DETAILED ACTION

1.	Claims 1-20 are presented for consideration.

Claim Rejections - 35 USC § 102

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

2.	Claim(s) 1-3, 6,7, 9-13, 16, 17, 19, and 20 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Jeyakumar et al. [ US Patent Application No 2020/0204572 ].

3.	As per claim 1, Jeyakumar discloses the invention as claimed including a computer-implemented method for providing automated actions in handling security threats [ i.e. platform to detect and remediate security threat ] [ Abstract; and paragraph 0019 ], the method comprising:
	receiving input data [ i.e. incoming emails received ] [ Figure 3; and paragraphs 0056, and 0060 ] comprising one or more entities and one or more intents [ i.e. entities ] [ Figures 9-11; and paragraphs 0127-0130 ];
	extracting the entities and the intents from the input data [ i.e. detecting an attack based on features extracted from a communication and/or context of the communication (e.g. recipient, sender, content, etc..) ] [ Figure 11; and paragraphs 0018, 0046, 0075, and 0129 ];
	determining whether there exists at least one actionable entity from the extracted entities [ i.e. flags the email as a possible attack ] [ paragraphs 0094, 0110, and 0138 ];
	in response to determining that there exists at least one actionable entity from the extracted entities, presenting a plurality of available security actions to a user to resolve one or more security threats associated with the input data [ i.e. remediation steps may be performed in accordance with a customer  specified remediation policy and/or default remediation policy ] [ [ paragraphs 0067, and  0119 ], the available security actions being respectively selectable by the user [ i.e. prompt the customer to provide one or more remediation steps or components of the remediation policy ] [ paragraphs 0019, 0095, and 0134 ]; and
	in response to selecting an available security action by the user, automating a performance of the selected security action, without the user’s input to resolve the one or more security threats [ i.e. the third stage may be entirely performed by the threat detection platform ] [ paragraphs 0098, 0134, and 0149 ].
	
4.	As per claim 2, Jeyakuma discloses automatically invoking a security product to resolve the one or more security threats [ i.e. the threat detection platform may invoke API to block the compromised account ] [ paragraphs 0095, and 0149 ].

5.	As per claim 3, Jeyakumar discloses dynamically updating the presented available security actions based on filter actions [ i.e. filter ] [ paragraph 0148 ]. 

6.	Asper claim 6, Jeyakumar discloses in response to determining that there is no actionable entity from the extracted entities, based on the extracted entities and the intents, performing a knowledge-based action or an analytic-based action [ i.e. safe ] [ paragraphs 0100, 0171, and 0152 ]. 

7.	As per claim 7, Jeyakumar discloses wherein the plurality of available security actions comprise at least one of: available actions, possible actions, or probable actions [ i.e. analysis modules can output classification as one of a plurality possible attacks ] [ paragraphs 0090, and 0107 ].

8.	As per claim 9, Jevakumar discloses  wherein the input data is provided by the user through a graphical user interface [ paragraph 0119 ].

9.	As per claim 10, Juyskumar discloses wherein the plurality of available security actions are performed by security technologies or products that are enabled under integration [ i.e. the threat detection platform may invoke API to block the compromised account ] [ paragraphs 0095, and 0149 ].

10.	As per claims 11-13, 16, 17, 19, and 20, they are rejected for similar reasons as stated above in claims 1-3, 6, 7, 9, and 10.

Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

11.	Claims 4, 5, 8, 14, 15, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Jeyakumar et al. [ US Patent Application No 2020/0204572 ], in view of Zettel, II et al. [ US Patent Application No 2019/0268354 ].

12.	As per claim 4, Jeyakumar does not specifically disclose disabling some of the available security actions based on the user’s role, wherein the disabled security actions are preset to be inaccessible to the user.  Zettel discloses disabling some of the available security actions based on the user’s role, wherein the disabled security actions are preset to be inaccessible to the user [ i.e. junior analyst who may not possess the knowledge to resolve a particular security incident ] [ paragraphs 0034, and 0081 ].  It would have been obvious to a person skill in the art before the effective filing date of the claimed invention to combine the teaching of Jeyakumar and Zettel because the teaching of Zettel would enable to provide incident response tools useful for personas with a variety of experience levels [ Zettel, paragraph 0002 ].

13.	As per claim 5, Zettel discloses disabling some of the available security actions based on a predictive model trained with the user’s historical behavior in selecting past security actions to resolve prior input data [ i.e. history of the actions taken with respective security incident ] [ Figure 21; and paragraph 0105 ].

14.	As per claim 8, Zettel discloses presenting to the user corresponding confidence scores associated with the plurality of available security actions, wherein the corresponding confidence scores provide the user with a range of actions indicating from a mostly selected security action to a least selected security action [ i.e. sorted by risk score ] [ paragraphs 0031, 0035, 0059, and 0060 ].

15.	As per claims 14, 15, and 18, they are rejected for similar reasons as stated above in claims 4, 5, and 8.

Response to Arguments

16.	Applicant’s arguments with respect to claim(s) 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Conclusion

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to DUSTIN NGUYEN whose telephone number is (571)272-3971.  The examiner can normally be reached on Monday-Friday 9-6 PST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Brian Gillis can be reached on 571-2727952.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/DUSTIN NGUYEN/Primary Examiner, Art Unit 2446