A network administrator may be responsible for managing a large number of networked entities and resources distributed across one or more networks. These entities may be physical entities or logical entities. For example, the entities may include nodes, endpoints, machines, virtual machines, containers (an instance of container-based virtualization), tenants, endpoint groups, and applications. These entities may be organized and interact with one another to perform one or more functions, provide one or more services, and/or support one or more applications. These entities may also be grouped in various ways, located in different geographical locations, and/or serve different functions.
A thorough understanding of the networked entities and their configuration is critical for ensuring smooth operation, troubleshooting problems, detecting anomalous activity in the network environment (e.g., network attacks and misconfiguration), application and infrastructure security (e.g., preventing network breaches and reducing vulnerabilities), or asset management (e.g., monitoring, capacity planning, consolidation, migration, and continuity planning). Traditional approaches for managing large network infrastructures require comprehensive knowledge on the part of highly specialized human operators because of the complexities of the interrelationships among the entities. When confronted with a problem in the network, these human operators manually experiment with large datasets to tease out possible causes and eliminate them one by one until an actual cause is found.