,343,355.
Application 16/943,291 is a continuation in part of application No. 16/430,336, filed on Jun. 3, 2019, granted, now 10,841,365, issued on Nov. 17, 2020.
Claims priority of provisional application 62/881,896, filed on Aug. 1, 2019.
Claims priority of provisional application 62/700,171, filed on Jul. 18, 2018.
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 67/75 (2022.01); G06F 16/2458 (2019.01); H04L 41/12 (2022.01); H04L 67/10 (2022.01)
CPC H04L 67/75 (2022.05) [G06F 16/2477 (2019.01); H04L 41/12 (2013.01); H04L 67/10 (2013.01)] 26 Claims
OG exemplary drawing
 
1. A method of mapping applications executed by machines in a network, comprising:
at a server system connected to the network, wherein the machines in the network comprise a plurality of endpoint machines distinct from the server system, performing an application mapping procedure comprising:
initializing an application dependency map, including adding a first layer of application mapping information to the application dependency map, wherein the application dependency map identifies relationships among application components of one or more multi-tier applications;
sending a first query to one or more of the endpoint machines;
receiving, in response to the first query, information identifying application components that have participated in predefined communications with application components identified in an existing layer of application mapping information in the application dependency map;
adding a second layer of application mapping information to the application dependency map, based at least in part on the information received in response to the first query;
after adding the second layer of application mapping information to the application dependency map, sending a second query to one or more of the of the endpoint machines, the second query being based at least in part on the application dependency map.