Notice of Pre-AIA  or AIA  Status
Claims 1-20 are presented for examination.  The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-20 are rejected under 35 U.S.C. 102(a)(1) and 35 U.S.C. 102(a)(1) as being anticipated by Hassanzadeh (U.S. Patent Publication 2017/0318050).

Regarding claims 1, 11, & 18:
Hassanzadeh discloses a method, system, and non-transitory computer readable medium comprising: accessing network traffic from a network (communications monitored by the various sensors and devices as per paragraph 0020); accessing a plurality of events associated with the network traffic (Ibid, and paragraph 0021); determining, by a processing device, an issue based on a correlation of a portion of the plurality of events, wherein the issue represents an incident associated with the portion 

Regarding claims 2, 12, & 19:	Hassanzadeh further discloses wherein the network specific information comprises at least one of information of communications of entities on the network, information of a relationship of entities of the network, or information of entity types of entities on the network (relationship of entities of the network [targets & attackers] as network specific information at paragraph 0040). 

Regarding claims 3, 13, & 20:	Hassanzadeh further discloses wherein the correlation of the portion of the plurality of events is based on at least one of an aggregation, clustering, pattern matching, event chaining, risk posture, or vulnerabilities (aggregation: paragraph 0021). 

Regarding claims 4 and 14:	Hassanzadeh further discloses determining a category associated with the issue (labeling the issue: paragraph 0040), wherein the category associated with the issue comprises at least one of security or operational (the latter at paragraph 0040). 


Regarding claims 6 and 16:	Hassanzadeh further discloses accessing information associated with the network, wherein the information associated with the network comprises a model comprising one or more relationships of entities of the network (paragraph 0040, with the model illustrated as Figure 4B). 

Regarding claim 7:	Hassanzadeh further discloses wherein at least one of the events is determined by an intrusion detection system (paragraph 0020). 

Regarding claims 8 and 17:	Hassanzadeh further discloses wherein the correlation is based on at least one of an event type, a source of a communication, or a destination of the communication (source and destination IP addresses of the communication at paragraph 0040). 

Regarding claim 9:	Hassanzadeh further discloses wherein at least one of the events is associated with an operational technology (OT) entity (e.g. paragraphs 0020 & 0025). 
. 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. U.S. Patent 8,056,130 (Njemanze); U.S. Patent Publication 2017/0171231 (Reybok Jr.) and 2004/0193943 (Angelino).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to THOMAS A GYORFI whose telephone number is (571)272-3849. The examiner can normally be reached 10:00am - 6:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and 

THOMAS A. GYORFI
Examiner
Art Unit 2435



/THOMAS A GYORFI/Examiner, Art Unit 2435                                                                                                                                                                                                        10/23/2021