Examiner’s Comments
Instant office action is in response to communication filed 6/18/2019.
Claims 1-20 are allowed

REASONS FOR ALLOWANCE
The following is an examiner’s statement of reasons for allowance: The primary reasons for allowance of the claims are applicant’s arguments and the inclusion of the limitation, inter alia, “receive, from a source computing device of a monitored computing environment, a security incident comprising a security incident data structure comprising metadata describing properties of the security incident, and a corresponding security knowledge graph, wherein the security knowledge graph comprises nodes representing elements associated with the security incident, and edges representing relationships between the nodes; process the security incident data structure and security knowledge graph to extract, from the metadata of the security incident data structure and data corresponding to the nodes and edges of the security knowledge graph, a set of security incident features corresponding to the security incident; input the extracted set of security incident features into a trained security incident machine learning model of the security incident disposition system; generate, by the trained security incident machine learning model of the security incident disposition system, a disposition classification output based on results of processing the extracted set of security incident features by the trained security incident machine learning model; and output the disposition classification output to the source computing device.” that is in all claims which is not found in the prior art references previously relied upon or any new references found.

The closest art of record Jang et al. (US Pre-Grant Publication No: 2019/0190945) teaches “A cognitive security analytics platform is enhanced by providing a computationally- and storage-efficient 
Another art of record Thrower et al. (US Patent 8,225,407) teaches “Providing adaptive response recommendations for a network security incident comprising at least one underlying security event is disclosed. A first set of data associated with the event is received. An initial group of one or more recommended responsive actions to be taken in response to the event is identified based at least in part on the first set of data. A second set of data associated with the event is received. The initial group of one or more recommended responsive actions is updated based at least in part on the second set of data associated with the event.” but also does not teach the indicated subject matter above.
Another art of record Kirti et al. (US Pre-Grant Publication No: 2015/0172321) teaches “Systems and methods for cloud security monitoring and threat intelligence in accordance with embodiments of the invention are disclosed. In one embodiment, a process for monitoring and remediation of security threats includes generating a threat model using a first portion of activity data, identifying, based upon the threat model, a threat using a second portion of activity data, selecting a security policy to implement in response to the identified threat, identifying cloud security controls in a remotely hosted cloud application server system to modify in accordance with the selected security policy, establishing a secure connection to the remotely hosted cloud application server system using login credentials 

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.” In event of any post-allowance papers (e.g. IDS, 312 amendment, petition, etc.), Applicant is exhorted to mail papers to the Production Control branch in Publications or faxed to post-allowance papers correspondence branch at (703) 308-5864 to expedite issuing process or call PUB's Customer Service if any questions at (703) 305-8497.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SIMON P KANAAN whose telephone number is (571)270-3906.  The examiner can normally be reached on M-F (7AM-4PM).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.





/SIMON P KANAAN/Primary Examiner, Art Unit 2492