DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
	This office action is in reply to amendment filed on November 17, 2021. Claims 1, 11 and 20 have been amended. Claims 1-20 are pending. 

Response to Arguments
Applicant's arguments filed on November 17, 2021 have been fully considered but they are not persuasive. Applicant argues that the prior art on record does not teach predicting a computing resource vulnerability at a node in the computer network using the weighted vulnerability value. 
Examiner would point out that Kotinas US 2018/0255084 A1 teaches the system including predicting a computing resource vulnerability at a node in the computer network using the weighted vulnerability value (i.e., applying weights to features; applying clustering techniques to the feature dataset; generating a threat score based on the clusters (which implies, the weighted features are directly/indirectly used in generating the threat score), Paragraphs 0106 and 0166-0170). Examiner would point out that the prior art on record teaches the claim limitation and therefore the rejection is respectfully maintained. 

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –




Claims 1-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Kotinas et al. US 2018/0255084 A1 [hereinafter Kotinas].

As per claims 1, 11 and 20, Kotinas teaches a method for analyzing network security data from diverse data sources to predict and remediate a vulnerability at a node in a computer network (§106: "the system 200 includes a network security monitor 120 (“NSM”) that can receive and/or transmit data via a protected network 204 and/or an external network 104. the system can include one or more clients 102a-n and/or one or more servers 106a-n that access the protected network 204. the system can include or communicate with security intelligence repositories 202a-n, such as third-party threat intelligence providers, crowd sourced threat intelligence, etc. The network security monitor 120 can include an interface 205 that accesses the protected network 204 and external network 104. The interface 205 can also facilitate interactions or communication between one or more modules, engines, components or databases of the network security monitor 120", Fig. 2), the method comprising: 
receiving network security data from a plurality of data sources (§106: “The network security monitor 120 can include a data collector 210 (or data collection component 210) that obtains logs (e.g., status information, raw logs) for network elements or entities");
extracting feature vectors from the received network security data (§106: "The network security monitor 120 can include a feature generator 215 that extracts and parses attributes 
applying a machine learning model to the extracted feature vectors to generate a weighted vulnerability value (§106:"The network security monitor 120 can include a feature generator 215 that extracts and parses attributes from the raw logs collected by the data collector 210 to generate features, and applies weights to the features", §131: "the weights can be determined using a machine learning technique’), 
predicting a computing resource vulnerability at a node in the computer network using the weighted vulnerability value (§106: "The network security monitor 120 can include a classifier 225 that can determine a threat severity score for the group and assign a threat severity score to one or more entities of the group"); and 
transmitting the predicted computing resource vulnerability to a computing device which is configured to remediate the predicted computing resource vulnerability (§106: "The network security monitor 120 can include a threat mitigator 230 to generate an alarm or control a device associated with an IP that is classified as a threat", "the network security monitor 120 can, responsive to detecting the threat, disable the network element, restart the network element, reset the network element, repair the network element, patch or update the network element, or otherwise eliminate or remove the threat affecting the network element", wherein the predicted vulnerability is implicitly transmitted to the threat mitigator). 


 
	As per claims 3 and 13, Kotinas further teaches the method further comprising: optimizing weighting in the machine learning model based on the extracted feature vectors when the predicted computing resource vulnerability is determined to include a false positive prediction [paragraph 106]. 
 
	As per claim 4, Kotinas further teaches the method wherein the plurality of data sources comprises at least one of: a network firewall; a router; an intrusion prevention system; a vulnerability scanner; a dynamic asset discovery system; a static asset inventory manager; a security analyst communicating device; and a database [paragraph 111]. 
 
	As per claims 5 and 14, Kotinas further teaches the method wherein applying the machine learning model to the extracted feature vectors to generate the weighted vulnerability value comprises: generating a feature matrix that prioritizes feature vectors based on a risk to the node or the computer network that each feature vector represents [paragraph 0106]. 
 
	As per claims 6 and 15, Kotinas further teaches the method wherein the feature matrix comprises at least one of: an IP address field; an asset type field; a scanned field; a 
 
	As per claims 7 and 16, Kotinas further teaches the method wherein an unknown value in the asset type field is assigned a highest priority [paragraphs 0105]. 
 
	As per claims 8, 9 17 and 18, Kotinas further teaches the method wherein the feature matrix includes feature vectors for all connections to the node [paragraphs 0117 and 0188]. 
 
	As per claims 10 and 19, Kotinas further teaches the method wherein the IP address field comprises an IP address of every computing resource connected to the node [paragraph 0106]. 
Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

BEEMNET W. DADA
Primary Examiner
Art Unit 2435



/BEEMNET W DADA/Primary Examiner, Art Unit 2435