DETAILED ACTION
This non-final action is in response to RCE filed on 02/19/2021. In this amendment, claims 1, 9 and 17 have been amended. Claims 4, 12, and 20 were cancelled previously. Claims 1-3, 5-11, 13-19 and 21-24 are pending, of which claims 1, 9, and 17 are independent claims. 

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 02/19/2021 has been entered.

Priority
This application claims the benefit of the following U.S. Provisional Application Nos.: 62/681,279, filed on 06 June 2018; 62/737,558, filed on 27 September 20I8; and 62/817,943 filed on 13 March 2019.

Response to Arguments
Applicant’s arguments with respect to U.S.C. § 103b rejections have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Objections
Claims 1, 9 and 17 are objected to because of the following informalities: 
The phrase “enabling third-party access” should read “enabling the third-party access.”
Appropriate correction is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1-2, 6, 8-10, 14, 16-18, 22 and 24 are rejected under 35 U.S.C. 103 as being unpatentable over Navas (US 2010/0125574, published 2010) and Satish et al. (US 2016/0164919, published 2016).

obtaining consolidated platform information for a computing platform to identify a plurality of deployed security-relevant subsystems (see Navas Fig. 4, obtaining information to identify data source ERP 450 and CRM 460 for establishing connection); 
establishing connectivity with the plurality of deployed security-relevant subsystems within the computing platform (see Navas Fig. 4, establish connection with data source ERP 450 and CRM 460), the plurality of deployed security-relevant subsystems including one or more of Content Delivery Network systems, Database Activity Monitoring systems (see Navas par. [0072]. ERP 450 includes database for event data A and C), Mobile Device Management systems, Identity and Access Management systems, Domain Name Server systems, antivirus systems, operating systems; 
receiving a unified query from a third party (see Navas Fig. 4, receiving query 412 from user 410); 
distributing at least a portion of the unified query to the plurality of deployed security-relevant subsystems (see Navas Fig. 4, distributing components of Query 412 to ERP 450 and CRM 460); 
effectuating at least a portion of the unified query on each of the plurality of deployed security-relevant subsystems (see Navas Fig. 4, ERP 450 and CRM 460 processing components of Query 412); 

combining the plurality of security-relevant information sets to form an aggregated security-relevant information set for the computing platform (Navas Fig. 7, Event Server Combines Responses For Separate Query Component Responses at 724); 
enabling third-party access to the aggregated security-relevant information set including initial security-relevant information (Navas par. 94, The event server returns the response to the user, 726. The user system may receive an actionable, real-time event, 728. An actionable event may allow the user to access an enterprise backend for additional information).
Navas does not explicitly disclose:
allowing the third party to manipulate the initial security-relevant information with automation information including: 
allowing the third party to select automation information to add to the initial security-relevant information, including allowing the third party to select a 2Appl. No.: 16/432,733Page 3 of 12 specific type of automation information from a plurality of automation information types to add to the initial security-relevant; and 
generating revised security-relevant information based upon, at least in part, the initial security-relevant information and the automation information.

allowing the third party to manipulate the initial security-relevant information with automation information (See Satish paras. [0027-0028]. Allowing the administrator to add (e.g., blocking (automation information)) to IP address related to the source of the threat (initial security-relevant information)) including: 
allowing the third party to select automation information to add to the initial security-relevant information (See Satish paras. [0027-0028]. Allowing the administrator to add (e.g., blocking (automation information)) to IP address related to the source of the threat (initial security-relevant information)), including allowing the third party to select a 2Appl. No.: 16/432,733Page 3 of 12 specific type of automation information from a plurality of automation information types (See Satish par. 27. Allowing the administrator to select an action (e.g., blocking particular IP addresses (automation information) from actions including removing a particular malicious process, entering one or more computing assets into virtual local area network (VLAN), blocking particular IP addresses, or some other similar action recommendation based on the threat and possible enrichment information)) to add to the initial security-relevant (See Satish paras. [0027-0028]. Allowing the administrator to add (e.g., blocking (automation information)) to IP address related to the source of the threat (initial security-relevant information)); and 
generating revised security-relevant information based upon, at least in part, the initial security-relevant information and the automation information (See Satish paras. [0027-0028]. Generate action selection (e.g., blocking (automation information) IP address related to the source of the threat (initial security-relevant information)).  

One of ordinary skilled in the art would have been motivated because it offers the advantage of allowing administrator to take appropriate actions regarding identified security incident information.

As per claim 2, Navas-Satish discloses the computer-implemented method of claim 1. Navas further discloses wherein establishing connectivity with the plurality of deployed security-relevant subsystems (see Navas Fig. 4, establish connection with data source ERP 450 and CRM 460) includes: utilizing at least one application program interface to access at least one of the plurality of deployed security-relevant subsystems (Navas par. 104, System 1000 may include multiple APIs (application programming interfaces) that enable a user to interact with LE server 1002).  

As per claim 6, Navas-Satish discloses the computer-implemented method of claim 1. Navas further discloses wherein the plurality of security-relevant information sets utilize a plurality of different formats (Navas par. 36, event data produced by a data 

As per claim 8, Navas-Satish discloses the computer-implemented method of claim 1. Navas further discloses wherein the plurality of deployed security-relevant subsystems includes one or more of: 
a data lake; 
a data log (Navas par. 26, The data sources may be any subsystem (e.g., supply chain management (SCM), enterprise resource planning (ERP), human resources, customer relations management (CRM), information technology (IT), etc.), database, or other element within the enterprise that implements a change to one or more objects); 3Appl. No.: 16/432,733Page 4 of 12 
a security-relevant software application; 
a security-relevant hardware system; and 
a resource external to the computing platform.  

Claims 9-10, 14 and 16 are computer program product claims reciting similar subject matters to those recited in the method claims 1-2, 6 and 8 respectively, and are rejected under similar rationale. Navas further discloses a computer program product comprising a non-transitory computer readable medium having a plurality of instructions stored thereon which, when executed by a processor, cause the processor to perform operations (Navas pg. 16, machine-readable storage medium having content stored thereon to provide instructions, which when executed, cause a processor of an enterprise node to perform operations).

Claims 17-18, 22 and 24 are system claims reciting similar subject matters to those recited in the method claims 1-2, 6 and 8 respectively, and are rejected under similar rationale. Navas further discloses a computing system (Navas Fig. 11, computing system 1100) including a processor (Navas Fig. 11, processor 1110) and memory configured to perform operations (Navas Fig. 11, memory 1120).

Claims 3, 5, 11, 13, 19 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Navas (US 2010/0125574, published 2010), Satish et al. (US 2016/0164919, published 2016) and Suit et al. (US 20100077078, published 2010).
As per claim 3, Navas-Satish discloses the computer-implemented method of claim 1. Navas discloses combining the plurality of security-relevant information sets to form an aggregated security-relevant information set (Navas Fig. 7, Event Server Combines Responses For Separate Query Component Responses at 724).
Navas does not explicitly disclose:
homogenizing the plurality of security-relevant information sets to form the aggregated security-relevant information set.  
Linde teaches:
homogenizing the plurality of security-relevant information sets to form the aggregated security-relevant information set (Linde par. 70, The data flow platform 101 further standardizes or homogenizes the aggregated alerts (e.g., log sources) into distinct but uniform data flow).  

One of ordinary skilled in the art would have been motivated because it offers the advantage of providing uniform data for better viewing and analysis.

As per claim 5, Navas-Satish discloses the computer-implemented method of claim 1. Navas does not explicitly disclose:
enabling third-party searching of the aggregated security-relevant information set.  
Linde teaches:
enabling third-party searching of the aggregated security-relevant information set (Linde par. 96, the aggregated data flows may further be manipulated or filtered based on user defined inputs or other search criteria).  
It would have been obvious to one skilled in the art at the time of effective filing date of the claimed invention to further modify the method of Navas with the teaching of Linde for enabling third-party searching of the aggregated security-relevant information set.
One of ordinary skilled in the art would have been motivated because it offers the advantage of allowing a party to update, manage, search, and retrieve from one or more databases.



Claims 19 and 21 are system claims reciting similar subject matters to those recited in the method claims 3 and 5 respectively, and are rejected under similar rationale.

Claims 7, 15 and 23 are rejected under 35 U.S.C. 103 as being unpatentable over Navas (US 2010/0125574, published 2010), Satish et al. (US 2016/0164919, published 2016) and Suit et al. (US 20100077078, published 2010).
As per claim 7, Navas-Satish discloses the computer-implemented method of claim 1. Navas does not explicitly disclose:
the plurality of security-relevant information sets utilize a plurality of different nomenclatures.  
Suit teaches:
the plurality of security-relevant information sets utilize a plurality of different nomenclatures (Suit par. 44, the agent normalizes information collected from the node, with respect, for example, to the type of operating system associated with the node. For example, many operating systems use different nomenclature to represent physical devices addresses and network addresses which identify communication end points).  
It would have been obvious to one skilled in the art at the time of effective filing date of the claimed invention to further modify the method of Navas with the teaching of 
One of ordinary skilled in the art would have been motivated because it offers the advantage of allowing system to process data from different sources having different nomenclature.
  
Claim 15 is computer program product claim reciting similar subject matters to those recited in the method claim 7, and is rejected under similar rationale.

Claim 23 system claim reciting similar subject matters to those recited in the method claim 7, and is rejected under similar rationale.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US 20090248619 A1; Unstructured And Structured Databases
Methods, systems and computer products perform cost estimate to determine an efficient approach to answer a query according to one of several unified query plans. One unified query plan involves querying an unstructured database, referencing a unified index, and probing a structured database based on matches discovered in the unified index. The results of the unstructured database query are used to lookup entries in a unified index associated with the structured database. Then the structured 
US 20040024720 A1; System And Method For Managing Knowledge
A system for converting incoming unstructured data into a well described normalized form. Since the incoming data is multimedia and may represent some data type for which support is provided by the underlying OS platform, this normalized form include the ability to fully describe and manipulate arbitrarily complex native or non-native binary structures and collections.
US 20030014396 A1; Unified Database And Text Retrieval System
A unified database/text retrieval system converts exact database type queries into text inclusion type queries suitable for text retrieval systems through the use of pseudo keywords.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHANG DO whose telephone number is (571)270-7837.  The examiner can normally be reached on Monday-Friday 8:00 - 5:00 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SALEH NAJJAR can be reached on (571)272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.







/KHANG DO/Primary Examiner, Art Unit 2492