DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Allowable Subject Matter
Claim 1-4, 7-14,17-24 and 27-32 are allowed.
The following is an examiner’s statement of reasons for allowance: 
The prior art of record teaches limitations as noted in the previous Office Action 08/25/2020.
However, the prior art of record, taken either alone or in combination, fails to teach or fairly suggest:
“pruning the first candidate event segment, said pruning comprising: identifying a set of common events comprising a set of events that the first candidate event segment and another candidate event segment of the candidate event segments have in common; and removing events from the plurality of DS events that are included in the first candidate event segment and that are not in the set of common events, to produce a pruned first candidate event segment comprising at least one of a subset of consecutive sequential events and a subset of unordered events Docket No.: SPLK-0014-01.01USSerial No.: 15/478,186 Examiner: Sheikh, A.2 Art Unit: 2123including the pruned first candidate event segment in a set of pruned event segments; comparing a first set of DS events to the set of pruned event segments, wherein the first set of DS events results from a known network activity of a first category;” as recited in claim 1, in combination with the remaining features and elements of the claimed invention.
The Examiner notes that Gukal is the closest prior art of record for teaching the following limitation. Gukal teaches the examination of new alert data provided that matches a previous 
  However, the claim as amended requires an intermediate step before the comparison which prunes the modified the incoming events that are grouped into segments based on commonality. The claim requires pruning the incoming data segments to produce a pruned segment that is then further used for the comparison of new data to the previously known network activity belonging to a category (i.e. “comparing a first set of DS events to the set of pruned event segments, wherein the first set of DS events results from a known network activity of a first category;”). Therefore, the claim is in condition for allowance based on the removal of events in the candidate event segment which is further used in a comparison step (i.e. “removing events from the plurality of DS events that are included in the first candidate event segment and that are not in the set of common events, to produce a pruned first candidate event segment comprising at least one of a subset of consecutive sequential events and a subset of unordered eventsDocket No.: SPLK-0014-01.01USSerial No.: 15/478,186 Examiner: Sheikh, A.2 Art Unit: 2123including the pruned first candidate event segment in a set of pruned event segments”).
Claim 11 and 21 are allowed similarly to claim 1. Claims 2-4, 7-10, 12-14, 17-20, 22-24 and 27-32 are similarly allowed based on their dependency to the allowed claims.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue 
Conclusion
Claim 1-4, 7-14, 17-24 and 27-32 are allowed.
Prior art found in an updated search but not relied upon is cited below:
US7908657 - Detecting variants of known threats
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AHSIF A. SHEIKH whose telephone number is (571)272-2607.  The examiner can normally be reached on Mon-Fri 7:30-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alexey Shmatov can be reached on 571-270-3428.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to 






/A.A.S./Examiner, Art Unit 2123                                                                                                                                                                                                        
/MICHAEL J HUNTLEY/Primary Examiner, Art Unit 2116