DETAILED ACTION
              			      Response to Amendment
1 	This office action is in response to applicant’s communication filed on 02/24/2022 in response to PTO Office Action mailed 11/26/2021.  The Applicant’s remarks and amendments to the claims and/or the specification were considered with the results as follows.  
2.	In response to the last Office Action, claims 1 and 11 have been amended. No claims are added or canceled.  As a result, claims 1-20 are pending in this office action.
Response to Arguments
3.	 Applicant's arguments with respect to 35 USC 103 have been fully considered but are moot in view of new ground(s) of rejection and the details are as follow:
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

4.	Claims 1, 10, 11 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Muddu (US 20170063912 A1) in view of Tsuchida (US 2015/0100543 A1) and further in view of Al-Harbi (US 2012/0180133 A1).
	Referring to claim 1, Muddu discloses a method comprising: parsing, by the server, See para. [0188], para. [0189], para. [0253] Figures 7A, 7B, 13A and 13B,  the system parsing different types of machine data that belong to different environments or domains into log records as shown in table 700 , the system parses significant volumes of machine-generated data including performance data, diagnostic information and/or any of various other types of data indicative of performance or operation of equipment in a computer network, the machine-generated data is analyzed to diagnose user actions and interactions and to derive network security threats, note the event domain or category can include authentication, network, entity acquisition and so forth),  […]wherein the server identifies data associated with cybersecurity activity and generates a unique data table for a cybersecurity domain (See para. [0188] and para. [0189], para. [0215] the system’s security platform identifies entities that take place in network environment includes network attacks, infects or etc. and generates a table of identifiable relationships can include a relationship between entities of two users and/or devices or entities of different types [e.g. user and devices];
parsing, by the server, each unique domain data table into a set of unique dimension tables, each dimension data table corresponding to a predetermined dimension having a second criterion (See para. [0218] and para. [0623], the system compares the actions involved in an event to the table of identifiable relationships and generates a plurality of tables 7002 and 7004 further describes the event with probabilities sequence of characters having feature score(s) using N-gram analysis);
 generating, by the server, a nodal network comprising a set of nodes where each node represents at least a portion of data stored within a database (See para. [0147], generating one or more network nodes for event data which is machine data related to activity on a network), linking, by the server, one or more nodes based on each of the one or more nodes’ respective metadata (See para. [0175] and para. [0179], creating a graph with nodes or entities which map out interactions between users including information [e.g. metadata] regarding which devices are involved, who or what is taking to whom/what, when and how interactions occur);
 upon receiving an instruction from a user computing device to display cybersecurity data (See para. [0183] and Figure 6, a user submits a request to detect anomalies): parsing, by the server, the request to identify one or more linked nodes associated with the request (See para. [0183]-para. [0186] and Figure 6, the system reads the request associated with user 602 and generates a baseline profile for access activities of user 602, based on event data indicate of network activities of user 602, the system creates a behavior baseline for any type of entity/node [e.g. device, application, user]); 
identifying, by the server, a likelihood of occurrence of a cyber-attack based and an impact value of the cyber-attack based on the data corresponding to the one or more linked nodes (See para.[0351]-para. [0364] and Figures 24 & 25, identifying or detecting anomalies by identifying threat indicators based on a threat indicator graph includes a plurality of nodes representing entities associated with computer network and threat indicator scores); 
displaying, by the server on a graphical user interface of the user computing device, a multi-dimensional cybersecurity matrix indicating the likelihood of a cyber-attack and the impact value of the cyber-attack (See para. [0638] , para. [0639] and Figure 71, displaying rows and columns to a user via a user interface of a computing device indicating whether the attack is high or low risk and the risk score associated with the attack).
Muddu does not explicitly disclose each domain table corresponding to a predetermined domain having a first criterion and each node having metadata comprising a unique identifier corresponding to a unique domain table and a unique dimension table corresponding to the data associated with each node.
See para [0037] and Figure 1, each PD1, PD2, PD3 and PD4 database tables having star schema 400.) and each node having metadata (See para. [0057] and para. [0058], Figures 3A, 3B, a graph structure 600 is formed having the data schema 400) comprising a unique identifier corresponding to a unique domain table (See Figures 2, 3, 4and para. [0074], the database PD1, PD2, PD3 and PD4 tables have name identifiers such as sales database, customer database, product database) and a unique dimension table corresponding to the data associated with each node (See para. [0081[, the customer dimension table uses the customer ID as the primary key and can be formed of the same data as that node of the graph structure 500 as shown in Figure 2).
Therefore, it would have been obvious to a person of ordinary skill in the computer art before the effective filing date of the claimed invention to incorporate the Tsuchida teachings in the Muddu system. Skilled artisan would have been motivated to perform graphical node analysis with respect to relational tables which stored in different domain(s) or databases taught by Tsuchida in the Muddu system since conventional techniques do not perform a fine analysis for a huge volume of data.  Data size and the data processing amounts of Cartesian product computation are reduced as a result of performing a graphic analysis (See Tsuchida, para. [0007] and para. [0010].  In addition, both references (Muddu and Tsuchida) teach features that are directed to analogous art and they are directed to the same field of endeavor, such as performing graphical node analysis using database data. This close relation between both references highly suggests an expectation of success.
Muddu in view of Tsuchida does not explicitly disclose displaying a multi-dimensional cybersecurity matrix indicating the likelihood of a cyber attack and the impact value of the cyber-attack, the impact value corresponding to impact of the cyber-attack on an organization associated with a user computing device.
See para. [0005], para. [0045]-para. [0047] and Figures 2-4, displaying a cyber security risk matrix indicating a qualitative value [e.g. impact level] of a risk of an undesirable event occurring as a result of a likely presence of a threat which can capitalize on a specific identified vulnerability, in view of an anticipated impact level of the threat consequence , the matrix includes “Threat likelihood” categories including “Very likely”, “likely”, “not likely” and “Remote chance” across “Threat impact level of consequence” categories including “Severe”, “Major”, “Minor”, and “No Impact”).
Therefore, it would have been obvious to a person of ordinary skill in the computer art before the effective filing date of the claimed invention to incorporate the matrix of Al-Harbi teachings in the Muddu system. Skilled artisan would have been motivated to display a multi-dimensional cybersecurity matrix including the likelihood and the impact value of a cyber-attack taught by Al-Harbi in the Muddu system to minimize human interaction in implementing risk assessment process, to thereby advantageously produce more accurate and less subject results in quantifying the risk level (See Al-Harbi, para. [0009]).  In addition, all references (Al-Harbi, Muddu and Tsuchida) teach features that are directed to analogous art and they are directed to the same field of endeavor, such as performing data analysis using database data. This close relation between all references highly suggests an expectation of success.
Referring to claim 11, Muddu discloses a computer system comprising: a user computing device having a display screen (See para. [0439] and Figures 39-51 a system comprise a graphical user interface enables a user to configure displays according to user’s particular tasks and priorities); and 
See para. [0183] and Figure 6, the system comprises a computer server), the server configured to: parse data into a set of unique domain data tables (See para. [0218] and para. [0623], the system compares the actions involved in an event to the table of identifiable relationships and generates a plurality of tables 7002 and 7004 further describes the event with probabilities sequence of characters having feature score(s) using N-gram analysis) […], wherein the server identifies data associated with cybersecurity activity and generates a unique data table for a cybersecurity domain (See para. [0188] and para. [0189], para. [0215] the system’s security platform identifies entities that take place in network environment includes network attacks, infects or etc. and generates a table of identifiable relationships can include a relationship between entities of two users and/or devices or entities of different types [e.g. user and devices]);
 parse each unique domain data table into a set of unique dimension tables, each dimension data table corresponding to a predetermined dimension having a second criterion (See para. [0218] and para. [0623], the system compares the actions involved in an event to the table of identifiable relationships and generates a plurality of tables 7002 and 7004 further describes the event with probabilities sequence of characters having feature score(s) using N-gram analysis); 
generate a nodal network comprising a set of nodes where each node represents at least a portion of the data stored within a database (See para. [0147], generating one or more network nodes for event data which is machine data related to activity on a network);
 link one or more nodes based on each of the one or more nodes respective metadata (See para. [0175] and para. [0179], creating a graph with nodes or entities which map out interactions between users including information [e.g. metadata] regarding which devices are involved, who or what is taking to whom/what, when and how interactions occur); upon receiving an instruction from a user computing device to display cybersecurity data (See para. [0183] and Figure 6, a user submits a request to detect anomalies): parse the request to identify one or more linked nodes associated with the request (See para. [0183]-para. [0186] and Figure 6, the system reads the request associated with user 602 and generates a baseline profile for access activities of user 602, based on event data indicate of network activities of user 602, the system creates a behavior baseline for any type of entity/node [e.g. device, application, user]);
 identify a likelihood of occurrence of a cyber-attack based and an impact value of the cyber-attack based on the data corresponding to the one or more linked nodes (See para.[0351]-para. [0364] and Figures 24 & 25, identifying or detecting anomalies by identifying threat indicators based on a threat indicator graph includes a plurality of nodes representing entities associated with computer network and threat indicator scores); display, on a graphical user interface of the user computing device, a multi-dimensional cybersecurity matrix indicating the likelihood of a cyber-attack and the impact value of the cyber-attack (See para. [0638], para. [0639], displaying rows and columns to a user via a user interface of a computing device indicating whether the attack is high or low risk and the risk score associated with the attack).
Muddu does not explicitly disclose each domain table corresponding to a predetermined domain having a first criterion and each node having metadata comprising a unique identifier corresponding to a unique domain table and a unique dimension table corresponding to the data associated with each node.
However, Tsuchida discloses each domain table corresponding to a predetermined domain having a first criterion (See para [0037] and Figure 1, each PD1, PD2, PD3 and PD4 database tables having star schema 400.) and each node having metadata (See para. [0057] and para. [0058], Figures 3A, 3B, a graph structure 600 is formed having the data schema 400) comprising a unique identifier corresponding to a unique domain table (See Figures 2, 3, 4and para. [0074], the database PD1, PD2, PD3 and PD4 tables have name identifiers such as sales database, customer database, product database) and a unique dimension table corresponding to the data associated with each node (See para. [0081[, the customer dimension table uses the customer ID as the primary key and can be formed of the same data as that node of the graph structure 500 as shown in Figure 2).
Therefore, it would have been obvious to a person of ordinary skill in the computer art before the effective filing date of the claimed invention to incorporate the Tsuchida teachings in the Muddu system. Skilled artisan would have been motivated to perform graphical node analysis with respect to relational tables which stored in different domain(s) or databases taught by Tsuchida in the Muddu system since conventional techniques do not perform a fine analysis for a huge volume of data.  Data size and the data processing amounts of Cartesian product computation are reduced as a result of performing a graphic analysis (See Tsuchida, para. [0007] and para. [0010].  In addition, both references (Muddu and Tsuchida) teach features that are directed to analogous art and they are directed to the same field of endeavor, such as performing graphical node analysis using database data. This close relation between both references highly suggests an expectation of success.
Muddu in view of Tsuchida does not explicitly disclose displaying a multi-dimensional cybersecurity matrix indicating the likelihood of a cyber attack and the impact value of the cyber-attack, the impact value corresponding to impact of the cyber-attack on an organization associated with a user computing device.
However, Al-Harbi discloses displaying a multi-dimensional cybersecurity matrix indicating the likelihood of a cyber-attack and the impact value of the cyber-attack, the impact value corresponding to impact of the cyber-attack on an organization associated with a user computing device (See para. [0005], para. [0045]-para. [0047] and Figures 2-4, displaying a cyber security risk matrix indicating a qualitative value [e.g. impact level] of a risk of an undesirable event occurring as a result of a likely presence of a threat which can capitalize on a specific identified vulnerability, in view of an anticipated impact level of the threat consequence , the matrix includes “Threat likelihood” categories including “Very likely”, “likely”, “not likely” and “Remote chance” across “Threat impact level of consequence” categories including “Severe”, “Major”, “Minor”, and “No Impact”).
Therefore, it would have been obvious to a person of ordinary skill in the computer art before the effective filing date of the claimed invention to incorporate the matrix of Al-Harbi teachings in the Muddu system. Skilled artisan would have been motivated to display a multi-dimensional cybersecurity matrix including the likelihood and the impact value of a cyber-attack taught by Al-Harbi in the Muddu system to minimize human interaction in implementing risk assessment process, to thereby advantageously produce more accurate and less subject results in quantifying the risk level (See Al-Harbi, para. [0009]).  In addition, all references (Al-Harbi, Muddu and Tsuchida) teach features that are directed to analogous art and they are directed to the same field of endeavor, such as performing data analysis using database data. This close relation between all references highly suggests an expectation of success.
As to claims 10 and 20, Muddu discloses wherein the display attribute defines the multi-dimensional cybersecurity matrix (See para. [0638], para. [0639] and Figure 71, displaying rows and columns [labels or attributes] to a user via a user interface of a computing device indicating whether the attack is high or low risk and the risk score associated with the attack).

5.	Claims 2 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Muddu (US 20170063912 A1) in view of Tsuchida (US 2015/0100543 A1)  and Al-Harbi (US 2012/0180133 A1) and further in view of  Peppe  (US 2017/0346839).
As to claims 2 and 12, Muddu does not explicitly disclose the cybersecurity matrix comprises a set of indicators for a set of cybersecurity attack. 
However, Peppe discloses the cybersecurity matrix comprises a set of indicators for a set of cybersecurity attack procedures (See para. [0076], the threat matrix graph has indicators to compare the observed event).
Therefore, it would have been obvious to a person of ordinary skill in the computer art before the effective filing date of the claimed invention to incorporate the Peppe’s matrix in the Muddu system. Skilled artisan would have been motivated to include a set of indicators to identify one or more additional attach vectors that may fail to detect in a conventional security application (See Peppe, para. [0020] and para. [0021]).  In addition, all of the references (Peppe, Al-Harbi, Muddu and Tsuchida) teach features that are directed to analogous art and they are directed to the same field of endeavor, such as performing data analysis using database data. This close relation between both of the references highly suggests an expectation of success.
6.	Claims 3 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Muddu (US 20170063912 A1) in view of Tsuchida (US 2015/0100543 A1) Al-Harbi (US 2012/0180133 A1) and Peppe (US 2017/0346839) and further in view of Fletcher (US 2017/0046127 A1).
As to claims 3 and 13, Muddu discloses scores to reflect likelihood of occurrence for a cyber-attack and an impact value for the cyber-attack. 
Muddu in view of Peppe does not explicitly disclose the set of indicators is positioned on an axis.
However, Fletcher discloses wherein a position of each indicator within the set of indicators is positioned on an axis in accordance with its relative likelihood of occurrence for a cyber-attack and an impact value for the cyber-attack (see para. [0762] and para [0943], each indicator element along an axis, such as horizontal axis or vertical axis enable to view  the KPI value reflected in each of the line charts at the current point in time).
Therefore, it would have been obvious to a person of ordinary skill in the computer art before the effective filing date of the claimed invention to incorporate the visual indicator of Fletcher in the Muddu/Peppe system. Skilled artisan would have been motivated to display indicators on an axis which allow a user to see large amount of data with a quick glance (See Fletcher, para. [1376]).  In addition, all of the references (Fletcher, Al-Harbi, Peppe, Muddu and Tsuchida) teach features that are directed to analogous art and they are directed to the same field of endeavor, such as performing data analysis using database data. This close relation between all of the references highly suggests an expectation of success.
7.	Claims 4-8 and 14-18 are rejected under 35 U.S.C. 103 as being unpatentable over Muddu (US 20170063912 A1) in view of Tsuchida (US 2015/0100543 A1) and Al-Harbi (US 2012/0180133 A1)  and further in view of Fletcher (US 2017/0046127 A1).
As to claims 4, and 14, Muddu does not explicitly a heat map.
However, Fletcher discloses displaying, by the server, a heat map representing a likelihood of occurrence for one or more cyber-attacks (See para. [01088], the system detects a notable event that is likely to indicate a security threat or operation problem using KPI indicators and displays a visual representation of the number of notable event, the visual representation can include a heat map). 
Therefore, it would have been obvious to a person of ordinary skill in the computer art before the effective filing date of the claimed invention to incorporate a heat map of Fletcher in the Muddu system. Skilled artisan would have been motivated to use other visual presentations which allow a user to see large amount of data with a quick glance (See Fletcher, para. [1376]).  In addition, all of the references (Al-Harbi, Fletcher, Muddu and Tsuchida) teach features that are directed to analogous art and they are directed to the same field of endeavor, such as performing graphical node analysis using database data. This close relation between all of the references highly suggests an expectation of success.
As to claims 5 and 15, Fletcher also discloses wherein the heat map indicates the likelihood of cyber-attack associated with a time (See para. [1099] and the heap map is associated with a time period). 
Therefore, it would have been obvious to a person of ordinary skill in the computer art before the effective filing date of the claimed invention to incorporate a heat map of Fletcher in the Muddu system. Skilled artisan would have been motivated to use other visual presentations which allow a user to see large amount of data with a quick glance (See Fletcher, para. [1376]).  In addition, all the references (Fletcher, Al-Harbi, Muddu and Tsuchida) teach features that are directed to analogous art and they are directed to the same field of endeavor, such as performing graphical node analysis using database data. This close relation between all of the references highly suggests an expectation of success.
As to claims 6 and 16, Fletcher also discloses wherein the time period is pre-determined (See para. [1099], the time period displayed along the horizontal axis is broken into pre-determined representative of intervals [e.g. 1 minute, 1 hour intervals]). 
Therefore, it would have been obvious to a person of ordinary skill in the computer art before the effective filing date of the claimed invention to incorporate a pre-determined time period heat map in the Muddu system. Skilled artisan would have been motivated to use timeline to associate with other visual presentations [e.g. heat maps] which allow a user to see large amount of data with a quick glance (See Fletcher, para. [1376]).  In addition, all the references (Al-Harbi, Fletcher, Muddu and Tsuchida) teach features that are directed to analogous art and they are directed to the same field of endeavor, such as performing data analysis using database data. This close relation between all the references highly suggests an expectation of success.
	As to claims 7 and 17, Fletcher also discloses wherein the time period is inputted by a user (See para. [0318] and para. [0319], the time range is selected by user).
Therefore, it would have been obvious to a person of ordinary skill in the computer art before the effective filing date of the claimed invention to incorporate a user selected time period heat map in the Muddu system. Skilled artisan would have been motivated to use inputted timeline to associate with other visual presentations [e.g. heat maps] which allow a user to see large amount of data with a quick glance (See Fletcher, para. [1376]).  In addition, all of the references (Fletcher, Al-Harbi, Muddu and Tsuchida) teach features that are directed to analogous art and they are directed to the same field of endeavor, such as performing graphical node analysis using database data. This close relation between all of the references highly suggests an expectation of success.
	As to claims 8 and 18, Fletcher also discloses wherein the heat map indicates the likelihood of cyber-attack in relation to a similar organization (See para. [1447], para. [1448] and Figure 69, displaying a time-based graph lane having a visual representation of the number of events occurring over a given period of time, the visual representation includes a heat map whereby the entire period of the lane is segmented into smaller equally sized buckets, the buckets in event lane include a listing of each event that is associated with the selected bucket, information about each event that is displayed in the list include the corresponding entities [e.g. data center name, or an organization name and displaying a graph lane with notable events which are similar to other graph lane ).
Therefore, it would have been obvious to a person of ordinary skill in the computer art before the effective filing date of the claimed invention to incorporate a heat map of Fletcher in the Muddu system. Skilled artisan would have been motivated to use other visual presentations which allow a user to see large amount of data with a quick glance (See Fletcher, para. [1376]).  In addition, all of the references (Al-Harbi , Fletcher, Muddu and Tsuchida) teach features that are directed to analogous art and they are directed to the same field of endeavor, such as performing data analysis using database data. This close relation between all of the references highly suggests an expectation of success.
8.	Claims 9 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Muddu (US 20170063912 A1) in view of Tsuchida (US 2015/0100543 A1) and Al-Harbi (US 2012/0180133 A1) and further in view of Hawthorn (US 2015/0229664 A1).
	As to claims 9 and 19, Muddu does not explicitly disclose receiving an electronic template having input fields.
	Hawthorn discloses receiving, by a server, an electronic template having a set of input fields (See para. [0073], para. [0079] and Figures 4 and 5, receiving a set of template profiles, each template has a set of required profile information “fields”), the electronic template identifying at least a portion of data stored within a database and its corresponding domain and a display attribute (See para. [0098], the system identifies data and determine whether the data includes a user name and a domain name). 
Therefore, it would have been obvious to a person of ordinary skill in the computer art before the effective filing date of the claimed invention to incorporate a template of Hawthorn in the Muddu system. Skilled artisan would have been motivated to use a template to identify network-based security risks because users can easily modify the monitored rules, fields or content in the template (See Hawthorn, para. [0068], para. [0069] and para. [0121]).  In addition, all the references (Hawthorn, Al-Harbi, Muddu and Tsuchida) teach features that are directed to analogous art and they are directed to the same field of endeavor, such as performing database data analysis. This close relation between both references highly suggests an expectation of success.


Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

	 /YUK TING CHOI/             Primary Examiner, Art Unit 2153