DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The Amendment filed 15 May 2021 has been received and considered.
Claims 1-22 are pending.
This Action is Final.

Claim Rejections - 35 USC § 112
The rejection under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, is withdrawn based on the filed amendment.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-8, 10-13, and 15-22 are rejected under 35 U.S.C. 103 as being unpatentable over Vajipayajula et al. (US 20200314141) in view of Ashkenazy et al. (US 10382473) and further in view of Thomas et al. (US 20170063920).

parsing, using the one or more computing device processors, the attack kill chain data to determine one or more attack execution operations for executing the attack campaign on the one or more assets associated with the computing device (see paragraphs [0042] and [0072] where the adversary/kill chain data is mapped for determining an attack); 
determining, using the one or more computing device processors, based on the parsing, one or more remediation operations corresponding to the one or more attack execution operations (see paragraphs [0042] and [0076] the mitigation);
obtaining, using the one or more computing device processors, the one or more remediation operations to form an asset remediation trend map, the asset remediation trend map indicating steps for remediating the attack campaign associated with the one or more assets associated with the computing device; and initiating generation of, using the one or more computing device processors, a visual representation of the asset remediation trend map, the visual representation indicating a sequence of the one or more remediation operations for remediating the attack campaign associated with the one or more assets associated with the computing device (see paragraphs [0067] and [0091] where the mitigation actions are determined and presented).
Vajipayajula et al. fails to explicitly disclose sequencing the remediation operations to form the asset remediation map that is visually presented.
However, Ashkenazy et al. teaches parsing remediation actions corresponding to an attack chain; sequencing, using the one or more computing device processors, the one or more remediation 
At a time before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to sequence the remediation operations of the Vajipayajula et al. system.
Motivation of having the list of attacker steps in a specific order is that, if the cost required for blocking all of the recommended attacker steps is greater than the budget available for improving the security of the networked system, the relative importance or relative cost-effectiveness of blocking the attacker steps in the list is known, and the best use of the existing resources for protecting the system becomes clear to the system owner or administrator (see Ashkenazy et al. column 22 lines 16-28).
While the modified Vajipayajula et al. and Ashkenazy et al. system discloses the remediation of attacks using steps forming a remediation trend map, there lacks an explicit teaching of the steps comprise using one or more features of a security system based on remediation type of the one or more remediation operations.
However, Thomas et al. teaches a remediation trend map with steps for remediating an attack, where the steps comprise using one or more features of a security system based on remediation type of the one or more remediation operations (see paragraphs [0100]-[0103] where the threats are mapped to preplanned responses).

Motivation to do so would have been to provide an adaptive defense (see Thomas et al. paragraphs [0099]-[0102]).
As per claim 2, the modified Vajipayajula et al., Ashkenazy et al., and Thomas et al. system discloses the asset remediation trend map indicates operations for preventing the attack campaign from subsequently being executed on the one or more assets associated with the computing device (see Vajipayajula et al. paragraphs [0042] and [0072] identification and prevention of attacks).
As per claims 3, 11, and 17, the modified Vajipayajula et al., Ashkenazy et al., and Thomas et al. system discloses parsing, using the one or more computing device processors, the attack kill chain data further comprises: determining successful attack execution operations within the one or more attack execution operations; quantifying successful attack execution operations to determine a criticality of successful attack execution operations by: assigning a weight to each successful attack execution operation of the one or more attack execution operations; and calculating a metric score for each weighted successful attack execution operation, the metric score for each weighted successful attack execution operation indicating a criticality of said attack execution operation; determining, based on the quantifying, corresponding remediation operations, each corresponding remediation operation indicating the criticality associated with corresponding quantified successful attack execution operation; and initiating generation of the asset remediation trend map based on the corresponding remediation operations (see Vajipayajula et al. paragraphs [0071] and [0075] the weights are used to determine mitigation and Ashkenazy et al. column 33 lines 3-59 and column 35 lines 35-45 where the costs are used to determine remediation).

As per claims 5 and 19, the modified Vajipayajula et al., Ashkenazy et al., and Thomas et al. system discloses the remediation type comprises one or more of: an antivirus remediation, firewall remediation, operating system remediation, domain remediation, or access policy remediation (see Vajipayajula et al. paragraphs [0042] and [0076]).
As per claims 6-8, 13, and 20, the modified Vajipayajula et al., Ashkenazy et al., and Thomas et al. system discloses he attack kill chain data is based on mapping attack events associated with the one or more assets of the computing device to attack data within a repository of attack data, the mapping being used to determine attack execution operations associated with the attack campaign, wherein the repository of attack data is a public record repository framework based on previously captured security events from a plurality assets associated with different entities (see Vajipayajula et al. paragraphs [0036], [0064], [0067], [0071]-[0072], [0080], and [0084]; and Thomas et al. paragraphs [0053]-[0055], [0060], [0088], and [0106]). 
As per claim 15, the modified Vajipayajula et al., Ashkenazy et al., and Thomas et al. system generally discloses the use of visual representations of attacks and remediation (see Thomas et al. paragraphs [0115] and [0120]-[0129]), but fails to explicitly disclose the visual representation comprises one or more indicators that reflect a status of one or more of the remediation operations associated with the asset remediation trend map.  However, Official Notice is taken that at a time before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to 
As per claim 21, the modified Vajipayajula et al., Ashkenazy et al., and Thomas et al. system discloses the security system comprises at least one of a hardware resource or a software resource (see Thomas et al. paragraphs [0100]-[0103]).
As per claim 22, the modified Vajipayajula et al., Ashkenazy et al., and Thomas et al. system discloses the steps further include using one or more computer security features outside the security system based on the remediation type of the one or more remediation operations (see Thomas et al. paragraphs [0100]-[0103] where both automated, i.e. security system, and manual, i.e. outside the security system, responses are used).
Claim 9 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over the modified Vajipayajula et al., Ashkenazy et al., and Thomas et al. system as applied to claims 1 and 10 above, and further in view of Grabois et al. (US 20200177615).
As per claims 9 and 14, the modified Vajipayajula et al., Ashkenazy et al., and Thomas et al. system discloses the visual representation of the remediation operations, but fails to explicitly disclose the visual representation comprises one or more vertices representing the one or more remediation operations, the one or more vertices being organized to reflect an order of execution for the one or more remediation operations.
However, Grabois et al. teaches the use of graphs (i.e. vertices and edges) to present remediation information (see paragraph [0043]).
At a time before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to include the explicit use of graphs in the modified Vajipayajula et al., Ashkenazy et al., and Thomas et al. system.
Motivation, as recognized by one of ordinary skill in the art, to do so would have been to visually see how the remediation operations are related.

Response to Arguments
Applicant’s arguments with respect to claim(s) 1-22 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: the remaining references put forth on the PTO-892 form are related to kill chains/attack graphs.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL J PYZOCHA whose telephone number is (571)272-3875.  The examiner can normally be reached on Monday-Thursday 7:30am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Hadi Armouche can be reached on (571) 270-3618.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.