Notice of Pre-AIA  or AIA  Status
Claims 1-20 are presented for examination.  The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 7/13/20 has been considered by the examiner.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Muddu (U.S. Patent Publication 2017/0063899) in view of Franke (U.S. Patent 9,319,420).

Regarding claims 1, 8, and 15:
Muddu discloses a method, computer program product, and system comprising: receiving, by a Security Orchestration, Automation and Response (SOAR) platform (the security platform of the Muddu disclosure: e.g. Abstract, and paragraphs 0135-0137), alert data pertaining to an incident observed within a monitored network (e.g. paragraphs 0169-0170); as part of an investigation into the incident and based on the received alert data, generating, by the SOAR platform, a mind map view within a graphical user interface (GUI) of a console used by an analyst (paragraph 0171; see also e.g. Figures 40A-40C), wherein the mind map view includes a primary node corresponding to the incident (e.g. element 4002 of Figure 2A), one or more field nodes associated with the primary node (the various entities listed below in element 4004 of Figure 40A; see also paragraphs 0462-0463), one or more action nodes based at least on one of the one or more field nodes, wherein each of the one or more action nodes is associated with one or more dynamic actions selectable by the analyst to be executed by the SOAR platform (element 4010 of Figures 40A & 40C); receiving, by the SOAR platform, information regarding a selected action of the one or more dynamic actions selected by the analyst (paragraph 0154); training, by the SOAR platform, a machine-learning model based on the incident and the selected action (e.g. paragraphs 0150-0154; & 0171); and updating, by the SOAR platform, the mind map view in real-time based on a suggestion by the machine-learning model (Ibid).
	The graphical user interface disclosed by Muddu is not explicitly referred to as a “mind map”.  However, Franke discloses a related invention for computer security that explicitly implements mind map GUIs (col. 7, lines 18-35 and 59-67).  It would have been obvious prior to the filing date of the instant application to employ mind map visual interfaces in the invention disclosed by Muddu, as mind maps can be beneficial in identifying possible links between information in which there are not presently tangible links but where an intelligence gathering professional can work through different potential links (Franke, Ibid).
Regarding claims 2, 9, and 16:	The combination further discloses wherein the one or more field nodes each represent an investigation phase (Muddu, e.g. element 4002 of Figure 40A, and element 4540 of Figure 45E)

Regarding claims 3, 10, and 17:	The combination further discloses wherein a dynamic action of the one or more dynamic actions represents an enrichment action or a mitigation action (Muddu: enrichment at paragraphs 0159-0160 & 0398-0400; mitigation at e.g. paragraphs 0151 & 0321) .

Regarding claims 4, 11, and 18:	The combination further discloses wherein the enrichment action enriches an artifact associated with the incident with threat intelligence (Muddu: e.g. paragraphs 0159-0160 & 0398-0400).

Regarding claims 5, 12, and 19:	The combination further discloses wherein a dynamic action of the one or more dynamic actions causes the SOAR platform to issue an operation to a security tool associated with the monitored network (Muddu: the “Export” option of paragraph 0464; and Fig. 40C).

Regarding claims 6, 13, and 20:	The combination further discloses wherein the operation causes the security tool to block an Internet Protocol (IP) address associated with the incident (blocking specific network communication at Muddu, e.g. paragraphs 0151 & 0321).

Regarding claims 7 and 14:	The combination further discloses wherein the incident pertains to any or a combination of an unknown new threat, a known new threat, an unknown one-off threat, a known one-off threat, an unknown probable threat, and a known probable threat (unknown and known threats at Muddu, paragraphs 0137 & 0140).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: U.S. Patent 9,584,536 (Nantel); U.S. Patent 8,146,146 (Coviello); and U.S. Patent Publication 2018/0039914 (Menahem).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to THOMAS A GYORFI whose telephone number is (571)272-3849. The examiner can normally be reached 10:00am - 6:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

THOMAS A. GYORFI
Examiner
Art Unit 2435



/THOMAS A GYORFI/Examiner, Art Unit 2435                                                                                                                                                                                                        4/6/2022