DETAILED ACTION

1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
 
 2.	The Office action is in response to the patent application filed on May 22, 2020.  The application contains 20 claims.  Claims 1-20 are directed to a method, an apparatus, and a computer-readable storage media for monitoring computer infrastructure.  Claims 1-20 are pending.
 
Claim Rejections - 35 USC § 103

3.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

4.	Claims 1-2, 11-12, and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Carey et al. (U.S. 2017/0013008 A1), hereinafter “Carey”, in view of Steele (U.S. 2019/0166153 A1).
Referring to claims 1, 11, 16:
	 	Carey teaches:
                      A computer-implemented method for monitoring a computing infrastructure having one or more target devices, the method comprising (see Carey, fig. 1, items 154a-154c [i.e., one or more targeted devices ]; [0083] ‘monitoring system’): 
                      receiving, from a plurality of evaluation services, evaluation results of one or more target devices (see Carey, [0020] ‘The security assessment system may include one or more bot servers configured to receive information [i.e., receiving evaluation results ] associated with a simulation initiated by the first end device [i.e., from one or more targeted devices ] and to report simulation results to one of the one or more security assessment computers controlled by the security assessor.’); 
                      extracting, using a different data collector for each of the plurality of evaluation services, data from each of the evaluation results (see Carey, [0020] ‘The security assessment system may include one or more bot servers configured to receive information [i.e., extracting data from received evaluation results ] associated with a simulation initiated by the first end device [i.e., from one or more targeted devices ] and to report simulation results to one of the one or more security assessment computers controlled by the security assessor.’); 
                     determining whether an issue or a vulnerability is present in the one or more target devices based on the extracted data (see Carey, [0075] ‘indicate an exfiltration [i.e., removing data ] security breach’; [0076] ‘security breach, what data is obtained, and/or which devices were scanned during the simulation,’; [0092] ‘determine whether the entity’s network is secure’); and 
                     reporting the issue or the vulnerability (see [0086] ‘report certain results back to the command and control servers. …, indicative of cyber attacks or network security breaches).’).
		However, Carey does not disclose converting format.
		Steele disclose converting format (see Steele, [0059] ‘Such a program may be used to convert a file format. If the source format or target format is not recognized, then at times a third program may be available which permits the conversion to an intermediate format, which can then be reformatted.’) 
	 	It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Steele into the system of Carey to convert a format.  Carey teaches "a system and method of assessing security of a network, and performing security threat simulations.” (see Carey, [0002]).  Therefore, Steele’s teaching could enhance the system of Carey,  because Steele teaches “If the source format or target format is not recognized, then at times a third program may be available which permits the conversion to an intermediate format, which can then be reformatted.” (see Steele, [0059]).
 Referring to claims 2, 12:
	 	Carey and Steele further disclose:
           wherein each of the plurality of evaluation services returns evaluation results in a different format (see Steele, [0059] ‘If the source format or target format is not recognized, then at times a third program may be available which permits the conversion to an intermediate format, which can then be reformatted.’)
           It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Steele into the system of Carey to support different format.  Carey teaches "a system and method of assessing security of a network, and performing security threat simulations.” (see Carey, [0002]).  Therefore, Steele’s teaching could enhance the system of Carey,  because Steele teaches “If the source format or target format is not recognized, then at times a third program may be available which permits the conversion to an intermediate format, which can then be reformatted.” (see Steele, [0059]).

5.	Claims 3-10, 13-15, and 17-20  are rejected under 35 U.S.C. 103 as being unpatentable over Carey et al. (U.S. 2017/0013008 A1), in view of Steele (U.S. 2019/0166153 A1), further in view of Shakarian et al. (U.S. 2020/0356675 A1), hereinafter “Shakarian”.
Referring to claims 3, 13, 17:
	 	Carey and Steele further disclose: 
           determining whether the issue or the vulnerability is present comprises using one or more of a script, a rule base, or a pattern detection module; and the pattern detection module comprises a machine learning module or a neural network (see Carey, [0073] ‘a script’. And, Steele, [0025] ‘a machine learning component which is configured to detect threat patterns and anomalies in order to generate specific mitigation actions for the user.’)
	However, they do not disclose the training, and the ground truth value.
	Shakarian disclose the training, and the ground truth value (see Shakarian, [0039] ‘machine learning model are evaluated by training the model on one set of data … one of our ground-truth sources …’).
           It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Shakarian into the system of Carey to implement training, and utilize ground truth value.  Carey teaches "a system and method of assessing security of a network, and performing security threat simulations.” (see Carey, [0002]).  Therefore, Shakarian’s teaching could enhance the system of Carey,  because Shakarian teaches “Predicting the likelihood of vulnerability exploitation through the usage of machine learning techniques has interesting security implications in terms of prioritizing which vulnerabilities need to be patched first to minimize risk of cyberattack.” (see Shakrian, [0044]).
Referring to claim 4:
	 	Carey, Steele, and Shakarian further disclose a confidence score, and a confidence threshold (see Shakarian, [0121] ‘all samples that are assigned confidence score greater than a threshold  are predicted as exploited.’)
           It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Shakarian into the system of Carey to use a confidence score, and a confidence threshold.  Carey teaches "a system and method of assessing security of a network, and performing security threat simulations.” (see Carey, [0002]).  Therefore, Shakarian’s teaching could enhance the system of Carey,  because Shakarian teaches “It should be noted that all the results reported in this disclosure are achieved based on hard-cut thresholds such that all samples that are assigned confidence score greater than a threshold are predicted as exploited.” (see Shakarian, [0121])
Referring to claims 5, 14:
         Carey, Steele, and Shakarian further disclose:
         confirming whether the issue or the vulnerability is present using a validation service (see Shakarian, [0061] ‘The submitted vulnerability is first verified [i.e., confirming ] before it is added to the database.’).
           It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Shakarian into the system of Carey to confirm a vulnerability present.  Carey teaches "a system and method of assessing security of a network, and performing security threat simulations.” (see Carey, [0002]).  Therefore, Shakarian’s teaching could enhance the system of Carey, because Shakarian teaches “ZDI then notifies the vendor to develop patches for the vulnerability before public disclosure.” (see Shakarian, [0061])
 Referring to claim 6:
	 	Carey, Steele, and Shakarian further disclose:
           performing a risk evaluation before using the validation service (see Carey, [0024] ‘an entity profile indicating security assessment [i.e., risk evaluation ] and simulation services [i.e., validation service ] to be administered to an entity with which the first end device is associated.’).
Referring to claim 7:
	 	Carey, Steele, and Shakarian further disclose:
           wherein the risk evaluation assesses a risk level of using the validation service on a first target device of the one or more target devices to confirm the issue or the vulnerability (see Shakarian, [0057] ‘For each vulnerability, its description, CVSS (common vulnerability scoring system) score [i.e., vulnerability level ] and vector are gathered.’  In addition,  Steele, [0052] ‘security vulnerability levels’).
           It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Shakarian into the system of Carey to assess a risk level for each vulnerability.  Carey teaches "a system and method of assessing security of a network, and performing security threat simulations.” (see Carey, [0002]).  Therefore, Shakarian’s teaching could enhance the system of Carey,  because Shakarian teaches “ZDI then notifies the vendor to develop patches for the vulnerability before public disclosure.” (see Shakarian, [0061])
Referring to claim 8:
	 	Carey, Steele, and Shakarian further disclose:
           wherein the risk evaluation is performed using one or more of a script, a rule base, or a pattern detection module (see Carey, [0073] ‘a script’. And, Steele, [0025] ‘a machine learning component which is configured to detect threat patterns and anomalies in order to generate specific mitigation actions for the user.’).
           It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Steele into the system of Carey to use machine learning to detect a pattern.  Carey teaches "a system and method of assessing security of a network, and performing security threat simulations.” (see Carey, [0002]).  Therefore, Steele’s teaching could enhance the system of Carey,  because Steele teaches “a machine learning component which is configured to detect threat patterns and anomalies in order to generate specific mitigation actions for the user.’ (see Steele, [0025]).
Referring to claim 9:
	 	Carey and Steele further disclose:
           wherein the pattern detection module comprises a machine learning module or a neural network (see Steele, [0025] ‘a machine learning component which is configured to detect threat patterns and anomalies in order to generate specific mitigation actions for the user.’).
However, they do not disclose the training, and the ground truth value.
	Shakarian disclose the training, and the ground truth value (see Shakarian, [0039] ‘machine learning model are evaluated by training the model on one set of data … one of our ground-truth sources …’).
           It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Shakarian into the system of Carey to implement training, and utilize ground truth value.  Carey teaches "a system and method of assessing security of a network, and performing security threat simulations.” (see Carey, [0002]).  Therefore, Shakarian’s teaching could enhance the system of Carey,  because Shakarian teaches “Predicting the likelihood of vulnerability exploitation through the usage of machine learning techniques has interesting security implications in terms of prioritizing which vulnerabilities need to be patched first to minimize risk of cyberattack.” (see Shakrian, [0044]).
Referring to claim 10:
	 	Carey, Steele, and Shakarian further disclose:
           collecting one or more profile metrics for a first target device of the one or more target devices; wherein the risk evaluation is based on the one or more profile metrics and a type of the issue or a type of the vulnerability (see Carey, [0071] ‘associated with the entity's profile [i.e., profile metrics for a target device ], the security assessor may store information that recognizes the requesting entity or entity user device based on the received request (e.g., based on one or more of an address (e.g., internal and/or external address) of the requesting device, a browser fingerprint, etc.), and as a result looks up the entity profile to determine if any security simulations are scheduled.’).
Referring to claims 15, 18:
	 	Carey, Steele, and Shakarian further disclose:
	performing a risk evaluation of using a plurality of validation services that are able to confirm whether the issue or the vulnerability is present (see Carey, [0086] ‘provides for more comprehensive analysis and assessment of a network's security risks.’); 
           selecting one of the validation services based on the risk evaluation (see Carey, [0067] ‘the entity may select a package that includes certain security assessments and simulations to be performed on the entity's network.’); and
            confirming whether the issue or the vulnerability is present using the selected validation service (see Shakarian, [0061] ‘The submitted vulnerability is first verified [i.e., confirming ] before it is added to the database.’).
           It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Shakarian into the system of Carey to confirm a vulnerability present.  Carey teaches "a system and method of assessing security of a network, and performing security threat simulations.” (see Carey, [0002]).  Therefore, Shakarian’s teaching could enhance the system of Carey,  because Shakarian teaches “ZDI then notifies the vendor to develop patches for the vulnerability before public disclosure.” (see Shakarian, [0061])
Referring to claim 19:
	 	Carey, Steele, and Shakarian further disclose:
           store the converted and extracted data in one or more data repositories. query the one or more data repositories using one or more queries; and display results of the one or more queries on a user interface (see Shakarian, [0059] ‘database … query’; [0100] ‘displayed’).
           It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Shakarian into the system of Carey to use data repositories to facilitate user query.  Carey teaches "a system and method of assessing security of a network, and performing security threat simulations.” (see Carey, [0002]).  Therefore, Shakarian’s teaching could enhance the system of Carey,  because Shakarian teaches “The ZDI database was queried to collect information regarding vulnerabilities that might have been disclosed by ZDI.” (see Shakarian, [0061])
Referring to claim 20:
	 	Carey, Steele, and Shakarian further disclose:
                     wherein the one or more processors are further configured to receive one or more parameters for the one or more queries using the user interface (Shakarian, [0143] ‘parameters’).
           It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Shakarian into the system of Carey to use parameters.  Carey teaches "a system and method of assessing security of a network, and performing security threat simulations.” (see Carey, [0002]).  Therefore, Shakarian’s teaching could enhance the system of Carey,  because Shakarian teaches “Parameters for all approaches were set in a manner to provide the best performance.” (see Shakarian, [0143])

Conclusion

6.	The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure.
(a)	Zhang; Jun (US 20210342194 A1) disclose computer resource allocation based on categorizing computing processes;
(b)	Bosch; Hendrikus G.P. et al. (US 20210044623 A1) disclose dynamically tailored trust for secure application-service networking in an enterprise;
(c)	Gula; Ron et al. (US 20140007241 A1) disclose system and method for identifying exploitable weak points in a network;
(d)	Currie, David  et al. (US 20050160286 A1) disclose Method and apparatus for real-time security verification of on-line services;
(e)	Futoransky, Ariel  et al. (US 20030220940 A1) disclose Secure auditing of information systems;
(f)	Boyter, Brian A.  et al. (US 20030212779 A1) disclose System and Method for Network Security Scanning.

 	7.       Any inquiry concerning this communication or earlier communications from the examiner should be directed to Peiliang Pan whose telephone number is (571) 272-5987.  The examiner can normally be reached on Monday-Friday 8:00 am - 5:00 pm EST.
          If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
           Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/PEILIANG PAN/Examiner, Art Unit 2492                                                                                                                                                                                             


/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492