DETAILED ACTION
This action is response to communication:  response to amendments/arguments filed on 03/16/2021.
Claims 1-9 and 21-31 are currently pending in this application.  Claims 10-20 are cancelled and 21-31 are new.
No new IDS was received for this application.  
	
Response to Arguments

Applicant’s arguments concerning some of the 112 rejections have been withdrawn.  However, a prior 112 rejection still remains as the amended claim limitations do not address the issue.  See rejection below. 
Applicant’s arguments concerning a portion of the 103 rejections have been considered but are not considered persuasive. 
Applicants argue that the DiGiambattista does not teach the amended claim limitations as the reference does not disclose selecting a machine from an execution environment and configure the at least one machine in an isolated environment.  Applicants argue that DiGiambattista does not teach such limitations as the reference is directed toward selecting a set of machines that are configured in an isolated environment.  This is not persuasive.  As seen in paragraph 45 and 48 of DiGiambattista, an enterprise installation is selected to be monitored.  The installation may be the whole installation or part of the installation.  After this is determined/selected, the system may create mirrors (see paragraph 126) accordingly.  Also 
	Applicants also argue that DiGiambattista does not teach configuring validation instrumentation based on a user configuration input.  This is clearly taught in DiGiambattista.  Figure 4 of DiGiambattista teaches a broad/general overview, with the testing beginning with the configuration of a security test.  See paragraph 78 where the orchestration system is configured by an administrator to run a particular security test. The request is then performed on the whatever is requested (see the rejection below on the testing and remedial actions).  Thus, such limitations are taught by DiGiambattista.
As mentioned in the interview, the Examiner stated further differentiating the execution environment and the isolation environment.  Several of the dependent claims address such discussions, and are rejected accordingly below (arguments are thus moot in view of new grounds of rejection).
 	

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

.


Claims 1-9 and 21-31 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

As per claims 1-9 and 21-31, the independent claims recite “and based on detecting presence of the scheduling criteria, automatically validate the remdial action on the at least one machine in the isolated environment using the configured validation instrumentation.  It is unclear whether the claims are directing toward validating the remedial action based on the results of the test or the scheduling of the remediation test itself.  The claims seem to read that the remedial action is validated merely because the scheduling criteria is detected.  There seems to be essential steps missing as it is unclear if the remedial action is actually performed.  The claim recites validating the remedial action based on detecting the presence of scheduling criteria; if the system is validating the results of the remedial action itself, this does not make sense as one would not determine a remedial action as effective or not based on detecting a scheduled event of the test.  Further, as seen in dependent claim 5, the claim implies that a remedial action is performed (as it makes a determination whether the remedial action performed a set of given steps).  Thus, there is an implication that a remedial action is taken.  For purpose of examination, this will be interpreted as validating the remedial action itself based on the success/failure of the remedial action itself (not the running of the test) by a computer system.  The dependent claims and similar independent claims are rejected accordingly as they do not cure the deficiencies as raised in the rejection. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 7-9, 21-23, 25, and 26 are rejected under 35 U.S.C. 103 as being unpatentable over DiGiambattista et al. US Patent Application Publication 2018/0159887 (hereinafter DiGiambattista), in view of Whitlock et al. US Patent Application Publication 2013/0073892 (hereinafter Whitlock).

As per claim 1, DiGiambattista teaches a computing system comprising: at least one processor; and memory storing instructions executable by the at least one processor, wherein the instructions, when executed, cause the computing system to (see figure 1 with computer system  100, which requires memory/processor to run; see also orchestration system): configure validation instrumentation based on a user configuration input, the configured 
	As best understood by the Examiner, although DiGiambattista teaches validating the remedial action, the reference does not explicitly teach automatically validating the remdial action.  However, this would have been obvious.  For example, see Whitlock (Figure 4 and 
At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the teachings of DiGiambattista with Whitlock.  One of ordinary skill in the art would have been motivated to perform such an addition to provide automatic remediation when checking for policy compliance (paragraph 2 of Whitlock).

	As per claim 2, the DiGiambattista combination wherein the instructions cause the computing system to instantiate validation framework logic that includes insertion logic that inserts remedial action-specific configuration information in the validation framework logic to obtain the configured validation instrumentation (Whitlock paragraph 42 with loading remediation scrips and executing the script by locating the command line; Whitlock further teaches validating a remedial action to be taken as well, as seen in paragraphs 34-36).  Whitlock further teaches scheduling of the remedial action (paragraph 37 and 40).
At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the teachings of DiGiambattista with Whitlock.  One of ordinary skill in the art would have been motivated to perform such an addition to provide automatic remediation when checking for policy compliance (paragraph 2 of Whitlock).
As per claim 3, the Digiambattista combination teaches wherein the instructions cause the computing system to instantiate the validation framework logic as a validation base class that is configurable to include the remedial action-specific configuration information (Whitlock paragraph 9 wherein a remediation script may be obtained for each failure; see also paragraph 
As per claim 4, the Digiambattista combination teaches wherein the instructions cause the computing system to dentify the remedial action that is performed in the computing system in response to a detected malicious activity and validated by the configured validation instrumentation (paragraph 52, 94, and throughout with detecting cybersecurity threat and generating a remediation response; as seen throughout rejection of claim 1, the remedial action is validated).
As per claim 7, the Digiambattista combination teaches wherein the the isntructions cause the computing system to configure the at least one machine int eh isolated environment so a test condition, indicative of the malicious activity, is present in the isolated envioronment; and validate the remedial action by determining whether the test condition is eliminated from the isolated environment after the remedial action is performed (paragraph 94 wherein the mirrors include the cybersecurity threats and actions are validated accordingly once threats are addressed; obvious to one of ordinary skill in the art that in the event of malicious activity, an approval of a remediation activity would be the removal of the malicious activity; see also paragrapy97 wherein the test may have the granularity of a single issue so single threat can be identified and tested/remediated; see also paragarhp 98 wherein remediation would be the neutralization of threat; see also paragraph 102-104 for admin approval of remediation response).

As per clam 9, it would have been obvious over the Digiambattista reference wherein the instructions cause the computing system to select the set of machines without regard to which machines were previously selected (obvious over Digiambattista; paragraphs 46-49 teaches wherein mirrors are generated; multiple mirrors may be generated, such as for each methodology). 
Claim 21 is rejected using the same basis of arguments used to reject claim 1 above. 
Claim 22 is rejected using the same basis of arguments used to reject claim 2 above. 
Claim 23 is rejected using the same basis of arguments used to reject claim 4 above. 
Claim 25 is rejected using the same basis of arguments used to reject claim 7 above. 
Claim 26 is rejected using the same basis of arguments used to reject claim 7 above. 

Claims 5 and 24 are rejected under 35 U.S.C. 103 as being unpatentable over the DiGiambattista combination as applied above, and further in view of Chakravarty et al. US Patent Application Publicaton 2017/0278066 (hereinafter Chakravarty) 

At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the teachings of Chakravarty with the Digiambattista combination.  One of ordinary skill in the art would have been motivated to perform such an addition to provide an automated approach for linking methods related to monitoring incidents relating to corporate governance and compliancy (paragraph 3 of Chakravarty).
Claim 24 is rejected using the same basis of arguments used to reject claim 5 above. 


Claims 6 and 29 are rejected under 35 U.S.C. 103 as being unpatentable over the DiGiambattista combination as applied above (DiGiambattista, Whitlock, Chakravarty), and further in view of Sarathy US Patent Application Publication 2008/0201722 (hereinafter Sarathy)

At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the teachings of the Digiambattista combination with Sarathy.  One of ordinary skill in the art would have been motivated to perform such an addition to provide more security by preventing content outbreaks in computer networks (paragraph 14-15 of Sarathy). 
Claim 29 is rejected using the same basis of arguments used to reject claim 5 above.

Claims 27, 28, 30, and 31 are rejected under 35 U.S.C. 103 as being unpatentable over the DiGiambattista combination as applied above (DiGiambattista and Whitlock), and further in view of Sarathy US Patent Application Publication 2008/0201722 (hereinafter Sarathy).
Claim 27 is rejected using the same basis of arguments used to reject claim 1, 6, and 8 above. 
Claim 28 is rejected using the same basis of arguments used to reject claim 4 above. 
Claim 30 is rejected using the same basis of arguments used to reject claim 7 above.
Claim 31 is rejected using the same basis of arguments used to reject claim 7 above. 

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JASON KAI YIN GEE whose telephone number is (571)272-6431.  The examiner can normally be reached on Monday-Friday 8:30-5:00 PST Pacific.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571) 272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).

/JASON K GEE/Primary Examiner, Art Unit 2495