DETAILED ACTION
This Notice of Allowability is in response to amendment filed on May 31, 2022. Claims 1-2, 4-9, 11-16 and 18-20 are pending of which claims 1, 8 and 15 are independent claims.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Rejections have been withdrawn in view of amended claims.

Examiner’s Amendment
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with Scott Watkins (Reg. No. 36715) on June 06, 2022.
The application has been amended as follows:
1.	(Currently Amended) A method comprising:
inserting, by a server, a list of known network threats into existing data packs exchanged between the server and sensors of network elements via a communications link; 
defining, by the servers, polices by creating tags for the known network threats;
deploying the policies and known network threats from the server to the sensors; 
monitoring, by the server through the sensors, network traffic at network elements of a network;
detecting, from the monitoring and based on at least one of the tags, a compromised element in communication with one or more of the network elements, the compromised element being associated with at least one network threat; and
based on a defined network policy of the policies, applying by the server through the sensors one of a number of different access prevention schemes to the compromised element to prevent access to the network by the compromised element.
8.	(Currently Amended) A network element comprising:
one or more memories having computer-readable instructions stored therein; and
one or more processors configured to execute the computer-readable instructions to:
insert, by a server, a list of known network threats into existing data packs
exchanged between the server and sensors of network elements via a communications link;
define, by the servers, polices by creating tags for the known network threats;
deploy the policies and known network threats from the server to the sensors;
monitor, by the server through the sensors, network traffic at network elements of a network;
detect, from the monitoring and based on at least one of the tags, a compromised element in communication with one or more of the network elements, the compromised element being associated with at least one network threat; and
based on a defined network policy of the policies, apply by the server through the sensors one of a number of different access prevention schemes to the compromised element to prevent access to the network by the compromised element.
15.	(Currently Amended) One or more non-transitory computer-readable media comprising computer-readable instructions, which when executed by one or more processors, cause the one or more processors to:
insert, by a server, a list of known network threats into existing data packs exchanged between the server and sensors of network elements via a communications link;
define, by the servers, polices by creating tags for the known network threats;
deploy the policies and known network threats from the server to the sensors;
monitor, by the server through the sensors, network traffic at network elements of a network;
detect, from the monitoring and based on at least one of the tags, a compromised element in communication with one or more of the network elements, the compromised element being associated with at least one network threat; and
based on a defined network policy of the policies, apply by the server through the sensors one of a number of different access prevention schemes to the compromised element to prevent access to the network by the compromised element.

Allowable Subject Matter
Claims 1-2, 4-9, 11-16 and 18-20 are allowed.
The following is an examiner’s statement of reasons for allowance: 
The closest references of record are Kumar et al. (US 10,771,506), Ganame et al. (US 2017/0099312) and Rostami-Hesarsorkh et al. (US 2017/0251003).
Kumar et al. teaches a device may include one or more processors to receive network topology information of a network and device capability information of devices in the network; detect a threat to the network; determine threat information associated with the threat; select a security policy and an enforcement device of the network to enforce the security policy based on the network topology information, the device capability information, and the threat information; and perform an action associated with the threat based on the security policy and the enforcement device. 
Ganame et al. teaches a Compromised Detection System (CDS) uses a sophisticated approach and method based on Machine Leaming to detect anomalies on the network behaviour. By such approach, CDS is able to detect unknown cyber threat and malware (aka zero day) since they will present a deviation from the normal behaviour in the network.
Rostami-Hesarsorkh teaches a system, process, and/or computer program product for automatically grouping malware based on artifacts includes receiving a plurality of samples for performing automated malware analysis to generate log files based on the automated malware analysis; processing the log files to extract features associated with malware; clustering the plurality of samples based on the extracted features; and performing an action based on the clustering output.
Kumar et al. (US 10,771,506), Ganame et al. (US 2017/0099312) and Rostami-Hesarsorkh et al. (US 2017/0251003), either taken by itself or in any combination, fail to disclose or suggest limitation “inserting, by a server, a list of known network threats into existing data packs exchanged between the server and sensors of network elements via a communications link; defining, by the servers, polices by creating tags for the known network threats; deploying the policies and known network threats from the server to the sensors; monitoring, by the server through the sensors, network traffic at network elements of a network; detecting, from the monitoring and based on at least one of the tags, a compromised element in communication with one or more of the network elements” in combination with other limitations as recited by independent claim 1. 
Other independent claims recite features similar to those recited in independent claim 1, and are therefore allowable for reasons similar to those given above. Dependent claims are allowed by virtue of their dependencies.
None of the prior art of record either taken by itself or in any combination, would have anticipated or made obvious the invention of the present application at or before the time it was filed.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHANG DO whose telephone number is (571)270-7837. The examiner can normally be reached Monday-Friday 8:00 - 5:00 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SALEH NAJJAR can be reached on (571)272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/KHANG DO/Primary Examiner, Art Unit 2492