DETAILED ACTION
This Office Action is in response to the Applicant’s Arguments/Remarks filed on 12/30/2021.
Authorization for this Examiner’s Amendment is given by the attorney of record, Mr. Christopher Capelli on 01/27/2022.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

			  EXAMINER’S AMENDMENTS
     Amend claims 1, 3, 5, 14-18, 20 and cancel claims 5 and 18.
Claim 1 (Currently Amended) 
A method performed by a computer system having one or more processors and memory ‎‎for storing one or more programs for execution by the one or more processors for determining ‎common network security filter settings for one or more clusters of network servers, comprising ‎the steps:‎
capturing network traffic samples associated with a plurality of network servers;‎
collating the captured network traffic samples with regards to each of the plurality of ‎network servers;‎
analyzing the collated network traffic samples for each of the plurality of network servers to determine network services provided by each of the plurality of network servers wherein the ‎network ‎services consist of: HyperText ‎Transfer Protocol (HTTP); Hypertext Transfer ‎‎Protocol Secure ‎‎(HTTPS); Simple Mail Transfer ‎Protocol (SMTP); and Voice over ‎Internet ‎Protocol (VoIP)‎;
determining suggested network security filter settings for each of  the plurality of network servers;‎
determining one or more clusters of network servers from the plurality of network servers ‎‎ in response to the determined suggested network security filter settings for each of the ‎plurality of networks servers; and
determining common network security group filter settings for each of the one ot more determined clusters of ‎network servers wherein a common network security group filter setting for one of the one or more determined clusters of network servers is different ‎with respect to other common network security group filter settings prescribed for ‎others of the one or more determined clusters of network servers.‎
 ‎
‎Claim 3 ‎(Currently Amended) ‎
The method as recited in claim 1, wherein the analyzing the  collated network traffic samples further includes 

determining metadata associated with each of the plurality of network servers from ‎analysis of the captured network traffic samples.‎

‎
(Cancelled) 
‎
Claim 14‎ ‎(Currently Amended) ‎
A computer system for monitoring network traffic associated with a plurality of ‎protected ‎‎network servers to determine one or more groups of protected network ‎servers and determine ‎‎common network filter settings for each of the one or more groups of protected network servers, ‎comprising:‎	
one or ‎more data bases having memory configured to store instructions;‎
a processor disposed in communication with said memory, wherein said ‎‎processor upon ‎‎execution of the instructions is configured to: ‎
intercept data communications in a computer network to capture  ‎samples ‎of ‎network traffic transmitting between one or more external hosts‎ with ‎the ‎plurality ‎of protected network servers;‎
collate the captured network traffic samples with regards to each of the plurality of protected ‎network servers;‎
analyze the collated network traffic samples for each of the plurality of protected network servers‎ to determine network services provided by each of the plurality of protected network servers wherein the ‎‎network ‎services consist of: HyperText ‎Transfer Protocol (HTTP); Hypertext Transfer ‎‎Protocol ‎Secure ‎‎(HTTPS); Simple Mail Transfer ‎Protocol (SMTP); and Voice over ‎Internet ‎Protocol ‎‎(VoIP)‎‎;
 the plurality of protected network servers;‎
protected network servers ‎‎ responsive to the determined suggested network security filter settings for each of the ‎plurality of protected networks servers; and
determine common network security group filter settings for each of the one or more determined clusters of ‎network servers wherein a common network security group filter setting for one of the one or more determined clusters of network servers is different ‎with respect to other common network security group filter settings prescribed for ‎others of the one or more determined clusters of network servers.‎

‎Claim 15‎ ‎(Currently Amended) ‎
The computer system for monitoring network traffic as recited in claim 14, wherein the ‎processor is further configured to prescribe a determined common network security filter setting ‎upon each network server grouped in a determined cluster of network servers associated with ‎the determined common network security filter setting.  ‎
‎Claim 16 ‎(Currently Amended) ‎
The computer system for monitoring network traffic as recited in claim 14, wherein ‎ the analyzing the collated network traffic samples further includes 

‎the analysis of the captured network traffic samples.‎

‎Claim 17 ‎(Currently Amended) ‎
The computer system for monitoring network traffic as recited in claim 16, wherein ‎the analyzing the collated network traffic samples for each of the plurality of protected network servers includes ‎analyzing the network services and metadata associated with each of the plurality of protected network ‎servers to determine the suggested network security filter settings for each protected network servers.

‎‎Claim 18 ‎(Cancelled) ‎

‎Claim ‎20 ‎(Currently Amended) ‎
The computer system for monitoring network traffic as recited in claim 16, wherein ‎the determining one or more clusters of network servers includes:‎
determining a variance of the suggested network security filter settings for each of the ‎plurality of protected network servers relative to one another; and
clustering one or more of the plurality of protected network servers with one another if the ‎determined variance of suggested network security filter settings is within a ‎prescribed variance range.‎


		      ALLOWABLE SUBJECT MATTER

	The present invention is directed to method and system for determining common network security filter settings for one or more clusters of network servers.
	The closest prior arts cited are generally directed to various aspects of determining common network security filter settings for one or more clusters of network servers. However, none of the cited arts found alone or in combination suggests or teaches the elements of the independent claims. For instance, no part of the cited prior arts teach of suggest once network traffic samples are captured and collated, analyze analyze the collated network traffic samples for each of the plurality of protected network servers‎ to determine network services provided by each of the plurality of protected network servers wherein the ‎‎network ‎services consist of: HyperText ‎Transfer Protocol (HTTP); Hypertext Transfer ‎‎Protocol ‎Secure ‎‎(HTTPS); Simple Mail Transfer ‎Protocol (SMTP); and Voice over ‎Internet ‎Protocol ‎‎(VoIP)‎‎. Then network security filter settings for each of said the plurality of protected network servers is determined;‎ Based on the network security filter settings determined, group or cluster the plurality of network servers. Finally, a common network security group filter settings for each of the one or more determined clusters of ‎network servers wherein a common network security group filter setting for one of the one or more determined clusters of network servers is different 
	Therefore, the claims are allowed for the above reason.
	Any comments considered necessary by Applicant must be submitted no later
than the payment of the issue fee and, to avoid processing delays, should preferably
accompany the issue fee. Such submissions should be clearly labeled "Comments on
Statement for Reasons for Allowance."

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to PHY ANH TRAN VU whose telephone number is (571)270-7317. The examiner can normally be reached Monday-Friday 7 am-1 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on (571) 272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/PHY ANH T VU/Primary Examiner, Art Unit 2438