Determining a reputation of a network entity

1 . A computer-implemented method, comprising: monitoring, by a network traffic monitoring system, network traffic data for a plurality of nodes of a network; analyzing, by the network traffic monitoring system, the network traffic data to classify a type of traffic for each flow of a plurality of flows; receiving, to the network traffic monitoring system from a requestor, a request for a reputation score associated with one or more nodes of the network; identifying, by the network traffic monitoring system, the type of traffic for one or more flows associated with the one or more nodes; determining, by the network monitoring system, the reputation score associated with the one or more nodes based on the type of traffic for the one or more flows associated with the one or more nodes; and sending, by the network traffic monitoring system, the reputation score to the requestor. 2 . The computer-implemented method of claim 1 , wherein analyzing the network traffic data to classify a type of traffic for each flow includes: matching the flow to a known pattern of traffic. 3 . The computer-implemented method of claim 2 , wherein the known pattern of traffic corresponds to at least one of a DDOS attack, a FIN scan, or a port knock. 4 . The computer-implemented method of claim 1 , wherein analyzing the network traffic data to classify a type of traffic for each flow includes: identifying one or more network policies associated with the flow; and determining whether the flow complies with the one or more network policies. 5 . The computer-implemented method of claim 1 , wherein the requestor is a requesting node on the network and the method further includes receiving a request to transmit data to one of the one or more nodes. 6 . The computer-implemented method of claim 1 , wherein the reputation score is associated with at least one of an endpoint, an endpoint group, a pair of endpoints, a pair of endpoint groups, an endpoint and an endpoint group, a user name for a process, a process, or a path for a process of the network. 7 . The computer-implemented method of claim 1 , wherein determining the reputation score includes: determining at least one of the one or more flows is tagged as malicious or misconfigured; and decreasing the reputation score. 8 . The computer-implemented method of claim 7 , wherein determining the reputation score further includes: determining an elapsed time associated with a most recent flow that has been tagged as malicious or misconfigured, the most recent flow being one of the one or more flows; and increasing the reputation score based on the elapsed time. 9 . The computer-implemented method of claim 1 , wherein the requestor is a presentation module of the network monitoring system and the method further comprises: generating a network status report containing the reputation score. 10 . A non-transitory computer-readable medium having computer readable instructions that, when executed by a processor of a computer, cause the computer to: monitor, by a network traffic monitoring system, network traffic data for a plurality of nodes of a network; analyze, by the network traffic monitoring system, the network traffic data to classify a type of traffic for each flow of a plurality of flows; receive, to the network traffic monitoring system from a requestor, a request for a reputation score associated with one or more nodes of the network; identify, by the network traffic monitoring system, the type of traffic for one or more flows associated with the one or more nodes; determine, by the network monitoring system, the reputation score associated with the one or more nodes based on the type of traffic for the one or more flows associated with the one or more nodes; and send, by the network traffic monitoring system, the reputation score to the requestor. 11 . The non-transitory computer-readable medium of claim 10 , wherein the instructions that cause the computer to analyze the network traffic data to classify a type of traffic for each flow further cause the computer to: match the flow to a known pattern of traffic. 12 . The non-transitory computer-readable medium of claim 11 , wherein the known pattern of traffic corresponds to at least one of a DDOS attack, a FIN scan, or port knock. 13 . The non-transitory computer-readable medium of claim 10 , wherein the instructions that cause the computer to analyze the network traffic data to classify a type of traffic for each flow further cause the computer to: identify one or more network policies associated with the flow; and determine whether the flow complies with the one or more network policies. 14 . The non-transitory computer-readable medium of claim 10 , wherein the reputation score is associated with at least one of an endpoint, an endpoint group, a pair of endpoints, a pair of endpoint groups, an endpoint and an endpoint group, a user name for a process, a process, or a path for a process of the network. 15 . The non-transitory computer-readable medium of claim 10 , wherein the instructions that cause the computer to determine the reputation score further cause the computer to decrease the reputation score if a flow is tagged as malicious, decrease the reputation score if a flow is tagged as misconfigured, and increase the reputation score based on time elapsed without having a flow tagged as malicious or misconfigured. 16 . A system comprising: a processor; memory including instructions that when executed by the processor, cause the system to: monitor, by a network traffic monitoring system, network traffic data for a plurality of nodes of a network; analyze, by the network traffic monitoring system, the network traffic data to classify a type of traffic for each flow of a plurality of flows; receive, to the network traffic monitoring system from a requestor, a request for a reputation score associated with one or more nodes of the network; identify, by the network traffic monitoring system, the type of traffic for one or more flows associated with the one or more nodes; determine, by the network monitoring system, the reputation score associated with the one or more nodes based on the type of traffic for the one or more flows associated with the one or more nodes; and send, by the network traffic monitoring system, the reputation score to the requestor. 17 . The system of claim 16 , wherein the instructions that cause the system to analyze the network traffic data to classify a type of traffic for each flow further cause the system to: match the flow to a known pattern of traffic. 18 . The system of claim 16 , wherein the instructions that cause the system to analyze the network traffic data to classify a type of traffic for each flow further cause the system to: identify one or more network policies associated with the flow; and determine whether the flow complies with the one or more network policies. 19 . The system of claim 16 , wherein the requestor includes at least one of a presentation module, an analytics module, or a policy engine of the network traffic monitoring system. 20 . The system of claim 16 , wherein the reputation score is associated with at least one of an endpoint, an endpoint group, a pair of endpoints, a pair of endpoint groups, an endpoint and an endpoint group, a user name for a process, a process, or a path for a process of the network.