DETAILED ACTION
This office action is in response to the correspondence filed 07/09/2020. Claims 1-24 are still pending and are examined.


Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Information Disclosure Statement
The information disclosure statement (IDS) was submitted on 10/13/2020, 11/18/2020, 01/12/2021, 01/25/2021, 07/21/2021, 07/30/2021, 08/09/2021, 08/25/2021, 08/27/2021, 09/13/2021, 09/17/2021, 09/22/2021, 09/22/2021, 12/09/2021, 01/13/2022, 02/08/2022, 02/28/2022, and 05/23/2022.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Examiner notes that even though all the IDSs submitted were fully considered, it contains many references that do not appear to be related to the instant application at all. For example, "Predix Platform" available in 2018 on GE.com, was a Non Patent Literature relates to an industrial cloud based platform or “Fundamentals of Business Process Management” by Dumas et al., was a Non Patent Literature published in 1998 about business process management methods and tools. Please only attach prior arts that are relevant to the instant application in the future.



Allowable Subject Matter
Claims 1-24 are allowed.
The following is an examiner’s statement of reasons for allowance:
Albanese et al. (US Pub. No. 20140173740 A1) discloses methods for determining hardening strategies to prevent attacks. Albanese discloses using attack graph analysis to help analyze network vulnerability. Once an attack graph of conditions and/or exploits (e.g., at least one goal condition, at least one initial condition, at least one exploit) is obtained, allowable actions that may harden the conditions may be obtained. Recommended actions to harden the network with respect to one or more goal conditions may be determined. While Albanese discloses hardened goal conditions may have a corresponding impact on removing paths in the attack graph, it fails to disclose evaluating two sub-sets of rules to provide two sets of impacts based on facts and impacts; in response to determining whether goals have been achieved partially based on the two sets of impacts; removing one or more paths of the attack graph where the paths resulting in an impact that is not in the goals as described in the claims.
Dominessy et al. (US Pat. No. 10868825 B1) discloses cybersecurity and threat assessment platform for computing environments. While Dominessy discloses network security and threat assessment system uses risk analysis module to analyze the monitoring information within the risk model of models to determine potential vulnerabilities (e.g., risks, threats) and potential impacts of the potential vulnerabilities in the target computing system, risk analysis module  may utilize rule-based/machine learning engine to assist with its analysis of the monitoring information and identification of possible vulnerabilities and vulnerability impacts, it fails to disclose evaluating two sub-sets of rules to provide two sets of impacts based on facts and impacts; in response to determining whether goals have been achieved partially based on the two sets of impacts; removing one or more paths of the attack graph where the paths resulting in an impact that is not in the goals as described in the claims.
Purvine et al. (NPL – “A Graph-Based Impact Metric for Mitigating Lateral Movement Cyber Attacks”) discloses a dynamic reachability graph model of the network to discover possible paths that an adversary could take using different vulnerabilities, and how those paths evolve over time. While Purvine discloses using the reachability graph to develop dynamic machine-level and network-level impact scores to quickly identify and mitigate high impact events within the network, it fails to disclose evaluating two sub-sets of rules to provide two sets of impacts based on facts and impacts; in response to determining whether goals have been achieved partially based on the two sets of impacts; removing one or more paths of the attack graph where the paths resulting in an impact that is not in the goals as described in the claims.
Therefore, the pending claims are allowed as the prior art of record does not disclose all the combination of features including evaluating two sub-sets of rules to provide two sets of impacts; in response to determining whether goals have been achieved partially based on the two sets of impacts; removing one or more paths of the attack graph where the paths resulting in an impact that is not in the goals as described in the claims; nor would it have been obvious to one of ordinary skill in the art to further modify the prior art to include all of the deficient features, as set forth in the allowed claims. 
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Attaluri; Gopi Krishna et al.	USPAT		US 10642840 B1	Filtered hash table generation for performing hash joins.
Joseph Durairaj et al.		US-PGPUB	US 20200014718 A1	Graph-based detection of lateral movement.
Jajodia; Sushil et al.		USPAT		US 7904962 B1		Network attack modeling, analysis, and response .

Any inquiry concerning this communication or earlier communications from the examiner should be directed to KA SHAN CHOY whose telephone number is (571) 272-1569.  The examiner can normally be reached on MON - FRI: 9AM-5:30PM EST Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on (571) 272-3685.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/KA SHAN CHOY/Examiner, Art Unit 2435   

/JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435