Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
2.	This action is in response to the communication based on February 10, 2021. 
3.	In view of the Pre-Appeal Brief filed on (01/14/20201), PROSECUTION IS HEREBY REOPENED. A new ground of rejection is set forth below. If an appellant wishes to reinstate an appeal after prosecution is reopened, appellant must file a new notice of appeal in compliance with 37 CFR 41.31and a complete new appeal brief in compliance with 37 CFR 41.37. Any previously paid appeal fees set forth in 37 CFR 41.20 for filing a notice of appeal, filing an appeal brief, and requesting an oral hearing (if applicable) will be applied to the new appeal on the same application as long as a final Board decision has not been made on the prior appeal. If, however, the appeal fees have increased since they were previously paid, then appellant must pay the difference between the current fee(s) and the amount previously paid. Appellant must file a complete new appeal brief in compliance with the format and content requirements of 37 CFR 41.37(c) within two months from the date of filing the new notice of appeal. See MPEP § 1205.
4.	Claims 1- 20 remain pending in this office action. 
Claim Rejections - 35 USC § 112
5.	The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


6.	Claim 10, line 12-22 recites the limitation, “the event data management tool receiving additional event data from an additional event data source which is not in the baseline set of 15event data sources”. It is not clear what applicant consider as baseline data source and what 
Claim 15 recites wherein the method populates between 1 and N-1 of the properties of an entity which has N properties, N greater than 1. It is not clear what applicant consider as N-1 properties. Para [0210] of applicant’s specification recites, “… extraction method populates 1416 between 1 and N-1 of the properties of an entity which has N properties, where N is greater than 1”. However, there is no clear explanation for this limitation. There is insufficient antecedent basis for this limitation in the claim.
Claim Rejections - 35 USC § 103
7.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

8.	Claims 1-7, 9-11 and 13-16 are rejected under 35 U.S.C. 103 as being unpatentable over Oliner et al (US 2018/0089561 A1), in view of Howard et al (US 2007/0288479 A1).
	As per claim 1, Oliner discloses:
	- an entity extraction system for efficient parsing to populate entity properties based on event data, the system comprising (raw log data from various sources are parsed to extract entities based on event, Para [0082], [0112]”), 
	- 5a processor; a digital memory in operable communication with the processor (memory communication with processor, Para [0087], [0292]”), 
- a set of entity identifiers, each entity identifier comprising at least one entity property identifier (set of entities with identifying event, Para [0231]”), 
- an entity extraction rule recommender which upon execution by the processor examines particular event data from an event data source and produces a recommendation citing at least one entity 15extraction rule and also targeting at least one entity identifier for use in extracting one or more entity field values from the particular event data and using the one or more extracted entity field values to populate one or more corresponding entity properties (recommending extraction rule to extract event with different value from the parsed raw data, (Para [0301]-[0302], [0304], [0306]”), 
- an entity extraction rules modeler which includes a machine learning classifier that upon execution classifies the entity extraction rule according to its resemblance to one or more other entity extraction rules Extraction rule are classified according to resemblance (i.e. likeliness or similarity), for example: regular expression rule, delimiter rule (Para [0122], a transformation rule (Para [0140], A model developer (i.e. machine learning classifier) can select fewer extraction rules Para [0156], [0158], [0246]-[0247], 
Extraction rules are machine generated (i.e. machine learning classifier), Para [0253]-[0255], [0261], [0270]-[0276], [0354]),
Oliner does not explicitly disclose an entity extraction rules database containing a plurality of entity extraction 10rules, each entity extraction rule specifying a parsing mechanism to parse at least one entity field of event data. However, in the same field of endeavor Howard in an analogous art discloses an entity extraction rules database containing a plurality of entity extraction 10rules, each entity extraction rule specifying a parsing mechanism to parse at least one entity field of event data (rule database containing plurality of extraction rules, each rule specifying a parsing mechanism, Fig. 1, item 118, Para [0034], Fig. 6, item 614, Para [0037], [0040]-[0047]).

	Therefore, it would have been obvious to a person of the ordinary skill in the art at the effective filing date of the invention was made to incorporate the teaching of Howard in to the method of Oliner. The modification would be obvious because one having ordinary skill in the art would be motivated to use parser rule extraction of Howard into the method of Oliner for efficient retrieval of useful events for detailed analysis, (Oliner, Para [0074]).
	As per claim 2, rejection of claim 1 is incorporated, and further Oliner discloses:
	- 20further comprising an entity parser which upon execution receives the recommendation and applies the parsing mechanism specified by the entity extraction rule cited in the recommendation to extract one or more entity field values from the particular event data and to populate one or more corresponding entity properties using the one or more 25extracted entity field values (recommend rule for extracting entity values from a particular event after parsing the raw data, Para [0141], [0253]”).
	As per claim 3, rejection of claim 1 is incorporated, and further Oliner discloses:
	- further comprising a user interface, wherein the entity parsing recommender upon execution recommends to a user through the user interface at least one entity extraction rule from the entity extraction rules 30database and at least one entity identifier, as being items which correspond to the particular event data (recommendation are provided via a computing device (i.e. user interface), Para [0263], [0264], [0302]-[0306]”).
	As per claim 4, rejection of claim 1 is incorporated, and further Oliner discloses:
	- wherein the entity properties identified in the set of entity identifiers include at least two of the following: a user identification property, a domain identification property, an access control identification property, a security property, a non-digital-location identification property, a 5digital-location identification property, a physical machine identification property, a virtual machine identification property (entity properties identified with ip address, URL, domain name, etc.”).
	As per claim 5, rejection of claim 1 is incorporated, and further Oliner discloses:
- wherein the entity extraction rules in the entity extraction rules database include at least two of the following:  10a rule which extracts at least one entity field value from event data that has a JSON format; a rule which includes a regular expression definition; a rule which identifies a particular character as being a data splitting character (rule which include regular expression, Para [0082]-[0083], special character, Para [0122]”).
 	As per claim 6, rejection of claim 1 is incorporated, and further Oliner discloses:
	- an entity extraction example collector which upon execution collects at least one entity extraction example; and an entity extraction rules modeler which upon execution computes an 20entity extraction rule based on at least one collected entity extraction example (example search screen to extract desired entity using configurable rule, Para [00178], [0084], [0146]”),
Oliner does not explicitly disclose and which alters the entity extraction rules database to include the computed entity extraction rule in the database. However, in the same field of endeavor Howard in an analogous art disclose and which alters the entity extraction rules database to include the computed entity extraction rule in the database (parser rule added to the database, Para [0010], claim 9, line 1-3, Para [0062]).
	Therefore, it would have been obvious to a person of the ordinary skill in the art at the effective filing date of the invention was made to incorporate the teaching of Howard in to the method of Oliner. The modification would be obvious because one having ordinary skill in the art would be motivated to use parser rule extraction of Howard into the method of Oliner for efficient retrieval of useful events for detailed analysis, (Oliner, Para [0074]).
	As per claim 7, rejection of claim 6 is incorporated, and further Oliner discloses:
	- 25wherein at least one collected entity extraction example in the system includes a query directed at event data (querying event data, Para [0082]”).
	As per claim 9, rejection of claim 9 is incorporated, and further Oliner discloses:
- further comprising code which upon execution assigns a correctness certainty level to an entity extraction rule based at least in part on historical extraction rule (extraction rule based on historical preference (i.e. rules selected previously), Para [0278]).
	As per claim 10, Oliner discloses:
	- an entity extraction method for efficient parsing to populate entity properties based on event data, the method comprising (raw log data from various sources are parsed to extract entities based on event, Para [0082], [0112]”), 
	- an event data management tool managing baseline event data from a 5baseline set of event data sources (SIEM event management system, Para [0186], from a baseline source (i.e. web server, firewall, router, sensors, etc.), Para [0080]”), 
	- an entity extraction enhancer collecting multiple entity extraction examples from one or more outputs of the event data management tool based on the baseline event data (extracting training data (i.e. example data) from various sources for event analysis, Para [0074], [0077], [0324]”), 
	- the entity extraction enhancer computing with a digital processor at least 10one entity extraction rule based on at least one collected entity extraction example (entity extraction rule, Para [0083], [0084]”), 
- assigning a correctness certainty level to the computed entity extraction rule based at least in part on historical extraction rule (extraction rule based on historical preference (i.e. rules selected previously), Para [0278]).
- the entity extraction enhancer applying the parsing mechanism specified by one of the entity extraction rules to extract one or more entity field values from the additional event data and to populate one or more corresponding entity properties using the one or more 20extracted entity field values (recommend rule for extracting entity values from a particular event after parsing the raw data, Para [0141], [0253]”).
each computed entity extraction rule specifying a parsing mechanism to parse at least one entity field. However, in the same field of endeavor Howard in an analogous art discloses each computed entity extraction rule specifying a parsing mechanism to parse at least one entity field (rules to parse entity field, Para [0010], [0035]-[0045]),
	Oliner does not explicitly disclose the event data management tool receiving additional event data from an additional event data source which is not in the baseline set of 15event data sources, the baseline set of data sources underlying the entity extraction rule, in that the entity extraction enhancer collected multiple entity extraction examples from one or more outputs of the event data management tool based on the baseline event data from the baseline set of data sources, and the entity extraction enhancer computed the entity extraction rule based on at least one collected entity extraction example. However, in the same field of endeavor Howard in an analogous art disclose the event data management tool receiving additional event data from an additional event data source which is not in the baseline set of 15event data sources, the baseline set of data sources underlying the entity extraction rule, in that the entity extraction enhancer collected multiple entity extraction examples from one or more outputs of the event data management tool based on the baseline event data from the baseline set of data sources, and the entity extraction enhancer computed the entity extraction rule based on at least one collected entity extraction example (different baseline specific event from different sources (i.e. domain specific sources), Para [0036]-[0046]),
	Therefore, it would have been obvious to a person of the ordinary skill in the art at the effective filing date of the invention was made to incorporate the teaching of Howard in to the method of Oliner. The modification would be obvious because one having ordinary skill in the art would be motivated to use parser rule extraction of Howard into the method of Oliner for efficient retrieval of useful events for detailed analysis, (Oliner, Para [0074]).

- wherein collecting multiple entity extraction examples comprises collecting queries written by users and collecting results of the queries (query received from a user, Para [0082], [0133], [0171]”).
As per claim 13, rejection of claim 10 is incorporated, and further Oliner discloses:
- wherein computing an entity extraction rule comprises identifying a particular character as being a data splitting character (data splitting character (i.e. \, . {}, etc., Para [0274], [0275]”).
As per claim 14, rejection of claim 10 is incorporated, and further Oliner discloses:
- further comprising getting from a user a selection indicating whether an entity extraction rule is to be applied automatically without further user consent for parsing an entity from event data (automatically selection extraction rule, Para [0084], [0253]”).
As per claim 15, rejection of claim 10 is incorporated, and further Oliner discloses:
- 5wherein the method populates between 1 and N-1 of the properties of an entity which has N properties, N greater than 1 (plurality of properties (i.e. N number of properties, such as, ip address, host name, source type, etc..), Para [0117], [0231]”).
	As per claim 16, rejection of claim 10 is incorporated, and further Oliner discloses:
	- further comprising recommending an entity extraction rule to a user (recommending rules to the user, Para [0300]-[0302]”).
9.	Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Oliner et al (US 2018/0089561 A1), in view of Howard et al (US 2007/0288479 A1), as applied to claim 1 above, and further in view of Gopal et al (US 6,360,217 B1).
	As per claim 8, rejection of claim 1 is incorporated, 
	Combined method of Oliner and Howard does not explicitly disclose wherein the system includes an entity extraction rule usage frequency calculation code. However, in the same field of endeavor Gopal in an analogous art disclose wherein the system includes an entity extraction rule usage frequency calculation code (how frequently the rule is used, column, column 8, line, 45-55). 
Therefore, it would have been obvious to a person of the ordinary skill in the art at the effective filing date of the invention was made to incorporate the teaching of Gopal in to the combined method of Oliner and Howard. The modification would be obvious because one having ordinary skill in the art would be motivated to use parser frequent use of parser rule of Gopal into the combined method of Oliner and Howard to determine how many event occurs within a specified time based on the user defined rules.
10.	Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Oliner et al (US 2018/0089561 A1), in view of Howard et al (US 2007/0288479 A1), as applied to claim 10 above, and further in view of Perrone et al ( US 2015/0025875 A1). 
Combined method of Oliner and Howard does not explicitly disclose wherein computing an entity extraction rule comprises determining a mapping from a column name to an entity property. However, in the same field of endeavor Perrone in an analogous art disclose wherein computing an entity extraction rule comprises determining a mapping from a column name to an entity property (rule to map column name to entity property (i.e. extracted value), Para [0026], [0037]-[0038]”).
Therefore, it would have been obvious to a person of the ordinary skill in the art at the effective filing date of the invention was made to incorporate the teaching of Perrone in to the combined method of Oliner and Howard. The modification would be obvious because one having ordinary skill in the art would be motivated to select an extraction rule to parse and query event data from variety of sources in a better way.
11.	Claims 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Oliner et al (US 2018/0089561 A1), in view of Howard et al (US 2007/0288479 A1), and further in view of Gopal et al (US 6,360,217 B1).


	- a storage medium configured with code which upon execution by one or more processors performs an entity extraction method for efficient parsing to populate entity properties based on event data, the method comprising (raw log data from various sources are parsed to extract entities based on event, Para [0082], [0112]”),
	- collecting multiple entity extraction examples from one or more outputs of 15an event data management tool based on baseline event data (SIEM event management system, Para [0186], from a baseline source (i.e. web server, firewall, router, sensors, etc.), Para [0080]”), and (extracting training data (i.e. example data) from various sources for event analysis, Para [0074], [0077], [0324]”), 
Oliner does not explicitly disclose computing an entity extraction rule based on at least one collected entity extraction example, the computed entity extraction rule specifying a parsing mechanism to parse at least one entity field. However, in the same field of endeavor Howard in an analogous art disclose computing an entity extraction rule based on at least one collected entity extraction example, the computed entity extraction rule specifying a parsing mechanism to parse at least one entity field (rules to specify a parsing mechanism, (i.e. rule database containing plurality of extraction rules, each rule specifying a parsing mechanism, Fig. 1, item 118, Para [0034], Fig. 6, item 614, Para [0037], [0040]-[0047]).
Oliner does not explicitly disclose altering an entity extraction rules database to include the computed entity 20extraction rule in the database. However, in the same field of endeavor Howard in an analogous art disclose altering an entity extraction rules database to include the computed entity 20extraction rule in the database (updated parser rule are added to the database (i.e altering the entity extraction rule), Para [0010]),
and applying the parsing mechanism specified by the entity extraction rule to extract one or more entity field values from additional event data and to populate one or more corresponding entity properties using the one or more extracted entity field values. However, in the same field of endeavor Howard in an analogous art disclose and applying the parsing mechanism specified by the entity extraction rule to extract one or more entity field values from additional event data and to populate one or more corresponding entity properties using the one or more extracted entity field values (parsing mechanism applied to extract field values, Para [0009], [0038], [0041]-[0043]).
	Therefore, it would have been obvious to a person of the ordinary skill in the art at the effective filing date of the invention was made to incorporate the teaching of Howard in to the method of Oliner. The modification would be obvious because one having ordinary skill in the art would be motivated to use parser rule extraction of Howard into the method of Oliner for efficient retrieval of useful events for detailed analysis, (Oliner, Para [0074]).
Combined method of Oliner and Howard does not explicitly disclose calculating a frequency of use of the entity extraction rule. However, in the same field of endeavor Gopal in an analogous art discloses calculating a frequency of use of the entity extraction rule (how frequently the rule is used, column, column 8, line, 45-55). 
Combined method of Oliner and Howard does not explicitly disclose rule in the database in association with the calculated frequency of use. However, in the same field of endeavor Gopal in an analogous art discloses (how frequently the rule is used, column, and column 8, line, 45-55).
Therefore, it would have been obvious to a person of the ordinary skill in the art at the effective filing date of the invention was made to incorporate the teaching of Gopal in to the combined method of Oliner and Howard. The modification would be obvious because one having ordinary skill in the art would be motivated to use parser frequent use of parser rule of 
As per claim 18, rejection of claim 17 is incorporated, and further Oliner discloses:
- wherein the method further comprises displaying to a user an association indicating that a set of entity properties are associated with a particular computing technology product which is not the event data management tool or any tool performing the method (association between different types of event, Para [0085], 0124], [0234], [0260]”).
As per claim 19, rejection of claim 17 is incorporated, and further Oliner discloses:
- wherein the method further comprises displaying to a user multiple property names which each correspond to the same entity field (properties with same type or same structure, Para [0242]”).
As per claim 20, rejection of claim 17 is incorporated, and further Oliner discloses:
- 5wherein the method collects one or more entity extraction examples, computes an entity extraction rule based on those collected entity extraction examples, alters the entity extraction rules database to include the computed entity extraction rule, and applies the parsing mechanism specified by the entity extraction rule to extract one or more entity 10field values from additional event data and to populate one or more corresponding entity properties using the one or more extracted entity field values, and the total real-world time occupied by said collecting, computing, altering, and applying is less than thirty seconds (real time and performance are gained for collecting computing and applying rue to query event data from raw data set, Para [0219], [0232]-[0233]”).
Response to Arguments
12.	Applicant’s arguments with respect to claim(s) 1-20 have been considered but are moot because the new ground of rejection necessitated by the amendment to the claims.

			Contact Information

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Beausoliel Robert can be reached on 571-272-3645.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/MOHAMMED R UDDIN/Primary Examiner, Art Unit 216