Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on January 25, 2021 has been entered.

Response to Amendment and Arguments
Claims 1-10 are pending and are being examined in this application.
In light of Applicant’s amendments to the claims, the 102 rejection is withdrawn.
Applicant’s arguments with respect to 102 rejection have been considered, but are moot in view of the new ground(s) of rejection provided below.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-10 are rejected under 35 U.S.C. 103 as being unpatentable over Pareek et al. (US Pub. 20140358982) in view of Austin (US Pub. 20170235960).
Referring to claim 1, Pareek discloses an apparatus, comprising: 
a processor [par. 64; note computer]; and 
a random access memory connected to the processor, the random access memory storing instructions executed by the processor [par. 64; code stored in a computer readable storage medium such as RAM is executed by the computer] to: 
capture database transaction data from a database transaction log [pars. 16, 17, and 44; event data is received from one or more data sources (e.g., database transaction logs)], 
form transaction log aggregated information that augments the database transaction data into a format that does not exist in the database transaction log [pars. 17, 47, and 49; the event data is augmented (e.g., via aggregating) and transformed into a new format], where the format includes a new transaction log parameter added to an existing transaction log parameter [par. 58; new axes of data may be created from existing tags (e.g., time stamp, zip code, etc.)], 
construct models of normative database transaction log activity trained from historical transaction log aggregated information [pars. 25, 26, 31, 32, 51-53; models are built using event data comprising computed aggregates] organized in accordance with a temporal parameter [pars. 54 and 63; note sliding windows, landmark windows, or time of day], a user parameter [par. 63, note transaction activity of merchant] and a database parameter... [pars. 32, 36, 45, 47, 58, and 63; note session information and historical change data],
issue an anomaly report in response to a discrepancy between the transaction log aggregated information and at least one model of normative database transaction log activity from the models of normative database transaction log activity [pars. 51, 58, and 63; alerts are sent out upon detecting 
write the transaction log aggregated information to persistent memory after the issue of the anomaly report [figs. 2 and 3; pars. 20 and 47; the augmented event data is transferred to a persistent data store after being processed].
Pareek does not appear to explicitly disclose wherein the models of normative database transaction log activity are trained from user selected regression models.
However, Austin discloses wherein the models of normative database transaction log activity are trained from user selected regression models [pars. 26, 34, 37, and 38; a user selects a threat prediction model from a library of predictive mathematical models (e.g., regression models); the threat prediction model is applied to collected data to generate forecast data (i.e., models of normative database transaction log activity), and the forecast data is used to identify threats].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the event processing taught by Pareek so that models are trained using user selected regression models as taught by Austin. The motivation for doing so would have been to detect unusual activity that a user specifically wants to identify [Austin, par. 34].
Referring to claim 2, Pareek discloses wherein the temporal parameter is a time window [pars. 54 and 63; the comparing is performed with respect to sliding windows, landmark windows, or time of day].
Referring to claim 3, Pareek discloses wherein the user parameter is a database user [par. 63; the comparing is performed with respect to transaction activity of a merchant].
Referring to claim 4, Pareek discloses wherein the database parameter is database session historical data [pars. 45, 47, and 63; the event data comprises session information, which means that the historical data used to perform the comparison may also include the session information].
Referring to claim 5, Pareek discloses wherein the database parameter is database table historical change data [pars. 32, 36, and 63; the historical data used for the comparison is based on change data].
Referring to claim 6, Pareek discloses wherein the database parameter is database transaction historical data [pars. 58 and 63; note the historical data].
Referring to claim 7, Pareek discloses wherein the model of normative database transaction log activity is a predictive model [par. 31; the models may be used to performed predictive analytics].
Referring to claim 8, Pareek discloses wherein the transaction log aggregated information includes database metadata [pars. 17 and 20; the event data includes metadata, which means that the augmented event data includes the metadata].
Referring to claim 9, Pareek discloses wherein the transaction log aggregated information includes data from the database transaction log [par. 47; the augmented event data is generated by filtering, aggregating, joining, enrich, and transforming the event data, which means that the augmented event data includes the event data].
Referring to claim 10, Pareek discloses instructions executed by the processor to revise the model of normative database transaction log activity based upon the transaction log aggregated information [par. 32; the historical data used for the comparison changes in real-time as events occur (i.e., model changes)].






Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GRACE PARK whose telephone number is (571) 270-7727.  The examiner can normally be reached on M-F 8AM-5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JAMES TRUJILLO can be reached on (571) 272-3677.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call (800) 786-9199 (IN USA OR CANADA) or (571) 272-1000.

/Grace Park/Primary Examiner, Art Unit 2157