Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Notice of Allowability is in response to the instant Application 16/920,682 filed on 7/4/2020. Claims 1-20 are pending. 


EXAMINER'S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Applicant Kumar Srivastava on 2/14/2022.
The application has been amended as follows: 

1. (Currently Amended) A system, comprising: 
	a memory and a processor; and
circuitry configured to: 
collect data from several data sources and generate events; 
label the events in all logs with event labels; 
create uniquely identified IDs for all entities observed in a network across the logs available; 
create a profile for each ID; 
label transference from the events to the entities through temporal and spatial label aggregation; 
extend the profile through generation of new behaviors that leverage raw data logs or existing profile attributes; 
identify one or more profiles of an organization that have changed or exhibited suspicious, malicious, or unexpected behavior to identify one or more risks associated with each profile; 
notify one or more users associated with the one or more profiles based on the one or more risks; 
generate and deliver predictive mitigations to mitigate the one or more risks with recommendations organized for easy implementation due to customization to the sources providing the raw data; 
generate and deliver protected and unprotected scenario simulation results to demonstrate impact of the predictive mitigations or impact of not acting on the predictive mitigations; 

offer a network monitoring and network health improvement system that enables the users with a single, comprehensive overview of the one or more risks in a business and the network sorted by severity of business impact and severity of impact coverage along with the predicted effective mitigation recommendations and automated, proactive execution; 
generate and deliver, sorted by severity, predicted network risks by analyzing ability of security analysts to effectively mitigate the previously predicted risks through proactive action;
generate and deliver, sorted by severity, predicted network risks by analyzing mitigative actions of security analysts and measurement of effectiveness of those actions;
generate and deliver newly detected risks as a risk feed to the security analysts as a part of ordered risks real time feed;

generate and deliver an aggregated, clustered, and categorized view of the risks over similarities;
enable programmatic, proactive notifications, and on-demand queries through an application programming interface (API) to be leveraged to make real-time zero trust decisions for downstream applications that determine whether to allow user and system access to data, metadata, and services depending on a risk associated with a requesting entity and a risk generated after enabling the access;
perform an automated search through all the generated risks and determine clusters of entities with highest risks and identify key drivers of risks for each of the clusters along with most influential key metrics associated with each of the clusters and the key drivers of risks; and
generate and deliver the most severe risky clusters along with their top drivers of risks and key influencing metrics for each of the drivers through proactive notifications to targeted security analysts and network security teams.

Allowable Subject Matter
Claims 1-20 are allowed.
The following is an examiner’s statement of reasons for allowance: 
Examiner has performed exhaustive searches, and the closest prior art fails to disclose, teach or even suggest explicitly “create a profile for each ID; label transference from the events to the entities through temporal and spatial label aggregation; extend the profile through generation of new behaviors that leverage raw data logs or existing profile attributes; identify one or more profiles of an organization that have changed or exhibited suspicious, malicious, or unexpected behavior to identify one or more risks associated with each profile; notify one or more users associated with the one or more profiles based on the one or more risks; generate and deliver predictive mitigations to mitigate the one or more risks with recommendations organized for easy implementation due to customization to the sources providing the raw data; generate and deliver protected and unprotected scenario simulation results to demonstrate impact of the predictive mitigations or impact of not acting on the predictive mitigations;  offer a network monitoring and network health improvement system that enables the users with a single, comprehensive overview of the one or more risks in a business and the network sorted by severity of business impact and severity of impact coverage along with the predicted effective mitigation recommendations and automated, proactive execution;”.  The closest prior art of Most et al. (US 2017/0118239) in view of Neumann (US 9,654,485) and Zimmermann et al. (US 2018/0027006) along with other conventional means, fails to disclose, teach or even suggest the above limitations.  Most in combination with Neumann and Zimmermann teaches auditing an analysis or network events, with analysis on network behaviors.  However, the instant application  performs additional non-conventional steps where behaviors are tested in protected and unprotected scenario simulation results to demonstrate impact of the predictive mitigations or impact of not acting on the predictive mitigations.  Where the results would then be prepared to deliver to a user in real-time.  While conventional means, would suggest mitigation steps, it would not necessarily attempt to simulate data in protected and unprotected situations.  As a result, the claims are in condition for allowance.
Examiner note, amendments were needed to overcome issues where a trademark or trade name was used in a claim as a limitation to identify or describe a particular material or product, the claim did not comply with the requirements of 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph.  See Ex parte Simpson, 218 USPQ 1020 (Bd. App. 1982).  The amendments have overcome this, and the claims are now in condition for allowance.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RODERICK TOLENTINO whose telephone number is (571)272-2661. The examiner can normally be reached Mon- Fri 8am-4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 571-270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

RODERICK . TOLENTINO
Examiner
Art Unit 2439

/RODERICK TOLENTINO/Primary Examiner, Art Unit 2439