DETAILED ACTION

1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .  

Allowable Subject Matter

2.	Claims 1-20 are allowed.

Examiner’s statement of reason of allowance

 3.	The following is an examiner’s statement of reasons for allowance: 
           The present invention is directed to a method for layered analysis for network security risk detection. The prior art of record fails to teach or fairly suggest neither singly nor in combination a method, a system, and a medium for layered analysis for network security risk detection, in the manner and combinations recited in independent claims 1, 9, and 14, and having the uniquely distinct features of:
                      “identifying overlap between computing resources in the first and second layers of computing resources for a first computing system event of the computing system events and a second computing system event of the computing system events;
                        determining, based on the identified overlap a similarity score;
                        associating, based on the similarity score, the first and second computing system events as parts of a larger individual computing system event; and 
                         performing, based on determining the larger individual computing system event, a mitigating action.”
           Claims 2-8, 10-13, and 15-20 incorporate the allowable features recited above, through dependency, and are also allowed.
            The closest prior arts, Shu et al. (U.S. 2020/0120118 A1) disclose endpoint inter-process activity extraction and pattern matching; and Pernicha (U.S. 2016/0191466 A1) discloses dynamically optimized security policy management.  The cited prior art does not teach or suggest, alone or in combination, the uniquely distinct features of:
                      “identifying overlap between computing resources in the first and second layers of computing resources for a first computing system event of the computing system events and a second computing system event of the computing system events;
                        determining, based on the identified overlap a similarity score;
                        associating, based on the similarity score, the first and second computing system events as parts of a larger individual computing system event; and 
                         performing, based on determining the larger individual computing system event, a mitigating action.”, in combination with the other claimed limitations.

Conclusion

4.	Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. 

           5.     Any inquiry concerning this communication or earlier communications from the examiner should be directed to Peiliang Pan whose telephone number is (571) 272-5987.  The examiner can normally be reached on Monday-Friday 8:00 am - 5:00 pm EST.
         If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
         Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/PEILIANG PAN/
Examiner, Art Unit 2492                                                                                                                                                                                             

/VENKAT PERUNGAVOOR/
Primary Examiner, Art Unit 2492