Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .



DETAILED ACTION

1. 	This action is responsive to communications: Original Application, filed 22 May 2019, and IDS, filed 22 May 2019.

2. 	Claims 1-21 are pending.  Claims 1, 8, and 15 are independent claims.  



Information Disclosure Statement

3.	The information disclosure statement (IDS) submitted on 22 May 2019 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.



Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


4.	Claim(s) 1, 4-6, 8, 11-13, 15, and 18-20 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Givental (U.S. Publication 2018/0367561 A1).
As per independent claim 1, Givental discloses a method for responding to computing system incidents (See Givental, Abstract), by a processor, comprising:
analyzing information associated with a computing system to generate a base system model of the computing system, wherein the information comprises at least one of system logs and metrics data of the computing system (See Givental, paragraphs 0006 and 0050, and Figure 5, element 502, describing using log sources to analyze metric data in order to augment a security threat monitoring platform.  The analytics supplement alert information to generate a data-driven threat disposition score (TDS));
receiving an indication of an incident associated with the computing system (See Givental, Figure 5, element 506, and paragraph 0050, describing alerts that are provided to the threat monitoring console);
utilizing the base system model to analyze the incident, wherein the analysis of the incident includes characterizing the incident as a previously detected incident or an unknown incident (See Givental, Claim 1, and paragraphs 0004 and 0055-0056, describing using machine learning/training sub-systems which use information about new alerts and prior alert handling to build prediction models for future alert handling, taking into account data about historical alerts and providing feedback on alert handling); and
identifying a strategy for responding to the incident based on the analysis of the incident (See Givental, paragraphs 0002, 0006, 0048, 0056, and Figure 7, elements 712 and 714, describing development of a strategy for making faster decisions for alert remediation based on the prediction model output).
As per dependent claim 4, Givental teaches the limitations of claim 1 as described above.  Givental also discloses wherein the strategy for responding to the incident comprises selecting the strategy from a plurality of strategies previously utilized for responding to previous incidents (See Givental, Abstract, Figure 10, and paragraphs 0006-0007 and 0064).
As per dependent claim 5, Givental teaches the limitations of claim 1 as described above.  Givental also discloses further comprising storing information associated with the incident (See Givental, paragraphs 0039 and 0047-0048).
As per dependent claim 6, Givental teaches the limitations of claim 1 as described above.  Givental also discloses wherein the analysis of the incident comprises performing natural language processing on the received indication of the incident, the characterizing of the incident is performed utilizing an unsupervised learning method, or a combination thereof (See Givental, paragraphs 0051, 0069, and 0073).
As per independent claim 8, Givental discloses a system for responding to computing system incidents (See Givental, Figure 2) comprising:
a processor executing instructions stored in a memory device… (See Givental, Figure 2).
Independent claim 8 additionally incorporates substantially similar subject matter as that of independent claim 1 above, and is additionally rejected along the same rationale as used in the rejection of claim 1.
As per dependent claim 11, Givental teaches the limitations of claim 8 as described above.  Claim 11 additionally incorporates substantially similar subject matter as that of claim 4 above, and is additionally rejected along the same rationale as used in the rejection of claim 4.
As per dependent claim 12, Givental teaches the limitations of claim 8 as described above.  Claim 12 additionally incorporates substantially similar subject matter as that of claim 5 above, and is additionally rejected along the same rationale as used in the rejection of claim 5.
As per dependent claim 13, Givental teaches the limitations of claim 8 as described above.  Claim 13 additionally incorporates substantially similar subject matter 
As per independent claim 15, Givental discloses a computer program product for responding to computing system incidents, by a processor, the computer program product embodied on a non-transitory computer-readable storage medium having computer-readable program code portions stored therein (See Givental, Figure 2), the computer- readable program code portions comprising:
an executable portion… (See Givental, Figure 2, and paragraph 0008).
Independent claim 15 additionally incorporates substantially similar subject matter as that of independent claim 1 above, and is additionally rejected along the same rationale as used in the rejection of claim 1.
As per dependent claim 18, Givental teaches the limitations of claim 15 as described above.  Claim 18 additionally incorporates substantially similar subject matter as that of claim 4 above, and is additionally rejected along the same rationale as used in the rejection of claim 4.
As per dependent claim 19, Givental teaches the limitations of claim 15 as described above.  Claim 19 additionally incorporates substantially similar subject matter as that of claim 5 above, and is additionally rejected along the same rationale as used in the rejection of claim 5.
As per dependent claim 20, Givental teaches the limitations of claim 15 as described above.  Claim 20 additionally incorporates substantially similar subject matter as that of claim 6 above, and is additionally rejected along the same rationale as used in the rejection of claim 6.



Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


5.	Claims 2-3, 7, 9-10, 14, 16-17, and 21 is/are rejected under 35 U.S.C. 103 as being unpatentable over Givental (U.S. Publication 2018/0367561 A1), as applied to claims 1, 8, and 15 above, and further in view of Harper (U.S. Publication 2020/0192743 A1).
As per dependent claim 2, Givental teaches the limitations of claim 1 as described above.  Givental does not teach expressly further comprising: calculating an estimated time to resolve the incident; and generating an indication of the estimated time, however, Harper teaches this limitation (See Harper, paragraph 0064, describing 
As per dependent claim 3, Givental teaches the limitations of claim 1 as described above.  Givental does not teach expressly wherein the strategy for responding to the incident comprises at least one of a restart of at least a subsystem of the computing system, generating a notification of the incident, and assigning the incident to an entity associated with the computing system, however, Harper teaches this limitation (See Harper, paragraph 0036, describing generation of an incident ticket notification).  Before the effective filing date of the invention it would have been obvious to one of ordinary skill in the art to include the generation of an incident ticket notification of Harper with the incident analysis of Givental.  The motivation for doing so would have been to enable anyone accessing the system to view the incident details and determine the impact to the system.  Therefore, it would have been obvious to combine Harper with Givental for the benefit of enabling anyone accessing the system 
As per dependent claim 7, Givental teaches the limitations of claim 1 as described above.  Givental does not teach expressly further comprising causing the strategy for responding to the incident to be executed, however, Harper teaches this limitation (See Harper, paragraph 0084, describing launching additional programs or applications to further facilitate incident resolution, such as bots, dynamic widgets, etc.).  Before the effective filing date of the invention it would have been obvious to one of ordinary skill in the art to include the strategy for responding to an incident such as launching additional programs or applications of Harper with the incident analysis of Givental.  The motivation for doing so would have been to more quickly resolve the incident such that the system operation is returned to normal.  Therefore, it would have been obvious to combine Harper with Givental for the benefit of more quickly resolving the incident such that the system operation is returned to normal to obtain the invention as specified in claim 7.
As per dependent claim 9, Givental teaches the limitations of claim 8 as described above.  Claim 9 additionally incorporates substantially similar subject matter as that of claim 2 above, and is additionally rejected along the same rationale as used in the rejection of claim 2.
As per dependent claim 10, Givental teaches the limitations of claim 8 as described above.  Claim 10 additionally incorporates substantially similar subject matter as that of claim 3 above, and is additionally rejected along the same rationale as used in the rejection of claim 3.
As per dependent claim 14, Givental teaches the limitations of claim 8 as described above.  Claim 14 additionally incorporates substantially similar subject matter as that of claim 7 above, and is additionally rejected along the same rationale as used in the rejection of claim 7.
As per dependent claim 16, Givental teaches the limitations of claim 15 as described above.  Claim 16 additionally incorporates substantially similar subject matter as that of claim 2 above, and is additionally rejected along the same rationale as used in the rejection of claim 2.
As per dependent claim 17, Givental teaches the limitations of claim 15 as described above.  Claim 16 additionally incorporates substantially similar subject matter as that of claim 3 above, and is additionally rejected along the same rationale as used in the rejection of claim 3.
As per dependent claim 21, Givental teaches the limitations of claim 15 as described above.  Claim 21 additionally incorporates substantially similar subject matter as that of claim 7 above, and is additionally rejected along the same rationale as used in the rejection of claim 7.



6. 	It is noted that any citations to specific, pages, columns, lines, or figures in the prior art references and any interpretation of the references should not be considered to be limiting in any way.  A reference is relevant for all it contains and may be relied 


Conclusion

7.	The prior art made of record, listed on PTO 892 provided to Applicant is considered to have relevancy to the claimed invention. Applicant should review each identified reference carefully before responding to this office action to properly advance the case in light of the prior art.
	- Lietz (U.S. Publication 2018/0191753 A1) discloses providing a self-monitoring, self-reporting, and self-repairing virtual asset configured for extrusion and intrusion detection and threat scoring in a cloud computing environment.
	- Hiebert (U.S. Publication 2018/0233021 A1) discloses alert propagation in a virtualized computing environment.
	- Kataoka (U.S. Publication 2018/0083988 A1) discloses threat scoring.
- Jain (U.S. Publication 2019/0108470 A1) discloses automated orchestration of incident triage workflows.
- Rikovic (U.S. Publication 2019/0349273 A1) discloses incident forecasting.
- Garay (U.S. Publication 2020/0234212 A1) discloses enterprise data mining.
- Metha (U.S. Publication 2020/0184355 A1) discloses predicting incidents using log text analytics.

- Shenoy (U.S. Publication 2019/0098037 A1) discloses cloud-based threat detection.
- Murthy (U.S. Patent 10,860,41 B1) discloses predicting and preventing computing system issues.
- Hamayun (U.S. Patent 10,503,347 B2) discloses detecting, collecting, analyzing, and communicating event-related information.


8. 	Any inquiry concerning this communication or earlier communications from the examiner should be directed to Laurie Ries whose telephone number is (571) 272-4095.  If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Kavita Stanley, can be reached at (571) 272-8352.  
9. 	Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).  If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/LAURIE A RIES/Primary Examiner, Art Unit 2176